1: 确定入口IP和端口
执行以下命令以确定Kubernetes集群是否在支持外部负载均衡器的环境中运行:
kubectl get svc istio-ingressgateway -n istio-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE istio-ingressgateway LoadBalancer 10.108.152.2 <pending> 15020:32736/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:32101/TCP,15030:32222/TCP,15031:30551/TCP,15032:31262/TCP,15443:30129/TCP 3d1h
如果EXTERNAL-IP设置了该值,则环境具有可用于入口网关的外部负载平衡器。如果EXTERNAL-IP值是<none>(或永久<pending>),则环境不为入口网关提供外部负载平衡器。在这种情况下,您可以使用服务的节点端口来访问网关。
我的pending,使用服务的节点端口来访问:
设置入口端口:
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
设置入口IP取决于群集提供者:
export INGRESS_HOST=$(kubectl get po -l istio=ingressgateway -n istio-system -o jsonpath='{.items[0].status.hostIP}')
2: 开启一个服务, istio-a.yml:
apiVersion: apps/v1
kind: Deployment
metadata:
name: istio-a
spec:
selector:
matchLabels:
name: istio-a
replicas: 1
template:
metadata:
annotations:
sidecar.istio.io/inject: "true" # 开启sidecar自动注入
labels:
name: istio-a
spec:
containers:
- name: istio-a
# 我自己的一个镜像
image: registry.cn-shenzhen.aliyuncs.com/zsifan/istio-a:v1
imagePullPolicy: Always
ports:
- containerPort: 10001
---
apiVersion: v1
kind: Service
metadata:
name: istio-a
spec:
ports:
- port: 10001
# # ClusterIP, NodePort, LoadBalancer
type: ClusterIP
selector:
name: istio-a
3:使用Istio网关配置入口
1): 创建一个Istio Gateway
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: httpbin-gateway
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "k8s.test.com"
2): 创建一个VirtualService,配置通过以下路径进入的流量的路由Gateway
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: httpbin-a
spec:
hosts:
- "k8s.test.com" # 对应gateway 的hosts
gateways:
- httpbin-gateway # 对应gateway name
http:
- match:
- uri:
prefix: /a # 允许路径/a的通过
rewrite:
uri: / # 重写url
route:
- destination:
port:
number: 10001 # 服务端口号
host: istio-a # 对用的服务
timeout: 10s
3): 使用curl访问istio-a服务:
curl -I -HHost:k8s.test.com http://$INGRESS_HOST:$INGRESS_PORT/a/test HTTP/1.1 200 OK content-type: text/plain;charset=UTF-8 content-length: 13 date: Wed, 13 Nov 2019 13:27:44 GMT x-envoy-upstream-service-time: 80 server: istio-envoy
我的istio-a服务中就写了一个test:
如果访问url不是/a开头的而是未知的,将显示404:
curl -I -HHost:k8s.test.com http://$INGRESS_HOST:$INGRESS_PORT/b HTTP/1.1 404 Not Found vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers content-type: application/json date: Wed, 13 Nov 2019 13:32:06 GMT x-envoy-upstream-service-time: 21 server: istio-envoy transfer-encoding: chunked
如果我们想使用浏览器访问入口服务:
可以将gateway中的hosts修改为*,相应的VirtualService的hosts也要修改为*
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: httpbin-gateway
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: httpbin-a
spec:
hosts:
- "*"
gateways:
- httpbin-gateway
http:
- match:
- uri:
prefix: /a
rewrite:
uri: /
route:
- destination:
port:
number: 10001
host: istio-a
timeout: 10s
先输出ip和port确定请求地址:
echo $INGRESS_HOST:$INGRESS_PORT 192.168.17.210:31380
在浏览器请求<ip>:<port>/a/test
就搭建成功了