k8s笔记之创建Istio Gateway规则

创建Istio Gateway

• 背景
• [如何创建Istio Gateway](#如何创建Istio Gateway)
• 规则配置方式
• • rewrite重写路径
  • 直接去除match，默认都转发到一个服务
  • 路由规则多种配置方式实践（即开头的完整版）
• 涉及的命令补充
• 注意事项

背景

为什么需要使用到Istio Gateway？充当k8s服务访问的外部流量访问入口，类似nginx一样的作用

如何创建Istio Gateway

1、检查是否已开启istio-ingressgateway服务

servicemesh:
enabled: true # 将"false"更改为"true"。
istio: https://istio.io/latest/docs/setup/additional-setup/customize-installation/
  components:
    ingressGateways:
    - name: istio-ingressgateway 
      enabled: true # 将"false"更改为"true"

2、创建yaml配置文件

touch nginx-gateway.yaml

3、输入配置内容

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: mygateway
spec:
  selector:
    istio: ingressgateway # use istio default ingress gateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - forecast.example.com
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: mygateway
spec:
  hosts:
  - forecast.example.com
  gateways:
  - mygateway
  http:
  - match:
    - uri:
        prefix: "/nginx/"  # 新路径, prefix 前缀匹配， 满足 /p1 的都要被重写
    rewrite:
      uri: "/"    # 老路径
    route:
    - destination:
        host: nginx-79zn9d  # 对应service中的名称，具有负责均衡
  - match:
    - uri:
        prefix: "/tomcat/"  # 新路径, prefix 前缀匹配， 满足 /p1 的都要被重写
    rewrite:
      uri: "/"    # 老路径
    route:
    - destination:
        host: tomcat-5tl05n # 对应service中的名称，具有负责均衡
  - match:
    - uri:
        prefix: "/myapp1/"  
    rewrite:
      uri: "/"
    route:
    - destination:
        host: my-app1       # 对应service中的名称，具有负责均衡
  - match:
    - uri:
        prefix: "/myapp2/"  
    rewrite:
      uri: "/"
    route:
    - destination:
        host: my-app2        # 对应service中的名称，具有负责均衡

4、执行创建，会同时创建gateway和VirtualService

kubectl apply -f nginx-gateway.yaml --namespace=project-demo

5、确定Istio入口ip和port （负载均衡器）

kubectl get svc istio-ingressgateway -n istio-system

6、最后客户端访问前，进行客户端host配置

ip【服务器 istio-ingressgateway的ip】 forecast.example.com

7、更新gateway，先导出->再修改->最后更新

kubectl get gw mygateway  -o yaml -n project-demo > /home/k8s/gateway-update.yaml
kubectl apply -f gateway-update.yaml

8、更新virtualservice

kubectl get virtualservice mygateway  -o yaml -n project-demo > /home/k8s/gatewaySvc-update.yaml
kubectl apply -f gatewaySvc-update.yaml

规则配置方式

rewrite重写路径

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: mygateway
spec:
  selector:
    istio: ingressgateway # use istio default ingress gateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - forecast.example.com
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: mygateway
spec:
  hosts:
  - forecast.example.com
  gateways:
  - mygateway
  http:
  - match:
    - uri:
        prefix: "/nginx/"  # 新路径, prefix 前缀匹配， 满足 /p1 的都要被重写
    rewrite:
      uri: "/"    # 老路径
    route:
    - destination:
        host: nginx-79zn9d

直接去除match，默认都转发到一个服务

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: mygateway
spec:
  selector:
    istio: ingressgateway # use istio default ingress gateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - forecast.example.com
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: mygateway
spec:
  hosts:
  - forecast.example.com
  gateways:
  - mygateway
  http:
  - route:
    - destination:
        host: nginx-79zn9d

路由规则多种配置方式实践（即开头的完整版）

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: mygateway
spec:
  selector:
    istio: ingressgateway # use istio default ingress gateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - forecast.example.com
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: mygateway
spec:
  hosts:
  - forecast.example.com
  gateways:
  - mygateway
  http:
  - match:
    - uri:
        prefix: "/nginx/"  # 新路径, prefix 前缀匹配， 满足 /p1 的都要被重写
    rewrite:
      uri: "/"    # 老路径
    route:
    - destination:
        host: nginx-79zn9d  # 对应service中的名称，具有负责均衡
  - match:
    - uri:
        prefix: "/tomcat/"  # 新路径, prefix 前缀匹配， 满足 /p1 的都要被重写
    rewrite:
      uri: "/"    # 老路径
    route:
    - destination:
        host: tomcat-5tl05n # 对应service中的名称，具有负责均衡
  - match:
    - uri:
        prefix: "/myapp1/"  
    rewrite:
      uri: "/"
    route:
    - destination:
        host: my-app1       # 对应service中的名称，具有负责均衡
  - match:
    - uri:
        prefix: "/myapp2/"  
    rewrite:
      uri: "/"
    route:
    - destination:
        host: my-app2        # 对应service中的名称，具有负责均衡

涉及的命令补充

#networking.istio.io版本
kubectl api-versions | grep networking.istio.io

#确定Istio入口ip和port （负载均衡器）
kubectl get svc istio-ingressgateway -n istio-system

#检查有没有在相同的 IP和端口上定义 Kubernetes Ingress 资源
kubectl get ingress --all-namespaces

#检查有没有在相同的端口上定义其它 Istio Ingress Gateway
kubectl get gateway --all-namespaces

# 查看网关
kubectl get gw -A

# 删除网关
-- kubectl delete gw my-gateway -n project-demo

# 查看路由规则
kubectl get virtualservices my-VirtualService -n project-demo -o yaml

# 删除virtualservice
kubectl delete virtualservice nginx-79zn9d -n project-demo

# 更新gateway
kubectl get gw mygateway  -o yaml -n project-demo > /home/k8s/gateway-update.yaml
kubectl apply -f gateway-update.yaml

# 更新virtualservice
kubectl get virtualservice mygateway  -o yaml -n project-demo > /home/k8s/gatewaySvc-update.yaml
kubectl apply -f gatewaySvc-update.yaml

注意事项

• VirtualService中的metadata.name需要跟Gateway中的metadata.name一致