Question

我已经使用头盔图表设置了Istio，并且正在尝试向istio-ingressgateway公开服务。

这是我决定使用的配置：

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: grafana-gateway
  namespace: istio-system
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 31400
      name: http
      protocol: HTTP
    hosts:
    - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: kiali-gateway
  namespace: istio-system
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 15029
      name: http
      protocol: HTTP
    hosts:
    - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: prometheus-gateway
  namespace: istio-system
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 15030
      name: http
      protocol: HTTP
    hosts:
    - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: grafana-vts
  namespace: istio-system
spec:
  hosts:
  - "*"
  gateways:
  - grafana-gateway
  http:
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        host: grafana.istio-system.svc.cluster.local
        port: 
          number: 3000
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: kiali-vts
  namespace: istio-system
spec:
  hosts:
  - "*"
  gateways:
  - kiali-gateway
  http:
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        host: kiali.istio-system.svc.cluster.local
        port: 
          number: 20001
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: prometheus-vts
  namespace: istio-system
spec:
  hosts:
  - "*"
  gateways:
  - prometheus-gateway
  http:
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        host: prometheus.istio-system.svc.cluster.local
        port: 
          number: 9090

但是-这只会将grafana路由到端口31400、15029和15030，而应该只在端口31400进行。

如果我仅使用一个网关并重写uri，则会引发404错误/告诉我反向代理设置不正确

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: all-gateway
  namespace: istio-system
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: grafana-vts
  namespace: istio-system
spec:
  hosts:
  - "*"
  gateways:
  - all-gateway
  http:
  - match:
    - uri:
        prefix: "/grafana"
      rewrite:
        uri: /
    route:
    - destination:
        host: grafana.istio-system.svc.cluster.local
        port: 
          number: 3000
and etc...

我对istio有点陌生，我浏览的示例并没有完全讨论这些。如果您有个主意，那一定会很成功-是因为我如何对主机进行通配？

Answer 1

您的网关和虚拟服务混合在一起，因为所有主机都使用相同的主机（*），因此在Istio中未定义它们的行为。我将分配伪造的主机名，例如my-grafana.com，my-kiali.com，并在网关和虚拟服务定义中使用它们。我会将这些虚假的主机名添加到/etc/hosts/文件中，并使用它们从我的计算机访问Grafana和Kiali。

Istio-通过网关公开虚拟服务

1 个答案: