gpt4 book ai didi

istio:使用 grpc 和 http 的入口

转载 作者:行者123 更新时间:2023-12-01 00:26:09 24 4
gpt4 key购买 nike

我有一个服务在两个端口上监听;一个是http,另一个是grpc。
我想设置一个可以路由到这两个端口的入口,使用相同的主机。

如果使用 http/1.1,负载均衡器将重定向到 http 端口,如果使用 h2,则重定向到 grpc 端口。

有没有办法用 istio 做到这一点?

我做了一个 hello world 来展示我想要实现的目标:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: hello-world
namespace: dev
spec:
replicas: 1
template:
metadata:
annotations:
alpha.istio.io/sidecar: injected
pod.beta.kubernetes.io/init-containers: '[{"args":["-p","15001","-u","1337","-i","172.20.0.0/16"],"image":"docker.io/istio/init:0.1","imagePullPolicy":"Always","name":"init","securityContext":{"capabilities":{"add":["NET_ADMIN"]}}}]'
labels:
app: hello-world
spec:
containers:
- name: grpc-server
image: aguilbau/hello-world-grpc:latest
ports:
- name: grpc
containerPort: 50051
- name: http-server
image: nginx:1.7.9
ports:
- name: http
containerPort: 80
- name: istio-proxy
args:
- proxy
- sidecar
- -v
- "2"
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
image: docker.io/istio/proxy:0.1
imagePullPolicy: Always
resources: {}
securityContext:
runAsUser: 1337
---
apiVersion: v1
kind: Service
metadata:
name: hello-world
namespace: dev
spec:
ports:
- name: grpc
port: 50051
- name: http
port: 80
selector:
app: hello-world
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: hello-world-http
namespace: dev
annotations:
kubernetes.io/ingress.class: "istio"
spec:
rules:
- host: hello-world
http:
paths:
- backend:
serviceName: hello-world
servicePort: 80
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: hello-world-grpc
namespace: dev
annotations:
kubernetes.io/ingress.class: "istio"
spec:
rules:
- host: hello-world
http:
paths:
- backend:
serviceName: hello-world
servicePort: 50051
---

最佳答案

我参加聚会有点晚了,但是对于那些在这篇文章中磕磕绊绊的人,我认为您可以毫不费力地做到这一点。我将假设您在 kubernetes 集群上安装了 istio,并且很高兴使用默认的 istio-ingressgateway:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: hello-world
namespace: dev
spec:
replicas: 1
template:
metadata:
annotations:
alpha.istio.io/sidecar: injected
pod.beta.kubernetes.io/init-containers: '[{"args":["-p","15001","-u","1337","-i","172.20.0.0/16"],"image":"docker.io/istio/init:0.1","imagePullPolicy":"Always","name":"init","securityContext":{"capabilities":{"add":["NET_ADMIN"]}}}]'
labels:
app: hello-world
spec:
containers:
- name: grpc-server
image: aguilbau/hello-world-grpc:latest
ports:
- name: grpc
containerPort: 50051
- name: http-server
image: nginx:1.7.9
ports:
- name: http
containerPort: 80
- name: istio-proxy
args:
- proxy
- sidecar
- -v
- "2"
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
image: docker.io/istio/proxy:0.1
imagePullPolicy: Always
resources: {}
securityContext:
runAsUser: 1337

---

apiVersion: v1
kind: Service
metadata:
name: hello-world
namespace: dev
spec:
ports:
- name: grpc
port: 50051
- name: http
port: 80
selector:
app: hello-world

---

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: hello-world-istio-gate
namespace: dev
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
- port:
number: 50051
name: grpc
protocol: GRPC
hosts:
- "*"

---

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: hello-world-istio-vsvc
namespace: dev
spec:
hosts:
- "*"
gateways:
- hello-world-istio-gate
http:
- match:
- port: 80
route:
- destination:
host: hello-world
port:
number: 80
tcp:
- match:
- port: 50051
route:
- destination:
host: hello-world
port:
number: 50051

上面的配置省略了你的两个 Ingress,而是包括:
  • 您的部署
  • 您的服务
  • istio 网关
  • 一个 istio 虚拟服务

  • 有一个重要的额外部分没有显示,我之前在谈论使用默认 ingressgateway 时提到过它。在“hello-world-istio-gateway”中找到的以下行提供了一个线索:
    istio: ingressgateway

    这指的是“istio-system”命名空间中的一个 pod,它通常默认安装为“istio-ingressgateway”——这个 pod 由一个也称为“istio-ingressgateway”的服务公开。 您需要在“istio-ingressgateway”服务上打开端口。

    例如,我编辑了我的(默认)ingressgateway,并为 HTTP 和 GRPC 添加了一个端口开放。结果是以下(针对长度进行了编辑)yaml 代码:
    dampersand@kubetest1:~/k8s$ kubectl get service istio-ingressgateway -n istio-system -o yaml
    apiVersion: v1
    kind: Service
    metadata:

    <omitted for length>

    labels:
    app: istio-ingressgateway
    chart: gateways-1.0.3
    heritage: Tiller
    istio: ingressgateway
    release: istio
    name: istio-ingressgateway
    namespace: istio-system

    <omitted for length>

    ports:
    - name: http2
    nodePort: 31380
    port: 80
    protocol: TCP
    targetPort: 80

    <omitted for length>

    - name: grpc
    nodePort: 30000
    port: 50051
    protocol: TCP
    targetPort: 50051
    selector:
    app: istio-ingressgateway
    istio: ingressgateway
    type: NodePort

    进行上述更改(用于测试目的)的最简单方法是使用:
    kubectl edit svc -n istio-system istio-ingressgateway

    出于生产目的,最好编辑您的 helm chart 或 istio.yaml 文件或您最初用于设置 ingressgateway 的任何文件。

    顺便说一句,请注意我的测试集群将 istio-ingressgateway 设置为 NodePort,所以上面的 yaml 文件说的是我的集群正在端口转发 31380 -> 80 和 30000 -> 50051。您可能(可能)有istio-ingressgateway 设置为 LoadBalancer,这会有所不同......因此请相应地计划。

    最后,以下博客文章是我在这篇文章中概述的工具的一些非常出色的背景阅读 Material ! https://blog.jayway.com/2018/10/22/understanding-istio-ingress-gateway-in-kubernetes/

    关于istio:使用 grpc 和 http 的入口,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44760416/

    24 4 0
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com