1: 确定入口IP和端口

执行以下命令以确定Kubernetes集群是否在支持外部负载均衡器的环境中运行:

 kubectl get svc istio-ingressgateway -n istio-system
NAME                   TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)                                                                                                                                      AGE
istio-ingressgateway   LoadBalancer   10.108.152.2   <pending>     15020:32736/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:32101/TCP,15030:32222/TCP,15031:30551/TCP,15032:31262/TCP,15443:30129/TCP   3d1h

如果EXTERNAL-IP设置了该值,则环境具有可用于入口网关的外部负载平衡器。如果EXTERNAL-IP值是<none>(或永久<pending>),则环境不为入口网关提供外部负载平衡器。在这种情况下,您可以使用服务的节点端口来访问网关

我的pending,使用服务的节点端口来访问:

     设置入口端口: 

            export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')

            export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')

    设置入口IP取决于群集提供者:

           export INGRESS_HOST=$(kubectl get po -l istio=ingressgateway -n istio-system -o jsonpath='{.items[0].status.hostIP}')

2: 开启一个服务, istio-a.yml:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: istio-a
spec:
  selector:
    matchLabels:
       name: istio-a
  replicas: 1
  template:
    metadata:
      annotations:
        sidecar.istio.io/inject: "true"  # 开启sidecar自动注入
      labels:
        name: istio-a
    spec:
      containers:
      - name: istio-a
# 我自己的一个镜像 image: registry.cn-shenzhen.aliyuncs.com/zsifan/istio-a:v1 imagePullPolicy: Always ports: - containerPort: 10001 --- apiVersion: v1 kind: Service metadata: name: istio-a spec: ports: - port: 10001 # # ClusterIP, NodePort, LoadBalancer type: ClusterIP selector: name: istio-a

3:使用Istio网关配置入口

     1): 创建一个Istio Gateway

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: httpbin-gateway
spec:
  selector:
    istio: ingressgateway # use Istio default gateway implementation
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "k8s.test.com"

 2): 创建一个VirtualService,配置通过以下路径进入的流量的路由Gateway

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: httpbin-a
spec:
  hosts:
  - "k8s.test.com"      #  对应gateway 的hosts
  gateways:
  - httpbin-gateway    #  对应gateway name
  http:
  - match:
    - uri:
        prefix: /a     # 允许路径/a的通过
    rewrite:
      uri: /          # 重写url
    route:
    - destination:
        port:
          number: 10001  # 服务端口号
        host: istio-a      # 对用的服务
      timeout: 10s

 3): 使用curl访问istio-a服务:

curl -I -HHost:k8s.test.com http://$INGRESS_HOST:$INGRESS_PORT/a/test
HTTP/1.1 200 OK
content-type: text/plain;charset=UTF-8
content-length: 13
date: Wed, 13 Nov 2019 13:27:44 GMT
x-envoy-upstream-service-time: 80
server: istio-envoy

  我的istio-a服务中就写了一个test:

 如果访问url不是/a开头的而是未知的,将显示404:

curl -I -HHost:k8s.test.com http://$INGRESS_HOST:$INGRESS_PORT/b
HTTP/1.1 404 Not Found
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type: application/json
date: Wed, 13 Nov 2019 13:32:06 GMT
x-envoy-upstream-service-time: 21
server: istio-envoy
transfer-encoding: chunked

如果我们想使用浏览器访问入口服务:

可以将gateway中的hosts修改为*,相应的VirtualService的hosts也要修改为*

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: httpbin-gateway
spec:
  selector:
    istio: ingressgateway # use Istio default gateway implementation
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: httpbin-a
spec:
  hosts:
  - "*"
  gateways:
  - httpbin-gateway
  http:
  - match:
    - uri:
        prefix: /a
    rewrite:
      uri: /
    route:
    - destination:
        port:
          number: 10001
        host: istio-a
      timeout: 10s

先输出ip和port确定请求地址:

echo $INGRESS_HOST:$INGRESS_PORT

192.168.17.210:31380

在浏览器请求<ip>:<port>/a/test

 就搭建成功了

12-30 04:15