1. 常用对象配置
1.1 Gateway
1.2 VirtualService
- gateways
- 指定生效的网关,默认值 mesh 为东西向流量;如果指定 Gateway 对象则为南北向流量
- http
- 七层路由
- 重定向
- 重写
- 重试
- 条件规则
- 超时
- 故障注入
- 跨站策略
- tcp
- tls
1.3 DestinationRule
- host
- trafficPolicy
- subsets
2. 七层 Gateway->HTTPRoute->Service
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: default-gateway
namespace: default
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- '*'
port:
name: http
number: 80
protocol: HTTP
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: chenshaowen
namespace: default
spec:
gateways:
- default/default-gateway
hosts:
- 'istio.chenshaowen.com'
http:
- match:
- uri:
exact: /
route:
- destination:
host: blog.default.svc.cluster.local
port:
number: 80
|
这样就将 default 空间下的 blog 服务通过 Istio Gateway 暴露到了外部。通过主机端口 + Istio Gateway 映射到主机的 NodePort 即可访问服务。如下图:
3. 四层 Gateway->TCPRoute->Service
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: default-gateway
namespace: default
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- '*'
port:
name: tcp
number: 80
protocol: TCP
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: chenshaowen
namespace: default
spec:
gateways:
- default/default-gateway
hosts:
- 'istio.chenshaowen.com'
tcp:
- match:
- port: 80
route:
- destination:
host: blog.default.svc.cluster.local
port:
number: 80
|
当 VirtualService 中使用 TCP 时,Gateway 也需要使用 TCP ,协议需要匹配。
