如何通过入口将基建服务向外界公开

时间:2019-11-20 18:57:28

标签: kubernetes google-kubernetes-engine kubernetes-ingress istio knative

以下是我的基本服务示例

apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: test-svc
spec:
  template:
    metadata:
      annotations:
        autoscaling.knative.dev/minScale: "1"
    spec:
      serviceAccountName: default
      containers:
      - image: ******************
        imagePullPolicy: IfNotPresent
        name: test-svc
        envFrom:
        - secretRef:
           name: test-env


kubectl get ksvc

NAME       URL                                   LATESTCREATED    LATESTREADY      READY     REASON
test-svc   http://test-svc.kube-system.kasl.io   test-svc-8v6gv   test-svc-8v6gv   True

网关+虚拟服务

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: httpbin-gateway
spec:
  selector:
    istio: ingressgateway # use Istio default gateway implementation
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: httpbin
spec:
  hosts:
  - "*"
  gateways:
  - httpbin-gateway
  http:
  - match:
    - uri:
        prefix: /headers
    route:
    - destination:
        host: istio-ingressgateway.istio-system.svc.cluster.local

如果我在群集内执行 curl -v http://test-svc.kube-system.kasl.io ,则其工作正常 以下是我的基本服务示例

apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: test-svc
spec:
  template:
    metadata:
      annotations:
        autoscaling.knative.dev/minScale: "1"
    spec:
      serviceAccountName: default
      containers:
      - image: ******************
        imagePullPolicy: IfNotPresent
        name: test-svc
        envFrom:
        - secretRef:
           name: test-env


kubectl get ksvc

NAME       URL                                   LATESTCREATED    LATESTREADY      READY     REASON
test-svc   http://test-svc.kube-system.kasl.io   test-svc-8v6gv   test-svc-8v6gv   True

网关+虚拟服务

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: httpbin-gateway
spec:
  selector:
    istio: ingressgateway # use Istio default gateway implementation
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: httpbin
spec:
  hosts:
  - "*"
  gateways:
  - httpbin-gateway
  http:
  - match:
    - uri:
        prefix: /headers
    route:
    - destination:
        host: istio-ingressgateway.istio-system.svc.cluster.local

如果我在群集中正常运行 curl -v http://test-svc.kube-system.kasl.io

现在我想将这些服务公开给外部集群

1 个答案:

答案 0 :(得分:0)

Knative使用共享的入口网关为Knative服务网格内的所有传入流量提供服务,该服务网格是knative-serving名称空间下的knative-ingress-gateway网关。默认情况下,它使用istio-system名称空间下的Istio网关服务istio-ingressgateway作为其基础服务。您可以按以下方式用自己的服务替换该服务[1],有关更多详细步骤,请参阅链接[2]。

[1] https://knative.dev/docs/serving/setting-up-custom-ingress-gateway/ [2] https://starkandwayne.com/blog/public-traffic-into-knative-on-gke/

相关问题
最新问题