ingress-istio配置服务
文档说明:只记录关键地方;
试验环境: linux debian 11
目标:自建K8S 对外提供 http https 服务
生成secret TLS
kubectl create -n default secret tls com-xiaoshuogeng-tls-cert-secret \
--key=/data/tls/wildcard.xiaoshuogeng.com.key.pem \
--cert=/data/tls/wildcard.xiaoshuogeng.com.fullchain.pem
ingress-istio 暴露服务端口
暴露 80 和 443 端口
apiVersion: v1
kind: Service
metadata:
annotations: null
labels:
app: istio-ingressgateway
istio: ingressgateway
release: istio
name: istio-ingressgateway-my-custom
namespace: istio-system
spec:
ports:
- name: http2
port: 80
targetPort: 8080
- name: https
port: 443
targetPort: 8443
selector:
app: istio-ingressgateway
istio: ingressgateway
type: NodePort # 关键点就这4行
externalIPs:
- 192.168.3.120
- 192.168.3.121
创建gateway
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: com-xiaoshuogeng-gateway
namespace: default
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
tls:
httpsRedirect: true
hosts:
- "*.xiaoshuogeng.com"
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: SIMPLE # enables HTTPS on this port
credentialName: "com-xiaoshuogeng-tls-cert-secret"
hosts:
- "*.xiaoshuogeng.com"
创建路由
com-xiaoshuogeng-3d-service 内部服务名称
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: com-xiaoshuogeng-3d-virtual-service
namespace: default
spec:
hosts:
- "3d.xiaoshuogeng.com"
gateways:
- com-xiaoshuogeng-gateway
http:
- match:
- uri:
prefix: "/"
route:
- destination:
host: com-xiaoshuogeng-3d-service.default.svc.cluster.local
port:
number: 80
至此路由服务配置完毕,可以使用了
com-xiaoshuogeng-3d-service 内部服务名称
kubectl get pods,svc,virtualservices,destinationrules,ingress -n istio-system
kubectl get pods,svc,virtualservices,destinationrules,ingress -n default
