gpt4 book ai didi

docker - 在Kubernetes/Nginx中为客户端设置正确的主机名

转载 作者:行者123 更新时间:2023-12-02 20:03:44 25 4
gpt4 key购买 nike

我正在使用Nginx在Kubernetes上运行的dockerized微服务体系结构,并且遇到主机名问题。您如何正确地将主机名添加到Kubernetes(或者也可能是Nginx)?

问题:当名为admin的微服务A尝试与名为session的微服务B对话时,admin记录以下错误,但未达到session:

{ Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's 
altnames: Host: session. is not in the cert's altnames: DNS:*.example.com, example.com
at Object.checkServerIdentity (tls.js:225:17)
at TLSSocket.onConnectSecure (_tls_wrap.js:1051:27)
at TLSSocket.emit (events.js:160:13)
at TLSSocket._finishInit (_tls_wrap.js:638:8)
reason: 'Host: session. is not in the cert\'s altnames:
DNS:*.example.com, example.com',
host: 'session',
cert:
{ subject: { OU: 'Domain Control Validated', CN:
'*.example.com' },
issuer: ...

为响应此错误,我尝试不成功(基于 this)更新kubernetes config yaml文件中的主机名。请参阅下面添加的 hostname
apiVersion: apps/v1
kind: Deployment
metadata:
name: session
namespace: demo
spec:
replicas: 1
selector:
matchLabels:
app: session
component: demo
template:
metadata:
labels:
app: session
component: demo
spec:
hostname: session.example.com . ----> added host name here
imagePullSecrets:
- name: docker-secret
containers:
- name: session
...

但是,当我尝试在Kubernetes中应用此更新的配置文件时,出现了一个我无法使用句点的错误。如果我不能使用句点,并且主机名是 *.example.com(即 session.example.com),则主机名应在何处/如何更新。
The Deployment "session" is invalid: spec.template.spec.hostname: 
Invalid value: "session.example.com": a DNS-1123 label must
consist of lower case alphanumeric characters or '-', and must start and
end with an alphanumeric character (e.g. 'my-name', or '123-abc', regex
used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?')

同时,nginx配置文件中的服务器名称确实已使用 session.example.com更新。
upstream session {
server 127.0.0.1:3000;
keepalive 32;
}

server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;

server_name "session.example.com"; ---> updated for hostname

ssl_certificate /etc/ssl/nginx/certificate.pem;
ssl_certificate_key /etc/ssl/nginx/key.pem;

location / {
proxy_pass http://session/;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}


server {
listen 80 default_server;
listen [::]:80 default_server;
server_name "session.example.com"; ---> updated for hostname

return 301 https://$host$request_uri;
}

您如何建议解决此问题?我的目标是让 adminsession成功通信。

最佳答案

您可以使用kubernetes自己的dns。
https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
因此,您可以使用pod dns访问您的pod;

When enabled, pods are assigned a DNS A record in the form of

“pod-ip-address.my-namespace.pod.cluster.local”


有了服务,您可以使用

my-svc.my-namespace.svc.cluster.local

关于docker - 在Kubernetes/Nginx中为客户端设置正确的主机名,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/51664743/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com