首页 文章

代理背后的Kubernetes Docker容器

提问于
浏览
0

我们确实在代理后面部署了Kubernetes集群,并成功配置了docker守护程序,以使用我们的代理来生成映射,如下页所述:https://docs.docker.com/config/daemon/systemd/#httphttps-proxy

我们确实已经配置了Docker客户端来设置environemnt参数"https_proxy","http_proxy"和"no_proxy",如下页所定义:https://docs.docker.com/network/proxy/#configure-the-docker-client

Kubernetes集群设置如下:

aadigital1:~ # kubectl get node
NAME         STATUS    ROLES         AGE       VERSION
aadigital1   Ready     master,node   9d        v1.10.4
aadigital2   Ready     node          9d        v1.10.4
aadigital3   Ready     node          9d        v1.10.4
aadigital4   Ready     node          9d        v1.10.4
aadigital5   Ready     node          9d        v1.10.4

Docker container run manually - ENV Parameters set correctly

手动部署的docker容器的环境参数按照定义设置:

aadigital1:~ # docker run -i -t odise/busybox-curl ash
/ # printenv
HTTPS_PROXY=http://ssnproxy.ssn.xxx.com:80/
no_proxy=localhost,127.0.0.0,127.0.1.1,127.0.1.1,local.home,80.250.142.64,80.250.142.65,80.250.142.66,80.250.142.69,80.250.142.70,80.250.142.71,aadigital1.aan.xxx.com,aadigita2.ssn.xxx.com,aadigital3.ssn.xxx.com,aadigital4.ssn.xxx.com,aadigita5.ssn.xxx.com,aadigital6.ssn.xxx.com
HOSTNAME=0360a9dcd20b
SHLVL=1
HOME=/root
NO_PROXY=localhost,127.0.0.0,127.0.1.1,127.0.1.1,local.home,80.250.142.64,80.250.142.65,80.250.142.66,80.250.142.69,80.250.142.70,80.250.142.71,aadigital1.aan.xxx.com,aadigita2.ssn.xxx.com,aadigital3.ssn.xxx.com,aadigital4.ssn.xxx.com,aadigita5.ssn.xxx.com,aadigital6.ssn.xxx.com
https_proxy=http://ssnproxy.ssn.xxx.com:80/
http_proxy=http://ssnproxy.ssn.xxx.com:80/
TERM=xterm
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
HTTP_PROXY=http://ssnproxy.ssn.xxx.com:80/

Kubernetes PODs - ENV Parameters not set

上面用作Kubernetes POD的相同docker镜像没有代理环境参数(同一台机器aadigital1):

aadigital1:~ # kubectl get pod -o wide
NAME                       READY     STATUS    RESTARTS   AGE       IP          NODE
busybox-6d4df8f8b7-m62m2   1/1       Running   3          2d        10.0.0.16   aadigital3
busybox-curl               1/1       Running   0          16m       10.0.1.59   aadigital1
busybox-dns                1/1       Running   9          6h        10.0.1.53   aadigital1
aadigital1:~ # kubectl exec -it busybox-curl -- ash
/ # printenv
KUBERNETES_PORT=tcp://10.0.128.1:443
NGINX_NODEPORT_PORT=tcp://10.0.204.167:80
KUBERNETES_SERVICE_PORT=443
NGINX_NODEPORT_SERVICE_PORT=80
HOSTNAME=busybox-curl
SHLVL=1
HOME=/root
NGINX_NODEPORT_PORT_80_TCP_ADDR=10.0.204.167
NGINX_NODEPORT_PORT_80_TCP_PORT=80
NGINX_NODEPORT_PORT_80_TCP_PROTO=tcp
TERM=xterm
NGINX_NODEPORT_PORT_80_TCP=tcp://10.0.204.167:80
KUBERNETES_PORT_443_TCP_ADDR=10.0.128.1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_PORT_443_TCP=tcp://10.0.128.1:443
KUBERNETES_SERVICE_PORT_HTTPS=443
PWD=/
KUBERNETES_SERVICE_HOST=10.0.128.1
NGINX_NODEPORT_SERVICE_HOST=10.0.204.167

我们如何配置Kubernetes / Docker为POD正确设置代理环境参数?

非常感谢你!

docker proxy kubernetes kubernetes-pod

1 回答

  • 2

    这种状态的原因是具有代理的环境变量是docker客户端的特征 . Docker分为两部分:通过docker守护程序暴露在套接字上的API和docker客户端CLI,使用它可以运行容器docker run ....这样命令就会命中docker daemon API制作'某事' . 遗憾的是Kubernetes是另一个API客户端,这意味着Kubernetes不使用docker客户端来安排容器(Kubernetes直接使用SDK访问API),这就是为什么你没有看到预期的环境变量 .

    要解决该问题,我建议使用该代理值创建ConfigMap,例如

    apiVersion: v1
kind: ConfigMap
metadata:
  name: your-config-map-name
  labels:
    app: your-best-app
data:
  HTTPS_PROXY: http://ssnproxy.ssn.xxx.com:80/
  HTTP_PROXY: http://ssnproxy.ssn.xxx.com:80/

    并使用将它们作为环境变量安装到部署中

    envFrom:
  - configMapRef:
      name: your-config-map-name
    回复于

相关问题