背景

为什么需要使用到Istio Gateway？充当k8s服务访问的外部流量访问入口，类似nginx一样的作用

如何创建Istio Gateway

1、检查是否已开启istio-ingressgateway服务

servicemesh:
enabled: true # 将“false”更改为“true”。
istio: https://istio.io/latest/docs/setup/additional-setup/customize-installation/components:ingressGateways:- name: istio-ingressgateway enabled: true # 将“false”更改为“true”

2、创建yaml配置文件

touch nginx-gateway.yaml

3、输入配置内容

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:name: mygateway
spec:selector:istio: ingressgateway # use istio default ingress gatewayservers:- port:number: 80name: httpprotocol: HTTPhosts:- forecast.example.com
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:name: mygateway
spec:hosts:- forecast.example.comgateways:- mygatewayhttp:- match:- uri:prefix: "/nginx/"  # 新路径, prefix 前缀匹配， 满足 /p1 的都要被重写rewrite:uri: "/"    # 老路径route:- destination:host: nginx-79zn9d  # 对应service中的名称，具有负责均衡- match:- uri:prefix: "/tomcat/"  # 新路径, prefix 前缀匹配， 满足 /p1 的都要被重写rewrite:uri: "/"    # 老路径route:- destination:host: tomcat-5tl05n # 对应service中的名称，具有负责均衡- match:- uri:prefix: "/myapp1/"  rewrite:uri: "/"route:- destination:host: my-app1       # 对应service中的名称，具有负责均衡- match:- uri:prefix: "/myapp2/"  rewrite:uri: "/"route:- destination:host: my-app2        # 对应service中的名称，具有负责均衡

4、执行创建，会同时创建gateway和VirtualService

kubectl apply -f nginx-gateway.yaml --namespace=project-demo

5、确定Istio入口ip和port （负载均衡器）

kubectl get svc istio-ingressgateway -n istio-system

6、最后客户端访问前，进行客户端host配置

ip【服务器 istio-ingressgateway的ip】 forecast.example.com

7、更新gateway，先导出->再修改->最后更新

kubectl get gw mygateway  -o yaml -n project-demo > /home/k8s/gateway-update.yaml
kubectl apply -f gateway-update.yaml

8、更新virtualservice

kubectl get virtualservice mygateway  -o yaml -n project-demo > /home/k8s/gatewaySvc-update.yaml
kubectl apply -f gatewaySvc-update.yaml

规则配置方式

rewrite重写路径

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:name: mygateway
spec:selector:istio: ingressgateway # use istio default ingress gatewayservers:- port:number: 80name: httpprotocol: HTTPhosts:- forecast.example.com
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:name: mygateway
spec:hosts:- forecast.example.comgateways:- mygatewayhttp:- match:- uri:prefix: "/nginx/"  # 新路径, prefix 前缀匹配， 满足 /p1 的都要被重写rewrite:uri: "/"    # 老路径route:- destination:host: nginx-79zn9d

直接去除match，默认都转发到一个服务

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:name: mygateway
spec:selector:istio: ingressgateway # use istio default ingress gatewayservers:- port:number: 80name: httpprotocol: HTTPhosts:- forecast.example.com
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:name: mygateway
spec:hosts:- forecast.example.comgateways:- mygatewayhttp:- route:- destination:host: nginx-79zn9d

路由规则多种配置方式实践（即开头的完整版）

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:name: mygateway
spec:selector:istio: ingressgateway # use istio default ingress gatewayservers:- port:number: 80name: httpprotocol: HTTPhosts:- forecast.example.com
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:name: mygateway
spec:hosts:- forecast.example.comgateways:- mygatewayhttp:- match:- uri:prefix: "/nginx/"  # 新路径, prefix 前缀匹配， 满足 /p1 的都要被重写rewrite:uri: "/"    # 老路径route:- destination:host: nginx-79zn9d  # 对应service中的名称，具有负责均衡- match:- uri:prefix: "/tomcat/"  # 新路径, prefix 前缀匹配， 满足 /p1 的都要被重写rewrite:uri: "/"    # 老路径route:- destination:host: tomcat-5tl05n # 对应service中的名称，具有负责均衡- match:- uri:prefix: "/myapp1/"  rewrite:uri: "/"route:- destination:host: my-app1       # 对应service中的名称，具有负责均衡- match:- uri:prefix: "/myapp2/"  rewrite:uri: "/"route:- destination:host: my-app2        # 对应service中的名称，具有负责均衡

涉及的命令补充

#networking.istio.io版本
kubectl api-versions | grep networking.istio.io#确定Istio入口ip和port （负载均衡器）
kubectl get svc istio-ingressgateway -n istio-system#检查有没有在相同的 IP和端口上定义 Kubernetes Ingress 资源
kubectl get ingress --all-namespaces#检查有没有在相同的端口上定义其它 Istio Ingress Gateway
kubectl get gateway --all-namespaces# 查看网关
kubectl get gw -A# 删除网关
-- kubectl delete gw my-gateway -n project-demo# 查看路由规则
kubectl get virtualservices my-VirtualService -n project-demo -o yaml# 删除virtualservice
kubectl delete virtualservice nginx-79zn9d -n project-demo# 更新gateway
kubectl get gw mygateway  -o yaml -n project-demo > /home/k8s/gateway-update.yaml
kubectl apply -f gateway-update.yaml# 更新virtualservice
kubectl get virtualservice mygateway  -o yaml -n project-demo > /home/k8s/gatewaySvc-update.yaml
kubectl apply -f gatewaySvc-update.yaml

注意事项

• VirtualService中的metadata.name需要跟Gateway中的metadata.name一致