应用场景:Docker 容器中默认Pod的ingress和egress都是禁止流入和流出,只允许做DNS查询,今天小编就来说说关于docker 网络代理?下面更多详细答案一起来看看吧!
docker 网络代理
应用场景:Docker 容器中
默认Pod的ingress和egress都是禁止流入和流出,只允许做DNS查询
但是需要Java应用程序能够上网
apiVersion: networking.k8s.io/v1
kind: Networkpolicy
metadata:
name: default-deny-all
namespace: sandbox
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
我一般如下验证我的语法是否OK
yq r 1.yaml -j -P
{
"apiVersion": "networking.k8s.io/v1",
"kind": "Networkpolicy",
"metadata": {
"name": "default-deny-all",
"namespace": "sandbox"
},
"spec": {
"podSelector": {},
"policyTypes": [
"Ingress",
"Egress"
]
}
}
apiVersion: networking.k8s.io/v1
kind: Networkpolicy
metadata:
name: default-allow-dns
namespace: sandbox
spec:
podSelector: {}
policyTypes:
- Egress
egress:
- to:
- namespaceSelector: {}
podSelector:
matchLabels:
k8s-app: kube-dns
ports:
- port: 53
protocal: UDP
- port: 53
protocal: TCP
参数说明
- http.proxyHost : 代理服务器地址或者主机名
- http.proxyPort : 代理服务端口号
- https.proxyHost : https代理服务器主机名
- https.proxyPort: 代理端口号
- http.nonProxyHosts : 指定绕过代理的主机列表,使用 | 分割的模式列表,可以以通配符 * 开头或者结尾,任何匹配这些模式之一的主机都将通过直接连接而不是通过代理访问。该设置对http,https通用
- 在deployment中,设定Java运行参数
在deployment.yaml中片段如下
containers:
- name: helloworld
image: docker-registry.xxx.com/hello_proxy
imagePullPolicy: Always
ports:
- containerPort: 8080
command: ["java"]
args: ["-Dhttp.proxyHost=192.168.7.7", "-Dhttp.proxyPort=1328", "-Dhttps.proxyHost=192.168.7.7", "-Dhttps.proxyPort=443", "-jar", "target/app.jar"]
https://kubernetes.io/zh/docs/concepts/services-networking/network-policies/
,
