Istio网关未应用于istio-ingressgateway

时间:2019-04-09 21:12:04

标签: istio

我正在尝试使istio与我的mssql服务一起使用。 istio-ingressgateway的LoadBalancer似乎没有使用正确的端口值进行更新。

我正在1.10+的GKE上运行

apiVersion: v1
kind: Service
metadata:
  name: mssql
  labels:
    app: mssql
    service: mssql
spec:
  selector:
    app: mssql
  ports:
    - protocol: TCP
      port: 1433
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: public-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 1433
      protocol: TCP
      name: tcp-1433
    hosts:
    - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: vservice-mssql
spec:
  hosts:
  - "*"
  gateways:
  - public-gateway
  tcp:
  - match:
    - port: 1433
    route:
    - destination:
        host: mssql
        port: 
          number: 1433

在运行后应用配置后,我希望在istio-ingressgateway上打开端口,但结果是:

istio-ingressgateway   LoadBalancer   10.8.1.100   **REDACTED** 80:31380/TCP,443:31390/TCP,31400:31400/TCP,15011:30160/TCP,8060:32736/TCP,853:30641/TCP,15030:31124/TCP,15031:30849/TCP   90d

我在网关上打开的端口未列出。

2 个答案:

答案 0 :(得分:0)

使用以下资源定义

apiVersion: v1
kind: Service
metadata:
  name: mssql
  labels:
    app: mssql
    service: mssql
spec:
  selector:
    app: mssql
  ports:
    - protocol: TCP
      port: 1433
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: public-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 15011
      protocol: TCP
      name: tcp-15011
    hosts:
    - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: vservice-mssql
spec:
  hosts:
  - "*"
  gateways:
  - public-gateway
  tcp:
  - match:
    - port: 15011
    route:
    - destination:
        host: mssql
        port: 
          number: 1433
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: mssql
  namespace: istio-system
spec:
  host: mssql`enter code here`
  trafficPolicy:
    tls:
      mode: DISABLE

使用节点端口30160访问mssql

15011:30160 / TCP 

istio-ingressgateway   LoadBalancer   10.8.1.100   **REDACTED** 80:31380/TCP,443:31390/TCP,31400:31400/TCP,15011:30160/TCP,8060:32736/TCP,853:30641/TCP,15030:31124/TCP,15031:30849/TCP   90d

答案 1 :(得分:0)

如果您使用 operator 安装 istio,则必须手动将端口添加到 operator 规范:

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  namespace: istio-system
  name: istio-control-plane
spec:
  values:
    ingressGateways:
      - enabled: true
        name: istio-ingressgateway
        k8s:
          service:
            ports:
              - name: status-port
                port: 15021
                targetPort: 15021
              - name: http2
                port: 80
                targetPort: 8080
              - name: https
                port: 443
                targetPort: 8443
              - name: tcp
                port: 31400
                targetPort: 31400
              - name: tls
                port: 15443
                targetPort: 15443
              - # ADD PORTS HERE

此处列出的端口是默认端口。我不确定您是否删除它们,如果 istio-operator 会将默认端口与您将添加的端口“合并”。但是您可以尝试一下(让我们知道!)

相关问题
最新问题