Azure 如何使用Istio入口公开AKS中的服务?
我曾经使用Type:LoadBalancer通过反向代理公开我的服务。没有Istio,一切都很顺利。 但是,当我将Istio应用到集群时发生了错误 我试图用Istio Ingress在Kubernetes中公开我的服务,但我想我在用Istio路由服务时误解了一些东西 我在同一命名空间中有2个部署(请参见下图): 1:应用程序(总线id) 2:应用程序的反向代理(总线代理):将HTTP转换为gRPC 版本:Azure 如何使用Istio入口公开AKS中的服务?,azure,kubernetes,istio,Azure,Kubernetes,Istio,我曾经使用Type:LoadBalancer通过反向代理公开我的服务。没有Istio,一切都很顺利。 但是,当我将Istio应用到集群时发生了错误 我试图用Istio Ingress在Kubernetes中公开我的服务,但我想我在用Istio路由服务时误解了一些东西 我在同一命名空间中有2个部署(请参见下图): 1:应用程序(总线id) 2:应用程序的反向代理(总线代理):将HTTP转换为gRPC 版本: Kubernetes版本(启用RBAC的AKS): 客户端版本:v1.15.0 服务器
- Kubernetes版本(启用RBAC的AKS): 客户端版本:v1.15.0 服务器版本:v1.12.8
- Istio版本:1.1.3(AKS表示他们在1.1.3上进行了测试)
- 舵手: 客户端:&version.version{SemVer:“v2.13.0”,GitCommit:“79d07943B03EA2B76C12644B4473BC5958D6”,GitTreeState:“clean”} 服务器:&version.version{SemVer:“v2.14.1”,GitCommit:“5270352a09c7e8b6e8c9593002a73535276507c0”,GitTreeState:“clean”}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: bus-id
namespace: smart-id
labels:
k8s-app: bus-id
spec:
selector:
matchLabels:
k8s-app: bus-id
template:
metadata:
name: bus-id
labels:
k8s-app: bus-id
spec:
containers:
- name: bus-id
image: mydockerhub/mydockerhub:bus-id
ports:
- containerPort: 50001
env:
- name: APP_NAME
value: bus-id
---
apiVersion: v1
kind: Service
metadata:
name: bus-id
namespace: smart-id
labels:
service: bus-id
spec:
ports:
- name: http
port: 50001
targetPort: 50001
protocol: TCP
selector:
k8s-app: bus-id
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
k8s-app: bus-proxy
name: bus-proxy
namespace: smart-id
spec:
selector:
matchLabels:
k8s-app: bus-proxy
replicas: 1
template:
metadata:
labels:
k8s-app: bus-proxy
spec:
imagePullSecrets:
- name: duynd
containers:
- image: mydockerhub/mydockerhub:bus-proxy
name: bus-proxy
ports:
- containerPort: 40001
name: http
env:
- name: APP_NAME
value: bus-proxy
---
apiVersion: v1
kind: Service
metadata:
name: bus-proxy
namespace: smart-id
labels:
service: bus-proxy
spec:
ports:
- port: 8080
targetPort: 40001
protocol: TCP
selector:
k8s-app: bus-proxy
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: smartid-gateway
namespace: smart-id
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: smartid
namespace: smart-id
spec:
hosts:
- "*"
gateways:
- smart-id/smartid-gateway
http:
- match:
- uri:
prefix: /api
route:
- destination:
host: bus-proxy.smart-id.svc.cluster.local
port:
number: 8080
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: bus-id
namespace: smart-id
labels:
k8s-app: bus-id
spec:
selector:
matchLabels:
k8s-app: bus-id
template:
metadata:
name: bus-id
labels:
k8s-app: bus-id
spec:
containers:
- name: bus-id
image: mydockerhub/mydockerhub:bus-id
ports:
- containerPort: 50001
env:
- name: APP_NAME
value: bus-id
---
apiVersion: v1
kind: Service
metadata:
name: bus-id
namespace: smart-id
labels:
service: bus-id
spec:
ports:
- name: http
port: 50001
targetPort: 50001
protocol: TCP
selector:
k8s-app: bus-id
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
k8s-app: bus-proxy
name: bus-proxy
namespace: smart-id
spec:
selector:
matchLabels:
k8s-app: bus-proxy
replicas: 1
template:
metadata:
labels:
k8s-app: bus-proxy
spec:
imagePullSecrets:
- name: duynd
containers:
- image: mydockerhub/mydockerhub:bus-proxy
name: bus-proxy
ports:
- containerPort: 40001
name: http
env:
- name: APP_NAME
value: bus-proxy
---
apiVersion: v1
kind: Service
metadata:
name: bus-proxy
namespace: smart-id
labels:
service: bus-proxy
spec:
ports:
- port: 8080
targetPort: 40001
protocol: TCP
selector:
k8s-app: bus-proxy
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: smartid-gateway
namespace: smart-id
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: smartid
namespace: smart-id
spec:
hosts:
- "*"
gateways:
- smart-id/smartid-gateway
http:
- match:
- uri:
prefix: /api
route:
- destination:
host: bus-proxy.smart-id.svc.cluster.local
port:
number: 8080
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: bus-id
namespace: smart-id
labels:
k8s-app: bus-id
spec:
selector:
matchLabels:
k8s-app: bus-id
template:
metadata:
name: bus-id
labels:
k8s-app: bus-id
spec:
containers:
- name: bus-id
image: mydockerhub/mydockerhub:bus-id
ports:
- containerPort: 50001
env:
- name: APP_NAME
value: bus-id
---
apiVersion: v1
kind: Service
metadata:
name: bus-id
namespace: smart-id
labels:
service: bus-id
spec:
ports:
- name: http
port: 50001
targetPort: 50001
protocol: TCP
selector:
k8s-app: bus-id
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
k8s-app: bus-proxy
name: bus-proxy
namespace: smart-id
spec:
selector:
matchLabels:
k8s-app: bus-proxy
replicas: 1
template:
metadata:
labels:
k8s-app: bus-proxy
spec:
imagePullSecrets:
- name: duynd
containers:
- image: mydockerhub/mydockerhub:bus-proxy
name: bus-proxy
ports:
- containerPort: 40001
name: http
env:
- name: APP_NAME
value: bus-proxy
---
apiVersion: v1
kind: Service
metadata:
name: bus-proxy
namespace: smart-id
labels:
service: bus-proxy
spec:
ports:
- port: 8080
targetPort: 40001
protocol: TCP
selector:
k8s-app: bus-proxy
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: smartid-gateway
namespace: smart-id
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: smartid
namespace: smart-id
spec:
hosts:
- "*"
gateways:
- smart-id/smartid-gateway
http:
- match:
- uri:
prefix: /api
route:
- destination:
host: bus-proxy.smart-id.svc.cluster.local
port:
number: 8080
- 我也在github上发布了这个问题()
Istio注入kubectl label namespace voting istio-injection=enabled
此标签指示Istio自动将Istio代理作为侧车注入此命名空间中的所有POD中。您应该在ingress.yaml中为您的虚拟服务使用正确的网关。首先,如果您使用Istio在AKS中运行所有应用程序,我建议您按照AKS中提供的步骤安装Istio 现在,看看AKS提供的示例,您需要知道: Istio具有代理本身。因此,您需要选择使用哪一个或 使用两个代理,但需要确保它支持两个代理 如果使用Istio的代理,则还需要为应用程序的命名空间启用
Istio注入kubectl label namespace voting istio-injection=enabled
此标签指示Istio自动将Istio代理作为侧车注入此命名空间中的所有POD中。您应该在ingress.yaml中为您的虚拟服务使用正确的网关。我的问题不在部署中。问题是内部的两个服务之间的连接,它们被传递元数据所困扰。
检查白色元数据白色列表,如果您使用的是gRPC我的问题不在部署中。问题是内部的两个服务之间的连接,它们被传递元数据所困扰。
检查白色元数据白色列表,如果您使用的是gRPC谢谢您的建议,我的问题不在部署中。问题是内部2个服务之间的连接,它们无法传递元数据。感谢您的建议,我的问题不在部署中。问题是内部2个服务之间的连接,它们被传递元数据所困扰。