问题描述
我想在 kubernetes 中测试 externalServices。 因此,我创建了一个指向某个网站 (gf.dev) 的外部服务:
import pkgutil
__all__ = []
for loader,module_name,is_pkg in pkgutil.walk_packages(__path__):
__all__.append(module_name)
_module = loader.find_module(module_name).load_module(module_name)
globals()[module_name] = _module
现在我想测试一切正常:
apiVersion: v1
kind: Service
Metadata:
name: my-service
spec:
type: ExternalName
externalName: gf.dev
主持人似乎做到了:
kubectl run --rm watchpod -it --image arunvelsriram/utils bash
但是 curl 不会:
root@watchpod:/# host my-service
my-service.abdelghani.svc.cluster.local is an alias for gf.dev.
gf.dev has address 172.67.213.5
gf.dev has address 104.21.77.239
gf.dev has IPv6 address 2606:4700:3030::ac43:d505
gf.dev has IPv6 address 2606:4700:3037::6815:4def
虽然我可以从我的 pod 中 curl gf.dev :
root@watchpod:/# curl -I my-service
**HTTP/1.1 403 Forbidden**
Date: Mon,25 Jan 2021 10:16:00 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 16
**Connection: close**
x-frame-options: SAMEORIGIN
Cache-Control: private,max-age=0,no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Expires: Thu,01 Jan 1970 00:00:01 GMT
Set-Cookie: __cfduid=df4f08d8708a14966ce21d14bdb80a7411611569760; expires=Wed,24-Feb-21 10:16:00 GMT; path=/; domain=.my-service; HttpOnly; SameSite=Lax
cf-request-id: 07daa4214f00002b29e6157000000001
Server: cloudflare
CF-RAY: 61713c7bb8f02b29-FRA
And root@watchpod:/# curl my-service
error code: 1003root@watchpod:/#
知道为什么会这样吗?
谢谢,
阿卜杜勒加尼
解决方法
gf.dev 域似乎正在使用 cloudfare。您遇到了 cloudfare 1003 错误。
# curl my-service
1003
来自https://support.cloudflare.com/hc/en-us/articles/360029779472-Troubleshooting-Cloudflare-1XXX-errors
Error 1003 Access Denied: Direct IP Access Not Allowed
Common cause
A client or browser directly accesses a Cloudflare IP address.
Resolution
Browse to the website domain name in your URL instead of the Cloudflare IP address.
您只需执行 curl -I 104.21.77.239 即可重现 403 错误,该 gf.dev 是您的 DNS 查找返回的 gf.dev 的 IP。您只能使用域名 gf.dev 访问 {{1}},不能访问其他任何内容。