英文:
Envoy proxy listener for catching all traffic
问题
在一个K8s集群中,我需要设置Keycloak,并将第二个Keycloak作为身份提供者。问题是,我需要使流量经过第二个Envoy,它充当服务网格入口点和负载均衡器,然后流向第二个Keycloak。
我找到了一个可行的解决方案,但它过于复杂。我需要摆脱监听对127.0.0.1和9090的请求的Envoy监听器。
将它替换为一个捕获所有流量并将其转发到envoylb集群的监听器。
我尝试了几种方法,但似乎都不起作用。
英文:
In a k8s cluster i need to setup keycloak with a second keycloak as an identity provider.
The problem is that i need to make traffic towards the second keycloak to go through a second envoy which acts as
service mesh entry point and load balancer.
I have found a working solution but it is too complex.
I need to get rid of this envoy listener which listens on requests towards 127.0.0.1 and 9090
- name: idpaddress:socket_address:address: 127.0.0.1ipv4_compat: trueport_value: 9090protocol: TCPfilter_chains:filters:- name: envoy.filters.network.tcp_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxystat_prefix: idpcluster: envoylbaccess_log:- name: envoy.access_loggers.filetyped_config:"@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLogpath: "/var/log/envoysidecar.log"
and replace it with one that catches all traffic and forwards it to the envoylb cluster
- name: envoylbtype: STRICT_DNSconnect_timeout:seconds: 15552000lb_policy: ROUND_ROBINload_assignment:cluster_name: envoylbendpoints:- lb_endpoints:- endpoint:address:socket_address:address: envoylbserviceport_value: 8298
I tried several things but nothing seems to work.
答案1
得分: 1
Envoy config.core.v3.SocketAddress 必须具有特定的端口以进行侦听。
对于地址,您可以使用 0.0.0.0 来绑定任何地址。
然后,通过使用筛选器 envoy.filters.network.tcp_proxy,Envoy 可以将所有从此特定端口发出的请求传递到所需的群集。
示例:
static_resources:listeners:- name: idpaddress:socket_address:address: 0.0.0.0port_value: 9090filter_chains:- filters:- name: envoy.filters.network.tcp_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxystat_prefix: destinationcluster: envoylbclusters:- name: envoylbtype: STRICT_DNSconnect_timeout:seconds: 15552000lb_policy: ROUND_ROBINload_assignment:cluster_name: envoylbendpoints:- lb_endpoints:- endpoint:address:socket_address:address: envoylbserviceport_value: 8298
英文:
Not sure from the question what you try to obtain.
Envoy config.core.v3.SocketAddress must have once specific port to listen.
For the address, you can use 0.0.0.0 to bind any address.
Then by using the filter envoy.filters.network.tcp_proxy envoy can passthrough all the requests from this specific port the desired cluster.
Example:
static_resources:listeners:- name: idpaddress:socket_address:address: 0.0.0.0port_value: 9090filter_chains:- filters:- name: envoy.filters.network.tcp_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxystat_prefix: destinationcluster: envoylbclusters:- name: envoylbtype: STRICT_DNSconnect_timeout:seconds: 15552000lb_policy: ROUND_ROBINload_assignment:cluster_name: envoylbendpoints:- lb_endpoints:- endpoint:address:socket_address:address: envoylbserviceport_value: 8298
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论