我需要部署两个单独的应用程序,并且我注意到路由仅适用于其中一个。网关/虚拟服务部署在不同的命名空间中。以下是配置:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: foo-gateway
namespace: foo
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- foo.example.com
tls:
httpsRedirect: true
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: SIMPLE
credentialName: wildcard-tls
hosts:
- foo.example.com
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: foo-vs
namespace: foo
spec:
hosts:
- foo.example.com
gateways:
- foo-gateway
http:
- route:
- destination:
host: foo.default.svc.cluster.local
port:
number: 8080
还有我的另一个应用:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: "bar-gateway"
namespace: bar
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- bar.example.com
tls:
httpsRedirect: true
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: SIMPLE
credentialName: wildcard-tls
hosts:
- bar.example.com
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bar-vs
namespace: bar
spec:
hosts:
- bar.example.com
gateways:
- bar-gateway
http:
- name: "bar-route"
match:
- uri:
prefix: "/api/bar/"
route:
- destination:
host: "bar.bar.svc.cluster.local"
port:
number: 8000
特使日志:
[2021-11-09T14:55:21.512Z] "GET /auth/ HTTP/2" 404 NR route_not_found - "-" 0 0 0 - "10.0.100.49" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" "2abf2054-2fa0-4749-dca6-9143a3c36828" "foo.example.com" "-" - - 10.0.100.124:8443 10.0.100.49:55097 bar.example.com
无论哪个网关/VS 对首先部署,它都是正常工作的。这里可能是什么问题?如果两个网关都使用相同的证书(通配符),我可以看到唯一常见的事情,但我不确定这是否是问题所在。会是什么呢?我在 istio 的 github 页面上阅读了类似的问题,但是它被标记为已通过更新版本解决。我的 istio 版本:
client version: 1.11.4
control plane version: 1.11.4
data plane version: 1.11.4 (1 proxies)