修改和新增

2025-12-23 01:53:01 +08:00
parent 89a07bc062
commit b44594def6
17 changed files with 922 additions and 110 deletions
--- a/网关/Istio/使用Istio开启对外访问.md
+++ b/网关/Istio/使用Istio开启对外访问.md
@@ -0,0 +1,144 @@
+> 本文作者：丁辉
+
+# 使用Istio开启对外访问
+
+## Istio开启对外访问
+
+### 部署基础服务
+
+1. 部署 Nginx 资源
+
+   ```yaml
+   kubectl apply -f https://gitee.com/offends/Kubernetes/raw/main/File/Yaml/nginx-deployment.yaml
+   kubectl apply -f https://gitee.com/offends/Kubernetes/raw/main/File/Yaml/nginx-deployment-svc.yaml
+   ```
+
+2. 查看部署情况
+
+   ```bash
+   kubectl get deploy,svc
+   ```
+
+### 配置 Istio 对外访问
+
+1. 部署 Nginx Gateway 资源
+
+   - HTTP
+
+     ```yaml
+     cat <<EOF | kubectl apply -f -
+     apiVersion: networking.istio.io/v1
+     kind: Gateway
+     metadata:
+       name: nginx-gateway
+       namespace: default
+     spec:
+       selector:
+         istio: ingressgateway
+       servers:
+       - port:
+           number: 80
+           name: http
+           protocol: HTTP
+         hosts:
+           - '*'
+     EOF
+     ```
+
+   - HTTPS
+
+     1. 创建证书 Secret 资源
+
+        ```bash
+        kubectl create secret tls demo-tls --cert=server.crt --key=server.key -n istio-system
+        ```
+
+     2. 创建 Gateway 资源
+
+        ```yaml
+        cat <<EOF | kubectl apply -f -
+        apiVersion: networking.istio.io/v1
+        kind: Gateway
+        metadata:
+          name: nginx-gateway
+          namespace: default
+        spec:
+          selector:
+            istio: ingressgateway
+          servers:
+          - port:
+              number: 443
+              name: https
+              protocol: HTTPS
+            hosts:
+            - example.com # 替换为你的域名
+            tls:
+              mode: SIMPLE
+              credentialName: example-tls # 替换为你的证书,这个 secret 必须在 istio-system 命名空间
+        EOF
+        ```
+
+2. 部署 Nginx VirtualService 资源
+
+   - HTTP
+
+     ```yaml
+     cat <<EOF | kubectl apply -f -
+     apiVersion: networking.istio.io/v1
+     kind: VirtualService
+     metadata:
+       name: nginx-virtualservice
+       namespace: default
+     spec:
+       hosts:
+       - '*'
+       gateways:
+       - nginx-gateway
+       http:
+       - match:
+         - uri:
+             prefix: /
+           port: 80
+         route:
+         - destination:
+             host: nginx-service.default.svc.cluster.local
+             port:
+               number: 80
+     EOF
+     ```
+
+   - HTTPS
+
+     ```yaml
+     cat <<EOF | kubectl apply -f -
+     apiVersion: networking.istio.io/v1
+     kind: VirtualService
+     metadata:
+       name: nginx-virtualservice
+       namespace: default
+     spec:
+       hosts:
+       - example.com # 替换为你的域名
+       gateways:
+       - nginx-gateway
+       http:
+       - match:
+         - uri:
+             prefix: /
+           port: 443
+         route:
+         - destination:
+             host: nginx-service.default.svc.cluster.local
+             port:
+               number: 80
+     EOF
+     ```
+
+3. 访问测试
+
+   ```bash
+   kubectl get svc istio-ingressgateway -n istio-system
+   ```
+
+   通过 `域名` 或 `IP:80` 访问
+