0

我正在尝试在我的 GKE 上设置一个与 istio 上的 HTTPS 负载均衡器一起使用的部署。当 istio-ingresss 定义为 NodePort 并在 gke 上创建了一个 Ingress 时,我安装了 istio:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: istio-ingress
  namespace: istio-system
  annotations:
    # If the class annotation is not specified it defaults to "gce".
    # kubernetes.io/ingress.class: "gce"
    networking.gke.io/v1beta1.FrontendConfig: "ingress-frontend-config"
    ingress.kubernetes.io/default-backend: istio-ingressgateway
    nginx.ingress.kubernetes.io/default-backend: istio-ingressgateway
    # Enable use of manually pre-defined global static IP
    kubernetes.io/ingress.global-static-ip-name: test-ip-address # A gcp ip address constantly set
    kubernetes.io/ingress.allow-http: "true" 
    # Enable use of a GCP-managed certificate through a ManagedCertificate resource
    networking.gke.io/managed-certificates: global-test-dev-cert # A gcp manged certificate for the host
spec:
  rules:
  - http:
      paths:
      - path: /*
        backend:
          # In this case we don't go directly to app-specific services,
          # but first to the Istio ingress-gateway
          # We use port 80 because it is the "ingress-like" port of the ingress-gateway
          serviceName: istio-ingressgateway
          servicePort: 80

在部署了 istio 的基本 httpbin 之后,我尝试使用以下网关和虚拟服务来访问它

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: httpbin-gateway
  namespace: svc
spec:
  selector:
    istio: ingressgateway
  servers:
    - port:
        number: 80
        name: http
        protocol: HTTP
      hosts:
        - "httpbin.test.com" # DNS set to the Ingress IP
        # - "*"
    - hosts:
        - "httpbin.test.com" # DNS set to the Ingress IP
        # - "*"
      port:
        name: https
        number: 443
        protocol: HTTPS
      tls:
        mode: PASSTHROUGH
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: httpbin-vs
  namespace: svc
spec:
  hosts:
  - "httpbin.test.com" # DNS set to the Ingress IP
  gateways:
  - httpbin-gateway
  http:
  - route:
    - destination:
        host: httpbin   
        port:
          number: 8000

当我通过浏览器访问它时,我得到一个 502 错误。在 istio-ingressgateway 日志中,我得到一个 404 错误路由未找到。但是当我将主机切换到

hosts:
        - "*"

通配符让我可以访问 httpbin 应用程序。

我还尝试将虚拟服务更改为

tls:
  - match:
    - port: 443
      sniHosts:
      - httpbin.test.com
    route:
    - destination:
        host: httpbin   
        port:
          number: 8000

出现同样的问题。

4

0 回答 0