当前位置:网站首页>Kubernets traifik proxy WS WSS application
Kubernets traifik proxy WS WSS application
2022-06-24 06:33:00 【I have nothing to do with you】
background :
The team will release a set of applications ,springboot Developed ws application . Then you need to go outside . Support ws wss agreement .jenkins finish writing sth. pipeline Release task . I remember that Tencent cloud was used when there was no container in the past cls Pending certificate mapping cvm port . My current network environment is like this :Kubernetes 1.20.5 install traefik Practice under Tencent cloud ( Of course, the environment this time is running in tke1.20.6 above , All are built according to the above examples --- Except I built a new one namespace traefik, And will traefik Applications are installed in this namespace ! And the reason for that is tke Of kebe-system Under the pod That's too much ! I have ocd )
Deployment and analysis process :
1. About my app :
The deployment mode of the application is statefulset, as follows :
cat <<EOF > xxx-gateway.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: xxx-gateway
spec:
serviceName: xxx-gateway
replicas: 1
selector:
matchLabels:
app: xxx-gateway
template:
metadata:
labels:
app: xxx-gateway
spec:
containers:
- name: xxx-gateway
image: ccr.ccs.tencentyun.com/xxx-master/xxx-gateway:202107151002
env:
- name: SPRING_PROFILES_ACTIVE
value: "official"
- name: SPRING_APPLICATION_JSON
valueFrom:
configMapKeyRef:
name: spring-config
key: dev-config.json
ports:
- containerPort: 8443
resources:
requests:
memory: "512M"
cpu: "500m"
limits:
memory: "512M"
cpu: "500m"
imagePullSecrets:
- name: tencent
---
apiVersion: v1
kind: Service
metadata:
name: xxx-gateway
labels:
app: xxx-gateway
spec:
ports:
- port: 8443
selector:
app: xxx-gateway
clusterIP: None
EOFkubectl apply -f xxx-gateway.yaml -n official
Steal a lazy and direct copy For another application ingress yaml Modified it , as follows :
cat <<EOF > gateway-0-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: layaverse-gateway-0-http
namespace: official
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
rules:
- host: xxx-gateway-0.xxx.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: xxx-gateway
port:
number: 8443
EOFDeploy ingress
kubectl apply -f gateway-0-ingress.yaml
see ingress Deployment status
kubectl get ingress -n official
Um. And test it out wss(wss I use... Directly 443 Port . Certificate mount slb Layer of -- That's what I understand ! Refer to me for details traefik Configuration of ), Let's emphasize here wscat This tool . Anyway, I looked at our back-end partner test ws Applications are online ws Tools :
That's it . Then I happened to see wscat Just install it :
sudo apt install npm sudo npm install -g wscat wscat -c wss://xxx-gateway-0.xxx.com:443/ws
Uh huh Basically, it can be confirmed that the external application is successful ?
Of course, the above is just my smooth assumption !
In fact, it is connected to the back end after the proxy ws There are still various problems with the service ( At first I suspected that traefik The problem of ), Still can't connect ! I'm rude xxx-gateway The exposure mode of is modified to NodePort Then mount to slb layer ( stay scl Directly added ssl certificate ), The test is OK, so it can be used directly . Let the app run first , Then study how to deal with .
2. About ws and http:
Don't worry about so much , First understand and realize my traefik How to implement agent ws Well ?
The content in the picture is taken from :https://blog.csdn.net/fmm_sunshine/article/details/77918477
3. Find out whose pot it is
1. Build a simple ws application
Since I don't understand the back-end code , Then I'll find a simple ws Then use traefik Agent test !
dockerhub Found one nodejs Of websocket Mirror image :https://hub.docker.com/r/ksdn117/web-socket-test
Deploy it :
cat <<EOF > web-socket-test.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: web-socket-test
spec:
serviceName: web-socket-test
replicas: 1
selector:
matchLabels:
app: web-socket-test
template:
metadata:
labels:
app: web-socket-test
spec:
containers:
- name: web-socket-test
image: ksdn117/web-socket-test
ports:
- containerPort: 8010
name: web
- containerPort: 8443
name: ssl
resources:
requests:
memory: "512M"
cpu: "500m"
limits:
memory: "512M"
cpu: "500m"
---
apiVersion: v1
kind: Service
metadata:
name: web-socket-test
labels:
app: web-socket-test
spec:
type: NodePort
ports:
- port: 8010
targetPort: 8010
protocol: TCP
name: web
- port: 8443
targetPort: 8443
name: ssl
protocol: TCP
selector:
app: web-socket-test
EOFnotes : I added... To the configuration file here type:NodePort
kubectl apply -f web-socket-test.yaml kubectl get pods kubectl get svc
2. Inside wscat test ws Is the service connected
Connect internally first container pod ip Test the service :
wscat --connect ws://172.22.0.230:8010
kubectl logs -f web-socket-test-0
3.traefik External agency ws Apply and test
traefik Normal external exposure services can use ingress There are also ways to ingressroute I'll try it :
1. ingressroute The way
cat <<EOF > web-socket-ingressroute.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: web-socket-test-http
namespaces: default
spec:
entryPoints:
- web
routes:
- match: Host(`web-socket-test.xxx.com`)
kind: Rule
services:
- name: web-socket-test
port: 8010
EOF
kubectl apply -f web-socket-ingressroute.yamlwscat Test the connection :
There is no problem with this measurement ?
Delete ingress
kubectl delete -f web-socket-ingressroute.yaml
2. ingress The way
Straighten it up ingress The way :
cat <<EOF > web-socket-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: web-socket-test
namespace: default
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
rules:
- host: web-socket-test.layame.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: web-socket-test
port:
number: 8010
EOF
kubectl apply -f web-socket-ingress.yamlwscat --connect wss://web-socket-test.xxx.com:443
The basic completion of pot throwing is not the problem of my infrastructure at least ..... Let the backend partners test to see what's wrong . From my agent level, there is no problem !
About other :
Of course, read some blogs and add passHostHeader: true The configuration of
1. ingressroute:
2. ingress
ingress:traefik.ingress.kubernetes.io/service.passhostheader: "true"
If there are questions You can try the above way !
边栏推荐
- Water conservancy RTU telemetry terminal
- At the beginning of the school season, use this template to improve the management level
- Several methods for reinstalling the system:
- Tencent security release data security compliance capability map
- Tencent (host security) was listed in the market guide for cloud workload protection platform released by Gartner
- Analysis and treatment of easydss flash back caused by system time
- Easynvr is optimized when a large number of videos are not online or unstable due to streaming failure
- Word cannot copy and paste processing method
- How to register a domain name? What are the benefits of building a website?
- Implementation of code rate and frame rate statistics in easyplayer RTSP player
猜你喜欢
Technology is a double-edged sword, which needs to be well kept
A cigarette of time to talk with you about how novices transform from functional testing to advanced automated testing
Enter the software test pit!!! Software testing tools commonly used by software testers software recommendations
The product layout is strengthened, the transformation of digital intelligence is accelerated, and FAW Toyota has hit 2022million annual sales
创客教育给教师发展带来的挑战
![[fault announcement] one stored procedure brings down the entire database](/img/7c/e5adda73a077fe4b8f04b59d1e0e1e.jpg)
[fault announcement] one stored procedure brings down the entire database
Oracle case: ohasd crash on AIX
ServiceStack. Source code analysis of redis (connection and connection pool)
解读AI机器人产业发展的顶层设计
Manual for automatic testing and learning of anti stepping pits, one for each tester
随机推荐
Printer connection mode
The gadgets developed by freshmen are popular. Netizen: my food is good
The 2021 Tencent digital ecology conference landed in Wuhan, waiting for you to come to the special session of wechat with low code
Raspberry PI (bullseye) replacement method of Alibaba cloud source
Fault analysis | using --force to batch import data leads to partial data loss
The errorcontrol registry of the third-party service is 3, which may cause the system to cycle restart. For example, ldpkit introduced by WPS
Easyscreen live streaming component pushes RTSP streams to easydarwin for operation process sharing
[in depth sharing] Devops evolution path -- Realizing R & D digital transformation based on four vertical and four horizontal Devops system
Authoritative recognition! Tencent cloud data security Zhongtai was selected as the 2021 pioneer practice case
Royal treasure: an analysis of SQL algebra optimization
How accurate are the two common methods of domain name IP query
Discussion on NFT Technology
Configure PHP development environment in MAC environment: apache+php+mysql
Easynvr is optimized when a large number of videos are not online or unstable due to streaming failure
SQL server memory management on cloud
Analysis on the influence of "network security policy issued successively" on Enterprises
What is domain name resolution? How to resolve domain name resolution errors
How to apply 5g smart pole to smart highway
Oracle case: ohasd crash on AIX
Intranet environment request Tencent cloud 3.0 API details