堆栈内存溢出
  简体   繁体   English

kubernetes ingress - 将 neo4j 端点暴露给内部网络

[英]kubernetes ingress - exposing neo4j endpoint to internal network

 原文  2020-09-26 00:05:30       networking/ kubernetes/ neo4j

问题描述

I'm getting below error when trying to reach an internal neo4j endpoint from another cluster尝试从另一个集群访问内部neo4j 端点时出现以下错误

neobolt.exceptions.ServiceUnavailable: Timed out trying to establish connection to ('xx.xxx.xx.xx', 7687) neobolt.exceptions.ServiceUnavailable:尝试建立与('xx.xxx.xx.xx',7687)的连接超时

When accessing this endpoint through the browser, it shows当通过浏览器访问这个端点时,它显示

not a WebSocket handshake request: missing upgrade不是 WebSocket 握手请求:缺少升级

I work on GCP.我在 GCP 上工作。 This is what I've got:这就是我所拥有的:

  • Cluster A with Composer running Airflow集群 A 与 Composer 运行 Airflow
  • Cluster B with K8s where my application is deployed使用 K8s 部署我的应用程序的集群 B
  • I know for sure both clusters can communicate我确定两个集群可以通信

Cluster B has a neo4j ingress defined as follows:集群 B 有一个 Neo4j 入口,定义如下:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    field.cattle.io/publicEndpoints: '[{"addresses":["xx.xxx.xx.xx"],"port":443,"protocol":"HTTPS","serviceName":"dev:neo4j","ingressName":"dev:neo4j-dev-ing","hostname":"neo4j-dev.host_name","allNodes":false}]'
  generation: 6
  name: neo4j-dev-ing
spec:
  rules:
  - host: neo4j-dev.host_name
    http:
      paths:
      - backend:
          serviceName: neo4j
          servicePort: neo4j-dev-bolt
  tls:
  - hosts:
    - neo4j-dev.host_name
status:
  loadBalancer:
    ingress:
    - ip: xx.xxx.xx.xx

My neo4j service looks as follows:我的 neo4j 服务如下所示:

apiVersion: v1
kind: Service
metadata:
  name: neo4j
spec:
  type: ClusterIP
  selector:
    app: neo4j
    component: neo4j
  ports:
    - port: 7473
      name: neo4j-dev-https
      targetPort: 7473
    - port: 7474
      name: neo4j-dev-http
      targetPort: 7474
    - port: 7687
      name: neo4j-dev-bolt
      targetPort: 7687
    - port: 1337
      name: neo4j-dev-shell
      targetPort: 1337

I've seen a few related questions but nothing concrete and a lot of contradictory information.我看过一些相关的问题,但没有什么具体的,而且有很多相互矛盾的信息。

Any ideas if this can even work at all?如果这甚至可以工作,有什么想法吗? Can someone with some insight into networks explain to me why this isn't working or put forward the concepts I need to research in order to get what's going on?对网络有一些了解的人可以向我解释为什么这不起作用或提出我需要研究的概念以了解正在发生的事情吗? Got stuck卡着了

1 个解决方案

解决方案1
 0 已采纳  2020-09-26 09:45:01

It's a known issue with accessing neo4j outside of kubernetes and there are no straightforward workarounds这是在 kubernetes 之外访问 neo4j 的一个已知问题,并且没有直接的解决方法

A complex workaround using multiple static IPs has been described here https://neo4j.com/labs/neo4j-helm/1.0.0/externalexposure/此处描述了使用多个静态 IP 的复杂解决方法https://neo4j.com/labs/neo4j-helm/1.0.0/externalexposure/

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在 Raspberry Pi4 上使用 Minikube 暴露 Kube.netes Ingress - Exposing Kubernetes Ingress, using Minikube on a Raspberry Pi4 aws上的kubernetes:公开多个域名(ingress vs ELB) - kubernetes on aws: Exposing multiple domain names (ingress vs ELB) 将Kong Admin API暴露给内部网络 - Exposing Kong Admin API to internal network 将内部网络上的端口暴露给 Internet 的安全注意事项 - Security considerations exposing ports on internal network to internet 如何用java在Neo4j中编写查询 - How to writer query in Neo4j by java 无法从同一Wi-Fi网络上的另一台设备连接到本地托管的Neo4j服务器 - Can't connect to locally-hosted Neo4j server from another device on the same Wi-Fi network 连接到 AWS 内部网络上的 Kubernetes 集群 - Connecting to Kubernetes cluster on AWS internal network 对 kubernetes 网络使用 softEther VPN(虚拟适配器),对入口使用默认适配器 - Use softEther VPN (virtual adapter) for kubernetes network and default adapter for ingress NEO4J - 根据最大​​值或最小值返回节点 - NEO4J - Return node based on max or min values 如何使用 Kubernetes 中的网络策略拒绝所有入口 UDP - How to DENY all Ingress UDP using Network Policies in Kubernetes
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM