1. 技术文章
  2. istio create external ip for specific service

istio create external ip for specific service

徘徊边缘 提交于 2020-08-03 05:51:28

问题


I've deployed successfully an app to K8s with istio

We have gw which we use and virtual service like the following:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: bher-virtualservice
  namespace: ba-trail 
spec:
  gateways:
    - bher-gateway 
  hosts:
    - trialio.cloud.str
  http:
    - match:
      - uri:
          prefix: "/"
      - uri:
          prefix: "/login"
      - uri:
          prefix: "/static"
      - uri:
          regex: '^.*\.(ico|png|jpg)$'
      route:
      - destination:
          host: bsa.ba-trail.svc.cluster.local service.namespace.svc.cluster.local
          port:
            number: 5000

I defined also a service and deployment.

I want to expose the service outside that I will be able to access like:

https://myapp.host:5000

when I run:

kubectl get svc istio-ingressgateway -n istio-system


NAME                   TYPE           CLUSTER-IP       EXTERNAL-IP                                                                  PORT(S)                                      AGE
istio-ingressgateway   LoadBalancer   100.61.114.202   a7151b2063cb-200880.eu-central-1.elb.amazonaws.com   150210:31161/TCP,80:31280/TCP,443:31190/TCP   41d

How it can be done?

I was able to run the app with port forwarding but I want a direct external link.


回答1:


So in your case, you have an ELB serving your istio ingress gateway that goes to a VirtualService that directs traffic to port 5000 in the container.

I assume that you have it working with 🤔💭:

  • a7151b2063cb-200880.eu-central-1.elb.amazonaws.com:80 and
  • a7151b2063cb-200880.eu-central-1.elb.amazonaws.com:443

and you want something like:

  • a7151b2063cb-200880.eu-central-1.elb.amazonaws.com:5000

but with a specific name that maps to

  • myapp.host

First, you have to create a DNS CNAME record that maps myapp.host to a7151b2063cb-200880.eu-central-1.elb.amazonaws.com.

Then on the Kubernetes service istio-ingressgateway you probably have something like this:

apiVersion: v1
kind: Service
metadata:
  name: istio-ingressgateway
  namespace: istio-system
  labels:
    name: istio-ingress-service
  annotations:
    ... (❓)
spec:
  type: LoadBalancer
  ports:
  - port: 80
    targetPort: ❓
    protocol: TCP
  - port: 443
    targetPort: ❓
    protocol: TCP
  selector:
    name: something-that-matches-your-istio-ingress

You could just add the extra port to the service so that it listens on that port on the outside.

apiVersion: v1
kind: Service
metadata:
  name: istio-ingressgateway
  namespace: istio-system
  labels:
    name: istio-ingress-service
  annotations:
    ... (❓)
spec:
  type: LoadBalancer
  ports:
  - port: 80
    targetPort: ❓
    protocol: TCP
  - port: 443
    targetPort: ❓
    protocol: TCP
  - port: 5000
    targetPort: ❓
  selector:
    name: something-that-matches-your-istio-ingress

Finally, the virtual service needs to match your hostname myapp.host

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: bher-virtualservice
  namespace: ba-trail 
spec:
  gateways:
    - bher-gateway 
  hosts:
    - myapp.host 
...

✌️



来源:https://stackoverflow.com/questions/63021871/istio-create-external-ip-for-specific-service

标签
amazon-web-services
Kubernetes
Istio
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!