kubernetes将传出的http流量从服务重定向到localhost:port
[英]kubernetes redirecting outgoing http traffic from the service to localhost:port
问题描述
I have a chart in it two containers: 
我在其中有两个容器的图表:
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: catalog
labels:
app: catalog
chart: catalog-0.1.0
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: catalog
template:
metadata:
labels:
app: catalog
spec:
containers:
- name: catalog
image: catalog:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
protocol: TCP
- name: myproxy
image: myproxy:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8008
protocol: TCP
env:
- name: PROXY_PORT
value: '8080'
---
apiVersion: v1
kind: Service
metadata:
name: catalog
labels:
app: catalog
chart: catalog-0.1.0
heritage: Tiller
spec:
type: NodePort
ports:
- port: 8008
targetPort: http
protocol: TCP
name: http
selector:
app: catalog
I need to redirect all outbound traffic from the catalog container to myproxy container by localhost. 我需要通过本地主机将所有出站流量从目录容器重定向到myproxy容器。
And already in the container to determine whether the catalog can send requests, log them, etc. 并且已经在容器中以确定目录是否可以发送请求,记录请求等。
Prompt please whether it is possible to implement it using kubernetes. 请提示是否可以使用kubernetes实施它。
Thanks. 谢谢。
Update: 更新:
The problem is that I can not change the code in the catalg container and send queries to localhost 问题是我无法更改catalg容器中的代码并将查询发送到localhost
The container also does not have iptables to do something like this 容器也没有iptables做这样的事情
containers:
- name: catalog
image: catalog:v1
imagePullPolicy: IfNotPresent
command:
- 'iptables -t nat -A OUTPUT -p tcp --dport 8080 -j DNAT --to-destination 127.0.0.1:8008'
ports:
- name: http
containerPort: 8080
protocol: TCP
Ideally done with kubernetes 理想地使用kubernetes完成
2 个解决方案
解决方案1
1 2018-05-23 08:55:16
If catalog application respects http_proxy environment variable, it it easy. 如果目录应用程序尊重http_proxy环境变量,则很容易。 Just add an environment variable to catalog container. 只需将环境变量添加到目录容器。
- name: catalog
image: catalog:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
protocol: TCP
env:
- name: HTTP_PROXY
value: localhost:8008
解决方案2
1 2018-05-23 12:34:47
For your update, if you need to manipulate iptables, you can add another initContainer , for example: 对于更新,如果您需要操作iptables,则可以添加另一个initContainer ,例如:
initContainers:
- image: centos
imagePullPolicy: Always
name: run-iptables
securityContext:
privileged: true
command:
- "sh"
- "-c"
- 'yum -y install iptables; iptables -t nat -A OUTPUT -p tcp --dport 8080 -j DNAT --to-destination 127.0.0.1:8008'
Since all containers in a pod share the same net namespace, it effects to catalog container as well. 由于Pod中的所有容器共享相同的网络命名空间,因此也会对目录容器产生影响。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.