3

我必须让现有的微服务运行。它们以 docker 图像的形式给出。它们通过配置的主机名和端口相互通信。我开始使用 Istio 来查看和配置每个微服务的呼出调用。现在我需要重写/重定向主机和从一个容器发出的请求的端口。我如何使用 Istio 做到这一点?

我将尝试举一个最小的例子。有两个服务,服务-a 和服务-b。

apiVersion: apps/v1
kind: Deployment
metadata:
  name: service-b
spec:
  selector:
    matchLabels:
      run: service-b
  replicas: 1
  template:
    metadata:
      labels:
        run: service-b
    spec:
      containers:
        - name: service-b
          image: nginx
          ports:
            - containerPort: 80
              name: web
---
apiVersion: v1
kind: Service
metadata:
  name: service-b
  labels:
    run: service-b
spec:
  ports:
    - port: 8080
      protocol: TCP
      targetPort: 80
      name: service-b
  selector:
    run: service-b

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: service-a
spec:
  selector:
    matchLabels:
      run: service-a
  replicas: 1
  template:
    metadata:
      labels:
        run: service-a
    spec:
      containers:
        - name: service-a
          image: nginx
          ports:
            - containerPort: 80
              name: web
---
apiVersion: v1
kind: Service
metadata:
  name: service-a
  labels:
    run: service-a
spec:
  ports:
    - port: 8081
      protocol: TCP
      targetPort: 80
      name: service-a
  selector:
    run: service-a

我可以 docker exec 进入 service-a 并成功执行:

root@service-a-d44f55d8c-8cp8m:/# curl -v service-b:8080

< HTTP/1.1 200 OK
< server: envoy

现在,为了模拟我的问题,我想通过使用另一个主机名和端口来访问 service-b。我想配置 Istio 以使该调用也可以工作:

root@service-a-d44f55d8c-8cp8m:/# curl -v service-x:7777

最好的问候,克里斯蒂安

4

1 回答 1

1

根据使用istio功能的需要,可以使用两种解决方案。

如果没有istio计划使用的特性,可以使用原生 Kubernetes 解决。反过来,如果istio打算使用某些功能,则可以使用istio virtual service. 以下是两个选项:

1.原生kubernetes

Service-x应该指向service-b部署的后端。以下是selector指向deployment: service-b

apiVersion: v1
kind: Service
metadata:
  name: service-x
  labels:
    run: service-x
spec:
  ports:
    - port: 7777
      protocol: TCP
      targetPort: 80
      name: service-x
  selector:
    run: service-b

无论如何,这种方式请求都会通过istio,因为注入了边车容器。

# curl -vI service-b:8080

*   Trying xx.xx.xx.xx:8080...
* Connected to service-b (xx.xx.xx.xx) port 8080 (#0)
> Host: service-b:8080
< HTTP/1.1 200 OK
< server: envoy


# curl -vI service-x:7777

*   Trying yy.yy.yy.yy:7777...
* Connected to service-x (yy.yy.yy.yy) port 7777 (#0)
> Host: service-x:7777
< HTTP/1.1 200 OK
< server: envoy

2. Istio 虚拟服务

在此示例中,使用了虚拟服务service-x仍然需要创建服务,但现在我们不指定任何选择器:

apiVersion: v1
kind: Service
metadata:
  name: service-x
  labels:
    run: service-x
spec:
  ports:
    - port: 7777
      protocol: TCP
      targetPort: 80
      name: service-x

从另一个 pod 测试它:

# curl -vI service-x:7777

*   Trying yy.yy.yy.yy:7777...
* Connected to service-x (yy.yy.yy.yy) port 7777 (#0)
> Host: service-x:7777
< HTTP/1.1 503 Service Unavailable
< server: envoy

503预期的错误。现在创建virtual service将请求路由到service-bon port: 8080

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: service-x-to-b
spec:
  hosts:
  - service-x
  http:
  - route:
    - destination:
        host: service-b
        port:
          number: 8080

从 pod 进行测试:

# curl -vI service-x:7777

*   Trying yy.yy.yy.yy:7777...
* Connected to service-x (yy.yy.yy.yy) port 7777 (#0)
> Host: service-x:7777
< HTTP/1.1 200 OK
< server: envoy

看到它按预期工作。

有用的链接:

于 2021-11-16T10:56:46.220 回答