英文:
Envoy proxy listener for catching all traffic
问题
在一个K8s集群中,我需要设置Keycloak,并将第二个Keycloak作为身份提供者。问题是,我需要使流量经过第二个Envoy,它充当服务网格入口点和负载均衡器,然后流向第二个Keycloak。
我找到了一个可行的解决方案,但它过于复杂。我需要摆脱监听对127.0.0.1和9090的请求的Envoy监听器。
将它替换为一个捕获所有流量并将其转发到envoylb集群的监听器。
我尝试了几种方法,但似乎都不起作用。
英文:
In a k8s cluster i need to setup keycloak with a second keycloak as an identity provider.
The problem is that i need to make traffic towards the second keycloak to go through a second envoy which acts as
service mesh entry point and load balancer.
I have found a working solution but it is too complex.
I need to get rid of this envoy listener which listens on requests towards 127.0.0.1 and 9090
- name: idp
address:
socket_address:
address: 127.0.0.1
ipv4_compat: true
port_value: 9090
protocol: TCP
filter_chains:
filters:
- name: envoy.filters.network.tcp_proxy
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
stat_prefix: idp
cluster: envoylb
access_log:
- name: envoy.access_loggers.file
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
path: "/var/log/envoysidecar.log"
and replace it with one that catches all traffic and forwards it to the envoylb cluster
- name: envoylb
type: STRICT_DNS
connect_timeout:
seconds: 15552000
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: envoylb
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: envoylbservice
port_value: 8298
I tried several things but nothing seems to work.
答案1
得分: 1
Envoy config.core.v3.SocketAddress 必须具有特定的端口以进行侦听。
对于地址,您可以使用 0.0.0.0 来绑定任何地址。
然后,通过使用筛选器 envoy.filters.network.tcp_proxy,Envoy 可以将所有从此特定端口发出的请求传递到所需的群集。
示例:
static_resources:
listeners:
- name: idp
address:
socket_address:
address: 0.0.0.0
port_value: 9090
filter_chains:
- filters:
- name: envoy.filters.network.tcp_proxy
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
stat_prefix: destination
cluster: envoylb
clusters:
- name: envoylb
type: STRICT_DNS
connect_timeout:
seconds: 15552000
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: envoylb
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: envoylbservice
port_value: 8298
英文:
Not sure from the question what you try to obtain.
Envoy config.core.v3.SocketAddress must have once specific port to listen.
For the address, you can use 0.0.0.0 to bind any address.
Then by using the filter envoy.filters.network.tcp_proxy envoy can passthrough all the requests from this specific port the desired cluster.
Example:
static_resources:
listeners:
- name: idp
address:
socket_address:
address: 0.0.0.0
port_value: 9090
filter_chains:
- filters:
- name: envoy.filters.network.tcp_proxy
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
stat_prefix: destination
cluster: envoylb
clusters:
- name: envoylb
type: STRICT_DNS
connect_timeout:
seconds: 15552000
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: envoylb
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: envoylbservice
port_value: 8298
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论