kubernetes - 使 istio-ingress 与 metallb 裸机 kubernetes 集群一起工作

Question

2021 年 14 月 3 日更新

Metallb LoadBalancer IP192.168.0.21 只能从集群（主/节点）访问。

root@C271-KUBE-NODE-0-04:~# curl -s -I -HHost:httpbin.example.com "http://192.168.0.21:80/status/200"
HTTP/1.1 200 OK
server: istio-envoy
date: Sun, 14 Mar 2021 17:32:36 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
content-length: 0
x-envoy-upstream-service-time: 2

问题

试图让 istio 在 Vmware ESXI 上使用 metallb。

安装 MetalLb 与 helm install metallb bitnami/metallb -n metallb-system -f metallb-config.yaml

configInline:
  address-pools:
    - name: prod-k8s-pool
      protocol: layer2
      addresses:
        - 192.168.0.21

使用https://istio.io/latest/docs/setup/install/helm/安装 istio。

helm install istio-base manifests/charts/base --set global.jwtPolicy=first-party-jwt -n istio-system
helm install istiod manifests/charts/istio-control/istio-discovery --set global.jwtPolicy=first-party-jwt -n istio-system
helm install istio-ingress manifests/charts/gateways/istio-ingress --set global.jwtPolicy=first-party-jwt -n istio-system
helm install istio-egress manifests/charts/gateways/istio-egress --set global.jwtPolicy=first-party-jwt -n istio-system

❯ k get svc
NAME                   TYPE           CLUSTER-IP       EXTERNAL-IP    PORT(S)                                                                      AGE
httpbin                LoadBalancer   10.104.32.168    <none>         8000:32483/TCP                                                               16m
istio-egressgateway    ClusterIP      10.107.11.137    <none>         80/TCP,443/TCP,15443/TCP                                                     20m
istio-ingressgateway   LoadBalancer   10.109.199.203   192.168.0.21   15021:32150/TCP,80:31977/TCP,443:30960/TCP,15012:30927/TCP,15443:31439/TCP   31m
istiod                 ClusterIP      10.96.10.193     <none>         15010/TCP,15012/TCP,443/TCP,15014/TCP                                        33m

同时，metallb 控制器日志说它分配了 IP。

metallb-system/metallb-controller-64c58bc7c6-bks6m[metallb-controller]: {"caller":"service.go:114","event":"ipAllocated","ip":"192.168.0.21","msg":"IP address assigned by controller","s
ervice":"istio-system/istio-ingressgateway","ts":"2021-03-14T09:20:12.906308842Z"}

我正在尝试使用https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/安装一个简单的示例 HTTPBIN

kubectl apply -f <(istioctl kube-inject -f samples/httpbin/httpbin.yaml)

$ kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: httpbin-gateway
spec:
  selector:
    istio: ingressgateway # use Istio default gateway implementation
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "httpbin.example.com"
EOF

kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: httpbin
spec:
  hosts:
  - "httpbin.example.com"
  gateways:
  - httpbin-gateway
  http:
  - match:
    - uri:
        prefix: /status
    - uri:
        prefix: /delay
    route:
    - destination:
        port:
          number: 8000
        host: httpbin
EOF

但是IP192.168.0.21永远不会解析。来自同一网络中的其他机器。

curl -s -I -HHost:httpbin.example.com "http://192.168.0.21:80/status/200"

我尝试使用 Nginx-ingress 安装

spec:
  type: LoadBalancer
  loadBalancerIP: 192.168.0.21

效果很好，任何人都可以指导 istio 如何与裸机 metallb 一起工作。