2.9 KiB
2.9 KiB
本文作者:丁辉
使用Istio开启对外访问
Istio开启对外访问
部署基础服务
-
部署 Nginx 资源
kubectl apply -f https://gitee.com/offends/Kubernetes/raw/main/File/Yaml/nginx-deployment.yaml kubectl apply -f https://gitee.com/offends/Kubernetes/raw/main/File/Yaml/nginx-deployment-svc.yaml -
查看部署情况
kubectl get deploy,svc
配置 Istio 对外访问
-
部署 Nginx Gateway 资源
-
HTTP
cat <<EOF | kubectl apply -f - apiVersion: networking.istio.io/v1 kind: Gateway metadata: name: nginx-gateway namespace: default spec: selector: istio: ingressgateway servers: - port: number: 80 name: http protocol: HTTP hosts: - '*' EOF -
HTTPS
-
创建证书 Secret 资源
kubectl create secret tls demo-tls --cert=server.crt --key=server.key -n istio-system -
创建 Gateway 资源
cat <<EOF | kubectl apply -f - apiVersion: networking.istio.io/v1 kind: Gateway metadata: name: nginx-gateway namespace: default spec: selector: istio: ingressgateway servers: - port: number: 443 name: https protocol: HTTPS hosts: - example.com # 替换为你的域名 tls: mode: SIMPLE credentialName: example-tls # 替换为你的证书,这个 secret 必须在 istio-system 命名空间 EOF
-
-
-
部署 Nginx VirtualService 资源
-
HTTP
cat <<EOF | kubectl apply -f - apiVersion: networking.istio.io/v1 kind: VirtualService metadata: name: nginx-virtualservice namespace: default spec: hosts: - '*' gateways: - nginx-gateway http: - match: - uri: prefix: / port: 80 route: - destination: host: nginx-service.default.svc.cluster.local port: number: 80 EOF -
HTTPS
cat <<EOF | kubectl apply -f - apiVersion: networking.istio.io/v1 kind: VirtualService metadata: name: nginx-virtualservice namespace: default spec: hosts: - example.com # 替换为你的域名 gateways: - nginx-gateway http: - match: - uri: prefix: / port: 443 route: - destination: host: nginx-service.default.svc.cluster.local port: number: 80 EOF
-
-
访问测试
kubectl get svc istio-ingressgateway -n istio-system通过
域名或IP:80访问