如何使用Istio Service Mesh从Kubernetes集群内部访问外部SMTP服务器
如何使用Istio Service Mesh从Kubernetes集群内部访问外部SMTP服务器
提问于 2019-04-11 16:06:21
我有一个kubernetes集群,它的应用程序运行在Istio服务网格中。在一个应用程序中,我尝试使用SMTP发送电子邮件。如何设置Istio规则以允许我的应用程序使用外部SMTP服务器?
最初,我收到异常“无法连接到SMTP主机: in-v3.mailjet.com,端口: 587,响应:-1”。作为详细的here。在访问了这个网站后,我意识到我需要提供出口规则,我按照下面的方法做了
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: mailjet
spec:
hosts:
- "in-v3.mailjet.com"
location: MESH_EXTERNAL
ports:
- number: 587
name: tls
protocol: TLS
resolution: DNS
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: mailjet
spec:
hosts:
- "*.mailjet.com"
tls:
- match:
- port: 587
sni_hosts:
- "*.mailjet.com"
route:
- destination:
host: "*.mailjet.com"
port:
number: 587
weight: 100我不再得到“无法连接到SMTP主机”的异常,但我得到了一个SocketTieoutException
[0m[31m06:56:39,048 ERROR [stderr] (default task-55) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
[0m[31m06:56:39,048 ERROR [stderr] (default task-55) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
[0m[31m06:56:39,048 ERROR [stderr] (default task-55) at java.lang.Thread.run(Thread.java:748)
[0m[31m06:56:39,048 ERROR [stderr] (default task-55) Caused by: javax.mail.MessagingException: Exception reading response;
[0m[31m06:56:39,048 ERROR [stderr] (default task-55) nested exception is:
[0m[31m06:56:39,048 ERROR [stderr] (default task-55) java.net.SocketTimeoutException: Read timed out
[0m[31m06:56:39,048 ERROR [stderr] (default task-55) at com.sun.mail.smtp.SMTPTransport.readServerResponse(SMTPTransport.java:2460)
[0m[31m06:56:39,048 ERROR [stderr] (default task-55) at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:2187)
[0m[31m06:56:39,048 ERROR [stderr] (default task-55) at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:740)
[0m[31m06:56:39,048 ERROR [stderr] (default task-55) at javax.mail.Service.connect(Service.java:366)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) at javax.mail.Service.connect(Service.java:246)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) at javax.mail.Service.connect(Service.java:267)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) at org.keycloak.email.DefaultEmailSenderProvider.send(DefaultEmailSenderProvider.java:138)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) ... 73 more
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) Caused by: java.net.SocketTimeoutException: Read timed out
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) at java.net.SocketInputStream.socketRead0(Native Method)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) at java.net.SocketInputStream.socketRead(SocketInputStream.java:116)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) at java.net.SocketInputStream.read(SocketInputStream.java:171)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) at java.net.SocketInputStream.read(SocketInputStream.java:141)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) at com.sun.mail.util.TraceInputStream.read(TraceInputStream.java:126)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) at java.io.BufferedInputStream.read(BufferedInputStream.java:265)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) at com.sun.mail.util.LineInputStream.readLine(LineInputStream.java:106)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) at com.sun.mail.smtp.SMTPTransport.readServerResponse(SMTPTransport.java:2440)
[0m[31m06:56:39,049 ERROR [stderr] (default task-55) ... 79 more
[0m[31m06:56:39,049 ERROR [org.keycloak.services.resources.admin.RealmAdminResource] (default task-55) Failed to send email
javax.mail.MessagingException: Exception reading response;
nested exception is:
java.net.SocketTimeoutException: Read timed out我需要做什么才能在拥有Istio服务网格的Kubernetes集群内成功发送邮件?
回答 1
Stack Overflow用户
回答已采纳
发布于 2019-04-11 18:02:34
在与Mesh-external service entry for an external MySQL instance进行比较后,我设法让这个工作使用TCP,如下所示。我尝试使用IP地址的TLS,但不起作用。但是,如果我不需要指定IP地址,那就更好了
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: mailjet
spec:
hosts:
- in-v3.mailjet.com
addresses:
- 104.199.96.85/32
ports:
- name: tls
number: 587
protocol: tcp
location: MESH_EXTERNAL
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: mailjet
spec:
hosts:
- in-v3.mailjet.com
tcp:
- match:
- port: 587
route:
- destination:
host: in-v3.mailjet.com
port:
number: 587
--- 页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/55627595
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号