kubernetes:使用 externalServices 卷曲外部站点不起作用
kubernetes : curl external site using externalServices does not work
我想在 kubernetes 中测试外部服务。
所以,我创建了一个指向某个网站的外部服务(gf.dev):
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
type: ExternalName
externalName: gf.dev
现在我想测试一切正常:
kubectl run --rm watchpod -it --image arunvelsriram/utils bash
楼主好像在做:
root@watchpod:/# host my-service
my-service.abdelghani.svc.cluster.local is an alias for gf.dev.
gf.dev has address 172.67.213.5
gf.dev has address 104.21.77.239
gf.dev has IPv6 address 2606:4700:3030::ac43:d505
gf.dev has IPv6 address 2606:4700:3037::6815:4def
但 curl 不会:
root@watchpod:/# curl -I my-service
**HTTP/1.1 403 Forbidden**
Date: Mon, 25 Jan 2021 10:16:00 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 16
**Connection: close**
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Set-Cookie: __cfduid=df4f08d8708a14966ce21d14bdb80a7411611569760; expires=Wed, 24-Feb-21 10:16:00 GMT; path=/; domain=.my-service; HttpOnly; SameSite=Lax
cf-request-id: 07daa4214f00002b29e6157000000001
Server: cloudflare
CF-RAY: 61713c7bb8f02b29-FRA
And root@watchpod:/# curl my-service
error code: 1003root@watchpod:/#
尽管我可以从我的 pod 卷曲 gf.dev :
root@watchpod:/# curl -I gf.dev
HTTP/1.1 301 Moved Permanently
Date: Mon, 25 Jan 2021 10:26:52 GMT
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 25 Jan 2021 11:26:52 GMT
Location: https://gf.dev/
cf-request-id: 07daae12280000d4a05e2b9000000001
Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=7Ph5u3ilp58DnRPlhemS%2F1FjPT7qVzUK7wu9%2B5H7PNGez8Tk9BM2SGsFmwU05pGlmBpOr2qni6IQhiJpdgS%2FtmkZpUDS06s%3D"}],"max_age":604800}
NEL: {"max_age":604800,"report_to":"cf-nel"}
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 61714c637be2d4a0-BRU
知道为什么会这样吗?
谢谢,
阿卜杜勒加尼
gf.dev 域似乎正在使用 cloudfare。您遇到了 cloudfare 1003 错误。
# curl my-service
1003
来自https://support.cloudflare.com/hc/en-us/articles/360029779472-Troubleshooting-Cloudflare-1XXX-errors
Error 1003 Access Denied: Direct IP Access Not Allowed
Common cause
A client or browser directly accesses a Cloudflare IP address.
Resolution
Browse to the website domain name in your URL instead of the Cloudflare IP address.
您只需执行 curl -I 104.21.77.239 即可重现 403 错误,这是您的 DNS 查找返回的 gf.dev 的 IP。只能通过域名gf.dev访问gf.dev,其他不能访问
我想在 kubernetes 中测试外部服务。 所以,我创建了一个指向某个网站的外部服务(gf.dev):
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
type: ExternalName
externalName: gf.dev
现在我想测试一切正常:
kubectl run --rm watchpod -it --image arunvelsriram/utils bash
楼主好像在做:
root@watchpod:/# host my-service
my-service.abdelghani.svc.cluster.local is an alias for gf.dev.
gf.dev has address 172.67.213.5
gf.dev has address 104.21.77.239
gf.dev has IPv6 address 2606:4700:3030::ac43:d505
gf.dev has IPv6 address 2606:4700:3037::6815:4def
但 curl 不会:
root@watchpod:/# curl -I my-service
**HTTP/1.1 403 Forbidden**
Date: Mon, 25 Jan 2021 10:16:00 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 16
**Connection: close**
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Set-Cookie: __cfduid=df4f08d8708a14966ce21d14bdb80a7411611569760; expires=Wed, 24-Feb-21 10:16:00 GMT; path=/; domain=.my-service; HttpOnly; SameSite=Lax
cf-request-id: 07daa4214f00002b29e6157000000001
Server: cloudflare
CF-RAY: 61713c7bb8f02b29-FRA
And root@watchpod:/# curl my-service
error code: 1003root@watchpod:/#
尽管我可以从我的 pod 卷曲 gf.dev :
root@watchpod:/# curl -I gf.dev
HTTP/1.1 301 Moved Permanently
Date: Mon, 25 Jan 2021 10:26:52 GMT
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 25 Jan 2021 11:26:52 GMT
Location: https://gf.dev/
cf-request-id: 07daae12280000d4a05e2b9000000001
Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=7Ph5u3ilp58DnRPlhemS%2F1FjPT7qVzUK7wu9%2B5H7PNGez8Tk9BM2SGsFmwU05pGlmBpOr2qni6IQhiJpdgS%2FtmkZpUDS06s%3D"}],"max_age":604800}
NEL: {"max_age":604800,"report_to":"cf-nel"}
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 61714c637be2d4a0-BRU
知道为什么会这样吗?
谢谢,
阿卜杜勒加尼
gf.dev 域似乎正在使用 cloudfare。您遇到了 cloudfare 1003 错误。
# curl my-service
1003
来自https://support.cloudflare.com/hc/en-us/articles/360029779472-Troubleshooting-Cloudflare-1XXX-errors
Error 1003 Access Denied: Direct IP Access Not Allowed
Common cause
A client or browser directly accesses a Cloudflare IP address.
Resolution
Browse to the website domain name in your URL instead of the Cloudflare IP address.
您只需执行 curl -I 104.21.77.239 即可重现 403 错误,这是您的 DNS 查找返回的 gf.dev 的 IP。只能通过域名gf.dev访问gf.dev,其他不能访问