Kubernete Gateway API实战案例
作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
一.Gateway API概述
1.什么是Gateway API
由于Ingress资源对象不能很好的满足网络需求,很多场景下Ingress控制器都需要通过定义annotations或者crd来进行功能扩展,这对于使用标准和支持是非常不利的,新推出的Gateway API旨在通过可扩展的面向角色的接口来增强服务网络。
Gateway API之前叫"Service API",是由SIG-NETWORK社区管理的开源项目。Gateway API是Kubernetes的官方项目,专注于Kubernete中的L4和L7路由。
该项目代表了下一代Kubernetes入口、负载平衡和服务网格API。从一开始,它就被设计成通用的、富有表现力的和面向角色的。
Gateway API是Kubernetes中的一个API资源集合,此API中的大部分配置都包含在路由层中,包括GatewayClass、Gateway、HTTPRoute、TCPRoute、Service等,这些资源共同为各种网络用例构建模型,为Ingress和Mesh提供了高级路由功能。
官网链接:
https://gateway-api.sigs.k8s.io/
2.Gateway API和Ingress的比较
Gateway API的改进比当前的Ingress资源对象有很多更好的设计:
- 面向角色:
Gateway由各种API资源组成,这些资源根据使用和配置Kubernetes服务网络的角色进行建模。
- 通用性:
和Ingress一样是一个具有众多实现的通用规范,Gateway API是一个被设计成由许多实现支持的规范标准。
- 更具表现力:
Gateway API资源支持基于Header头的匹配、流量权重等核心功能,这些功能在Ingress中只能通过自定义注解才能实现。
- 可扩展性:
Gateway API 允许自定义资源链接到 API 的各个层,这就允许在 API 结构的适当位置进行更精细的定制。
还有一些其他值得关注的功能:
- GatewayClasses:
将负载均衡实现的类型形式化,这些类使用户可以很容易了解到通过Kubernetes资源可以获得什么样的能力。
- 共享网关和跨命名空间支持:
它们允许共享负载均衡器和VIP,允许独立的路由资源绑定到同一个网关,这使得团队可以安全地共享(包括跨命名空间)基础设施,而不需要直接协调。
- 规范化路由和后端:
Gateway API支持类型化的路由资源和不同类型的后端。
这使得API可以灵活地支持各种协议(如: HTTP和gRPC)和各种后端服务(如: Kubernetes Service、存储桶或函数)。
3.Gateway API面向角色设计更加灵活
如上图所示,一个集群运维人员创建了一个基于GatewayClass的Gateway资源,这个Gateway部署或配置了它所代表的基础网络资源,集群运维和特定的团队必须沟通什么可以附加到这个Gateway上来暴露他们的应用。集中的策略,如TLS可以由集群运维在Gateway上强制执行,同时,Store和Site应用在他们自己的命名空间中运行,但将他们的路由附加到相同的共享网关上,允许他们独立控制他们的路由逻辑。
这种关注点分离的设计可以使不同的团队能够管理他们自己的流量,同时将集中的策略和控制留给集群运维。
Gateway API通过对Kubernetes服务网络进行面向角色的设计来实现这一目标,平衡了灵活性和集中控制。它允许共享的网络基础设施(硬件负载均衡器、云网络、集群托管的代理等)被许多不同的团队使用,所有这些都受到集群运维设置的各种策略和约束。下面的例子显示了是如何在实践中运行的。
参考链接:
https://gateway-api.sigs.k8s.io/concepts/use-cases/#multiple-applications-behind-a-single-gateway
4.Gateway API的资源模型
在整个Gateway API中涉及到3个角色:基础设施提供商、集群管理员、应用开发人员,在某些场景下可能还会涉及到应用管理员等角色。
Gateway API 中定义了3种主要的资源模型:GatewayClass、Gateway、Route。
- GatewayClass
定义了一组共享相同配置和动作的网关。
每个GatewayClass 由一个控制器处理,是一个集群范围的资源,必须至少有一个GatewayClass被定义。
这与Ingress的IngressClass类似,在Ingress v1beta1版本中,与GatewayClass类似的是ingress-class注解。
而在Ingress V1版本中,最接近的就是IngressClass资源对象。
- Gateway
网关描述了如何将流量转化为集群内的服务,也就是说,它定义了一个请求,要求将流量从不了解Kubernetes的地方转换到集群内的服务。
例如,由云端负载均衡器、集群内代理或外部硬件负载均衡器发送到Kubernetes服务的流量。
它定义了对特定负载均衡器配置的请求,该配置实现了GatewayClass的配置和行为规范。
该资源可以由管理员直接创建,也可以由处理GatewayClass的控制器创建。
Gateway可以附加到一个或多个路由引用上,这些路由引用的作用是将流量的一个子集导向特定的服务。
- Route
路由资源定义了特定的规则,用于将请求从网关映射到Kubernetes服务。
从v1alpha2版本开始,API中包含四种Route路由资源类型。
对于其他未定义的协议,鼓励采用特定实现的自定义路由类型,当然未来也可能会添加新的路由类型。
主流的Route路由资源类型
- HTTPRoute
适用于HTTP或HTTPS连接,适用于我们想要检查HTTP请求并使用HTTP请求进行路由或修改的场景。
比如使用HTTP Headers头进行路由,或在请求过程中对它们进行修改。
- TLSRoute
用于TLS连接,通过SNI进行区分,它适用于希望使用SNI作为主要路由方法的地方。
并且对HTTP等更高级别协议的属性不感兴趣,连接的字节流不经任何检查就被代理到后端。
- TCPRoute
旨在用于将一个或多个端口映射到单个后端。
在这种情况下,没有可以用来选择同一端口的不同后端的判别器,所以每个TCPRoute在监听器上需要一个不同的端口。
你可以使用TLS,在这种情况下,未加密的字节流会被传递到后端,当然也可以不使用TLS,这样加密的字节流将传递到后端。
- UDPRoute
和TCPRoute类似,旨在用于将一个或多个端口映射到单个后端,只不过走的是UDP协议。
5.Gateway API资源模型组合关系
GatewayClass、Gateway、xRoute和服务的组合定义了一个可实现的负载均衡器。如上图所示,说明了不同资源之间的关系。
使用反向代理实现的网关的典型客户端/网关 API 请求流程如下所示:
- 1.客户端向"http://foo.example.com"发出请求;
- 2.DNS将域名解析为Gateway网关地址;
- 3.反向代理在监听器上接收请求,并使用"Host Header"来匹配HTTPRoute;
- 4.(可选)反向代理可以根据"HTTPRoute"的匹配规则进行路由;
- 5.(可选)反向代理可以根据"HTTPRoute"的过滤规则修改请求,即添加或删除headers;
- 6.最后,反向代理根据"HTTPRoute"的"forwardTo"规则,将请求转发给集群中的一个或多个对象,即服务;
参考链接:
https://gateway-api.sigs.k8s.io/concepts/api-overview/#combined-types
6.Gateway API支持的组件
如上图所示,主流的开源软件几乎都支持Gateway API功能。包括但不限于:Envoy,Istio,Nginx,Traefik等。
参考链接:
https://gateway-api.sigs.k8s.io/implementations/
二.Traefik启用kubernetes Gateway功能
1.默认Traefik并未启用kubernetes Gateway功能
如上图所示,Traefik默认是没有启用Kubernetes Gateway API功能的。
2.Traefik启用kubernetes Gateway功能
1.启用kubernetesGateway功能
[root@master241 traefik]# vim traefik/values.yaml
...
providers:
...
kubernetesGateway:
...
enabled: true
2.卸载服务
[root@master241 traefik]# helm -n kube-public uninstall jiege-traefik
release "jiege-traefik" uninstalled
[root@master241 traefik]#
3.再次安装服务
[root@master241 traefik]# helm install jiege-traefik traefik -n kube-public
NAME: jiege-traefik
LAST DEPLOYED: Sun Jun 8 14:30:27 2025
NAMESPACE: kube-public
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
jiege-traefik with docker.io/traefik:v3.4.0 has been deployed successfully on kube-public namespace !
[root@master241 traefik]#
4.查看gatewayclass资源
[root@master241 traefik]# kubectl get pods,gatewayclass -n kube-public -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/jiege-traefik-77cb88db-vgp5x 1/1 Running 0 6s 10.100.207.54 worker243 <none> <none>
NAME CONTROLLER ACCEPTED AGE DESCRIPTION
gatewayclass.gateway.networking.k8s.io/traefik traefik.io/gateway-controller True 6s
[root@master241 traefik]#
5.查看Traefik的WebUI验证
如上图所示,我们成功启用了Gateway API功能哟。
三.kubernetes Gateway API应用案例
1.通过Gateway API方式暴露traefik dashboard
1.1 查看默认的entryPoint
[root@master241 traefik]# vim traefik/values.yaml
... # 注意观察gateway定义的listeners,这是默认的entryPoint,也支持我们自行定义,但后面的案例要用到该配置
gateway:
...
enabled: true
...
listeners:
web:
port: 8000
...
protocol: HTTP
...
1.2 创建Gateway资源
1.编写资源清单
[root@master241 gatewayAPI]# cat 01-Gateway-Traefik-dashboard.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: http-gateway
namespace: kube-public
spec:
gatewayClassName: traefik
listeners:
- protocol: HTTP
port: 8000
name: web
[root@master241 gatewayAPI]#
2.创建资源
[root@master241 gatewayAPI]# kubectl apply -f 01-Gateway-Traefik-dashboard.yaml
gateway.gateway.networking.k8s.io/http-gateway created
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]# kubectl describe -f 01-Gateway-Traefik-dashboard.yaml
Name: http-gateway
Namespace: kube-public
Labels: <none>
Annotations: <none>
API Version: gateway.networking.k8s.io/v1
Kind: Gateway
Metadata:
Creation Timestamp: 2025-06-09T07:28:36Z
Generation: 1
Resource Version: 2720485
UID: 9b3329bd-ba6d-4ee5-850e-e112425cccaf
Spec:
Gateway Class Name: traefik
Listeners:
Allowed Routes:
Namespaces:
From: Same
Name: web
Port: 8000
Protocol: HTTP
Status:
Addresses:
Type: IPAddress
Value: 10.0.0.150
Conditions:
Last Transition Time: 2025-06-09T07:28:36Z
Message: Gateway successfully scheduled
Observed Generation: 1
Reason: Accepted
Status: True
Type: Accepted
Last Transition Time: 2025-06-09T07:28:36Z
Message: Gateway successfully scheduled
Observed Generation: 1
Reason: Programmed
Status: True
Type: Programmed
Listeners:
Attached Routes: 0
Conditions:
Last Transition Time: 2025-06-09T07:28:36Z
Message: No error found
Observed Generation: 1
Reason: Accepted
Status: True
Type: Accepted
Last Transition Time: 2025-06-09T07:28:36Z
Message: No error found
Observed Generation: 1
Reason: ResolvedRefs
Status: True
Type: ResolvedRefs
Last Transition Time: 2025-06-09T07:28:36Z
Message: No error found
Observed Generation: 1
Reason: Programmed
Status: True
Type: Programmed
Name: web
Supported Kinds:
Group: gateway.networking.k8s.io
Kind: HTTPRoute
Group: gateway.networking.k8s.io
Kind: GRPCRoute
Events: <none>
[root@master241 gatewayAPI]#
1.3 创建HTTPRoute资源引用Gateway
1.编写资源清单
[root@master241 gatewayAPI]# cat 02-HTTPRoute-Traefik-dashboard.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: traefik-dashboard-httproute
namespace: kube-public
labels:
role: traefik-dashboard
spec:
hostnames:
- "v1.yinzhengjie.com"
parentRefs:
# 注意哈,这里的名称要指定的是Gateway的地址哟~
- name: http-gateway
rules:
- matches:
- path:
type: PathPrefix
value: /
timeouts:
request: 100ms
backendRefs:
- name: jiege-traefik-dashboard
port: 8080
weight: 1
[root@master241 gatewayAPI]#
2.创建资源并查看详细信息
[root@master241 gatewayAPI]# kubectl apply -f 02-HTTPRoute-Traefik-dashboard.yaml
httproute.gateway.networking.k8s.io/traefik-dashboard-httproute created
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]# kubectl describe -f 02-HTTPRoute-Traefik-dashboard.yaml
Name: traefik-dashboard-httproute
Namespace: kube-public
Labels: role=traefik-dashboard
Annotations: <none>
API Version: gateway.networking.k8s.io/v1
Kind: HTTPRoute
Metadata:
Creation Timestamp: 2025-06-09T07:31:18Z
Generation: 1
Resource Version: 2720814
UID: 8e1b8c69-bb7e-404b-917e-a89fa3320da5
Spec:
Hostnames:
v1.yinzhengjie.com
Parent Refs:
Group: gateway.networking.k8s.io
Kind: Gateway
Name: http-gateway
Rules:
Backend Refs:
Group:
Kind: Service
Name: jiege-traefik-dashboard
Port: 8080
Weight: 1
Matches:
Path:
Type: PathPrefix
Value: /
Timeouts:
Request: 100ms
Status:
Parents:
Conditions:
Last Transition Time: 2025-06-09T07:31:18Z
Message:
Observed Generation: 1
Reason: Accepted
Status: True
Type: Accepted
Last Transition Time: 2025-06-09T07:31:18Z
Message:
Observed Generation: 1
Reason: ResolvedRefs
Status: True
Type: ResolvedRefs
Controller Name: traefik.io/gateway-controller
Parent Ref:
Group: gateway.networking.k8s.io
Kind: Gateway
Name: http-gateway
Events: <none>
[root@master241 gatewayAPI]#
1.4 客户端访问测试
如上图所示,在windows添加解析后就可以正常访问啦。
参考链接:
http://v1.yinzhengjie.com/dashboard/
2.通过Gateway API方式暴露WEB应用
2.1 创建测试应用
1.编写资源清单
[root@master241 gatewayAPI]# cat 03-deploy-xiuxian.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-xiuxian
spec:
replicas: 1
selector:
matchLabels:
apps: xiuxian
template:
metadata:
labels:
apps: xiuxian
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
name: c1
ports:
- containerPort: 80
name: web
---
apiVersion: v1
kind: Service
metadata:
name: svc-xiuxian
spec:
ports:
- port: 80
targetPort: web
selector:
apps: xiuxian
[root@master241 gatewayAPI]#
2.创建资源
[root@master241 gatewayAPI]# kubectl apply -f 03-deploy-xiuxian.yaml
deployment.apps/deploy-xiuxian created
service/svc-xiuxian created
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]# kubectl get po,svc -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/deploy-xiuxian-cc594d75-2k76p 1/1 Running 0 11s 10.100.207.57 worker243 <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kubernetes ClusterIP 10.192.0.1 <none> 443/TCP 3d6h <none>
service/svc-xiuxian ClusterIP 10.203.121.190 <none> 80/TCP 11s apps=xiuxian
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]# curl 10.203.121.190
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<title>yinzhengjie apps v1</title>
<style>
div img {
width: 900px;
height: 600px;
margin: 0;
}
</style>
</head>
<body>
<h1 style="color: green">凡人修仙传 v1 </h1>
<div>
<img src="1.jpg">
<div>
</body>
</html>
[root@master241 gatewayAPI]#
2.2 创建Gateway资源并指定allowedRoutes
1.编写资源清单
[root@master241 gatewayAPI]# cat 04-Gateway-xiuxian.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: xiuxian-gateway
spec:
gatewayClassName: traefik
listeners:
- protocol: HTTP
port: 8000
name: web
# 注意哈,我们可以配置允许的路由类型哟,如果不定义,则默认允许所有的路由都可以访问该网关。
allowedRoutes:
kinds:
- kind: HTTPRoute
namespaces:
from: All
selector:
matchLabels:
role: xiuxian
[root@master241 gatewayAPI]#
2.创建资源并查看信息
[root@master241 gatewayAPI]# kubectl apply -f 04-Gateway-xiuxian.yaml
gateway.gateway.networking.k8s.io/xiuxian-gateway created
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]# kubectl describe -f 04-Gateway-xiuxian.yaml
Name: xiuxian-gateway
Namespace: default
Labels: <none>
Annotations: <none>
API Version: gateway.networking.k8s.io/v1
Kind: Gateway
Metadata:
Creation Timestamp: 2025-06-09T08:47:25Z
Generation: 1
Resource Version: 2730223
UID: ff4fb2a6-6c62-4cb9-bc2f-14b10b12996f
Spec:
Gateway Class Name: traefik
Listeners:
Allowed Routes:
Kinds:
Group: gateway.networking.k8s.io
Kind: HTTPRoute
Namespaces:
From: All
Selector:
Match Labels:
Role: xiuxian
Name: web
Port: 8000
Protocol: HTTP
Status:
Addresses:
Type: IPAddress
Value: 10.0.0.150
Conditions:
Last Transition Time: 2025-06-09T08:47:25Z
Message: Gateway successfully scheduled
Observed Generation: 1
Reason: Accepted
Status: True
Type: Accepted
Last Transition Time: 2025-06-09T08:47:25Z
Message: Gateway successfully scheduled
Observed Generation: 1
Reason: Programmed
Status: True
Type: Programmed
Listeners:
Attached Routes: 0
Conditions:
Last Transition Time: 2025-06-09T08:47:25Z
Message: No error found
Observed Generation: 1
Reason: Accepted
Status: True
Type: Accepted
Last Transition Time: 2025-06-09T08:47:25Z
Message: No error found
Observed Generation: 1
Reason: ResolvedRefs
Status: True
Type: ResolvedRefs
Last Transition Time: 2025-06-09T08:47:25Z
Message: No error found
Observed Generation: 1
Reason: Programmed
Status: True
Type: Programmed
Name: web
Supported Kinds:
Group: gateway.networking.k8s.io
Kind: HTTPRoute
Events: <none>
[root@master241 gatewayAPI]#
2.3 创建HTTPRoute资源引用Gateway
1.编写资源清单
[root@master241 gatewayAPI]# cat 05-HTTPRoute-xiuxian.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: httproute-xiuxian
labels:
role: xiuxian
spec:
hostnames:
- "v2.yinzhengjie.com"
parentRefs:
- name: xiuxian-gateway
rules:
- matches:
- path:
type: PathPrefix
value: /
timeouts:
request: 100ms
backendRefs:
- name: svc-xiuxian
port: 80
weight: 1
[root@master241 gatewayAPI]#
2.创建并测试
[root@master241 gatewayAPI]# kubectl apply -f 05-HTTPRoute-xiuxian.yaml
httproute.gateway.networking.k8s.io/httproute-xiuxian created
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]# kubectl describe -f 05-HTTPRoute-xiuxian.yaml
Name: httproute-xiuxian
Namespace: default
Labels: role=xiuxian
Annotations: <none>
API Version: gateway.networking.k8s.io/v1
Kind: HTTPRoute
Metadata:
Creation Timestamp: 2025-06-09T08:47:58Z
Generation: 1
Resource Version: 2730289
UID: a7125151-4e85-4faf-bffc-f26d831bf273
Spec:
Hostnames:
v2.yinzhengjie.com
Parent Refs:
Group: gateway.networking.k8s.io
Kind: Gateway
Name: xiuxian-gateway
Rules:
Backend Refs:
Group:
Kind: Service
Name: svc-xiuxian
Port: 80
Weight: 1
Matches:
Path:
Type: PathPrefix
Value: /
Timeouts:
Request: 100ms
Status:
Parents:
Conditions:
Last Transition Time: 2025-06-09T08:47:58Z
Message:
Observed Generation: 1
Reason: Accepted
Status: True
Type: Accepted
Last Transition Time: 2025-06-09T08:47:58Z
Message:
Observed Generation: 1
Reason: ResolvedRefs
Status: True
Type: ResolvedRefs
Controller Name: traefik.io/gateway-controller
Parent Ref:
Group: gateway.networking.k8s.io
Kind: Gateway
Name: xiuxian-gateway
Events: <none>
[root@master241 gatewayAPI]#
2.4 访问测试
如上图所示,我们成功访问啦。。
3.Gateway API实现灰度发布案例
3.1 准备测试案例
1.编写资源清单
[root@master241 gatewayAPI]# cat 06-deploy-apps.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-blog
spec:
replicas: 1
selector:
matchLabels:
apps: blog
template:
metadata:
labels:
apps: blog
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
command:
- /bin/sh
- -c
- 'echo https://www.cnblogs.com/yinzhengjie > /usr/share/nginx/html/index.html && nginx && tail -f /etc/hosts'
name: c1
ports:
- containerPort: 80
name: web
---
apiVersion: v1
kind: Service
metadata:
name: svc-blog
spec:
ports:
- port: 80
targetPort: web
selector:
apps: blog
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-bilibili
spec:
replicas: 1
selector:
matchLabels:
apps: bilibili
template:
metadata:
labels:
apps: bilibili
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
command:
- /bin/sh
- -c
- 'echo https://space.bilibili.com/600805398/lists > /usr/share/nginx/html/index.html && nginx && tail -f /etc/hosts'
name: c1
ports:
- containerPort: 80
name: web
---
apiVersion: v1
kind: Service
metadata:
name: svc-bilibili
spec:
ports:
- port: 80
targetPort: web
selector:
apps: bilibili
[root@master241 gatewayAPI]#
2.创建资源并访问测试
[root@master241 gatewayAPI]# kubectl apply -f 06-deploy-apps.yaml
deployment.apps/deploy-blog created
service/svc-blog created
deployment.apps/deploy-bilibili created
service/svc-bilibili created
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]# kubectl get svc,po -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kubernetes ClusterIP 10.192.0.1 <none> 443/TCP 3d8h <none>
service/svc-bilibili ClusterIP 10.203.4.189 <none> 80/TCP 5s apps=bilibili
service/svc-blog ClusterIP 10.197.240.224 <none> 80/TCP 5s apps=blog
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/deploy-bilibili-54dc5fd76c-76jsz 1/1 Running 0 5s 10.100.207.17 worker243 <none> <none>
pod/deploy-blog-7fc476b465-xznz2 1/1 Running 0 5s 10.100.207.16 worker243 <none> <none>
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]# curl 10.203.4.189
https://space.bilibili.com/600805398/lists
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]# curl 10.197.240.224
https://www.cnblogs.com/yinzhengjie
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]#
3.2 创建Gateway资源
1.查看资源清单
[root@master241 gatewayAPI]# cat 04-Gateway-xiuxian.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: xiuxian-gateway
spec:
gatewayClassName: traefik
listeners:
- protocol: HTTP
port: 8000
name: web
allowedRoutes:
kinds:
- kind: HTTPRoute
namespaces:
from: All
selector:
matchLabels:
role: xiuxian
[root@master241 gatewayAPI]#
2.创建资源
[root@master241 gatewayAPI]# kubectl apply -f 04-Gateway-xiuxian.yaml
gateway.gateway.networking.k8s.io/xiuxian-gateway created
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]# kubectl describe -f 04-Gateway-xiuxian.yaml
Name: xiuxian-gateway
Namespace: default
Labels: <none>
Annotations: <none>
API Version: gateway.networking.k8s.io/v1
Kind: Gateway
Metadata:
Creation Timestamp: 2025-06-09T10:34:37Z
Generation: 1
Resource Version: 2745394
UID: fd24234b-aaa0-41d6-a221-9adeb187688f
Spec:
Gateway Class Name: traefik
Listeners:
Allowed Routes:
Kinds:
Group: gateway.networking.k8s.io
Kind: HTTPRoute
Namespaces:
From: All
Selector:
Match Labels:
Role: xiuxian
Name: web
Port: 8000
Protocol: HTTP
Status:
Addresses:
Type: IPAddress
Value: 10.0.0.150
Conditions:
Last Transition Time: 2025-06-09T10:34:37Z
Message: Gateway successfully scheduled
Observed Generation: 1
Reason: Accepted
Status: True
Type: Accepted
Last Transition Time: 2025-06-09T10:34:37Z
Message: Gateway successfully scheduled
Observed Generation: 1
Reason: Programmed
Status: True
Type: Programmed
Listeners:
Attached Routes: 0
Conditions:
Last Transition Time: 2025-06-09T10:34:37Z
Message: No error found
Observed Generation: 1
Reason: Accepted
Status: True
Type: Accepted
Last Transition Time: 2025-06-09T10:34:37Z
Message: No error found
Observed Generation: 1
Reason: ResolvedRefs
Status: True
Type: ResolvedRefs
Last Transition Time: 2025-06-09T10:34:37Z
Message: No error found
Observed Generation: 1
Reason: Programmed
Status: True
Type: Programmed
Name: web
Supported Kinds:
Group: gateway.networking.k8s.io
Kind: HTTPRoute
Events: <none>
[root@master241 gatewayAPI]#
3.3 创建HTTPRoute资源引用Gateway
1.编写资源清单
[root@master241 gatewayAPI]# cat 07-HTTPRoute-huidu.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: httproute-xiuxian
labels:
role: xiuxian
spec:
hostnames:
- "v3.yinzhengjie.com"
parentRefs:
- name: xiuxian-gateway
rules:
- matches:
- path:
type: PathPrefix
value: /
timeouts:
request: 100ms
backendRefs:
- name: svc-bilibili
port: 80
weight: 8
- name: svc-blog
port: 80
weight: 2
[root@master241 gatewayAPI]#
2.创建资源并查看详细信息
[root@master241 gatewayAPI]# kubectl apply -f 07-HTTPRoute-huidu.yaml
httproute.gateway.networking.k8s.io/httproute-xiuxian created
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]# kubectl describe -f 07-HTTPRoute-huidu.yaml
Name: httproute-xiuxian
Namespace: default
Labels: role=xiuxian
Annotations: <none>
API Version: gateway.networking.k8s.io/v1
Kind: HTTPRoute
Metadata:
Creation Timestamp: 2025-06-09T10:37:21Z
Generation: 1
Resource Version: 2745801
UID: d96819e5-3587-4341-8520-87ac0fc7946b
Spec:
Hostnames:
v3.yinzhengjie.com
Parent Refs:
Group: gateway.networking.k8s.io
Kind: Gateway
Name: xiuxian-gateway
Rules:
Backend Refs:
Group:
Kind: Service
Name: svc-bilibili
Port: 80
Weight: 8
Group:
Kind: Service
Name: svc-blog
Port: 80
Weight: 2
Matches:
Path:
Type: PathPrefix
Value: /
Timeouts:
Request: 100ms
Status:
Parents:
Conditions:
Last Transition Time: 2025-06-09T10:37:21Z
Message:
Observed Generation: 1
Reason: Accepted
Status: True
Type: Accepted
Last Transition Time: 2025-06-09T10:37:21Z
Message:
Observed Generation: 1
Reason: ResolvedRefs
Status: True
Type: ResolvedRefs
Controller Name: traefik.io/gateway-controller
Parent Ref:
Group: gateway.networking.k8s.io
Kind: Gateway
Name: xiuxian-gateway
Events: <none>
[root@master241 gatewayAPI]#
3.4 访问测试
[root@worker242 ~]# for i in `seq 10`; do curl -H "HOST: v3.yinzhengjie.com" 10.0.0.150; done
https://www.cnblogs.com/yinzhengjie
https://space.bilibili.com/600805398/lists
https://space.bilibili.com/600805398/lists
https://space.bilibili.com/600805398/lists
https://space.bilibili.com/600805398/lists
https://www.cnblogs.com/yinzhengjie
https://space.bilibili.com/600805398/lists
https://space.bilibili.com/600805398/lists
https://space.bilibili.com/600805398/lists
https://space.bilibili.com/600805398/lists
[root@worker242 ~]#
[root@worker242 ~]# for i in `seq 10`; do curl -s -H "HOST: v3.yinzhengjie.com" 10.0.0.150; done | sort | uniq -c
8 https://space.bilibili.com/600805398/lists
2 https://www.cnblogs.com/yinzhengjie
[root@worker242 ~]#
4.彩蛋-参考路由信息
[root@master241 ~]# curl -s -H 'HOST: traefik.yinzhengjie.com' http://10.0.0.150/api/http/routers | jq
[
{
"entryPoints": [
"web"
],
"service": "httproute-default-httproute-xiuxian-gw-default-xiuxian-gateway-ep-web-0-57f88e29a90f5af2090b-wrr",
"rule": "Host(`v3.yinzhengjie.com`) && PathPrefix(`/`)",
"ruleSyntax": "default",
"priority": 20,
"observability": {
"accessLogs": true,
"tracing": true,
"metrics": true
},
"status": "enabled",
"using": [
"web"
],
"name": "httproute-default-httproute-xiuxian-gw-default-xiuxian-gateway-ep-web-0-57f88e29a90f5af2090b@kubernetesgateway",
"provider": "kubernetesgateway"
},
{
"entryPoints": [
"metrics",
"mysql",
"redis",
"tcpcase",
"web"
],
"service": "kube-public-jiege-traefik-dashboard-8080",
"rule": "Host(`traefik.yinzhengjie.com`) && PathPrefix(`/`)",
"priority": 50,
"observability": {
"accessLogs": true,
"tracing": true,
"metrics": true
},
"status": "enabled",
"using": [
"metrics",
"mysql",
"redis",
"tcpcase",
"web"
],
"name": "kube-public-ingress-traefik-traefik-yinzhengjie-com@kubernetes",
"provider": "kubernetes"
},
{
"entryPoints": [
"traefik"
],
"service": "api@internal",
"rule": "PathPrefix(`/dashboard`) || PathPrefix(`/api`)",
"priority": 46,
"observability": {
"accessLogs": true,
"tracing": true,
"metrics": true
},
"status": "enabled",
"using": [
"traefik"
],
"name": "kube-public-jiege-traefik-dashboard-d012b7f875133eeab4e5@kubernetescrd",
"provider": "kubernetescrd"
},
{
"entryPoints": [
"traefik"
],
"service": "ping@internal",
"rule": "PathPrefix(`/ping`)",
"ruleSyntax": "default",
"priority": 9223372036854776000,
"observability": {
"accessLogs": true,
"tracing": true,
"metrics": true
},
"status": "enabled",
"using": [
"traefik"
],
"name": "ping@internal",
"provider": "internal"
},
{
"entryPoints": [
"metrics"
],
"service": "prometheus@internal",
"rule": "PathPrefix(`/metrics`)",
"ruleSyntax": "default",
"priority": 9223372036854776000,
"observability": {
"accessLogs": true,
"tracing": true,
"metrics": true
},
"status": "enabled",
"using": [
"metrics"
],
"name": "prometheus@internal",
"provider": "internal"
},
{
"entryPoints": [
"websecure"
],
"service": "kube-public-jiege-traefik-dashboard-8080",
"rule": "Host(`traefik.yinzhengjie.com`) && PathPrefix(`/`)",
"priority": 50,
"tls": {
"options": "default"
},
"observability": {
"accessLogs": true,
"tracing": true,
"metrics": true
},
"status": "enabled",
"using": [
"websecure"
],
"name": "websecure-kube-public-ingress-traefik-traefik-yinzhengjie-com@kubernetes",
"provider": "kubernetes"
}
]
[root@master241 ~]#
本文来自博客园,作者:尹正杰,转载请注明原文链接:https://www.cnblogs.com/yinzhengjie/p/18921453,个人微信: "JasonYin2020"(添加时请备注来源及意图备注,有偿付费)
当你的才华还撑不起你的野心的时候,你就应该静下心来学习。当你的能力还驾驭不了你的目标的时候,你就应该沉下心来历练。问问自己,想要怎样的人生。
浙公网安备 33010602011771号