[英]Kubernetes. How to use externally exposed URL of a Service internal of the cluster
我想從 Kubernetes 中的服務 A 連接到服務 B (KeyCloak)。 但是使用服務B的外部暴露的URL,例如“auth-dev.localhost”。
因為一般的原因。
通過瀏覽器連接到“auth-dev.localhost”正在工作。 但是我無法從服務 A 訪問服務 B,這個 url 聲明為“kubernetes.oauth.server.url=http://auth-dev.localhost/auth/realms/test”
感謝任何想法...
Feb 17, 2021 4:16:00 PM io.quarkus.hibernate.orm.runtime.proxies.ProxyDefinitions
WARN: Unable to find a build time generated proxy for entity %s
Feb 17, 2021 4:16:01 PM org.jboss.threads
INFO: JBoss Threads version %s
Feb 17, 2021 4:16:01 PM io.quarkus.runtime.ApplicationLifecycleManager run
ERROR: Failed to start application (with profile prod)
java.net.ConnectException: Connection refused
at java.base/sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
at java.base/sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:779)
at io.netty.channel.socket.nio.NioSocketChannel.doFinishConnect(NioSocketChannel.java:330)
at io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe.finishConnect(AbstractNioChannel.java:334)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:702)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:650)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:576)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:834)
附加信息
配置
服務 B (Keycloak)
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: keyclaok
name: keycloak
namespace: ${namespace}
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: keycloak
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
labels:
app: keycloak
spec:
containers:
- image: ${image}
imagePullPolicy: Always
name: keycloak
ports:
- containerPort: 8080
name: http
protocol: TCP
- containerPort: 5005
name: https
protocol: TCP
envFrom:
- configMapRef:
name: keycloak-config
readinessProbe:
failureThreshold: 3
httpGet:
path: /auth/realms/master
port: 8080
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: some-name
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
hostAliases:
- ip: "127.0.0.1"
hostnames:
- "auth-dev.localhost"
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: keycloak
name: keycloak-config
data:
KEYCLOAK_USER: ${user}
KEYCLOAK_PASSWORD: ${password}
PROXY_ADDRESS_FORWARDING: "true"
DB_VENDOR: "postgres"
DB_ADDR: ${db.host}
DB_PORT: ${db.port}
DB_DATABASE: "the-keycloak-DB"
DB_USER: ${db.user}
DB_PASSWORD: ${db.user.password}
apiVersion: v1
kind: Service
metadata:
labels:
app: keycloak
name: ${host}
namespace: ${namespace}
spec:
externalTrafficPolicy: Cluster
ports:
- name: http
port: ${port}
protocol: TCP
targetPort: 8080
selector:
app: keycloak
sessionAffinity: None
type: LoadBalancer
服務A
apiVersion: v1
kind: Service
metadata:
labels:
app: a-service
name: a-service
namespace: ${kubernetes.namespace}
spec:
externalTrafficPolicy: Cluster
ports:
- name: http
port: ${kubernete.port}
protocol: TCP
targetPort: 8080
- name: debug
port: ${kubernetes.debug.port}
protocol: TCP
targetPort: 5005
selector:
app: a-service
sessionAffinity: None
type: LoadBalancer
apiVersion: v1
kind: ConfigMap
metadata:
name: a-service-default
namespace: ${namespace}
data:
quarkus.oidc.auth-server-url: ${kubernetes.oauth.server.url}
quarkus.datasource.jdbc.url: jdbc:postgresql://db-service:5234/a-service
quarkus.datasource.username: my_user
quarkus.datasource.password: my_password
此外,配置了一個 Ingress,將 auth-dev.localhost 重定向到在瀏覽器中工作的 keycloak
似乎對我的問題有用的是:
聲明一個負載均衡器,它將 auth-dev.localhost 重定向到我的服務 B(Keycloak)並添加到正在運行的機器的“hosts”文件中
{服務 POD 的 IP} auth-dev.localhost
IP 取決於您如何配置 docker。 默認范圍為 192.168.65.0/28
而且我必須在服務 A 中聲明使用端口以及 8080
Kubernetes 中 Pod 之間的通信。 服務 object 還是集群網絡?
[英]Communication between Pods in Kubernetes. Service object or Cluster Networking?
如何在Kubernetes中從外部公開StatefulSet cassandra集群的無頭服務
[英]How to expose a headless service for a StatefulSet cassandra cluster externally in Kubernetes
如何從同一項目中的另一個Kubernetes集群調用Kubernetes集群公開的服務
[英]How to call a service exposed by a Kubernetes cluster from another Kubernetes cluster in same project
如何使用 ExternalName 服務訪問通過入口公開的內部服務
[英]How to use an ExternalName service to access an internal service that is exposed with ingress
如何使用Traefik從我的Web阿波羅客戶端公開應用程序訪問Apollo服務器內部Kubernetes服務
[英]How to access an Apollo Server Internal Kubernetes Service from my Web apollo-client exposed application with Traefik
如何在 Kubernetes 中外部公開 StatefulSet 的無頭服務
[英]How to expose a headless service for a StatefulSet externally in Kubernetes
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.