Kubernetes
环境中,Kubernetes Ingress用于配置需要在集群外部公开的服务。但是在 Istio
服务网格中,更好的方法是使用新的配置模型,即 Istio Gateway
,Gateway 允许将 Istio
流量管理的功能应用于进入集群的流量,gateway 分为两种,分别是 Ingress-gateway
和 Egress-gateway
如下
Istio
部署过程,可以得到/root/istio-1.13.2/samples/multicluster
目录信息
# 生成生成东西向网关
cd /root/istio-1.13.2/samples/multicluster
./gen-eastwest-gateway.sh --mesh mesh1 --cluster cluster1 --network network1 | istioctl install -y -f -
[root@lonely ~/istio-1.13.2/samples/multicluster]# kubectl -n istio-system get po |grep eastwestgateway
istio-eastwestgateway-56dcd6468d-nhbbc 1/1 Running 0 40m
根据上面的案例, bookinfo
[root@lonely ~/istio-1.13.2/samples/multicluster]# kubectl explain gw.spec.servers
KIND: Gateway
VERSION: networking.istio.io/v1beta1
RESOURCE: servers <[]Object>
DESCRIPTION:
A list of server specifications.
FIELDS:
bind <string>
defaultEndpoint <string>
hosts <[]string>
One or more hosts exposed by this gateway.
name <string>
An optional name of the server, when set must be unique across all servers.
port <Object>
tls <Object>
Set of TLS related options that govern the server's behavior.
案例,hosts,可以配置多个
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: bookinfo-gateway
namespace: istio
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- '*'
port:
name: http
number: 80
protocol: HTTP
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- istio-system/bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
# 利用 Kubernetes 把 istio-ingressgateway 暴露 15000 端口
kubectl port-forward --address 0.0.0.0 -n istio-system istio-ingressgateway-77968dbd74-fslsz 15000:15000
http://172.164.100.44:15000/config_dump
如上是 gateway 和 VirtualService 的配置清单,将 istio namespace 下的 vs 和 gw 删除掉并将他们创建在
istio-system
Namespace 中,看是否可以访问到页面
kubectl -n istio-system -f .
## 都可以访问到
# vs 和 gw 都在 istio-system 名称空间
# gw 在 istio-system vs 在 istio Namespace 中
vs 和 gateway 都在 istio-system 名称空间中
vs 的 host 没有指定名称空间
访问不成功,host指定名称空间:
productpage.istio.svc.cluster.local
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- istio-system/bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage # host 没指定名称空间
port:
number: 9080
kubectl -n istio-system delete gw bookinfo-gateway
http://bookinfo.com:31111/productpage
成功
kubectl apply -f gateway-server-hosts-bookinfo-com.yaml -n istio-system
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: bookinfo-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "bookinfo.com"
kubectl apply -f vs-bookinfo-hosts-star-gw-host-same.yaml -n istio-system
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "bookinfo.com"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
http://bookinfo.com:31111/productpage
和 http://bookinfo.demo:31111/productpage
都失败
kubectl apply -f vs-bookinfo-hosts-star-gw-host-diff.yaml -n istio-system
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "bookinfo.demo"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
*.com
, http://bookinfo.com:31111/productpage
成功
kubectl -n istio-system apply -f vs-bookinfo-hosts-star-host-contain-gw.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*.com"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
http://bookinfo.com:31111/productpage
成功
kubectl apply -f vs-bookinfo-hosts-star.yaml -n istio-system
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
bookinfo.*
,创建失败,host 不可以这样使用
kubectl apply -f vs-bookinfo-hosts-star-mix-error.yaml -n istio-system
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "bookinfo.*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
http://bookinfo.com:31111/productpage
和 http://bookinfo.demo:31111/productpage
都成功
kubectl apply -f gateway-server-hosts-multi.yaml -n istio-system
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: bookinfo-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "bookinfo.com"
- "bookinfo.demo"
kubectl apply -f vs-bookinfo-hosts-star.yaml -n istio-system
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
kubectl apply -f gateway-server-hosts-mix.yaml -n istio-system
虽然gw中使用
*.com
,但是 vs 中只指定了 bookinfo.com ,所有只有这个域名才可以访问
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: bookinfo-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*.com" # gw 使用*
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "bookinfo.com"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
kubectl apply -f vs-bookinfo-hosts-mix.yaml -n istio-system
http://bookinfo.com:31111/productpage
失败,端口问题
http://mydemo.com/productpage
成功,但是要用Service
的externalIp
和 80 端口
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*.com"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
[root@lonely ~/istio-1.13.2/samples/bookinfo/networking]# kubectl -n istio-system get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-eastwestgateway LoadBalancer 10.109.117.190 <pending> 15021:30533/TCP,15443:30659/TCP,15012:31399/TCP,15017:31687/TCP 4d
istio-egressgateway ClusterIP 10.103.156.78 <none> 80/TCP,443/TCP 4d
istio-ingressgateway LoadBalancer 10.97.209.189 <pending> 15021:30376/TCP,80:31111/TCP,443:32297/TCP,31400:30357/TCP,15443:32535/TCP 4d
istiod ClusterIP 10.101.78.119 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 4d
#
kubectl -n istio-system edit svc istio-ingressgateway
http://bookinfo.com:31111/productpage
和 http://bookinfo.demo:31111/productpage
都成功,这个作用不大
kubectl apply -f gateway-server-name.yaml -n istio-system
kubectl apply -f vs-bookinfo-hosts-star.yaml -n istio-system
(上面已有这个yaml)
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: bookinfo-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
name: bookinfo-gateway # 增加了这个 name 配置项