在GKE上安装istio时无法访问`istio-ingressgateway`
我正在尝试在我的GKE(Google Kubernetes引擎)上安装istio
我已经完成了以下步骤
-
创建集群时
- 启用
istio。这是运行kubectl get deployment,svc -n istio-system时的验证
kubectl get deployment,svc -n istio-system
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.extensions/cluster-local-gateway 1/1 1 1 5d21h
deployment.extensions/istio-citadel 1/1 1 1 5d22h
deployment.extensions/istio-galley 1/1 1 1 5d22h
deployment.extensions/istio-ingressgateway 1/1 1 1 5d22h
deployment.extensions/istio-pilot 1/1 1 1 5d22h
deployment.extensions/istio-policy 1/1 1 1 5d22h
deployment.extensions/istio-sidecar-injector 1/1 1 1 5d22h
deployment.extensions/istio-telemetry 1/1 1 1 5d22h
deployment.extensions/promsd 1/1 1 1 5d22h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/cluster-local-gateway ClusterIP 10.0.1.88 <none> 80/TCP,443/TCP,31400/TCP,15011/TCP,8060/TCP,15030/TCP,15031/TCP 5d21h
service/istio-citadel ClusterIP 10.0.13.49 <none> 8060/TCP,15014/TCP 5d21h
service/istio-galley ClusterIP 10.0.13.164 <none> 443/TCP,15014/TCP,9901/TCP 5d21h
service/istio-ingressgateway LoadBalancer 10.0.7.201 34.87.63.90 15020:30780/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:32221/TCP,15030:31217/TCP,15031:32218/TCP,15032:31962/TCP,15443:32139/TCP 5d21h
service/istio-pilot ClusterIP 10.0.11.239 <none> 15010/TCP,15011/TCP,8080/TCP,15014/TCP 5d21h
service/istio-policy ClusterIP 10.0.3.193 <none> 9091/TCP,15004/TCP,15014/TCP 5d21h
service/istio-sidecar-injector ClusterIP 10.0.9.213 <none> 443/TCP 5d21h
service/istio-telemetry ClusterIP 10.0.3.90 <none> 9091/TCP,15004/TCP,15014/TCP,42422/TCP 5d21h
service/promsd ClusterIP 10.0.3.213 <none> 9090/TCP 5d21h
- 为我的项目名称空间启用
sidecar注入 这是运行kubectl get namespace -L istio-injection时的输出
kubectl get namespace -L istio-injection
NAME STATUS AGE ISTIO-INJECTION
default Active 5d22h enabled
ingress-nginx Active 2d23h
istio-system Active 5d22h disabled
knative-serving Active 5d22h
kube-public Active 5d22h
kube-system Active 5d22h
timeline Active 5d20h enabled
- 重新启动
timeline名称空间服务,以便启用注入 这是运行kubectl get pod -n timeline时的输出
kubectl get pod -n timeline
NAME READY STATUS RESTARTS AGE
postgres-569db64f87-qwr82 2/2 Running 0 2d
prisma-5748bc8d8-729zq 2/2 Running 0 2d
prisma-5748bc8d8-kqqr9 2/2 Running 0 2d
prisma-5748bc8d8-r5cg2 2/2 Running 0 2d
redis-7df9bc8655-2tjck 2/2 Running 0 2d
redis-7df9bc8655-pvsrp 2/2 Running 0 2d
redis-7df9bc8655-vc6d8 2/2 Running 0 2d
timeline-779d79d4ff-gm4db 2/2 Running 0 2d
timeline-779d79d4ff-jg5zg 2/2 Running 0 2d
timeline-779d79d4ff-q5s9d 2/2 Running 0 2d
- 使用{li> set
gateway
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: timeline-gateway
namespace: timeline
spec:
selector:
app: timelline
stage: production
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
- 使用{li> set
virtualservice
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: timeline-virtualservice
namespace: timeline
spec:
hosts:
- "*"
gateways:
- timeline-gateway
http:
- route:
- destination:
host: timeline
port:
number: 4000
在运行timeline时,下面是我的deployment名称空间service和kubectl get deployment,svc -n timeline
kubectl get deployment,svc -n timeline
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.extensions/postgres 1/1 1 1 4d10h
deployment.extensions/prisma 3/3 3 3 4d10h
deployment.extensions/redis 3/3 3 3 4d10h
deployment.extensions/timeline 3/3 3 3 4d10h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/postgres NodePort 10.0.15.150 <none> 5432:30714/TCP 4d10h
service/prisma NodePort 10.0.8.32 <none> 4466:30480/TCP 4d10h
service/redis NodePort 10.0.0.119 <none> 6379:31032/TCP 4d10h
service/timeline NodePort 10.0.7.225 <none> 4000:31890/TCP 4d4h
问题是我无法访问istio-ingressgateway总是返回cannot be found页面. I have verify my时间轴service working with ngix-ingress-controller`(请参见下面的图片)
我的设置有什么问题?如何使istio工作?
我在下面的所有命名空间中列出了我所有的deployment和service
kubectl get deployment,svc --all-namespaces
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
ingress-nginx deployment.extensions/nginx-ingress-controller 1/1 1 1 2d23h
istio-system deployment.extensions/cluster-local-gateway 1/1 1 1 5d22h
istio-system deployment.extensions/istio-citadel 1/1 1 1 5d22h
istio-system deployment.extensions/istio-galley 1/1 1 1 5d22h
istio-system deployment.extensions/istio-ingressgateway 1/1 1 1 5d22h
istio-system deployment.extensions/istio-pilot 1/1 1 1 5d22h
istio-system deployment.extensions/istio-policy 1/1 1 1 5d22h
istio-system deployment.extensions/istio-sidecar-injector 1/1 1 1 5d22h
istio-system deployment.extensions/istio-telemetry 1/1 1 1 5d22h
istio-system deployment.extensions/promsd 1/1 1 1 5d22h
knative-serving deployment.extensions/activator 1/1 1 1 5d22h
knative-serving deployment.extensions/autoscaler 1/1 1 1 5d22h
knative-serving deployment.extensions/cloudrun-controller 1/1 1 1 5d22h
knative-serving deployment.extensions/controller 1/1 1 1 5d22h
knative-serving deployment.extensions/networking-istio 1/1 1 1 5d22h
knative-serving deployment.extensions/webhook 1/1 1 1 5d22h
kube-system deployment.extensions/event-exporter-v0.2.5 1/1 1 1 5d22h
kube-system deployment.extensions/fluentd-gcp-scaler 1/1 1 1 5d22h
kube-system deployment.extensions/heapster-v1.6.1 1/1 1 1 5d22h
kube-system deployment.extensions/kube-dns 2/2 2 2 5d22h
kube-system deployment.extensions/kube-dns-autoscaler 1/1 1 1 5d22h
kube-system deployment.extensions/l7-default-backend 1/1 1 1 5d22h
kube-system deployment.extensions/metrics-server-v0.3.1 1/1 1 1 5d22h
kube-system deployment.extensions/stackdriver-metadata-agent-cluster-level 1/1 1 1 5d22h
kube-system deployment.extensions/tiller-deploy 1/1 1 1 3d21h
timeline deployment.extensions/postgres 1/1 1 1 4d11h
timeline deployment.extensions/prisma 3/3 3 3 4d11h
timeline deployment.extensions/redis 3/3 3 3 4d10h
timeline deployment.extensions/timeline 3/3 3 3 4d10h
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default service/kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 5d22h
ingress-nginx service/ingress-nginx LoadBalancer 10.0.7.136 35.240.157.212 80:32456/TCP,443:30484/TCP 2d23h
istio-system service/cluster-local-gateway ClusterIP 10.0.1.88 <none> 80/TCP,443/TCP,31400/TCP,15011/TCP,8060/TCP,15030/TCP,15031/TCP 5d22h
istio-system service/istio-citadel ClusterIP 10.0.13.49 <none> 8060/TCP,15014/TCP 5d22h
istio-system service/istio-galley ClusterIP 10.0.13.164 <none> 443/TCP,15014/TCP,9901/TCP 5d22h
istio-system service/istio-ingressgateway LoadBalancer 10.0.7.201 34.87.63.90 15020:30780/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:32221/TCP,15030:31217/TCP,15031:32218/TCP,15032:31962/TCP,15443:32139/TCP 5d22h
istio-system service/istio-pilot ClusterIP 10.0.11.239 <none> 15010/TCP,15011/TCP,8080/TCP,15014/TCP 5d22h
istio-system service/istio-policy ClusterIP 10.0.3.193 <none> 9091/TCP,15004/TCP,15014/TCP 5d22h
istio-system service/istio-sidecar-injector ClusterIP 10.0.9.213 <none> 443/TCP 5d22h
istio-system service/istio-telemetry ClusterIP 10.0.3.90 <none> 9091/TCP,15004/TCP,15014/TCP,42422/TCP 5d22h
istio-system service/promsd ClusterIP 10.0.3.213 <none> 9090/TCP 5d22h
knative-serving service/activator-service ClusterIP 10.0.0.5 <none> 80/TCP,81/TCP,9090/TCP 5d22h
knative-serving service/autoscaler ClusterIP 10.0.12.217 <none> 8080/TCP,9090/TCP 5d22h
knative-serving service/controller ClusterIP 10.0.13.31 <none> 9090/TCP 5d22h
knative-serving service/webhook ClusterIP 10.0.2.121 <none> 443/TCP 5d22h
kube-system service/default-http-backend NodePort 10.0.15.7 <none> 80:30617/TCP 5d22h
kube-system service/heapster ClusterIP 10.0.6.253 <none> 80/TCP 5d22h
kube-system service/kube-dns ClusterIP 10.0.0.10 <none> 53/UDP,53/TCP 5d22h
kube-system service/metrics-server ClusterIP 10.0.8.76 <none> 443/TCP 5d22h
kube-system service/tiller-deploy ClusterIP 10.0.3.125 <none> 44134/TCP 3d21h
timeline service/postgres NodePort 10.0.15.150 <none> 5432:30714/TCP 4d11h
timeline service/prisma NodePort 10.0.8.32 <none> 4466:30480/TCP 4d10h
timeline service/redis NodePort 10.0.0.119 <none> 6379:31032/TCP 4d10h
timeline service/timeline NodePort 10.0.7.225 <none> 4000:31890/TCP 4d5h
更新:我添加了istio-ingressgateway yaml
apiVersion: v1
kind: Service
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"addonmanager.kubernetes.io/mode":"Reconcile","app":"istio-ingressgateway","chart":"gateways","heritage":"Tiller","istio":"ingressgateway","k8s-app":"istio","kubernetes.io/cluster-service":"true","release":"istio"},"name":"istio-ingressgateway","namespace":"istio-system"},"spec":{"ports":[{"name":"status-port","port":15020,"targetPort":15020},{"name":"http2","nodePort":31380,"port":80,"targetPort":80},{"name":"https","nodePort":31390,"port":443},{"name":"tcp","nodePort":31400,"port":31400},{"name":"https-kiali","port":15029,"targetPort":15029},{"name":"https-prometheus","port":15030,"targetPort":15030},{"name":"https-grafana","port":15031,"targetPort":15031},{"name":"https-tracing","port":15032,"targetPort":15032},{"name":"tls","port":15443,"targetPort":15443}],"selector":{"app":"istio-ingressgateway","istio":"ingressgateway","release":"istio"},"type":"LoadBalancer"}}
creationTimestamp: "2019-06-06T17:27:22Z"
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: istio-ingressgateway
chart: gateways
heritage: Tiller
istio: ingressgateway
k8s-app: istio
kubernetes.io/cluster-service: "true"
release: istio
name: istio-ingressgateway
namespace: istio-system
resourceVersion: "1523"
selfLink: /api/v1/namespaces/istio-system/services/istio-ingressgateway
uid: 580def22-8880-11e9-b69f-42010a940126
spec:
clusterIP: 10.0.7.201
externalTrafficPolicy: Cluster
ports:
- name: status-port
nodePort: 30780
port: 15020
protocol: TCP
targetPort: 15020
- name: http2
nodePort: 31380
port: 80
protocol: TCP
targetPort: 80
- name: https
nodePort: 31390
port: 443
protocol: TCP
targetPort: 443
- name: tcp
nodePort: 31400
port: 31400
protocol: TCP
targetPort: 31400
- name: https-kiali
nodePort: 32221
port: 15029
protocol: TCP
targetPort: 15029
- name: https-prometheus
nodePort: 31217
port: 15030
protocol: TCP
targetPort: 15030
- name: https-grafana
nodePort: 32218
port: 15031
protocol: TCP
targetPort: 15031
- name: https-tracing
nodePort: 31962
port: 15032
protocol: TCP
targetPort: 15032
- name: tls
nodePort: 32139
port: 15443
protocol: TCP
targetPort: 15443
selector:
app: istio-ingressgateway
istio: ingressgateway
release: istio
sessionAffinity: None
type: LoadBalancer
status:
loadBalancer:
ingress:
- ip: 34.87.63.90
更新2:prometheus部分。我已经如下更新了gateway和virtualservice
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: timeline-gateway
namespace: timeline
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
- port:
number: 15030
name: https-prometheus
protocol: HTTP
hosts:
- "*"
和
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: timeline-virtualservice
namespace: timeline
spec:
hosts:
- "*"
gateways:
- timeline-gateway
http:
- match:
- port: 80
route:
- destination:
host: timeline
port:
number: 4000
- match:
- port: 15030
route:
- destination:
host: promsd
port:
number: 9090
1 个答案:
答案 0 :(得分:1)
检查网关的选择器
spec:
selector:
app: timelline
stage: production
它们与istio-ingressgateway pod的标签匹配吗?
我怀疑,您不需要app: timelline和stage: production选择器。或者它可能是一个简单的错字-timel L ine
因此,请尝试以下定义:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: timeline-gateway
namespace: timeline
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
更新: 为了在网关中公开其他端口,您只需为每个端口添加一些定义
- port:
number: 15030
name: https-prometheus
protocol: HTTPS
hosts:
- "*"
对于HTTPS流量,您还需要证书和私钥
tls:
mode: SIMPLE # enables HTTPS on this port
serverCertificate: /etc/certs/servercert.pem
privateKey: /etc/certs/privatekey.pem
Istio官方文档中有一个很好的例子- https://istio.io/docs/reference/config/networking/v1alpha3/gateway/
相关问题
- istio-ingressgateway无法处理完整的URL请求
- Istio网关未应用于istio-ingressgateway
- Openshift入口网关`http`与`https`
- 没有LB的Istio Ingressgateway
- 如何在GKE中配置自动生成的istio-ingressgateway?
- 在GKE上安装istio时无法访问`istio-ingressgateway`
- 使用GKE Istio插件时如何更改istio-ingressgateway?
- 如何在GKE上安装Kiali?
- 从Ingressgateway重试
- 如何为本地主机上的istio-ingressgateway分配IP?
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?