Operation Scenarios
This article introduces how to enable Pods/Svc from different edge regions to access each other through the cloud-edge Tunnel (currently only supporting Layer 7 http/https protocols). For example, a Pod in the Nanjing region can successfully access an Nginx service in the Beijing region, and vice versa.
Architecture
As illustrated in the diagram above, the edge node tunnel-edge will establish a bidirectional tunnel with the cloud tunnel-cloud. The tunnel-edge will open the local 8080 port as the http/https proxy port. If an edge Pod needs to access other regions' Pod IPs or services through a proxy, you can specify the http_proxy or https_proxy environment variable within the Pod. This will forward the http/https traffic through the tunnel to the cloud or other edge nodes in different regions.
Note:
At the product level, the platform uses the webhook method to conveniently specify proxies for you. You can set the label http-proxy=enable in the workload to enable proxy mode. When this is done, the corresponding Pods of the workload will automatically inject the relevant environment variables, such as http_proxy=169.254.20.11:8080
Operation Steps
2. On the cluster management page, click the cluster ID to enter the cluster details page.
3. Select "Add-on management" and enter the add-on list page.
4. Click "Create", enter the "Create add-on" page.
5. Select "http-proxy-pod-webhook" and click "Done", as follow:
6. To verify the across-region access feature, create deployment in different regions as follows:
Add "http-proxy=enable" label to the deployment, then the webhook of the step 5 will inject http_proxy in the Pod environment, as follow:
After the 2 deployments deployed, you'll check the status of these deployments:
Caution:
Each deployment must use the scheduler to assign the pod to the specific node. For example, echo-bj is assigned to "bj-1" and nginx-gz is assigned to "gz-2"
7. Login to "bj-1" node add access the pods of "gz-2", as follow:
When accessing the pod of gz-2, you'll see the request is redirect to http_proxy "169.254.20.11:8080"
Apakah halaman ini membantu?