29

istio学习笔记(1)-配置Gateway – 萌叔

 3 years ago
source link: http://vearne.cc/archives/39255?
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time. 
版权声明 本站原创文章 由 萌叔 发表
转载请注明 萌叔 | http://vearne.cc

萌叔试图通过Gateway把服务暴露在服务网格外部,下面是笔者的一些总结。

2. 体系结构

很重要

gateway-controller  <-> ingress-controller (实际的pod)
gateway  <-> ingress (配置)

gateway-controller的一个实现是 istio-ingressgateway
ingress-controller的一个实现是 nginx-ingress-controller

nginx-ingress-controller相当于openresty, 配置ingress以后会生成对应nginx的配置文件。同样配置gateway之后, 会生成envoy对应的配置文件。

3.1 istio-ingressgateway

当安装了istio以后,服务中会有一个istio-ingressgateway

image_1dr9sfiu717vk1lq61k0kohv1aih15.png-309.1kB

默认情况下, istio-ingressgateway对应的容器并没有暴露在服务网格之外。需要修改配置。
修改istio-ingressgateway的 Deployment
也可以直接修改helm的 deployment.yaml

"dnsPolicy": "ClusterFirstWithHostNet" # 修改(确保能够正确访问pilot)
"hostNetwork": true   # 添加 (将pod以host网络模式暴露在服务网格外部)

“ClusterFirstWithHostNet“: For Pods running with hostNetwork, you should explicitly set its DNS policy “ClusterFirstWithHostNet”.

3.2 gateway

以对kiali的配置为例

1) 创建namespace
kubectl create namespace myistio
2)配置gateway

文件 kiali-gateway.yaml

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: kiali-gateway  # A
spec:
  selector:
    istio: ingressgateway # use Istio default gateway implementation
  servers:
    - port:
        number: 80
        name: http
        protocol: HTTP
      hosts:
        - "kiali.gateway.io"  # B

kubectl apply -f kiali-gateway.yaml -n myistio
3)VirtulService 也得做相应调整

文件 kiali-vs.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: kiali-vs
spec:
  hosts:
    - kiali
    - kiali.gateway.io  # B
  gateways:
  - kiali-gateway.myistio.svc.cluster.local # A (myistio是gateway所在的namespace)
  http:
  - route:
    - destination:
        host: kiali.istio-system.svc.cluster.local

kubectl apply -f kiali-vs.yaml -n myistio

注意:在2个配置文件,A、B区域都必须一一对应
“kiali.gateway.io” 可以随便编一个

3.3 从网格外部访问

配置hosts(如果有真实的域名,可以直接使用DNS服务器来配置)

vim /etc/hosts

# 添加
192.168.100.110 kiali.gateway.io

192.168.100.110是istio-ingressgateway-65c54f84b4-6d5t(istio-ingressgateway的一个Pod所在的宿主机的IP)

如果VirtualServiceGateway配置成功,访问istio-ingressgateway-65c54f84b4-6d5t所在的Pod
查看envoy的配置

root@tv-k8s-test-node-18d308a12-2:/# curl http://localhost:15000/config_dump| grep -A 10 kiali.gateway.io

        "name": "kiali.gateway.io:80",
        "domains": [
         "kiali.gateway.io",
         "kiali.gateway.io:80"
        ],
        "routes": [
         {
          "match": {
           "prefix": "/"
          },
          "route": {
           "cluster": "outbound|20001||kiali.istio-system.svc.cluster.local",
           "timeout": "0s",
           "retry_policy": {

调整envoy的日志级别 获得更多信息

curl -XPOST  http://localhost:15000/logging?level=debug
  1. Ingress Controllers

请我喝瓶饮料

微信支付码

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK