m00*_*0.0 5 kubernetes google-kubernetes-engine .net-core
我正在使用 MyHealthClinic 应用程序 ( https://azuredevopslabs.com/labs/vstsextend/kubernetes/ ),它是一个 .NET Core 前端和后端 Kubernetes 集群,并部署到 Google Kubernetes Engine 并尝试连接到 SQL Server VM,但是当 pod 在拉取我推送的映像后尝试启动时,收到以下 CrashLoopBackOff 错误:
Unhandled Exception: System.Data.SqlClient.SqlException: A connection was successfully
established with the server, but then an error occurred during the pre-login handshake.
(provider: TCP Provider, error: 35 - An internal exception was caught) --->
System.Security.Authentication.AuthenticationException: The remote certificate is invalid
according to the validation procedure. at
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken ...
我检查了我的 appsettings.json ,它似乎是正确的,因为我将其设置为:
"DefaultConnection": "Server={my-external-IP},1433;Initial Catalog=mhcdb;Persist Security Info=False;User ID={sqlusername};Password={sqlpassword};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;"
我也确认过:
我还可以在其他地方检查并尝试解决此问题吗?我能够将集群部署到 Azure 中的 AKS,但不会出现问题,但不确定 GKE 是否可能阻止来自集群的出站连接。到目前为止,我发现的唯一类似问题与 SMTP 服务器有关。我对 GKE 有点陌生,所以任何想法都会有帮助。
如果有帮助,这是我的部署 YAML 文件(对于 AKS 集群保持相同,因此不确定是否需要专门针对 GKE 进行某些更改):
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: mhc-back
spec:
replicas: 1
template:
metadata:
labels:
app: mhc-back
spec:
containers:
- name: mhc-back
image: redis
ports:
- containerPort: 6379
name: redis
---
apiVersion: v1
kind: Service
metadata:
name: mhc-back
spec:
ports:
- port: 6379
selector:
app: mhc-back
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: mhc-front
spec:
replicas: 1
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
minReadySeconds: 5
template:
metadata:
labels:
app: mhc-front
spec:
containers:
- name: mhc-front
image: {gcr.io/[Project-Id]}/myhealth.web:latest
imagePullPolicy: Always
ports:
- containerPort: 80
resources:
requests:
cpu: 250m
limits:
cpu: 500m
env:
- name: REDIS
value: "mhc-back"
---
apiVersion: v1
kind: Service
metadata:
name: mhc-front
spec:
type: LoadBalancer
ports:
- port: 80
selector:
app: mhc-front
m00*_*0.0 22
在我开始研究远程证书 (SQL) 无效的原因后,我更改了连接字符串以包含 TrustServerCertificate=True。由于这是一个演示环境并且我保持 Encrypt=True,所以看起来这解决了所有问题!如果有人认为绕过服务器证书是一个坏主意,也请告诉我。
"DefaultConnection": "Server={my-external-IP},1433;Initial Catalog=mhcdb;Persist Security Info=False;User ID={sqlusername};Password={sqlpassword};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=True;Connection Timeout=30;"
| 归档时间: |
|
| 查看次数: |
7015 次 |
| 最近记录: |