我正在尝试从 Web 浏览器连接并进行 grpc 调用,该浏览器必须通过可能会不时更改的 IP 地址连接到我的 k3s 集群。因此,我无法使用 TLS,因为我不会在这里深入讨论。
网络浏览器使用
@protobuf-ts/grpcweb-transport
进行连接。客户端代码在这里:
const url = 'http://172.16.6.81:8081';
const transport = new GrpcWebFetchTransport({
baseUrl: url,
});
然后对于我的 Pod 和相应的服务/入口路由:
apiVersion: apps/v1
kind: Deployment
metadata:
name: product-connector
spec:
selector:
matchLabels:
app: product-connector
template:
metadata:
labels:
app: product-connector
spec:
hostname: product-connector
hostNetwork: true
containers:
- name: product-connector
image: mph_product_connector
imagePullPolicy: Never
ports:
- containerPort: 50054
---
apiVersion: v1
kind: Service
metadata:
name: product-connector
annotations:
traefik.ingress.kubernetes.io/service.serversscheme: h2c
spec:
type: ClusterIP
selector:
app: product-connector
ports:
- port: 8081
targetPort: 50054
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: product-grpc-secure
namespace: default
spec:
entryPoints:
- websecure
routes:
- match: Host(`product-grpc.company.app`)
kind: Rule
services:
- name: product-connector
namespace: default
port: 8081
scheme: h2c
passHostHeader: true
tls:
secretName: frontend-crt
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: product-grpc
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`172.16.6.81`) # IP of the Traefik server, needs to be dynamic.
kind: Rule
services:
- name: product-connector
namespace: default
port: 8081
scheme: h2c
我尝试将匹配规则更改为几种不同的内容,包括几个“包罗万象”,但每次我都收到
net::ERR_CONNECTION_REFUSED
注意:当我从 https 连接时,连接确实通过 TLS 工作
您可以使用与任何主机匹配的
HostRegexp
,为了测试我使用了如下所示的IngressRoute
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: grpc
spec:
entryPoints:
- web
routes:
- kind: Rule
match: HostRegexp(`{any:.+}`)
services:
- name: grpc
scheme: h2c
port: 10000
一切正常