1. 安装 Istio (1.0.2)
kubectl apply -f https://raw.githubusercontent.com/knative/serving/master/third_party/istio-1.0.2/istio-crds.yaml
kubectl apply -f https://raw.githubusercontent.com/knative/serving/master/third_party/istio-1.0.2/istio.yaml
2.创建两个Deployments及其对应Service的s
# Create Deployments
cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-a
spec:
selector:
matchLabels:
app: a
replicas: 3
template:
metadata:
labels:
app: a
spec:
containers:
- name: print
image: gcr.io/invertible-lens-220304/print
env:
- name: TEXT_TO_PRINT
value: "AAAAAAAAAAAAAAAAAAAA"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-b
spec:
selector:
matchLabels:
app: b
replicas: 3
template:
metadata:
labels:
app: b
spec:
containers:
- name: print
image: gcr.io/invertible-lens-220304/print
env:
- name: TEXT_TO_PRINT
value: "BBBBBBBBBBBBBBBBBBBB"
EOF
# Create Services
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Service
metadata:
name: service-a
spec:
ports:
- port: 80
protocol: TCP
selector:
app: a
---
apiVersion: v1
kind: Service
metadata:
name: service-b
spec:
ports:
- port: 80
protocol: TCP
selector:
app: b
EOF
3.创建两个Gateways及其对应的NodePorts
# Create gateways
cat <<EOF | kubectl apply -f -
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: gateway-a
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 3001
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: gateway-b
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 3002
name: http
protocol: HTTP
hosts:
- "*"
EOF
# Add ports to the istio-ingressgateway service
kubectl patch service istio-ingressgateway -n istio-system --type json --patch "$(cat <<EOF
[{
"op" : "add" ,
"path" : "/spec/ports/-" ,
"value" : {
"name" : "node-port-1",
"nodePort" : 30001,
"port": 3001,
"protocol": "TCP",
"targetPort": 3001
}
}, {
"op" : "add" ,
"path" : "/spec/ports/-" ,
"value" : {
"name" : "node-port-2",
"nodePort" : 30002,
"port": 3002,
"protocol": "TCP",
"targetPort": 3002
}
}]
EOF)"
4.VirtualService为每个创建sGateway
cat <<EOF | kubectl apply -f -
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: virtualservice-a
namespace: istio-system
spec:
gateways:
- gateway-a
hosts:
- example.com
http:
- match:
- authority:
exact: example.com
route:
- destination:
host: service-a.default.svc.cluster.local
port:
number: 80
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: virtualservice-b
namespace: istio-system
spec:
gateways:
- gateway-b
hosts:
- example.com
http:
- match:
- authority:
exact: example.com
route:
- destination:
host: service-b.default.svc.cluster.local
port:
number: 80
EOF
5. 测试
NODE_IP=$(kubectl get nodes -o jsonpath="{.items[0].status.addresses[1].address}")
curl $NODE_IP:30001 -H "Host: example.com"
# Result: AAAAAAAAAAAAAAAAAAAA
curl $NODE_IP:30002 -H "Host: example.com"
# Result: AAAAAAAAAAAAAAAAAAAA
kubectl delete virtualservice virtualservice-a -n istio-system
curl $NODE_IP:30001 -H "Host: example.com"
# Result: BBBBBBBBBBBBBBBBBBBB
curl $NODE_IP:30002 -H "Host: example.com"
# Result: BBBBBBBBBBBBBBBBBBBB
由于30001绑定到gateway-a哪个virtualservice-a指向service-a,并且30002绑定到gateway-b哪个virtualservice-b指向service-b,我希望结果是:
curl $NODE_IP:30001 -H "Host: example.com"
# Result: AAAAAAAAAAAAAAAAAAAA
curl $NODE_IP:30002 -H "Host: example.com"
# Result: BBBBBBBBBBBBBBBBBBBB
发生了什么,我怎样才能让它工作?
附言
- 我知道两种
istio-ingressgateway部署是可能的,但是我可以只用一个来实现相同的结果吗? - 另一种可能性是只使用 one
VirtualService和 oneGateway并设置portinHTTPMatchRequest,但这仍然不是我想要的。 - 是的,我希望主机名相同。网关不是相互隔离的吗?
我想要的是在相同istio-proxy (docker.io/istio/proxyv2:1.0.2)部署的不同端口上拥有两个网关,并拥有各自对应的一组虚拟服务,而不会相互影响。那可能吗?