ISTIO VirtualService vs Gateway
我试图将自己的头缠绕在Istio的虚拟服务上。我正在Minikube上运行ISTIO,并且在virtualService hosts节下有以下YAML,
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: istio-test-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: istio-test
spec:
hosts:
- istio-service-test.default.svc.cluster.local
# - "*"
gateways:
- istio-test-gateway
http:
- name: "pingpongservice"
route:
- destination:
host: istio-service-test.default.svc.cluster.local
我已经定义了一个实际的主机,我正在尝试弄清楚它的工作原理。在Minikube上,我运行以下操作以获取URL,
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
export INGRESS_HOST=$(minikube ip)
export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
一旦我部署了此功能,然后尝试使用curl“ http:// $ {gateway_url}/ping我什么都没得到的卷曲。 hosts部分,如果我取消注册*并注释iStio-service-test.default.svc.cluster.local.local.local,则可以使用,我不确定我想做什么。
I'm trying to wrap my head around a virtual service works in istio. I am running istio on minikube and have the following yamls
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: istio-test-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: istio-test
spec:
hosts:
- istio-service-test.default.svc.cluster.local
# - "*"
gateways:
- istio-test-gateway
http:
- name: "pingpongservice"
route:
- destination:
host: istio-service-test.default.svc.cluster.local
Under the VirtualService hosts section I have defined an actual host and I'm trying to figure out how this works. On minikube I run the following to get the urls
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
export INGRESS_HOST=$(minikube ip)
export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
Once I deploy this and try a curl with something like curl "http://${GATEWAY_URL}/ping I get nothing. Under the VirtualService hosts section if I uncomment * and comment out istio-service-test.default.svc.cluster.local then it works, I successfully get the response from the server. I am not sure what is going on here. Ideally what I'm trying to do is to access the service using something like http://istio-service-test/ping
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
VirtualService
主机:行需要匹配HTTP主机:标题。 HTTP客户端通常会从此处的URL传递主机名,尽管如果您将VirtualService绑定到Ingress Gateway,则有时可以覆盖它,主机:需要匹配 externs < /em> dns名称,该名称可路由到群集,或者是
*。如果您的群集正在运行多个应用程序以用于基于主机的路由,则可以使用此功能。如果VirtualService不具体绑定到网关(或明确绑定到
cemsh),则hosts:需要匹配服务的Kubernetes-Interal DNS名称,并且它提供围绕该集群内服务的入口型路由功能。这将使您可以为群集型服务进行基于路径或基于标题的路由,而无需运行自己的中间反向代理。为了使用您,将VirtualService绑定到Ingress网关的位置,您只在集群中运行一个应用程序,而Minikube安装没有持久的DNS名称,
hosts:[*] 可能是正确的设置。The VirtualService
hosts:line needs to match the HTTPHost:header. HTTP clients will usually pass on the host name from the URL here, though you can override it sometimesIf you're binding the VirtualService to an ingress Gateway,
hosts:needs to match an external DNS name that routes to the cluster, or be*. You can use this if your cluster is running multiple applications for host-based routing.If the VirtualService isn't specifically bound to a Gateway (or is explicitly bound to
mesh) thenhosts:needs to match a Kubernetes-internal DNS name for a Service, and it provides ingress-type routing functionality around that in-cluster Service. This would allow you to do path-based or header-based routing for what's otherwise a ClusterIP-type Service, without having to run your own intermediate reverse proxy.For your use, where you're binding the VirtualService to an ingress Gateway, you're only running one application in the cluster, and the minikube installation doesn't have a persistent DNS name,
hosts: [*]is probably the right setting.