我需要使用 Istio 访问 Google Kubernetes Engine 标准私有集群内的服务。
我的设置如下:
当我访问LoadBalancer公网IP时,无法访问。
resource "helm_release" "istio_ingress" {
name = "istio-ingressgateway"
chart = "gateway"
repository = "https://istio-release.storage.googleapis.com/charts"
namespace = "istio-system"
version = "1.18.0"
}
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: my-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: tcp
protocol: HTTP
hosts:
- "*"
tls:
httpsRedirect: false
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: SIMPLE
credentialName: ${var.shared_domain_certificate_name}
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: grafana
namespace: istio-system
spec:
hosts:
- "*"
gateways:
- istio-system/my-gateway
http:
- match:
- uri:
prefix: /
route:
- destination:
host: grafana
port:
number: 80
根据上一篇文章中的Jakub。 Grafana 的一种可行解决方案是将前缀设置为 / 并将主机设置为 grafana。举个例子
spec:
hosts:
- "grafana.example.com"
gateways:
- grafana-gateway
http:
- match:
- uri:
prefix: /
route:
- destination:
host: grafana
port:
number: 80
还包括 VirtualService 和 Gateway 的示例
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: grafana-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http-grafana
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: grafana-vs
spec:
hosts:
- "*"
gateways:
- grafana-gateway
http:
- match:
- uri:
prefix: /grafana/
rewrite:
uri: /
route:
- destination:
host: grafana
port:
number: 80