个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
25
4
我使用以下配置来设置 Istio
cat << EOF | kubectl apply -f -
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: istio-control-plane
spec:
# Use the default profile as the base
# More details at: https://istio.io/docs/setup/additional-setup/config-profiles/
profile: default
# Enable the addons that we will want to use
addonComponents:
grafana:
enabled: true
prometheus:
enabled: true
tracing:
enabled: true
kiali:
enabled: true
values:
global:
# Ensure that the Istio pods are only scheduled to run on Linux nodes
defaultNodeSelector:
beta.kubernetes.io/os: linux
kiali:
dashboard:
auth:
strategy: anonymous
components:
egressGateways:
- name: istio-egressgateway
enabled: true
EOF
我可以看到 istio 服务
kubectl get svc -n istio-system
我已经部署了 sleep 应用
kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.7/samples/sleep/sleep.yaml
-n akv2k8s-test
并已部署 ServiceEntry
kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: httpbin-ext
namespace: akv2k8s-test
spec:
hosts:
- httpbin.org
ports:
- number: 80
name: http
protocol: HTTP
resolution: DNS
location: MESH_EXTERNAL
EOF
并尝试访问外部 URL
export SOURCE_POD=$(kubectl get -n akv2k8s-test pod -l app=sleep -o jsonpath='{.items..metadata.name}')
kubectl exec "$SOURCE_POD" -n akv2k8s-test -c sleep -- curl -sI http://httpbin.org/headers | grep "HTTP/";
但是我看不到代理上报告的任何日志
kubectl logs "$SOURCE_POD" -n akv2k8s-test -c istio-proxy | tail
根据文档我应该看到这个
但是我没有看到标题
我在这里遗漏了什么吗?
最佳答案
我按照下面提到的方式让它工作
cat << EOF | kubectl apply -f -
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: istio-control-plane
spec:
# Use the default profile as the base
# More details at: https://istio.io/docs/setup/additional-setup/config-profiles/
profile: default
# Enable the addons that we will want to use
addonComponents:
grafana:
enabled: true
prometheus:
enabled: true
tracing:
enabled: true
kiali:
enabled: true
values:
global:
# Ensure that the Istio pods are only scheduled to run on Linux nodes
defaultNodeSelector:
beta.kubernetes.io/os: linux
kiali:
dashboard:
auth:
strategy: anonymous
components:
egressGateways:
- name: istio-egressgateway
enabled: true
meshConfig:
accessLogFile: /dev/stdout
outboundTrafficPolicy:
mode: REGISTRY_ONLY
EOF
cat << EOF | kubectl apply -f -
apiVersion: v1
kind: Namespace
metadata:
name: akv2k8s-test
labels:
istio-injection: enabled
azure-key-vault-env-injection: enabled
---
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: cnn
namespace: akv2k8s-test
spec:
hosts:
- edition.cnn.com
ports:
- number: 80
name: http-port
protocol: HTTP
- number: 443
name: https
protocol: HTTPS
resolution: DNS
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: istio-egressgateway
namespace: akv2k8s-test
spec:
selector:
istio: egressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- edition.cnn.com
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: egressgateway-for-cnn
namespace: akv2k8s-test
spec:
host: istio-egressgateway.istio-system.svc.cluster.local
subsets:
- name: cnn
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: direct-cnn-through-egress-gateway
namespace: akv2k8s-test
spec:
hosts:
- edition.cnn.com
gateways:
- istio-egressgateway
- mesh
http:
- match:
- gateways:
- mesh
port: 80
route:
- destination:
host: istio-egressgateway.istio-system.svc.cluster.local
subset: cnn
port:
number: 80
weight: 100
- match:
- gateways:
- istio-egressgateway
port: 80
route:
- destination:
host: edition.cnn.com
port:
number: 80
weight: 100
EOF
kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.7/samples/sleep/sleep.yaml -n akv2k8s-test
export SOURCE_POD=$(kubectl get pod -l app=sleep -n akv2k8s-test -o jsonpath={.items..metadata.name})
kubectl exec "$SOURCE_POD" -n akv2k8s-test -c sleep -- curl -sL -o /dev/null -D - http://edition.cnn.com/politics
kubectl logs -l istio=egressgateway -c istio-proxy -n istio-system | tail
kubectl delete -n akv2k8s-test gateway istio-egressgateway
kubectl delete -n akv2k8s-test serviceentry cnn
kubectl delete -n akv2k8s-test virtualservice direct-cnn-through-egress-gateway
kubectl delete -n akv2k8s-test destinationrule egressgateway-for-cnn
关于Azure Kubernetes - Istio Egress 不工作,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64467070/
25
4
0
我使用以下配置来设置 Istio cat << EOF | kubectl apply -f - apiVersion: install.istio.io/v1alpha1 kind: IstioOp
关闭。这个问题不符合Stack Overflow guidelines .它目前不接受答案。 这个问题似乎与 help center 中定义的范围内的编程无关。 . 2年前关闭。 Improve th
我正在关注 Istio 文档 ( https://istio.io/docs/examples/advanced-egress/egress-gateway/ ) 来设置导出网关。我得到的结果与文档描
我在 cloudformation 模板的安全组定义中使用以下导出规则 SecurityGroupEgress: - IpProtocol: tcp FromPort: 0 T
我已经在 Google Cloud Platform 中运行了大约 20 台服务器。 本月才过去 7 天,我突然对“Google Compute Network Internet Egress fro
我在 Google Cloud Platform 中启动了一个简单的 Tomcat 网络服务器,本月我为一项名为“Compute Engine Network Internet Egress from
我是一名优秀的程序员,十分优秀!