由于API Gateway已经具备七层网关的功能,Mesh Ingress中的Sidecar只需要提供VirtualService资源的路由能力,并不需要提供Gateway资源的网关能力,因此采用Sidecar Proxy即可。网络入口处的Sidecar Proxy和网格内部应用Pod中Sidecar Proxy的唯一一点区别是:该Sidecar只接管API Gateway向Mesh内部的流量,并不接管外部流向API Gateway的流量;而应用Pod中的Sidecar需要接管进入应用的所有流量。
注意:在实际部署时,API Gateway前端需要采用NodePort和LoadBalancer提供外部流量入口。这里 API GateWay 需要注入 Istio ~
创建应用
vi myapp-demo.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp-svc
spec:
ports:
- port: 80
name: http
selector:
app: myapp-pod
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-v1
labels:
app: myapp-pod
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: myapp-pod
version: v1
template:
metadata:
labels:
app: myapp-pod
version: v1
spec:
containers:
- name: myapp-pod
image: ikubernetes/myapp:v1
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-v2
labels:
app: myapp-pod
version: v2
spec:
replicas: 1
selector:
matchLabels:
app: myapp-pod
version: v2
template:
metadata:
labels:
app: myapp-pod
version: v2
spec:
containers:
- name: myapp-pod
image: ikubernetes/myapp:v2
kubectl apply -f myapp-demo.yaml
# 检查
kubectl get pod,svc
# 创建 VirtualService 和 DestinationRule
vi myapp-vsdr.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: myapp-vs
spec:
hosts:
- myapp-svc # 在这个例子中 hosts 需要与下面的 host 值一致
http:
- route:
- destination:
subset: v1
host: myapp-svc # 指定 K8S 中的 svc 资源名字
weight: 90
- destination:
subset: v2
host: myapp-svc # 指定 K8S 中的 svc 资源名字
weight: 10
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: myapp-dr
spec:
host: myapp-svc # 指定 K8S 中的 svc 资源名字
subsets:
- labels:
version: v1
name: v1
- labels:
version: v2
name: v2
kubectl apply -f myapp-vsdr.yaml
# 检查
kubectl get vs,dr
因为没有 API gateway, 所以创建一个容器使用 curl 来进行测试
vi curl.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: curl
spec:
replicas: 1
selector:
matchLabels:
app: curl
template:
metadata:
labels:
app: curl
spec:
containers:
- name: curl
image: appropriate/curl
command:
- "/bin/sh"
- "-c"
- "sleep 3600"
kubectl apply -f curl.yaml
kubectl get pod |grep curl
curl-6d57cddc64-kxrpx 2/2 Running 0 14m
# 进入容器,测试
kubectl exec -it curl-6d57cddc64-kxrpx /bin/sh
curl myapp-svc
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
curl myapp-svc
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
curl myapp.com
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
curl myapp.com
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>