gpt4 book ai didi

kubernetes - Istio-使用DNS名称访问外部数据库(TCP)

转载 作者:行者123 更新时间:2023-12-02 12:25:04 25 4
gpt4 key购买 nike

我想使用端口3306访问在某些IP上公开的外部数据库:10.48.100.124(没有与此IP关联的DNS名称)
我创建了ServiceEntry:

apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
name: csd-database
namespace: testnam-dev
spec:
hosts:
- csd-database
addresses:
- 10.48.100.124/32
exportTo:
- "."
ports:
- number: 3306
name: tcp
protocol: TCP
location: MESH_EXTERNAL
resolution: STATIC
endpoints:
- address: 10.48.100.124
ports:
tcp: 3306
如果我尝试通过群集内的IP(10.48.100.124)连接,效果很好。
但是我想用DNS名称公开此服务(在k8s / isito集群内部),所以我创建了VirtualService:
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: csd-database
namespace: testnam-dev
spec:
hosts:
- csd-database
gateways:
- ingresgateway
tcp:
- route:
- destination:
host: csd-database
但是我无法连接到主机:csd数据库
telnet也无法通过3306端口连接到csd数据库。
如何在群集内部使用DNS名称公开ServiceEntry?
DB没有DNS名称(外部名称),它只有IP地址。 SO DB仅在10.48.100.124:3306上可访问

最佳答案

TLDR:当前已将ServiceEntry配置为按静态IP地址解析。
更改:

resolution: STATIC
resolution: DNS

根据istio documentation:

ServiceEntry.Resolution

Resolution determines how the proxy will resolve the IP addresses ofthe network endpoints associated with the service, so that it canroute to one of them. The resolution mode specified here has no impacton how the application resolves the IP address associated with theservice. The application may still have to use DNS to resolve theservice to an IP so that the outbound traffic can be captured by theProxy. Alternatively, for HTTP services, the application coulddirectly communicate with the proxy (e.g., by setting HTTP_PROXY) totalk to these services.

NONE - Assume that incoming connections have already been resolved(to a specific destination IP address). Such connections are typicallyrouted via the proxy using mechanisms such as IP table REDIRECT/ eBPF.After performing any routing related transformations, the proxy willforward the connection to the IP address to which the connection wasbound.

STATIC - Use the static IP addresses specified in endpoints (seebelow) as the backing instances associated with the service.

DNS - Attempt to resolve the IP address by querying the ambient DNS,during request processing. If no endpoints are specified, the proxywill resolve the DNS address specified in the hosts field, ifwildcards are not used. If endpoints are specified, the DNS addressesspecified in the endpoints will be resolved to determine thedestination IP address. DNS resolution cannot be used with Unix domainsocket endpoints.

关于kubernetes - Istio-使用DNS名称访问外部数据库(TCP),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64215742/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com