我有一个Istio入口的k8s集群。 我部署了部署,服务,网关和虚拟服务,但仍然无法从群集外部访问我的服务。 我可以通过访问指定的nodePort上的工作程序来访问我的服务,但是我希望Istio网关仍然可以在我的主服务器上的端口80上侦听,但看起来不是那样。 我在这里做什么错了?
service.yaml:
apiVersion: v1
kind: Service
metadata:
name: microservices-service
spec:
type: NodePort
selector:
app: microservices-deployment
ports:
- port: 5001
targetPort: 5001
nodePort: 30007
deployment.yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
name: microservices-deployment
labels:
app: microservices-deployment
spec:
replicas: 3
template:
metadata:
name: microservices-deployment
labels:
app: microservices-deployment
spec:
containers:
- name: microservices-deployment
image: *** private docker registry ***
imagePullPolicy: Always
ports:
- containerPort: 5001
restartPolicy: Always
imagePullSecrets:
- name: regcred
selector:
matchLabels:
app: microservices-deployment
ingress.yaml:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: microservices-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: microservices
spec:
hosts:
- "*"
gateways:
- microservices-gateway
http:
- match:
route:
- destination:
host: *** master hostname ***
port:
number: 5001
非常感谢!
答案 0 :(得分:0)
我检查了您的配置,一切看起来都正确设置了。您的virtual service只能解决一个小错误。
更改为
http:
- match:
route:
- destination:
host: *** master hostname ***
port:
number: 5001
到
http:
- route:
- destination:
host: microservices-service
port:
number: 5001
并且您应该可以通过istio网关external-ip LoadBalancer / NodePort访问它。 进一步了解here。
kubectl get svc -n istio-system | grep istio-ingress
使用nginx的简单示例,请注意,我使用的是LoadBalancer而不是NodePort。
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx1
spec:
selector:
matchLabels:
run: nginx1
replicas: 1
template:
metadata:
labels:
run: nginx1
app: frontend
spec:
containers:
- name: nginx1
image: nginx
ports:
- containerPort: 80
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "echo Hello nginx1 > /usr/share/nginx/html/index.html"]
---
apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
app: frontend
spec:
ports:
- port: 80
protocol: TCP
selector:
app: frontend
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: nginx-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginx-virtual
spec:
gateways:
- nginx-gateway
hosts:
- "*"
http:
- route:
- destination:
host: nginx.default.svc.cluster.local
port:
number: 80
kubectl get svc -n istio-system | grep ingress
istio-ingressgateway LoadBalancer xx.x.xx.xxx xx.xx.xx.xx 15021:30880/TCP,80:31983/TCP,443:31510/TCP,15443:32267/TCP 2d2h
卷曲测试
curl -v xx.xx.xx.xx/
GET / HTTP/1.1
HTTP/1.1 200 OK
Hello nginx1