如何允许非HTTP退出istio群集/ pod

时间:2019-01-09 04:35:13

标签: kubernetes istio

我已在k8s集群(1个主节点,2个工作节点)中安装了istio v1.0.5,并已部署了一个需要HTTP的应用程序,该HTTP需要从客户端到服务,然后该服务需要从集群中进行通信。我没有使用helm来安装istio,并且我已阅读的材料有很多helm示例来更新init容器配置以包括群集IP cidr。

根据我的理解,这仍然是与开发人员正在进行的讨论,解决此问题的最佳方法是使用以下注释来注释部署:

---
apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
kind: Deployment
metadata:
  name: home-devices-deployment
  namespace: home-devices-app
  labels:
    app: home-devices-app
  annotations:
     traffic.sidecar.istio.io/includeOutboundIPRanges: "10.244.0.0/16"

我放入了clusterIP CIDR,但是它仍然不允许容器通过SSH / TCP 22连接到外部系统。

ubuntu@k8s-master:~/applications$ kubectl cluster-info dump | grep -i cidr
                "podCIDR": "10.244.0.0/24",
                "podCIDR": "10.244.1.0/24"
                "podCIDR": "10.244.2.0/24"
                            "--allocate-node-cidrs=true",
                            "--cluster-cidr=10.244.0.0/16",
                            "--node-cidr-mask-size=24",

感谢您的帮助。

-更新-

我尝试了ServiceEntry,但仍然不成功。请记住,这是一个外部SSH的容器。 

ubuntu@k8s-master:~/applications$ kubectl get serviceentry -n home-devices-app -o yaml
apiVersion: v1
items:
- apiVersion: networking.istio.io/v1alpha3
  kind: ServiceEntry
  metadata:
    creationTimestamp: "2019-01-10T02:45:27Z"
    generation: 1
    name: ex-ssh-service-entry
    namespace: home-devices-app
    resourceVersion: "1432196"
    selfLink: /apis/networking.istio.io/v1alpha3/namespaces/home-devices-    app/serviceentries/ex-ssh-service-entry
    uid: c9b22284-1481-11e9-ad97-000c297d3726
  spec:
    addresses:
    - 10.10.10.5
    hosts:
    - '*.ca'
    location: MESH_EXTERNAL
    ports:
    - name: ssh
      number: 22
      protocol: TCP
    resolution: NONE
- apiVersion: networking.istio.io/v1alpha3
  kind: ServiceEntry
  metadata:
    creationTimestamp: "2019-01-10T02:45:27Z"
    generation: 1
    name: srx-ssh-service-entry
    namespace: home-devices-app
    resourceVersion: "1432197"
    selfLink: /apis/networking.istio.io/v1alpha3/namespaces/home-devices-    app/serviceentries/srx-ssh-service-entry
    uid: c9b3b586-1481-11e9-ad97-000c297d3726
  spec:
    addresses:
    - 10.10.10.6
    hosts:
    - '*.ca'
    location: MESH_EXTERNAL
    ports:
    - name: ssh
      number: 22
      protocol: TCP
    resolution: NONE
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

1 个答案:

答案 0 :(得分:0)

尝试添加如下所示的服务条目。它对我有用。

    apiVersion: networking.istio.io/v1alpha3
    kind: ServiceEntry
    metadata:
      name: ext-svcentry
    spec:
      hosts:
      - "*.com"
     location: MESH_EXTERNAL
     addresses:
     - 11.22.33.44
     ports:
     - number: 8080
       name: http
       protocol: TCP
     resolution: NONE
相关问题
最新问题