apiVersion: apps/v1
kind: Deployment # 定义Kubernetes资源的类型为Deployment
metadata:
name: demo-web-deployment # 定义资源的名称
labels:
app: demo-web-deployment
spec: # 定义资源的状态。
replicas: 1 # 定义我们想运行多少个Pod,在这里我们希望运行2个
selector:
matchLabels: # 定义该部署匹配哪些Pod
app: demo-web
minReadySeconds: 5 # 可选,指定Pod可以变成可用状态的最小秒数,默认是0
strategy: # 指定更新版本时,部署使用的策略
type: RollingUpdate # 策略类型,使用RollingUpdate可以保证部署期间服务不间断
rollingUpdate:
maxUnavailable: 1 # 部署时最大允许停止的Pod数量(与replicas相比)
maxSurge: 1 # 部署时最大允许创建的Pod数量(与replicas相比)
template: # 用来指定Pod的模板,与Pod的定义类似
metadata:
labels: # 根据模板创建的Pod会被贴上该标签,与上面的matchLabels对应
app: demo-web
spec:
containers:
- name: web
image: registry.cn-hangzhou.aliyuncs.com/icxl-pu/grpc-api:0215_2
imagePullPolicy: Always # 默认是IfNotPresent,如果设置成Always,则每一次部署都会重新拉取容器映像(否则,如果本地存在指定的镜像版本,就不会再去拉取)
ports:
- containerPort: 50001
---
apiVersion: v1
kind: Service
metadata:
name: demo-web-service
spec:
type: ClusterIP
selector:
app: demo-web
ports:
- name: grpc # 与Gateway Name要一样
protocol: TCP
port: 50001
targetPort: 50001
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: aspnetcore-virtualservice
spec:
hosts:
- "*"
gateways:
- aspnetcore-gateway
http:
- match:
- uri:
regex: .*
route:
- destination:
host: demo-web-service
port:
number: 50001
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: aspnetcore-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 443
name: grpc
protocol: HTTPS
tls:
#简单模式(仅需客户端验证服务端Https证书,不是双向验证(MUTUAL))
mode: SIMPLE
#挂载服务端证书(与之前定义的secret tls istio-ingressgateway-certs --cert对应)
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
#挂载服务端私钥(与之前定义的secret tls istio-ingressgateway-certs --key对应)
privateKey: /etc/istio/ingressgateway-certs/tls.key
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: tls-foo
spec:
host: "*"
trafficPolicy:
tls:
mode: SIMPLE