0 前言
Gateway API 是 Kubernetes 官方推出的下一代流量管理标准,旨在解决传统 Ingress 在协议支持、扩展性和多租户等方面的不足。它通过 GatewayClass、Gateway、HTTPRoute 等 CRD 实现流量治理的分层解耦,让基础设施和应用团队各司其职。本章将以若依项目为例,实战部署 Envoy Gateway 并实现高级流量路由。
1 Gateway的概念
1.1 什么是Gateway
Gateway API 是 Kubernetes 官方下一代"流量入口"标准,用来统一网关、负载均衡和路由管理。它通过一组新的 CRD 拆分了 Ingress 的角色和功能,使其更灵活、更可扩展、也更易于团队协作。
1.2 资源类型
Gateway API 具有四种稳定的 API 类别:
-
GatewayClass: 定义网关的类型,实现网关的控制器管理(如 Envoy, Istio, Nginx )。
-
Gateway: 定义流量处理基础设施(例如云负载均衡器)的一个实例。
-
HTTPRoute: 定义特定于 HTTP 的规则,用于将流量从 Gateway 监听器映射到后端网络端点的某种呈现。 这些端点通常表示为 Service。
-
GRPCRoute: 定义特定于 gRPC 的规则,用于将流量从 Gateway 监听器映射到后端网络端点的某种呈现。 这些端点通常表示为 Service。
1.3 Gateway 和 ingress 的区别
| 维度 | Ingress | Gateway API |
|---|---|---|
| 协议 | 仅 HTTP | HTTP/TCP/UDP/TLS/GRPC |
| 扩展 | 依赖 annotation | 原生扩展字段 |
| 架构 | 单一资源 | 多层:Class/Gateway/Route |
| 多租户 | 不支持 | 强支持(网关与路由权限分离) |
| 服务网格支持 | 不直观 | 深度整合(Nginx、Istio、Envoy) |
| 标准化 | 弱 | 强、实现更一致 |
1.4 数据流向
2 环境准备
此实验所使用的是 k8s-v1.23
| 节点 | IP | 角色 |
|---|---|---|
| master01 | 192.168.10.80 | 控制平面 |
| node01 | 192.168.10.81 | 工作节点 |
| node02 | 192.168.10.82 | 工作节点 |
| MySQL | 192.168.10.83 | 数据库 |
3 镜像准备
3.1 拉取镜像
bash
docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/openjdk:8-jdk && docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/openjdk:8-jdk openjdk:8-jdk
docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/library/nginx:1.25 && docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/library/nginx:1.25 nginx:1.25
docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/library/redis:6.2.17 && docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/library/redis:6.2.17 redis:6.2.17
docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/envoyproxy/gateway:v1.0.0 && docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/envoyproxy/gateway:v1.0.0 envoyproxy/gateway:v1.0.0
docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/envoyproxy/envoy:distroless-v1.29.2 && docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/envoyproxy/envoy:distroless-v1.29.2 envoyproxy/envoy:distroless-v1.29.2
docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/envoyproxy/gateway-dev:72c0cc7 && docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/envoyproxy/gateway-dev:72c0cc7 envoyproxy/gateway-dev:72c0cc73.2 后端镜像
bash
# 安装工具
yum install -y maven npm
# 下载ry
git clone https://gitee.com/y_project/RuoYi-Vue.git
# 修改配置
vim RuoYi-Vue/ruoyi-admin/src/main/resources/application-druid.yml
-----------------------------------------------------------------------------------------
spring:
datasource:
type: com.alibaba.druid.pool.DruidDataSource
driverClassName: com.mysql.cj.jdbc.Driver
druid:
master:
url: jdbc:mysql://192.168.10.83:3306/ry?useUnicode=true&characterEncoding=utf8&useSSL=false&serverTimezone=Asia/Shanghai
username: ruoyi
password: 123456
#----------------------------------------------------------------------------------------
vim RuoYi-Vue/ruoyi-admin/src/main/resources/application.yml
-----------------------------------------------------------------------------------------
spring:
redis:
host: redis # K8s 内部 Service 名称
port: 6379
database: 0
password:
timeout: 10s
#----------------------------------------------------------------------------------------
# 本地打包
cd /opt/ry/RuoYi-Vue
mvn clean package
# 构建推送
cd /opt/ry/RuoYi-Vue/ruoyi-admin/target
vim Dockerfile
-----------------------------------------------------------------------------------------
FROM openjdk:8-jdk
WORKDIR /app
COPY ruoyi-admin.jar app.jar
EXPOSE 8080
ENTRYPOINT ["java","-Djava.awt.headless=true","-jar","app.jar"]
#----------------------------------------------------------------------------------------
docker build -t ruoyi-admin:v1.0 .
docker push ruoyi-admin:v1.0
# 将镜像传给node节点
docker save -o ruoyi-admin-v1.0.tar ruoyi-admin:v1.0
scp ruoyi-admin-v1.0.tar root@node01:/opt
scp ruoyi-admin-v1.0.tar root@node02:/opt
docker load -i ruoyi-admin-v1.0.tar3.3 前端镜像
bash
# 构建镜像
cd ruoyi-ui
npm install
npm run build:prod
# 编写配置文件
vim nginx.conf
-----------------------------------------------------------------------------------------
server {
listen 80;
location / {
root /usr/share/nginx/html;
index index.html;
try_files $uri $uri/ /index.html;
}
location /prod-api/ {
proxy_pass http://ruoyi-admin:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
#----------------------------------------------------------------------------------------
vim Dockerfile
-----------------------------------------------------------------------------------------
FROM nginx:1.25
COPY dist/ /usr/share/nginx/html/
COPY nginx.conf /etc/nginx/conf.d/default.conf
#----------------------------------------------------------------------------------------
# 构建推送
docker build -t ruoyi-ui:v1.0 .
docker push ruoyi-ui:v1.0
# 将镜像传给node节点
docker save -o ruoyi-ui-v1.0.tar ruoyi-ui:v1.0
scp ruoyi-ui-v1.0.tar root@node01:/opt
scp ruoyi-ui-v1.0.tar root@node02:/opt
docker load -i ruoyi-ui-v1.0.tar4 部署前后端数据库
4.1 部署MySQL 数据
bash
# 登入数据库
mysql -uroot -p123456
# 创建一个 ry 的数据库
CREATE DATABASE ry DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
# 查看库
SHOW DATABASES;
# 退出库
CTRL+D
# 下载若依数据库脚本
git clone https://gitee.com/y_project/RuoYi-Vue.git
cd RuoYi-Vue/sql
# 导入数据
mysql -uroot -p ry < ry_*.sql
mysql -uroot -p ry < quartz.sql
# 验证
USE ry;
SHOW TABLES;
# 开启远程访问(修改后重启 systemctl restart mysqld )
vim /etc/my.cnf
-----------------------------------------------------------------------------------------
bind-address = 0.0.0.0
# 授权远程访问
CREATE USER 'ruoyi'@'%' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON ry.* TO 'ruoyi'@'%';
FLUSH PRIVILEGES;
# 验证远程连接
mysql -h 192.168.10.83 -u ruoyi -p4.2 完整 K8s YAML
bash
vim ruoyi-full.yaml
-----------------------------------------------------------------------------------------
apiVersion: v1
kind: Namespace
metadata:
name: ruoyi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: ruoyi
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: redis:6.2.17
ports:
- containerPort: 6379
---
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: ruoyi
spec:
selector:
app: redis
ports:
- port: 6379
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ruoyi-config
namespace: ruoyi
data:
"SPRING_DATASOURCE_URL: jdbc:mysql://192.168.10.83:3306/ruoyi?useUnicode=true&characterEncoding=utf8&serverTimezone=Asia/Shanghai"
SPRING_DATASOURCE_USERNAME: "ruoyi"
SPRING_DATASOURCE_PASSWORD: "123456"
SPRING_REDIS_HOST: "redis"
SPRING_REDIS_PORT: "6379"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ruoyi-admin
namespace: ruoyi
spec:
replicas: 2
selector:
matchLabels:
app: ruoyi-admin
template:
metadata:
labels:
app: ruoyi-admin
spec:
containers:
- name: ruoyi-admin
image: ruoyi-admin:v1.0
imagePullPolicy: Always
ports:
- containerPort: 8080
envFrom:
- configMapRef:
name: ruoyi-config
---
apiVersion: v1
kind: Service
metadata:
name: ruoyi-admin
namespace: ruoyi
spec:
selector:
app: ruoyi-admin
ports:
- port: 8080
targetPort: 8080
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ruoyi-ui
namespace: ruoyi
spec:
replicas: 2
selector:
matchLabels:
app: ruoyi-ui
template:
metadata:
labels:
app: ruoyi-ui
spec:
containers:
- name: ruoyi-ui
image: ruoyi-ui:v1.0
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: ruoyi-ui
namespace: ruoyi
spec:
selector:
app: ruoyi-ui
ports:
- port: 80
targetPort: 805 部署Gateway
5.1 安装 Gateway API (CRD资源)
bash
wget https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml
kubectl apply -f standard-install.yaml5.2 安装 Envoy Gateway
bash
wget https://github.com/envoyproxy/gateway/releases/download/v1.0.0/install.yaml
# 修改镜像拉取策略为IfNotPresent
sed -i 's/imagePullPolicy:[[:space:]]*Always/imagePullPolicy: IfNotPresent/g' install.yaml
kubectl apply -f install.yaml5.3 安装 Gayeway
5.3.1 部署gateway资源
---
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
name: eg
spec:
controllerName: gateway.envoyproxy.io/gatewayclass-controller
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: ruoyi-gateway
namespace: ruoyi
spec:
gatewayClassName: eg
listeners:
- name: http
port: 80
protocol: HTTP
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: ruoyi-route
namespace: ruoyi
spec:
parentRefs:
- name: ruoyi-gateway
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: ruoyi-ui
port: 805.3.2 修改配置
bash
# 把LoadBalancer改为NodePort
kubectl get svc -n envoy-gateway-system
kubectl patch service envoy-ruoyi-ruoyi-gateway-1ef7723c -n envoy-gateway-system -p '{"spec":{"type":"NodePort"}}'
# 增加pod数量
kubectl get deployment -n envoy-gateway-system
kubectl scale deployment envoy-ruoyi-ruoyi-gateway-1ef7723c -n envoy-gateway-system --replicas=26 访问测试
bash
curl 192.168.10.81:30269
# 浏览器访问
192.168.10.81:302697 总结
本章围绕 Gateway API 展开,从理论到实践全面介绍了其在 Kubernetes 环境中的应用。通过部署若依项目并结合 Envoy Gateway,我们实现了以下目标:
- 理解 Gateway API 的核心资源模型:包括 GatewayClass、Gateway、HTTPRoute 等,明确了它们的分工与协作关系。
- 掌握 Gateway API 与传统 Ingress 的区别:从协议支持、扩展性、多租户支持等多个维度进行对比,突出 Gateway API 的优势。
- 完成完整的应用部署与流量接入:从前端到后端,再到数据库,完整构建了一套微服务应用,并通过 Gateway API 实现统一流量入口。
- 体验 Envoy Gateway 的实际部署与配置:包括 CRD 安装、Gateway 资源配置、服务类型调整等操作,为后续生产环境的使用打下基础。
Gateway API 作为 Kubernetes 流量管理的下一代标准,正在被越来越多的网关控制器(如 Envoy、Istio、Nginx)所支持。掌握它,不仅有助于提升集群流量治理能力,也为未来多云、多集群场景下的统一路由管理奠定基础。