Istio-gateway

一. gateway

  • Kubernetes 环境中,Kubernetes Ingress用于配置需要在集群外部公开的服务。但是在 Istio 服务网格中,更好的方法是使用新的配置模型,即 Istio Gateway,Gateway 允许将 Istio 流量管理的功能应用于进入集群的流量,gateway 分为两种,分别是 Ingress-gatewayEgress-gateway

Istio-gateway_第1张图片

如下 Istio 部署过程,可以得到 /root/istio-1.13.2/samples/multicluster 目录信息

# 生成生成东西向网关
cd /root/istio-1.13.2/samples/multicluster
./gen-eastwest-gateway.sh --mesh mesh1 --cluster cluster1 --network network1 | istioctl install -y -f -

[root@lonely ~/istio-1.13.2/samples/multicluster]# kubectl  -n istio-system  get po |grep eastwestgateway
istio-eastwestgateway-56dcd6468d-nhbbc   1/1     Running   0          40m

1. hosts

根据上面的案例, bookinfo

[root@lonely ~/istio-1.13.2/samples/multicluster]# kubectl explain gw.spec.servers

KIND:     Gateway
VERSION:  networking.istio.io/v1beta1

RESOURCE: servers <[]Object>

DESCRIPTION:
     A list of server specifications.

FIELDS:
   bind	<string>

   defaultEndpoint	<string>

   hosts	<[]string>
     One or more hosts exposed by this gateway.

   name	<string>
     An optional name of the server, when set must be unique across all servers.

   port	<Object>

   tls	<Object>
     Set of TLS related options that govern the server's behavior.

案例,hosts,可以配置多个

apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: bookinfo-gateway
  namespace: istio
spec:
  selector:
    istio: ingressgateway
  servers:
  - hosts:
    - '*'
    port:
      name: http
      number: 80
      protocol: HTTP
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: bookinfo
spec:
  hosts:
  - "*"
  gateways:
  - istio-system/bookinfo-gateway
  http:
  - match:
    - uri:
        exact: /productpage
    - uri:
        prefix: /static
    - uri:
        exact: /login
    - uri:
        exact: /logout
    - uri:
        prefix: /api/v1/products
    route:
    - destination:
        host: productpage.istio.svc.cluster.local
        port:
          number: 9080
# 利用 Kubernetes 把 istio-ingressgateway 暴露 15000 端口
kubectl  port-forward --address 0.0.0.0 -n istio-system  istio-ingressgateway-77968dbd74-fslsz  15000:15000
http://172.164.100.44:15000/config_dump

如上是 gateway 和 VirtualService 的配置清单,将 istio namespace 下的 vs 和 gw 删除掉并将他们创建在 istio-system Namespace 中,看是否可以访问到页面

kubectl  -n istio-system -f .

## 都可以访问到
# vs 和 gw 都在 istio-system 名称空间
# gw 在 istio-system vs 在 istio Namespace 中

vs 和 gateway 都在 istio-system 名称空间中

vs 的 host 没有指定名称空间

访问不成功,host指定名称空间:productpage.istio.svc.cluster.local

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: bookinfo
spec:
  hosts:
  - "*"
  gateways:
  - istio-system/bookinfo-gateway
  http:
  - match:
    - uri:
        exact: /productpage
    - uri:
        prefix: /static
    - uri:
        exact: /login
    - uri:
        exact: /logout
    - uri:
        prefix: /api/v1/products
    route:
    - destination:
        host: productpage		# host 没指定名称空间
        port:
          number: 9080
kubectl  -n istio-system delete gw bookinfo-gateway
  • gw 和 vs 的 host 是一样的情况,需要提前将该域名做好 host 解析, http://bookinfo.com:31111/productpage 成功

kubectl apply -f gateway-server-hosts-bookinfo-com.yaml -n istio-system

apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: bookinfo-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "bookinfo.com"

kubectl apply -f vs-bookinfo-hosts-star-gw-host-same.yaml -n istio-system

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: bookinfo
spec:
  hosts:
  - "bookinfo.com"
  gateways:
  - bookinfo-gateway
  http:
  - match:
    - uri:
        exact: /productpage
    - uri:
        prefix: /static
    - uri:
        exact: /login
    - uri:
        exact: /logout
    - uri:
        prefix: /api/v1/products
    route:
    - destination:
        host: productpage.istio.svc.cluster.local
        port:
          number: 9080
  • gw 和 vs 的 host 是具体值,但是不一样, http://bookinfo.com:31111/productpagehttp://bookinfo.demo:31111/productpage 都失败

kubectl apply -f vs-bookinfo-hosts-star-gw-host-diff.yaml -n istio-system

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: bookinfo
spec:
  hosts:
  - "bookinfo.demo"
  gateways:
  - bookinfo-gateway
  http:
  - match:
    - uri:
        exact: /productpage
    - uri:
        prefix: /static
    - uri:
        exact: /login
    - uri:
        exact: /logout
    - uri:
        prefix: /api/v1/products
    route:
    - destination:
        host: productpage.istio.svc.cluster.local
        port:
          number: 9080
  • vs 的host包含 gw,host 使用的是 *.comhttp://bookinfo.com:31111/productpage 成功

kubectl -n istio-system apply -f vs-bookinfo-hosts-star-host-contain-gw.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: bookinfo
spec:
  hosts:
  - "*.com"
  gateways:
  - bookinfo-gateway
  http:
  - match:
    - uri:
        exact: /productpage
    - uri:
        prefix: /static
    - uri:
        exact: /login
    - uri:
        exact: /logout
    - uri:
        prefix: /api/v1/products
    route:
    - destination:
        host: productpage.istio.svc.cluster.local
        port:
          number: 9080
  • vs host为任意,http://bookinfo.com:31111/productpage 成功

kubectl apply -f vs-bookinfo-hosts-star.yaml -n istio-system

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: bookinfo
spec:
  hosts:
  - "*"
  gateways:
  - bookinfo-gateway
  http:
  - match:
    - uri:
        exact: /productpage
    - uri:
        prefix: /static
    - uri:
        exact: /login
    - uri:
        exact: /logout
    - uri:
        prefix: /api/v1/products
    route:
    - destination:
        host: productpage.istio.svc.cluster.local
        port:
          number: 9080
  • vs host 为 bookinfo.*,创建失败,host 不可以这样使用

kubectl apply -f vs-bookinfo-hosts-star-mix-error.yaml -n istio-system

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: bookinfo
spec:
  hosts:
  - "bookinfo.*"
  gateways:
  - bookinfo-gateway
  http:
  - match:
    - uri:
        exact: /productpage
    - uri:
        prefix: /static
    - uri:
        exact: /login
    - uri:
        exact: /logout
    - uri:
        prefix: /api/v1/products
    route:
    - destination:
        host: productpage.istio.svc.cluster.local
        port:
          number: 9080

2. 多个host

  • 同样 2个host都要做解析
  • http://bookinfo.com:31111/productpagehttp://bookinfo.demo:31111/productpage 都成功

kubectl apply -f gateway-server-hosts-multi.yaml -n istio-system

apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: bookinfo-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "bookinfo.com"
    - "bookinfo.demo"

kubectl apply -f vs-bookinfo-hosts-star.yaml -n istio-system

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: bookinfo
spec:
  hosts:
  - "*"
  gateways:
  - bookinfo-gateway
  http:
  - match:
    - uri:
        exact: /productpage
    - uri:
        prefix: /static
    - uri:
        exact: /login
    - uri:
        exact: /logout
    - uri:
        prefix: /api/v1/products
    route:
    - destination:
        host: productpage.istio.svc.cluster.local
        port:
          number: 9080

3. 混合host

kubectl apply -f gateway-server-hosts-mix.yaml -n istio-system

虽然gw中使用 *.com ,但是 vs 中只指定了 bookinfo.com ,所有只有这个域名才可以访问

apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: bookinfo-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "*.com"		# gw 使用*
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: bookinfo
spec:
  hosts:
  - "bookinfo.com"
  gateways:
  - bookinfo-gateway
  http:
  - match:
    - uri:
        exact: /productpage
    - uri:
        prefix: /static
    - uri:
        exact: /login
    - uri:
        exact: /logout
    - uri:
        prefix: /api/v1/products
    route:
    - destination:
        host: productpage.istio.svc.cluster.local
        port:
          number: 9080

kubectl apply -f vs-bookinfo-hosts-mix.yaml -n istio-system

http://bookinfo.com:31111/productpage 失败,端口问题

http://mydemo.com/productpage 成功,但是要用 ServiceexternalIp和 80 端口

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: bookinfo
spec:
  hosts:
  - "*.com"
  gateways:
  - bookinfo-gateway
  http:
  - match:
    - uri:
        exact: /productpage
    - uri:
        prefix: /static
    - uri:
        exact: /login
    - uri:
        exact: /logout
    - uri:
        prefix: /api/v1/products
    route:
    - destination:
        host: productpage.istio.svc.cluster.local
        port:
          number: 9080
[root@lonely ~/istio-1.13.2/samples/bookinfo/networking]# kubectl  -n istio-system  get svc
NAME                    TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                                                                      AGE
istio-eastwestgateway   LoadBalancer   10.109.117.190   <pending>     15021:30533/TCP,15443:30659/TCP,15012:31399/TCP,15017:31687/TCP              4d
istio-egressgateway     ClusterIP      10.103.156.78    <none>        80/TCP,443/TCP                                                               4d
istio-ingressgateway    LoadBalancer   10.97.209.189    <pending>     15021:30376/TCP,80:31111/TCP,443:32297/TCP,31400:30357/TCP,15443:32535/TCP   4d
istiod                  ClusterIP      10.101.78.119    <none>        15010/TCP,15012/TCP,443/TCP,15014/TCP                                        4d

#
kubectl -n istio-system edit svc istio-ingressgateway

Istio-gateway_第2张图片

4. name

  • http://bookinfo.com:31111/productpagehttp://bookinfo.demo:31111/productpage 都成功,这个作用不大

kubectl apply -f gateway-server-name.yaml -n istio-system

kubectl apply -f vs-bookinfo-hosts-star.yaml -n istio-system (上面已有这个yaml)

apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: bookinfo-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "*"
    name: bookinfo-gateway		# 增加了这个 name 配置项

你可能感兴趣的:(k8s,云原生,istio,gateway,云原生)