DockerJava如何使用代理服务器

应用场景:Docker 容器中

默认Pod的ingress和egress都是禁止流入和流出,只允许做DNS查询

但是需要Java应用程序能够上网

apiVersion: networking.k8s.io/v1 kind: Networkpolicy metadata: name: default-deny-all namespace: sandbox spec: podSelector: {} policyTypes: - Ingress - Egress

我一般如下验证我的语法是否OK

yq r 1.yaml -j -P

{ "apiVersion": "networking.k8s.io/v1", "kind": "Networkpolicy", "metadata": { "name": "default-deny-all", "namespace": "sandbox" }, "spec": { "podSelector": {}, "policyTypes": [ "Ingress", "Egress" ] } }apiVersion: networking.k8s.io/v1 kind: Networkpolicy metadata: name: default-allow-dns namespace: sandbox spec: podSelector: {} policyTypes: - Egress egress: - to: - namespaceSelector: {} podSelector: matchLabels: k8s-app: kube-dns ports: - port: 53 protocal: UDP - port: 53 protocal: TCP

参数说明

http.proxyHost : 代理服务器地址或者主机名http.proxyPort : 代理服务端口号https.proxyHost : https代理服务器主机名https.proxyPort: 代理端口号http.nonProxyHosts : 指定绕过代理的主机列表,使用 | 分割的模式列表,可以以通配符 * 开头或者结尾,任何匹配这些模式之一的主机都将通过直接连接而不是通过代理访问。该设置对http,https通用在deployment中,设定Java运行参数

在deployment.yaml中片段如下

containers: - name: helloworld image: docker-registry.xxx.com/hello_proxy imagePullPolicy: Always ports: - containerPort: 8080 command: ["java"] args: ["-Dhttp.proxyHost=192.168.7.7", "-Dhttp.proxyPort=1328", "-Dhttps.proxyHost=192.168.7.7", "-Dhttps.proxyPort=443", "-jar", "target/app.jar"]