配置透明代理squid支持https与http
# 配置透明代理,支持http与https node1 eth0 内网10.37.129.5 node2 eth1 内网10.37.129.3 eth0 外网10.211.55.19 # 1、在node1 route add default gw 10.37.129.3 dev eth0 # 2、在node2 yum install iptables -y iptables -F iptables -F -t nat iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-ports 3128 iptables -t nat -A PREROUTING -i eth1 -p udp --dport 443 -j REDIRECT --to-ports 3129 iptables -t nat -A POSTROUTING -o eth0 -s 10.37.129.0/24 -j MASQUERADE # 3、在node2 安装squid,本例采用版本3.5.20,操作系统CentOS Linux release 7.3.1611 (Core) # 4、在node2修改/etc/squid/squid.conf acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localnet http_access allow localhost http_access allow all http_port 3128 transparent coredump_dir /var/spool/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 dns_v4_first on cache_mem 99 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size 8192 KB minimum_object_size 0 KB maximum_object_size_in_memory 4096 KB memory_replacement_policy lru http_port 3129 intercept # 这一行很关键 # 5、在node2启动服务 systemctl restart squid # 6、在node1启动pod测试 # alpine.yaml文件如下 apiVersion: apps/v1 kind: Deployment metadata: creationTimestamp: null labels: app: test name: test spec: replicas: 1 selector: matchLabels: app: test strategy: {} template: metadata: creationTimestamp: null labels: app: test spec: containers: - image: alpine imagePullPolicy: IfNotPresent name: alpine args: ["sleep","36000"] status: {} # 启动pod kubectl apply -f alpine.yaml # 进入pod测试 kubectl exec -ti xxxx -- sh $ apk add curl $ curl https://www.baidu.com