How to configure ingress gateway in istio?

2020-07-27 16:17发布

问题:

I'm new to istio, and I want to access my app through istio ingress gateway, but I do not know why it does not work. This is my kubenetes_deploy.yaml file content:

apiVersion: v1
kind: Service
metadata:
  name: batman
  labels:
    run: batman
spec:
    #type: NodePort
  ports:
  - port: 8000
    #nodePort: 32000
    targetPort: 7000
    #protocol: TCP
    name: batman
  selector:
    run: batman
    #version: v1
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: batman-v1
spec:
  replicas: 1
  selector:
    matchLabels:
      run: batman
  template:
    metadata:
      labels:
        run: batman
        version: v1
    spec:
      containers:
      - name: batman
        image: leowu/batman:v1
        ports:
          - containerPort: 7000
        env:
          - name: MONGODB_URL
            value: mongodb://localhost:27017/articles_demo_dev
      - name: mongo
        image: mongo

And here is my istio ingress_gateway.yaml config file:

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: batman-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 15000
      name: http
      protocol: HTTP
    hosts:
    - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: batman
spec:
  hosts:
  - "*"
  gateways:
  - batman-gateway
  http:
    - match:
      route:
      - destination:
          host: batman
          port:
            number: 7000

I created the ingress gateway from example, and it looks well but when I run kubectl get svc istio-ingressgateway -n istio-system I can't see the listening port 15000 in the output。I donot know way.

Is there anyone can help me? Thanks.

回答1:

First of all, as @Abhyudit Jain mentioned you need to correct port in VirtualService to 8000

And then you just add another port to your istio-ingressgateway service

kubectl edit svc istio-ingressgateway -n istio-system

add section:

ports:
  - name: http
    nodePort: 30001
    port: 15000
    protocol: TCP
    targetPort: 80

This will accept HTTP traffic on port 15000 and rout it to your destination service on port 8000

simple schema as follows:

incoming traffic --> istio-gateway service --> istio-gateway --> virtual service --> service --> pod


回答2:

You batman service listens on port 8000 and forwards traffic to container's port 7000.

The istio traffic works like this:

ingress-gateway -> virtual-service -> destination-rule [optional] -> service

So your virtual service should be like:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: batman
spec:
  hosts:
  - "*"
  gateways:
  - batman-gateway
  http:
    - match:
      route:
      - destination:
          host: batman
          port:
            number: 8000  <--- change