1

我在 Windows 10 Home 机器上使用 Kubernetes 和 Minikube 来“托管”一个 gRPC 服务。我正在努力让 Istio 在集群中工作,并且一遍又一遍地遇到同样的问题,我不知道为什么。问题是,一旦一切都启动并运行,Istio 网关使用 IPv6,似乎完全没有理由。IPv6 甚至在我的机器(通过 regedit)和网络适配器上被禁用。我的其他服务可以从 IPv4 访问。以下是我安装环境的步骤:

minikube start
kubectl create namespace abc
kubectl apply -f service.yml -n abc
kubectl apply -f gateway.yml
istioctl install --set profile=default -y
kubectl label namespace abc istio-injection=enabled

此时无法通过网络访问任何内容,直到我在自己的终端中运行以下命令:

minikube tunnel

现在我可以直接使用 IPv4 访问 gRPC 服务:127.0.0.1:5000. 但是,无法从 访问网关127.0.0.1:443,而只能从访问网关[::1]:443

这是service.yml:

apiVersion: v1
kind: Service
metadata:
  name: account-grpc
spec:
  ports:
  - name: grpc
    port: 5000
    protocol: TCP
    targetPort: 5000
  selector:
    service: account
    ipc: grpc
  type: LoadBalancer
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    service: account
    ipc: grpc
  name: account-grpc
spec:
  replicas: 1
  selector:
    matchLabels:
      service: account
      ipc: grpc
  template:
    metadata:
      labels:
        service: account
        ipc: grpc
    spec:
      containers:
        - image: account-grpc
          name: account-grpc
          imagePullPolicy: Never
          ports:
            - containerPort: 5000

这是 gateway.yml

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: gateway
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 443
      name: grpc
      protocol: GRPC
    hosts:
    - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: virtual-service
spec:
  hosts:
  - "*"
  gateways:
  - gateway
  http:
  - match:
    - uri:
        prefix: /account
    route:
    - destination:
        host: account-grpc
        port:
          number: 5000

以下是结果kubectl get service istio-ingressgateway -n istio-system -o yaml

apiVersion: v1
kind: Service
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: ...
  creationTimestamp: "2021-08-27T01:21:21Z"
  labels:
    app: istio-ingressgateway
    install.operator.istio.io/owning-resource: unknown
    install.operator.istio.io/owning-resource-namespace: istio-system
    istio: ingressgateway
    istio.io/rev: default
    operator.istio.io/component: IngressGateways
    operator.istio.io/managed: Reconcile
    operator.istio.io/version: 1.11.1
    release: istio
  name: istio-ingressgateway
  namespace: istio-system
  resourceVersion: "4379"
  uid: b4db0e2f-0f45-4814-b187-287acb28d0c6
spec:
  clusterIP: 10.97.4.216
  clusterIPs:
  - 10.97.4.216
  externalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: status-port
    nodePort: 32329
    port: 15021
    protocol: TCP
    targetPort: 15021
  - name: http2
    nodePort: 31913
    port: 80
    protocol: TCP
    targetPort: 8080
  - name: https
    nodePort: 32382
    port: 443
    protocol: TCP
    targetPort: 8443
  selector:
    app: istio-ingressgateway
    istio: ingressgateway
  sessionAffinity: None
  type: LoadBalancer
status:
  loadBalancer:
    ingress:
    - ip: 127.0.0.1
4

1 回答 1

1

将端口号更改为端口 80 解决了我的问题。问题是我的 gRPC 服务没有使用 HTTPS。将服务更改为使用 HTTPS 后,如果遇到问题,将返回。

于 2021-08-28T19:59:44.967 回答