Kubernetes Istio-通过自定义群集内部域访问外部服务
我正在尝试设置一个服务条目,以便通过集群内的Kubernetes Istio-通过自定义群集内部域访问外部服务,kubernetes,service,dns,istio,servicemesh,Kubernetes,Service,Dns,Istio,Servicemesh,我正在尝试设置一个服务条目,以便通过集群内的default.google.global域访问外部服务,比如www.google.com: apiVersion: networking.istio.io/v1alpha3 kind: ServiceEntry metadata: name: google-svc-entry spec: hosts: - default.google.global ports: - number: 443 name: https
default.google.global
域访问外部服务,比如www.google.com
:
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: google-svc-entry
spec:
hosts:
- default.google.global
ports:
- number: 443
name: https
protocol: HTTPS
endpoints:
- address: google.com
ports:
https: 443
resolution: DNS
location: MESH_EXTERNAL
当我尝试使用default.google.global
域访问它时,它无法从pod内部建立连接:
> kubectl exec --namespace=sample -it <SOURCE_POD> -- curl -vvv https://default.google.global/
* Trying 240.0.0.3...
* TCP_NODELAY set
* Connected to default.google.global (240.0.0.3) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to default.google.global:443
* stopped the pause stream!
* Closing connection 0
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to default.google.global:443
command terminated with exit code 35
kubectl exec--namespace=sample-it--curl-vvvhttps://default.google.global/
*正在尝试240.0.0.3。。。
*TCP_节点集
*已连接到default.google.global(240.0.0.3)端口443(#0)
*阿尔卑斯山,提供h2
*ALPN,提供http/1.1
*已成功设置证书验证位置:
*CAfile:/etc/ssl/certs/ca-certificates.crt
卡帕斯:没有
*TLSv1.2(输出),TLS握手,客户端问候(1):
*LibreSSL SSL\u connect:SSL\u ERROR\u连接到default.google.global:443的系统调用
*停止暂停流!
*正在关闭连接0
curl:(35)LibreSSL SSL\u connect:SSL\u ERROR\u系统调用连接到default.google.global:443
命令终止,退出代码为35
我可能会错过什么?我甚至会选择正确的方式?就像我说的-我希望通过集群内的自定义域名访问外部服务