[英]How to access external SMTP server from within Kubernetes cluster with Istio Service Mesh
我有一個 kubernetes 集群,其中有在 Istio 服務網格中運行的應用程序。 在一個應用程序中,我嘗試使用 SMTP 發送電子郵件。 如何設置 Istio 規則以允許我的應用程序使用我的外部 SMTP 服務器?
最初我得到一個異常“無法連接到 SMTP 主機:in-v3.mailjet.com,端口:587,響應:-1。” 詳見此處。 訪問這個網站后,我意識到我需要提供出口規則,我按照下面的方式做了
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: mailjet
spec:
hosts:
- "in-v3.mailjet.com"
location: MESH_EXTERNAL
ports:
- number: 587
name: tls
protocol: TLS
resolution: DNS
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: mailjet
spec:
hosts:
- "*.mailjet.com"
tls:
- match:
- port: 587
sni_hosts:
- "*.mailjet.com"
route:
- destination:
host: "*.mailjet.com"
port:
number: 587
weight: 100
我不再收到“無法連接到 SMTP 主機”異常,但收到 SocketTieoutException
[0m[31m06:56:39,048 ERROR [stderr] (default task-55) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
[0m[31m06:56:39,048 ERROR [stderr] (default task-55) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
[0m[31m06:56:39,048 ERROR [stderr] (default task-55) at java.lang.Thread.run(Thread.java:748)
[0m[31m06:56:39,048 ERROR [stderr] (default task-55) Caused by: javax.mail.MessagingException: Exception reading response;
[0m[31m06:56:39,048 ERROR [stderr] (default task-55) nested exception is:
[0m[31m06:56:39,048 ERROR [stderr] (default task-55) java.net.SocketTimeoutException: Read timed out
[0m[31m06:56:39,048 ERROR [stderr] (default task-55) at com.sun.mail.smtp.SMTPTransport.readServerResponse(SMTPTransport.java:2460)
[0m[31m06:56:39,048 ERROR [stderr] (default task-55) at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:2187)
[0m[31m06:56:39,048 ERROR [stderr] (default task-55) at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:740)
[0m[31m06:56:39,048 ERROR [stderr] (default task-55) at javax.mail.Service.connect(Service.java:366)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) at javax.mail.Service.connect(Service.java:246)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) at javax.mail.Service.connect(Service.java:267)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) at org.keycloak.email.DefaultEmailSenderProvider.send(DefaultEmailSenderProvider.java:138)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) ... 73 more
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) Caused by: java.net.SocketTimeoutException: Read timed out
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) at java.net.SocketInputStream.socketRead0(Native Method)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) at java.net.SocketInputStream.socketRead(SocketInputStream.java:116)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) at java.net.SocketInputStream.read(SocketInputStream.java:171)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) at java.net.SocketInputStream.read(SocketInputStream.java:141)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) at com.sun.mail.util.TraceInputStream.read(TraceInputStream.java:126)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) at java.io.BufferedInputStream.read(BufferedInputStream.java:265)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) at com.sun.mail.util.LineInputStream.readLine(LineInputStream.java:106)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) at com.sun.mail.smtp.SMTPTransport.readServerResponse(SMTPTransport.java:2440)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) ... 79 more
[0m[31m06:56:39,049 ERROR [org.keycloak.services.resources.admin.RealmAdminResource] (default task-55) Failed to send email
javax.mail.MessagingException: Exception reading response;
nested exception is:
java.net.SocketTimeoutException: Read timed out
我需要做什么才能在具有 Istio 服務網格的 Kubernetes 集群中成功發送電子郵件?
在與外部 MySQL 實例的 Mesh-external 服務條目進行比較后,我設法按照以下方式使用 TCP 使其正常工作。 我嘗試使用 IP 地址進行 TLS,但沒有成功。 但是,如果我不必指定 IP 地址,那就太好了
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: mailjet
spec:
hosts:
- in-v3.mailjet.com
addresses:
- 104.199.96.85/32
ports:
- name: tls
number: 587
protocol: tcp
location: MESH_EXTERNAL
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: mailjet
spec:
hosts:
- in-v3.mailjet.com
tcp:
- match:
- port: 587
route:
- destination:
host: in-v3.mailjet.com
port:
number: 587
---
是否可以使用 Istio 搜索網格在 Kubernetes 中創建 Redis 集群?
[英]Is it possible to create a Redis Cluster within Kubernetes using a Istio Search Mesh?
數據中心內部 kubernetes 集群中的 Istio 服務網格
[英]Istio service mesh in on premise kubernetes cluster in data center
從 istio 服務網格上的工作節點中的服務連接到 Kubernetes API 服務器
[英]Connecting to Kubernetes API Server from a service in a worker node on istio Service Mesh
Can't Curl 服務在 kubernetes 集群中從 istio 網格中的 vm 運行
[英]Can't Curl Services running in the kubernetes cluster from the vm in istio mesh
使用 Istio 在 Kubernetes 集群上訪問 Prometheus GUI
[英]Access Prometheus GUI on Kubernetes Cluster with Istio
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.