I have installed a k8s cluster on AWS with kops and I have followed instructions to deploy api-platform on that cluster with helm.
I don't understand why the php pod log shows a 405 when php-pod try to invalidate cache into varnish-pod.
In the Varnish pod inside /usr/local/etc/varnish/default.vcl my whitelist is the default one
# Hosts allowed to send BAN requests
acl invalidators {
"localhost";
"php";
}
UPDATE I think that the problem can be generalized in this way: from a pod A inside a service A I want to call a service B. I need that in the request (received in pod B) is preserved the IP of the service A not the IP of the pod A.
Here's an easier fix from api-platform: https://github.com/api-platform/demo/blob/master/api/docker/varnish/conf/default.vcl#L22-L25
I think they will update the helm chart with this one
My original problem can be summarize with:
from a pod A inside a service A I want to call a service B. I need that in the request (received in pod B) is preserved in the origin the IP of the service A not the IP of the pod A.
But Kubernetes networking model need that:
So my needed can't be satisfied.
So my solution is to use https://kubernetes.io/docs/concepts/services-networking/network-policies/ and not to rely to a ip-based whitelist in the varnish vcl config.