我尝试使用 openshift 路由配置 istio ingress。据我了解请求路径如下:
request -> route -> ingress service -> gateway -> virtual service -> app service -> app
所以,我应用以下配置:
路线.yml:
kind: Route
...
spec:
host: my-app.com
to:
kind: Service
name: ingress-service
weight: 100
port:
targetPort: http
...
入口服务.yml:
kind: Service
metadata:
name: ingress-service
...
spec:
ports:
- name: status-port
protocol: TCP
port: 15020
targetPort: 15020
- name: http
protocol: TCP
port: 9080
targetPort: 9080
selector:
app: ingressgateway
istio: ingressgateway
type: ClusterIP
入口网关.yml:
kind: Gateway
metadata:
name: ingress-gw
...
spec:
servers:
- hosts:
- my-app.com
port:
name: http
number: 9080
protocol: HTTP
selector:
istio: ingressgateway
入口虚拟服务.yml
kind: VirtualService
...
spec:
hosts:
- my-app.com
gateways:
- ingress-gw
http:
- route:
- destination:
host: my-app
port: 9080
exportTo:
- .
我没有在部署中为 ingressgateway pod 设置端口 9080。它有效。但前提是我将请求发送到 http://my-app.com:80
我哪里出错了以及如何使仅路径可访问http://my-app.com:9080?
对外暴露的端口号取决于 OpenShift 上的 Router(HAProxy) pod 监听端口。如果您想要 9080 端口而不是 80,您应该更改 Router(HAProxy) pod 上的端口。或者您可以在LB上处理端口号以使用其他端口号。
访问流程如下。
LB(80, 443)
-> Router pod(80, 443)
-> Ingress-Gateway pod
-Through Gateway and VirtualService -> Backend pod
我也有类似的问题。我正在尝试公开自定义端口 27190 。我什至在haproxy中添加了27190,但curl命令仍然失败
请在下面找到我的分析/设置:
(base) [root@m1305001 ~]# oc get route my-route -n istio-system -o yaml
spec:
host: my-route-istio-system.apps.ocp-m1305001.lnxero1.boe
port:
targetPort: app-port
to:
kind: Service
name: istio-ingressgateway
weight: 100
wildcardPolicy: None
(base) [root@m1305001 ~]# oc get svc istio-ingressgateway -n istio-system -o yaml
ports:
- name: status-port
port: 15020
protocol: TCP
targetPort: 15020
- name: http2
port: 80
protocol: TCP
targetPort: 8080
- name: https
port: 443
protocol: TCP
targetPort: 8443
- name: app-port
port: 27190
protocol: TCP
targetPort: 27190
selector:
app: istio-ingressgateway
istio: ingressgateway
sessionAffinity: None
type: ClusterIP
(base) [root@m1305001 ~]# oc get gw bookinfo-gateway -o yaml
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- '*'
port:
name: http
number: 8080
protocol: HTTP
- hosts:
- '*'
port:
name: app-port
number: 27190
protocol: HTTP
(base) [root@m1305001 ~]# ~/istioctl pc listeners istio-ingressgateway-5b7d59898f-426bm.istio-system
ADDRESSES PORT MATCH DESTINATION
0.0.0.0 8080 ALL Route: http.8080
0.0.0.0 15021 ALL Inline Route: /healthz/ready*
0.0.0.0 15090 ALL Inline Route: /stats/prometheus*
0.0.0.0 27190 ALL Route: http.27190
(base) [root@m1305001 ~]# ~/istioctl pc routes istio-ingressgateway-5b7d59898f-426bm.istio-system
NAME VHOST NAME DOMAINS MATCH VIRTUAL SERVICE
http.27190 *:27190 * /productpage bookinfo.bookinfo
http.27190 *:27190 * /static* bookinfo.bookinfo
http.27190 *:27190 * /login bookinfo.bookinfo
http.27190 *:27190 * /logout bookinfo.bookinfo
http.27190 *:27190 * /api/v1/products* bookinfo.bookinfo
http.8080 *:8080 * /productpage bookinfo.bookinfo
http.8080 *:8080 * /static* bookinfo.bookinfo
http.8080 *:8080 * /login bookinfo.bookinfo
http.8080 *:8080 * /logout bookinfo.bookinfo
http.8080 *:8080 * /api/v1/products* bookinfo.bookinfo
backend * /stats/prometheus*
backend * /healthz/ready*
(base) [root@m1305001 ~]# oc get virtualservice bookinfo -o yaml
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
port:
number: 9080
(base) [root@m1305001 ~]# oc get svc productpage -o yaml
spec:
clusterIP: 172.30.247.193
clusterIPs:
- 172.30.247.193
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: http
port: 9080
protocol: TCP
targetPort: 9080
selector:
app: productpage
sessionAffinity: None
type: ClusterIP
curl 命令仅适用于端口 80,不适用于 27190
(base) [root@m1305001 ~]# curl -v http://my-route-istio-system.apps.ocp-m1305001.lnxero1.boe:27190/productpage
* Host my-route-istio-system.apps.ocp-m1305001.lnxero1.boe:27190 was resolved.
* IPv6: (none)
* IPv4: 172.23.230.142
* Trying 172.23.230.142:27190...
* Connected to my-route-istio-system.apps.ocp-m1305001.lnxero1.boe (172.23.230.142) port 27190
> GET /productpage HTTP/1.1
> Host: my-route-istio-system.apps.ocp-m1305001.lnxero1.boe:27190
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
* Empty reply from server
* Closing connection
curl: (52) Empty reply from server
我已经添加了haproxy
Haproxy
————————
frontend ocp4-router-http
mode tcp
option tcplog
bind apps.ocp-m1305001.lnxero1.boe:80
default_backend ocp4-router-http
frontend ocp4-router-http-app
mode tcp
option tcplog
bind apps.ocp-m1305001.lnxero1.boe:27190
default_backend ocp4-router-http-app
backend ocp4-router-http
mode tcp
server worker-0 worker-0.ocp-m1305001.lnxero1.boe:80 check
server worker-1 worker-1.ocp-m1305001.lnxero1.boe:80 check
backend ocp4-router-http-app
mode tcp
server worker-0 worker-0.ocp-m1305001.lnxero1.boe:27190 check
server worker-1 worker-1.ocp-m1305001.lnxero1.boe:27190 check
有人可以指导我吗