| 在Istio上创建自定义的ingress | 您所在的位置:网站首页 › 阿里云gateway服务 › 在Istio上创建自定义的ingress |
|
我们都知道,在istio中可以通过ingress gateway将服务暴露给外部使用,但是我们使用的ingress规则都是落在istio部署时默认创建的istio-ingressgateway上,如果我们希望创建自定义的ingressgateway该怎么操作呢,本文就带大家一步步操作,创建一个自定义的ingressgateway 环境准备 创建Kubernetes集群阿里云容器服务Kubernetes 1.11.2目前已经上线,可以通过容器服务管理控制台非常方便地快速创建 Kubernetes 集群。具体过程可以参考这里 部署istio阿里云容器服务通过集群界面部署Istio,具体过程可以参考这里 部署bookinfo首先为default 命名空间打上标签 istio-injection=enabled kubectl label namespace default istio-injection=enabled使用Kubectl命令部署Bookinfo示例应用 kubectl apply -f https://raw.githubusercontent.com/istio/istio/1.0.2/samples/bookinfo/platform/kube/bookinfo.yaml部署完成后效果如下图: $ kubectl get pod,svc NAME READY STATUS RESTARTS AGE pod/details-v1-5d88f495b7-cvxk5 2/2 Running 0 19h pod/productpage-v1-774fd75c99-5l898 2/2 Running 0 19h pod/ratings-v1-64664b6bcf-j7lzh 2/2 Running 0 19h pod/reviews-v1-fd7c6fdf5-4px4g 2/2 Running 0 19h pod/reviews-v2-56b67454cc-fmtl8 2/2 Running 0 19h pod/reviews-v3-86878d875-6xztb 2/2 Running 0 19h NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/details ClusterIP 172.21.13.128 9080/TCP 19h service/kubernetes ClusterIP 172.21.0.1 443/TCP 21h service/productpage ClusterIP 172.21.7.104 9080/TCP 19h service/ratings ClusterIP 172.21.7.176 9080/TCP 19h service/reviews ClusterIP 172.21.1.207 9080/TCP 19h 创建自定义ingressgateway --- # Source: istio/charts/gateways/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: customgateway-service-account namespace: default labels: app: customgateway --- --- # Source: istio/charts/gateways/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: labels: app: gateways name: customgateway-default # default should replaced by actual namespace rules: - apiGroups: ["extensions"] resources: ["thirdpartyresources", "virtualservices", "destinationrules", "gateways"] verbs: ["get", "watch", "list", "update"] --- --- # Source: istio/charts/gateways/templates/clusterrolebindings.yaml apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: customgateway-default # default should replaced by actual namespace roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: customgateway-default # default should replaced by actual namespace subjects: - kind: ServiceAccount name: customgateway-service-account namespace: default --- --- # Source: istio/charts/gateways/templates/service.yaml apiVersion: v1 kind: Service metadata: name: customgateway namespace: default annotations: labels: istio: customgateway spec: type: LoadBalancer selector: istio: customgateway ports: - name: http port: 80 targetPort: 80 - name: https port: 443 targetPort: 443 --- --- # Source: istio/charts/gateways/templates/deployment.yaml apiVersion: extensions/v1beta1 kind: Deployment metadata: name: customgateway namespace: default labels: istio: customgateway spec: replicas: 1 template: metadata: labels: istio: customgateway annotations: sidecar.istio.io/inject: "false" scheduler.alpha.kubernetes.io/critical-pod: "" spec: serviceAccountName: customgateway-service-account containers: - name: istio-proxy image: "registry.cn-beijing.aliyuncs.com/aliacs-app-catalog/proxyv2:1.0.3" imagePullPolicy: IfNotPresent ports: - containerPort: 80 - containerPort: 443 args: - proxy - router - -v - "2" - --discoveryRefreshDelay - '1s' #discoveryRefreshDelay - --drainDuration - '45s' #drainDuration - --parentShutdownDuration - '1m0s' #parentShutdownDuration - --connectTimeout - '10s' #connectTimeout - --serviceCluster - customgateway - --zipkinAddress - zipkin.istio-system:9411 - --proxyAdminPort - "15000" - --controlPlaneAuthPolicy - NONE - --discoveryAddress - istio-pilot.istio-system:8080 resources: requests: cpu: 10m env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: INSTANCE_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP - name: ISTIO_META_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name volumeMounts: - name: istio-certs mountPath: /etc/certs readOnly: true - name: customgateway-certs mountPath: "/etc/istio/customgateway-certs" readOnly: true - name: customgateway-ca-certs mountPath: "/etc/istio/customgateway-ca-certs" readOnly: true volumes: - name: istio-certs secret: secretName: istio.customgateway-service-account optional: true - name: customgateway-certs secret: secretName: "istio-customgateway-certs" optional: true - name: customgateway-ca-certs secret: secretName: "istio-customgateway-ca-certs" optional: true affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - amd64 - ppc64le - s390x preferredDuringSchedulingIgnoredDuringExecution: - weight: 2 preference: matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - amd64 - weight: 2 preference: matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - ppc64le - weight: 2 preference: matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - s390x --- --- # Source: istio/charts/gateways/templates/autoscale.yaml apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: name: customgateway namespace: default spec: maxReplicas: 5 minReplicas: 1 scaleTargetRef: apiVersion: apps/v1beta1 kind: Deployment name: customgateway metrics: - type: Resource resource: name: cpu targetAverageUtilization: 80 ---上面这段yaml在default namespace定义了一个名叫customgateway的ingressgateway,并为他创建了serviceaccount,HPA等一系列相关的配置,如果我们需要定义多个,需要替换yaml里的default和customgateway为自己想要的名字 定义入口路由 apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: bookinfo-gateway spec: selector: istio: customgateway servers: - port: number: 80 name: http protocol: HTTP hosts: - "*" --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: bookinfo spec: hosts: - "*" gateways: - bookinfo-gateway http: - match: - uri: exact: /productpage - uri: exact: /login - uri: exact: /logout - uri: prefix: /api/v1/products route: - destination: host: productpage port: number: 9080这里最重要的是为Gateway指定规则落在哪个deploy上,这里指定的是istio: customgateway 访问应用获取自定义ingressgateway的入口然后访问应用 export INGRESS_HOST=$(kubectl -n default get service customgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}') export INGRESS_PORT=$(kubectl -n default get service customgateway -o jsonpath='{.spec.ports[?(@.name=="http")].port}') curl -o /dev/null -s -w "%{http_code}\n" http://${INGRESS_HOST}:${INGRESS_PORT}/productpage如果返回200则说明配置正确 总结上面通过示例演示了Istio如何创建一个自定义的ingress gateway 欢迎大家使用阿里云上的容器服务,快速搭建微服务的开放治理平台Istio,简单地集成到自己项目的微服务开发中。 |
| CopyRight 2018-2019 实验室设备网 版权所有 |