istio中常见对象
手机扫一扫
apache ii评分centos apache mysqlapache forbidden 403安卓apachelinux 卸载 apache
莫古技术网精选文章istio中常见对象

istio中常见对象

精选文章moguli202025-06-05 8:49:275A+A-

gateway/VirtualService的案列:

简单案列

#gateway
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: front-tomcat-gateway
  namespace: istio-demo 
spec:
  selector:
    istio: ingressgateway # use istio default controller   选择ingressgateway的标签添加如下配置  入口流量转发
  servers:
  - port:
      number: 80   #开启listener为80端口的监听配置(匹配80 端口的流量以及域名为tomcat.istio-demo.com)
      name: http
      protocol: HTTP
    hosts:
    - tomcat.istio-demo.com   #域名为这个

    
    #virtualservice
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: gateway-front-tomcat
  namespace: istio-demo
spec:
  gateways:
  - front-tomcat-gateway  #匹配gateway名字为
  hosts:
  - tomcat.istio-demo.com #匹配域名为这个
  http:
  - name: front-tomcat-route #转发到 后端svc为这个front-tomcat  且设置对应的流量权重
    route:
    - destination:
        host: front-tomcat
        subset: v1
      weight: 90
    - destination:
        host: front-tomcat
        subset: v2
      weight: 10

gateway/VirtualService复杂的路由配置

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: simple-test
spec:
  gateways:
  - simple
  hosts:
  - simple-test.example.com
  http:
  - match:
    - port: 80
    route:
    - destination:
        host: simple-test.simple.svc.cluster.local
        port:
          number: 8080

---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: simple
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "simple-test.example.com"

---

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: simple-test
spec:
  gateways:
  - simple
  hosts:
  - simple-test-1.example.com
  http:
  - match:
    - url:
        exact: "/simple/hello"  #当匹配到的规则是/simple/hello    将请求转到 simple-test.simple.svc.cluster.local 这个cluster配置中 且rewrite 为 /hello    也就是访问 simple-test.simple.svc.cluster.local /hello这个地址
    rewrites:
    - uri: "/hello"
    route:
    - destination:
        host: simple-test.simple.svc.cluster.local
        port:
          number: 8080
  - match:
    - uri:
        prefix: "/nginx"
    rewrite:
      uri: "/"
    route:
    - destination:
        host: simple-test.simple.svc.cluster.local
        port:
          number: 8080

使用安全的方式

#使用安全的方式 https  openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=simple-test.example.com"
# kubectl create secret tls tls-secret --key tls.key --cert tls.crt
# curl --resolve httpsserver.cm:443:127.0.0.1 https://httpsserver.cm/ -v -k
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: https-simple
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:
      number: 443
      name: https
      protocol: HTTPS
    tls:
      mode: SIMPLE
      credentailName: tls-secret
    hosts:
    - "simple-test.example.com"

---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: https-simple
spec:
  gateways:
  - https-simple
  hosts:
  - simple-test.example.com
  http:
  - match:
    - port: 443
    route:
    - destination:
        host: simple-test.simple.svc.cluster.local
        port:
          number: 8080

通过istio实现canary(灰度发布通过header头实现)

#配置destination
# --destination-rule
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: canary
spec:
  host: canary
  trafficPolicy:
    loadBalancer:
      simple: RANDOM
  subsets:      # 子集配置  对服务进行拆迁划分
  - name: v1
    labels:
      version: v1
  - name: v2
    labels:
      version: v2
    trafficPolicy:
      loadBalancer:
        simple: ROUND_ROBIN
#配置vertualservice
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
gateways:
- mesh
metadata:
  name: canary
spec:
  hosts:
  - canary
  http:
  - match:
    - headers:
        user:
          exact: wade
    route:
    - destination:
        host: canary
        subset: v1
  - route:
    - destination:
        host: canary
        subset: v2
#配置gateway 略

通过curl命令添加对应的header 进行测试 curl canary/hello -H "user:wade"(编写自己的摸版)

配置权重的方式实现

#liu liang de  chai fen
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: reviews
spec:
  hosts:
  - reviews
  http:
  - route:
    - destination:
        host: reviews
        subset: v1
      weight: 80
    - destination:
        host: reviews
        subset: v2
      weight: 20

匹配规则的方式

规则委托的配置(权限下方的配置)

#规则委托配置
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: example-list
spec:
  hosts:
  - example.com
  gateways:
  - mygateway
  http:
  - match:
    - uri:
        prefix: /reviews
    delegate:
      name: reviews-delegate
      namespace: lst
  - match:
    - uri:
        prefix: /ratings
    delegate:
      name: ratings-delegate
      namespace: lst2

---
# 规则委托配置
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: delegate-list
  namespace: lst
spec:
  http:
  - match:
    - uri:
        prefix: "/reviews/v1"
    route:
    - destination:
        host: reviews
  - route:
    - destination:
        host: reviews-v1

destinationrule的规则是离开envoy后流量的规则 转发 envoy发起到后端的服务

将外部服务加入到服务网格中serviceEntry +workload Entry



点击这里复制本文地址 以上内容由莫古技术网整理呈现,请务必在转载分享时注明本文地址!如对内容有疑问,请联系我们,谢谢!
apache tomcat 域名

相关文章

qrcode

莫古技术网 © All Rights Reserved.  滇ICP备2024046894号-2