1: 确定入口IP和端口
执行以下命令以确定Kubernetes集群是否在支持外部负载均衡器的环境中运行:
kubectl get svc istio-ingressgateway -n istio-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE istio-ingressgateway LoadBalancer 10.108.152.2 <pending> 15020:32736/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:32101/TCP,15030:32222/TCP,15031:30551/TCP,15032:31262/TCP,15443:30129/TCP 3d1h
如果EXTERNAL-IP
设置了该值,则环境具有可用于入口网关的外部负载平衡器。如果EXTERNAL-IP
值是<none>
(或永久<pending>
),则环境不为入口网关提供外部负载平衡器。在这种情况下,您可以使用服务的节点端口来访问网关。
我的pending,使用服务的节点端口来访问:
设置入口端口:
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
设置入口IP取决于群集提供者:
export INGRESS_HOST=$(kubectl get po -l istio=ingressgateway -n istio-system -o jsonpath='{.items[0].status.hostIP}')
2: 开启一个服务, istio-a.yml:
apiVersion: apps/v1 kind: Deployment metadata: name: istio-a spec: selector: matchLabels: name: istio-a replicas: 1 template: metadata: annotations: sidecar.istio.io/inject: "true" # 开启sidecar自动注入 labels: name: istio-a spec: containers: - name: istio-a
# 我自己的一个镜像 image: registry.cn-shenzhen.aliyuncs.com/zsifan/istio-a:v1 imagePullPolicy: Always ports: - containerPort: 10001 --- apiVersion: v1 kind: Service metadata: name: istio-a spec: ports: - port: 10001 # # ClusterIP, NodePort, LoadBalancer type: ClusterIP selector: name: istio-a
3:使用Istio网关配置入口
1): 创建一个Istio Gateway
apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: httpbin-gateway spec: selector: istio: ingressgateway # use Istio default gateway implementation servers: - port: number: 80 name: http protocol: HTTP hosts: - "k8s.test.com"
2): 创建一个VirtualService,配置通过以下路径进入的流量的路由Gateway
apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: httpbin-a spec: hosts: - "k8s.test.com" # 对应gateway 的hosts gateways: - httpbin-gateway # 对应gateway name http: - match: - uri: prefix: /a # 允许路径/a的通过 rewrite: uri: / # 重写url route: - destination: port: number: 10001 # 服务端口号 host: istio-a # 对用的服务 timeout: 10s
3): 使用curl访问istio-a服务:
curl -I -HHost:k8s.test.com http://$INGRESS_HOST:$INGRESS_PORT/a/test HTTP/1.1 200 OK content-type: text/plain;charset=UTF-8 content-length: 13 date: Wed, 13 Nov 2019 13:27:44 GMT x-envoy-upstream-service-time: 80 server: istio-envoy
我的istio-a服务中就写了一个test:
如果访问url不是/a开头的而是未知的,将显示404:
curl -I -HHost:k8s.test.com http://$INGRESS_HOST:$INGRESS_PORT/b HTTP/1.1 404 Not Found vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers content-type: application/json date: Wed, 13 Nov 2019 13:32:06 GMT x-envoy-upstream-service-time: 21 server: istio-envoy transfer-encoding: chunked
如果我们想使用浏览器访问入口服务:
可以将gateway中的hosts修改为*,相应的VirtualService的hosts也要修改为*
apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: httpbin-gateway spec: selector: istio: ingressgateway # use Istio default gateway implementation servers: - port: number: 80 name: http protocol: HTTP hosts: - "*" --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: httpbin-a spec: hosts: - "*" gateways: - httpbin-gateway http: - match: - uri: prefix: /a rewrite: uri: / route: - destination: port: number: 10001 host: istio-a timeout: 10s
先输出ip和port确定请求地址:
echo $INGRESS_HOST:$INGRESS_PORT 192.168.17.210:31380
在浏览器请求<ip>:<port>/a/test
就搭建成功了