使用Istio Ingressgateway 开放应用
# 1、ArgoRollouts 应用
# kubectl get pods -n argo-rollouts
NAME READY STATUS RESTARTS AGE
argo-rollouts-8f954564c-sx4sj 1/1 Running 4 15d
argo-rollouts-dashboard-856d7bbf67-jq9wm 1/1 Running 5 15d
# kubectl get svc -n argo-rollouts
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
argo-rollouts-dashboard NodePort 10.107.223.214 <none> 3100:30529/TCP 15d
argo-rollouts-metrics ClusterIP 10.108.136.244 <none> 8090/TCP 15d
# 2、配置 GW、VS、DR
# 2.1 注意
# 注意 这里的VirtualService和DestinationRule 需要配置 VS可以不在同一空间 但是DR必须和应用在同一名称空间下
在Istio中,VirtualService 和 DestinationRule 不需要与服务在同一个命名空间下。不过,需要注意以下几点:
Gateway的命名空间:VirtualService 中引用的 Gateway 必须存在于与 VirtualService 相同的命名空间,或者使用跨命名空间的引用(格式为 namespace/gateway-name)。
Destination:VirtualService 可以路由到其他命名空间中的服务。如果目标服务不在同一命名空间,需在 host 中指定完整域名格式,比如 service-name.namespace.svc.cluster.local。
***DestinationRule:如果涉及跨命名空间的服务,DestinationRule 需匹配目标服务的命名空间。
确认配置正确,且使用完整的域名格式,以确保服务可以被正确找到和路由
# VS 这个可以不在同一命名空间下
metadata:
name: argocdrollout-vs
namespace: argo-rollouts
# DR
metadata:
name: argocdrollout-dr
namespace: argo-rollouts
cat argocdrollout.yaml
---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: argo-rollouts-dashboard-gateway
namespace: istio-system # 要指定为ingress gateway pod所在名称空间
spec:
selector:
app: istio-ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "argocdrollout.paibo.com"
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: argocdrollout-vs
namespace: argo-rollouts
spec:
gateways:
- istio-system/argo-rollouts-dashboard-gateway # 相关定义仅应用于Ingress Gateway上
hosts:
- "argocdrollout.paibo.com" # 对应于gateways/proxy-gateway
http:
- match:
- uri:
prefix: /
route:
- destination:
host: argo-rollouts-dashboard.argo-rollouts.svc.cluster.local
port:
number: 3100
---
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: argocdrollout-dr
namespace: argo-rollouts
spec:
host: argo-rollouts-dashboard.argo-rollouts.svc.cluster.local
trafficPolicy:
tls:
mode: DISABLE
# 3、查看 GW & VS & DR
# kubectl get gw -n istio-system
NAME AGE
argo-rollouts-dashboard-gateway 35m
# kubectl get vs -n argo-rollouts
NAME GATEWAYS HOSTS AGE
argocdrollout-vs ["istio-system/argo-rollouts-dashboard-gateway"] ["argocdrollout.paibo.com"] 34m
# kubectl get dr -n argo-rollouts
NAME HOST AGE
argocdrollout-dr argo-rollouts-dashboard.argo-rollouts.svc.cluster.local 35m
# 4、查看代理 - istioctl pc route
# istioctl pc route istio-ingressgateway-6f4bb74bd7-5h748 -o yaml -n istio-system
- name: http.8080
validateClusters: false
virtualHosts:
- domains:
- argocdrollout.paibo.com
- argocdrollout.paibo.com:*
includeRequestAttemptCount: true
name: argocdrollout.paibo.com:80
routes:
- decorator:
operation: argo-rollouts-dashboard.argo-rollouts.svc.cluster.local:3100/*
match:
caseSensitive: true
prefix: /
metadata:
filterMetadata:
istio:
config: /apis/networking.istio.io/v1alpha3/namespaces/argo-rollouts/virtual-service/argocdrollout-vs
route:
cluster: outbound|3100||argo-rollouts-dashboard.argo-rollouts.svc.cluster.local
maxGrpcTimeout: 0s
retryPolicy:
hostSelectionRetryMaxAttempts: "5"
numRetries: 2
retriableStatusCodes:
- 503
retryHostPredicate:
- name: envoy.retry_host_predicates.previous_hosts
retryOn: connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes
timeout: 0s
- virtualHosts:
- domains:
- '*'
name: backend
routes:
- match:
prefix: /stats/prometheus
route:
cluster: prometheus_stats
- virtualHosts:
- domains:
- '*'
name: backend
routes:
- match:
prefix: /healthz/ready
route:
cluster: agent
# 5、查看代理 - istioctl pc cluster
argo-rollouts-dashboard.argo-rollouts.svc.cluster.local 3100 - outbound EDS argocdrollout-dr.argo-rollouts
# istioctl pc cluster istio-ingressgateway-6f4bb74bd7-5h748 -n istio-system
SERVICE FQDN PORT SUBSET DIRECTION TYPE DESTINATION RULE
BlackHoleCluster - - - STATIC
agent - - - STATIC
alertmanager-operated.helm-monitoring.svc.cluster.local 9093 - outbound EDS
alertmanager-operated.helm-monitoring.svc.cluster.local 9094 - outbound EDS
argo-rollouts-dashboard.argo-rollouts.svc.cluster.local 3100 - outbound EDS argocdrollout-dr.argo-rollouts
argo-rollouts-metrics.argo-rollouts.svc.cluster.local 8090 - outbound EDS
argocd-applicationset-controller.argocd.svc.cluster.local 7000 - outbound EDS
argocd-applicationset-controller.argocd.svc.cluster.local 8080 - outbound EDS
argocd-dex-server.argocd.svc.cluster.local 5556 - outbound EDS
argocd-dex-server.argocd.svc.cluster.local 5557 - outbound EDS
argocd-dex-server.argocd.svc.cluster.local 5558 - outbound EDS
argocd-metrics.argocd.svc.cluster.local 8082 - outbound EDS
argocd-notifications-controller-metrics.argocd.svc.cluster.local 9001 - outbound EDS
argocd-redis.argocd.svc.cluster.local 6379 - outbound EDS
argocd-repo-server.argocd.svc.cluster.local 8081 - outbound EDS
argocd-repo-server.argocd.svc.cluster.local 8084 - outbound EDS
argocd-server-metrics.argocd.svc.cluster.local 8083 - outbound EDS
argocd-server.argocd.svc.cluster.local 80 - outbound EDS
argocd-server.argocd.svc.cluster.local 443 - outbound EDS
code.gitlab.svc.cluster.local 22 - outbound EDS
code.gitlab.svc.cluster.local 80 - outbound EDS
dashboard-metrics-scraper.kubernetes-dashboard.svc.cluster.local 8000 - outbound EDS
demo.devlopment.svc.cluster.local 18888 - outbound EDS
gitlab.gitlab.svc.cluster.local 22 - outbound EDS
gitlab.gitlab.svc.cluster.local 80 - outbound EDS
guestbook-ui.guestbook.svc.cluster.local 80 - outbound EDS
istio-egressgateway.istio-system.svc.cluster.local 80 - outbound EDS
istio-egressgateway.istio-system.svc.cluster.local 443 - outbound EDS
istio-ingressgateway.istio-system.svc.cluster.local 80 - outbound EDS
istio-ingressgateway.istio-system.svc.cluster.local 443 - outbound EDS
istio-ingressgateway.istio-system.svc.cluster.local 15021 - outbound EDS
istio-ingressgateway.istio-system.svc.cluster.local 15443 - outbound EDS
istio-ingressgateway.istio-system.svc.cluster.local 31400 - outbound EDS
istiod.istio-system.svc.cluster.local 443 - outbound EDS
istiod.istio-system.svc.cluster.local 15010 - outbound EDS
istiod.istio-system.svc.cluster.local 15012 - outbound EDS
istiod.istio-system.svc.cluster.local 15014 - outbound EDS
kube-dns.kube-system.svc.cluster.local 53 - outbound EDS
kube-dns.kube-system.svc.cluster.local 9153 - outbound EDS
kube-prometheus-stack-alertmanager.helm-monitoring.svc.cluster.local 8080 - outbound EDS
kube-prometheus-stack-alertmanager.helm-monitoring.svc.cluster.local 9093 - outbound EDS
kube-prometheus-stack-coredns.kube-system.svc.cluster.local 9153 - outbound EDS
kube-prometheus-stack-grafana.helm-monitoring.svc.cluster.local 80 - outbound EDS
kube-prometheus-stack-kube-controller-manager.kube-system.svc.cluster.local 10252 - outbound EDS
kube-prometheus-stack-kube-etcd.kube-system.svc.cluster.local 2381 - outbound EDS
kube-prometheus-stack-kube-proxy.kube-system.svc.cluster.local 10249 - outbound EDS
kube-prometheus-stack-kube-scheduler.kube-system.svc.cluster.local 10251 - outbound EDS
kube-prometheus-stack-kube-state-metrics.helm-monitoring.svc.cluster.local 8080 - outbound EDS
kube-prometheus-stack-kubelet.kube-system.svc.cluster.local 4194 - outbound EDS
kube-prometheus-stack-kubelet.kube-system.svc.cluster.local 10250 - outbound EDS
kube-prometheus-stack-kubelet.kube-system.svc.cluster.local 10255 - outbound EDS
kube-prometheus-stack-operator.helm-monitoring.svc.cluster.local 443 - outbound EDS
kube-prometheus-stack-prometheus-node-exporter.helm-monitoring.svc.cluster.local 9100 - outbound EDS
kube-prometheus-stack-prometheus.helm-monitoring.svc.cluster.local 8080 - outbound EDS
kube-prometheus-stack-prometheus.helm-monitoring.svc.cluster.local 9090 - outbound EDS
kubernetes-dashboard.kubernetes-dashboard.svc.cluster.local 443 - outbound EDS
kubernetes.default.svc.cluster.local 443 - outbound EDS
mysql-exporter-service.default.svc.cluster.local 9104 - outbound EDS
mysql-exporter-service.helm-monitoring.svc.cluster.local 9104 - outbound EDS
mysql80-service.default.svc.cluster.local 3306 - outbound EDS
mysql80-service.helm-monitoring.svc.cluster.local 3306 - outbound EDS
postgresql.gitlab.svc.cluster.local 5432 - outbound EDS
prometheus-operated.helm-monitoring.svc.cluster.local 9090 - outbound EDS
prometheus_stats - - - STATIC
redis.gitlab.svc.cluster.local 6379 - outbound EDS
sds-grpc - - - STATIC
spring-boot-helloworld.hello.svc.cluster.local 80 - outbound EDS
spring-boot-helloworld.helloworld.svc.cluster.local 80 - outbound EDS
srv-devops-redis.paibo.svc.cluster.local 6379 - outbound EDS
web.default.svc.cluster.local 80 - outbound EDS
xds-grpc - - - STATIC
zipkin - - - STRICT_DNS - - - STRICT_DNS
# 6、本地配置域名解析
# hosts文件添加一条
10.30.17.170 argocdrollout.paibo.com
# 7、浏览器访问
![]()
# 8、查看后台日志情况
# kubectl logs -f istio-ingressgateway-6f4bb74bd7-5h748 -n istio-system
![]()
浙公网安备 33010602011771号