k8s整合istio配置gateway入口、配置集群内部服务调用管理

一、 istio gateway使用demo

kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: ngdemo-gateway
  namespace: ssx
spec:
  selector:
    istio: ingressgateway # use Istio default gateway implementation
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "tomcat.shenshuxin.cn"
EOF


kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: ngdemo-virtualservice
  namespace: ssx
spec:
  hosts:
  - "tomcat.shenshuxin.cn"
  gateways:
  - ngdemo-gateway
  http:
  - match:
    - uri:
        prefix: /v1
    route:
    - destination:
        port:
          number: 8082
        host: demo-tomcat-for-ingress-name
  - route:
    - destination:
        port:
          number: 8081
        host: demo-tomcat-for-ingress-name
EOF

curl -HHost:tomcat.shenshuxin.cn “http://node101:32318”
端口号是ingressgateway服务的nodeport
查看方式：kubectl get service -n istio-system | grep istio-ingressgateway
找到80端口对应的nodeport即可

二、istio部署测试服务之间的调用通信

部署两个tomcat服务pod并且配置serivce服务

注意部署的两个deployment需要指定一下版本标签version: ??

apiVersion: apps/v1
kind: Deployment
metadata:
  name: demo-tomcat-for-istio-name1
  namespace: ssx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: demo-tomcat-for-istio-dm
  template:
    metadata:
      labels:
        app: demo-tomcat-for-istio-dm
        version: vv11
    spec:
      containers:
          - image: 'docker.io/library/tomcat:8'
            imagePullPolicy: IfNotPresent
            name: demo-tomcat-c
            ports:
              - containerPort: 8080

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: demo-tomcat-for-istio-name2
  namespace: ssx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: demo-tomcat-for-istio-dm
  template:
    metadata:
      labels:
        app: demo-tomcat-for-istio-dm
        version: vv22
    spec:
      containers:
          - image: 'docker.io/library/tomcat:8'
            imagePullPolicy: IfNotPresent
            name: demo-tomcat-c
            ports:
              - containerPort: 8080

---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: demo-tomcat-for-istio-sv-lb
  name: demo-tomcat-for-istio-name
  namespace: ssx
spec:
  ports:
    - name: tomcat8080
      port: 8081
      protocol: TCP
      targetPort: 8080
  selector:
    app: demo-tomcat-for-istio-dm
  type: ClusterIP

通过istio的虚拟服务进行流量管理

注意这里的hosts名称(demo-tomcat-for-istio-name)要和上面的service配置的一致，这样istio才可以进行流量管理。
这里设置了请求转发策略，并且设置自定义响应头

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: demo-tomcat-istio-vs
  namespace: ssx
spec:
  hosts:
    - demo-tomcat-for-istio-name
  http:
    - headers:
        request:
          set:
            test: "true"
      route:
        - destination:
            host: demo-tomcat-for-istio-name
            subset: vv11
          weight: 10
          headers:
            response:
              set:
                ssxppp: abc
        - destination:
            host: demo-tomcat-for-istio-name
            subset: vv22
          headers:
            response:
              set:
                ssxppp: 123
          weight: 90

---

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: demo-tomcat-istio-dr
  namespace: ssx
spec:
  host: demo-tomcat-for-istio-name
  subsets:
    - name: vv11
      labels:
        version: vv11
    - name: vv22
      labels:
        version: vv22

验证

随便找一个集群中的通过istio代理的服务，执行curl命令：

# curl -I demo-tomcat-for-istio-name.ssx:8081
HTTP/1.1 200 OK
accept-ranges: bytes
etag: W/"8-1691939281480"
last-modified: Sun, 13 Aug 2023 15:08:01 GMT
content-type: text/html
content-length: 8
date: Tue, 15 Aug 2023 00:54:15 GMT
x-envoy-upstream-service-time: 2
server: envoy
ssxppp: fs

调用的方式是service名称.命名空间名称:端口号。
curl -I命令是只显示响应头