创建Istio Gateway

• 背景
• 如何创建Istio Gateway
• 规则配置方式
• • rewrite重写路径
  • 直接去除match，默认都转发到一个服务
  • 路由规则多种配置方式实践（即开头的完整版）
• 涉及的命令补充
• 注意事项

背景

为什么需要使用到Istio Gateway？充当k8s服务访问的外部流量访问入口，类似nginx一样的作用

如何创建Istio Gateway

1、检查是否已开启istio-ingressgateway服务

servicemesh: enabled: true # 将“false”更改为“true”。 istio: https://istio.io/latest/docs/setup/additional-setup/customize-installation/   components:     ingressGateways:     - name: istio-ingressgateway        enabled: true # 将“false”更改为“true” 

2、创建yaml配置文件

touch nginx-gateway.yaml 

3、输入配置内容

apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata:   name: mygateway spec:   selector:     istio: ingressgateway # use istio default ingress gateway   servers:   - port:       number: 80       name: http       protocol: HTTP     hosts:     - forecast.example.com --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata:   name: mygateway spec:   hosts:   - forecast.example.com   gateways:   - mygateway   http:   - match:     - uri:         prefix: "/nginx/"  # 新路径, prefix 前缀匹配， 满足 /p1 的都要被重写     rewrite:       uri: "/"    # 老路径     route:     - destination:         host: nginx-79zn9d  # 对应service中的名称，具有负责均衡   - match:     - uri:         prefix: "/tomcat/"  # 新路径, prefix 前缀匹配， 满足 /p1 的都要被重写     rewrite:       uri: "/"    # 老路径     route:     - destination:         host: tomcat-5tl05n # 对应service中的名称，具有负责均衡   - match:     - uri:         prefix: "/myapp1/"       rewrite:       uri: "/"     route:     - destination:         host: my-app1       # 对应service中的名称，具有负责均衡   - match:     - uri:         prefix: "/myapp2/"       rewrite:       uri: "/"     route:     - destination:         host: my-app2        # 对应service中的名称，具有负责均衡 

4、执行创建，会同时创建gateway和VirtualService

kubectl apply -f nginx-gateway.yaml --namespace=project-demo 

5、确定Istio入口ip和port （负载均衡器）

kubectl get svc istio-ingressgateway -n istio-system 

6、最后客户端访问前，进行客户端host配置

ip【服务器 istio-ingressgateway的ip】 forecast.example.com 

7、更新gateway，先导出->再修改->最后更新

kubectl get gw mygateway  -o yaml -n project-demo > /home/k8s/gateway-update.yaml kubectl apply -f gateway-update.yaml 

8、更新virtualservice

kubectl get virtualservice mygateway  -o yaml -n project-demo > /home/k8s/gatewaySvc-update.yaml kubectl apply -f gatewaySvc-update.yaml 

规则配置方式

rewrite重写路径

apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata:   name: mygateway spec:   selector:     istio: ingressgateway # use istio default ingress gateway   servers:   - port:       number: 80       name: http       protocol: HTTP     hosts:     - forecast.example.com --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata:   name: mygateway spec:   hosts:   - forecast.example.com   gateways:   - mygateway   http:   - match:     - uri:         prefix: "/nginx/"  # 新路径, prefix 前缀匹配， 满足 /p1 的都要被重写     rewrite:       uri: "/"    # 老路径     route:     - destination:         host: nginx-79zn9d 

直接去除match，默认都转发到一个服务

apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata:   name: mygateway spec:   selector:     istio: ingressgateway # use istio default ingress gateway   servers:   - port:       number: 80       name: http       protocol: HTTP     hosts:     - forecast.example.com --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata:   name: mygateway spec:   hosts:   - forecast.example.com   gateways:   - mygateway   http:   - route:     - destination:         host: nginx-79zn9d 

路由规则多种配置方式实践（即开头的完整版）

apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata:   name: mygateway spec:   selector:     istio: ingressgateway # use istio default ingress gateway   servers:   - port:       number: 80       name: http       protocol: HTTP     hosts:     - forecast.example.com --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata:   name: mygateway spec:   hosts:   - forecast.example.com   gateways:   - mygateway   http:   - match:     - uri:         prefix: "/nginx/"  # 新路径, prefix 前缀匹配， 满足 /p1 的都要被重写     rewrite:       uri: "/"    # 老路径     route:     - destination:         host: nginx-79zn9d  # 对应service中的名称，具有负责均衡   - match:     - uri:         prefix: "/tomcat/"  # 新路径, prefix 前缀匹配， 满足 /p1 的都要被重写     rewrite:       uri: "/"    # 老路径     route:     - destination:         host: tomcat-5tl05n # 对应service中的名称，具有负责均衡   - match:     - uri:         prefix: "/myapp1/"       rewrite:       uri: "/"     route:     - destination:         host: my-app1       # 对应service中的名称，具有负责均衡   - match:     - uri:         prefix: "/myapp2/"       rewrite:       uri: "/"     route:     - destination:         host: my-app2        # 对应service中的名称，具有负责均衡 

涉及的命令补充

#networking.istio.io版本 kubectl api-versions | grep networking.istio.io  #确定Istio入口ip和port （负载均衡器） kubectl get svc istio-ingressgateway -n istio-system  #检查有没有在相同的 IP和端口上定义 Kubernetes Ingress 资源 kubectl get ingress --all-namespaces  #检查有没有在相同的端口上定义其它 Istio Ingress Gateway kubectl get gateway --all-namespaces  # 查看网关 kubectl get gw -A  # 删除网关 -- kubectl delete gw my-gateway -n project-demo  # 查看路由规则 kubectl get virtualservices my-VirtualService -n project-demo -o yaml  # 删除virtualservice kubectl delete virtualservice nginx-79zn9d -n project-demo  # 更新gateway kubectl get gw mygateway  -o yaml -n project-demo > /home/k8s/gateway-update.yaml kubectl apply -f gateway-update.yaml  # 更新virtualservice kubectl get virtualservice mygateway  -o yaml -n project-demo > /home/k8s/gatewaySvc-update.yaml kubectl apply -f gatewaySvc-update.yaml 

注意事项

• VirtualService中的metadata.name需要跟Gateway中的metadata.name一致