Question

我在Mac上运行的本地Kubernetes群集上部署了Istion。我创建了此 VirtualService ， DestinationRule 和 Gateway 。

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: code-gateway
  namespace: code
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "gateway.code"

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: codemaster
  namespace: code
spec:
  hosts:
  - master.code
  - codemaster
  gateways:
  - codemaster-gateway
  - code-gateway
  http:
  - route:
    - destination:
        host: codemaster 
        subset: v1 

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: codemaster-gateway
  namespace: code
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "master.code"


apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: codemaster
  namespace: code
spec:
  host: codemaster
  trafficPolicy:
    connectionPool:
      tcp:
        maxConnections: 100
  subsets:
  - name: v1
    labels:
      version: v1
  - name: v2
    labels:
      version: v2


- apiVersion: "v1"
  kind: "Service"
  metadata:
    labels:
      app: "codemaster"
      group: "code"
    name: "codemaster"
    namespace: "code"
  spec:
    ports:
    - name: http-web
      port: 80
      targetPort: 80
    selector:
      app: "codemaster"
      group: "code"
    type: "ClusterIP"

- apiVersion: "apps/v1"
  kind: "Deployment"
  metadata:
    labels:
      app: "codemaster"
      group: "code"
      env: "production"
    name: "codemaster"
    namespace: "code"
  spec:
    replicas: 2
    selector:
      matchLabels:
        app: "codemaster"
        group: "code"
    template:
      metadata:
        labels:
          app: "codemaster"
          version: "v1"
          group: "code"
          env: "production"
      spec:
        containers:
        - env:
          - name: "KUBERNETES_NAMESPACE"
            valueFrom:
              fieldRef:
                fieldPath: "metadata.namespace"
          - name: "SPRING_DATASOURCE_URL"
            value: "jdbc:postgresql://host.docker.internal:5432/code_master"
          - name: "SPRING_DATASOURCE_USERNAME"
            value: "postgres"
          - name: "SPRING_DATASOURCE_PASSWORD"
            value: "postgres"
          image: "kzone/code/codemaster:1.0.0"
          imagePullPolicy: "IfNotPresent"
          name: "codemaster"
          ports:
          - containerPort: 80
            name: "http"
            protocol: "TCP"

apiVersion: "v1"
kind: "List"
items:
- apiVersion: "apps/v1"
  kind: "Deployment"
  metadata:
    labels:
      app: "codemaster"
      group: "code"
      env: "canary"
    name: "codemaster-canary"
    namespace: "code"
  spec:
    replicas: 1
    selector:
      matchLabels:
        app: "codemaster"
        group: "code"
    template:
      metadata:
        labels:
          app: "codemaster"
          version: "v2"
          group: "code"
          env: "canary"
      spec:
        containers:
        - env:
          - name: "KUBERNETES_NAMESPACE"
            valueFrom:
              fieldRef:
                fieldPath: "metadata.namespace"
          - name: "SPRING_DATASOURCE_URL"
            value: "jdbc:postgresql://host.docker.internal:5432/code_master"
          - name: "SPRING_DATASOURCE_USERNAME"
            value: "postgres"
          - name: "SPRING_DATASOURCE_PASSWORD"
            value: "postgres"
          image: "kzone/code/codemaster:1.0.1"
          imagePullPolicy: "IfNotPresent"
          name: "codemaster"
          ports:
          - containerPort: 80
            name: "http"
            protocol: "TCP"

这些是在代码名称空间中运行的服务，

codemaster   ClusterIP   10.103.151.80   <none>        80/TCP    18h
gateway      ClusterIP   10.104.154.57   <none>        80/TCP    18h

我在ton k8s中部署了2个spring-boot微服务。一个是弹簧引导网关。这些是在代码名称空间中运行的Pod，

codemaster-6cb7b8ddf5-mlpzn          2/2     Running   0          7h3m
codemaster-6cb7b8ddf5-sgzt8          2/2     Running   0          7h3m
codemaster-canary-756697d9c8-22qb2   2/2     Running   0          7h3m
gateway-5b5c8697f4-jpb4q             2/2     Running   0          7h3m

当我向 http://master.code/version （为代码管理员服务创建的网关）发送请求时，它总是转到正确的子集。但是，当我通过spring-boot网关（http://gateway.code/codemaster/version）发送请求时，请求不仅会转到子集v1，还会对所有3个Pod进行循环访问。这就是我在 Kiali ，

中看到的

我想在网关和其他服务之间应用流量转移。

Answer 1

Istio依赖请求的主机标头来应用流量规则。由于您正在使用Spring Boot网关使请求功能区直接命中Pod IP，而不是命中服务。因此，为了避免向

提供静态服务器列表

将版本/版本作为http://master.code.cluster.local

在Spring Boot Gateway Config中

->避免功能区动态端点发现。这应该可以解决问题。

Answer 2

进行一些搜索后，我发现Docker for Mac k8s中没有CNI。因此，流量转换在Mac K8的Docker上不起作用

Istio交通转移在内部通信中不起作用

2 个答案: