小贝子编程

如何通过入口向外界公开恶意服务



下面是我的示例服务

apiVersion: serving.knative.dev/v1
kind: Service
metadata:
name: test-svc
spec:
template:
metadata:
annotations:
autoscaling.knative.dev/minScale: "1"
spec:
serviceAccountName: default
containers:
- image: ******************
imagePullPolicy: IfNotPresent
name: test-svc
envFrom:
- secretRef:
name: test-env

kubectl get ksvc
NAME       URL                                   LATESTCREATED    LATESTREADY      READY     REASON
test-svc   http://test-svc.kube-system.kasl.io   test-svc-8v6gv   test-svc-8v6gv   True

网关+病毒服务

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: httpbin-gateway
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: httpbin
spec:
hosts:
- "*"
gateways:
- httpbin-gateway
http:
- match:
- uri:
prefix: /headers
route:
- destination:
host: istio-ingressgateway.istio-system.svc.cluster.local

如果我做旋度-vhttp://test-svc.kube-system.kasl.io在集群内部,其工作非常完美下面是我的服务示例

apiVersion: serving.knative.dev/v1
kind: Service
metadata:
name: test-svc
spec:
template:
metadata:
annotations:
autoscaling.knative.dev/minScale: "1"
spec:
serviceAccountName: default
containers:
- image: ******************
imagePullPolicy: IfNotPresent
name: test-svc
envFrom:
- secretRef:
name: test-env

kubectl get ksvc
NAME       URL                                   LATESTCREATED    LATESTREADY      READY     REASON
test-svc   http://test-svc.kube-system.kasl.io   test-svc-8v6gv   test-svc-8v6gv   True

网关+病毒服务

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: httpbin-gateway
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: httpbin
spec:
hosts:
- "*"
gateways:
- httpbin-gateway
http:
- match:
- uri:
prefix: /headers
route:
- destination:
host: istio-ingressgateway.istio-system.svc.cluster.local

如果我做旋度-vhttp://test-svc.kube-system.kasl.io集群内部其工作

现在我想将这些服务暴露给集群之外

Knative使用一个共享入口网关为Knative服务网格内的所有传入流量提供服务,这是Knative服务命名空间下的Knative入口网关。默认情况下,它使用Istio-system命名空间下的Istio网关服务Istio-ingressgateway作为其底层服务。您可以按照如下[1]将服务替换为自己的服务,有关更多详细步骤,请参阅链接[2]。

[1]https://knative.dev/docs/serving/setting-up-custom-ingress-gateway/[2]https://starkandwayne.com/blog/public-traffic-into-knative-on-gke/

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium