备考ICA----Istio实验13---使用Istio Ingress TLS暴露应用
1. 环境部署
清理之前实验遗留,并重新部署httpbin服务进行测试
bash
# 清理之前的环境
kubectl delete vs httpbin
kubectl delete gw mygateway
# 部署httpbin
kubectl apply -f istio/samples/httpbin/httpbin.yaml 确认应用被正确创建
bash
kubectl get deployments,svc httpbin
2. 为httpbin创建ingress
创建一个ingress指向httpbin服务,测试服务本身是否正常
bash
kubectl create ingress httpbin-ingress \
--rule 'httpbin.example.com/status*=httpbin:8000' \
--annotation kubernetes.io/ingress.class=istio确认ingress被正确创建
bash
kubectl get ingress
访问测试
bash
curl -s -I -HHost:httpbin.example.com "http://192.168.126.220/status/200"
3. 为httpbin创建ingress TLS
通过IngressClass连接istio.io/ingresss-controller将流量转给httpbin服务
3.1 创建 Istio ingressclass
ingress/IngressClass.yaml
yaml
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: istio
spec:
controller: istio.io/ingress-controller部署istio ingressclass
bash
kubectl apply -f ingress/IngressClass.yaml3.2 调用Istio Ingressclass
重建httpbin的ingress
bash
kubectl delete ingress httpbin-ingress
kubectl create ingress httpbin-ingress \
--rule 'httpbin.example.com/status*=httpbin:8000' \
--class istio
kubectl get ingress访问测试
bash
curl -s -I -HHost:httpbin.example.com "http://192.168.126.220/status/200"
3.3 使用 TLS ingress
bash
kubectl delete ingress httpbin-ingress
kubectl create secret tls httpbin-credential \
--key=example_certs_httpbin/httpbin.example.com.key \
--cert=example_certs_httpbin/httpbin.example.com.crt
kubectl create ingress httpbin-ingress \
--rule 'httpbin.example.com/status*=httpbin:8000,tls=httpbin-credential' \
--class istio确认hosts中存在httpbin.example.com的解析,访问测试
bash
curl -k -vvv https://httpbin.example.com
可以看到证书已经被加载
到浏览器中查看证书详情,也是和我们之前生成并绑定的证书相符
至此备考ICA----Istio实验13---使用 Istio Ingress 暴露应用实验完成