Docker kubernetes将传出http流量从服务重定向到localhost:port
我在两个容器中有一个图表:Docker kubernetes将传出http流量从服务重定向到localhost:port,docker,kubernetes,devops,google-kubernetes-engine,Docker,Kubernetes,Devops,Google Kubernetes Engine,我在两个容器中有一个图表: apiVersion: apps/v1beta2 kind: Deployment metadata: name: catalog labels: app: catalog chart: catalog-0.1.0 heritage: Tiller spec: replicas: 1 selector: matchLabels: app: catalog template: metadata:
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: catalog
labels:
app: catalog
chart: catalog-0.1.0
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: catalog
template:
metadata:
labels:
app: catalog
spec:
containers:
- name: catalog
image: catalog:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
protocol: TCP
- name: myproxy
image: myproxy:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8008
protocol: TCP
env:
- name: PROXY_PORT
value: '8080'
---
apiVersion: v1
kind: Service
metadata:
name: catalog
labels:
app: catalog
chart: catalog-0.1.0
heritage: Tiller
spec:
type: NodePort
ports:
- port: 8008
targetPort: http
protocol: TCP
name: http
selector:
app: catalog
我需要通过localhost将所有出站流量从catalog容器重定向到myproxy容器
并且已经在容器中,以确定目录是否可以发送请求、记录请求等
请提示是否可以使用kubernetes实现它
谢谢
更新: 问题是我无法更改Catalog容器中的代码并将查询发送到localhost 容器也没有iptables来执行类似的操作
containers:
- name: catalog
image: catalog:v1
imagePullPolicy: IfNotPresent
command:
- 'iptables -t nat -A OUTPUT -p tcp --dport 8080 -j DNAT --to-destination 127.0.0.1:8008'
ports:
- name: http
containerPort: 8080
protocol: TCP
最好使用kubernetes完成,如果目录应用程序尊重
http\U代理
环境变量,就很容易了。只需将环境变量添加到目录容器中
- name: catalog
image: catalog:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
protocol: TCP
env:
- name: HTTP_PROXY
value: localhost:8008
如果catalog应用程序尊重
http\U proxy
环境变量,则很容易实现。只需将环境变量添加到目录容器中
- name: catalog
image: catalog:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
protocol: TCP
env:
- name: HTTP_PROXY
value: localhost:8008
对于更新,如果需要操作iptables,可以添加另一个
initContainer
,例如:
initContainers:
- image: centos
imagePullPolicy: Always
name: run-iptables
securityContext:
privileged: true
command:
- "sh"
- "-c"
- 'yum -y install iptables; iptables -t nat -A OUTPUT -p tcp --dport 8080 -j DNAT --to-destination 127.0.0.1:8008'
由于pod中的所有容器共享相同的网络名称空间,因此也会对目录容器产生影响。对于更新,如果需要操作iptables,可以添加另一个
initContainer
,例如:
initContainers:
- image: centos
imagePullPolicy: Always
name: run-iptables
securityContext:
privileged: true
command:
- "sh"
- "-c"
- 'yum -y install iptables; iptables -t nat -A OUTPUT -p tcp --dport 8080 -j DNAT --to-destination 127.0.0.1:8008'
由于pod中的所有容器共享相同的网络名称空间,因此它也会影响目录容器。据我所知,这将在容器centos级别工作,而不是目录级别。此链接可能会有所帮助。据我所知,这将在container centos而不是Catalog级别起作用。也许这个链接有帮助。