Shulou(Shulou.com)06/02 Report--

Curl https://saas-pay-gray.XXX.cn/ping extranet

Curl https://vpc-saas-pay-gray.XXX.cn/ping slb, that is, when designing slb (vpc) at that time, taking into account the specific features, apart from the daily use of the private network to pull container images, is there anything else?

Due to the use of k8s cluster in the company architecture, a complete set of parsing has been done within k8s; that is

The service is called directly through DNS parsing in K8s cluster without going through slb.

Servicename

Same namespace for curl saas-pay-gray/ping

Kuaizimu-h6-gray-> saas-pay

Servicename.namespace

Service invocation between curl saas-pay-gray.saas/ping different namespaces

Curl http://saas-pay-gray.saas/ping experiments show that it is possible to obtain another container service in the K8s cluster directly in the container.

The reason why curl https://saas-pay-gray.saas/ping cannot be accessed here is that internal resolution does not pass certificate resolution

Https corresponds to a domain name

Yang Guiming invokes the service through the domain name "http://saas-pay-prod.saas.svc.cluster.local", which is the same as calling servicename.

The cluster.local for servicename is defined in the / etc/systemd/system/kubelet.service.d/10-kubeadm.conf file.

You can view it through the command:

Cat / etc/systemd/system/kubelet.service.d/10-kubeadm.conf | grep cluster-domain | awk'{print $NF}'

Can servicename be called offline in the same way? The answer is yes.

Saas-pay-test.saas.svc.cluster.local

Just confirmed with Ali here:

In the future, for service calls between containers in K8s cluster, the domain name will be uniformly used as "project name. namespace .svc.cluster.local", which can only be resolved in K8s cluster.

Call k8s service between public networks and directly use the domain name of the public network.

Note:

Service calls between containers in a K8s cluster cannot go through ECS's vpc network. In this case, the cluster will forward the ip of slb as if it were the ip of service.

That is, vpc- public network domain name

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.