在 istio 入口网关中启用端口

【问题标题】:Enable ports in istio ingress gateway在 istio 入口网关中启用端口
【发布时间】:2019-04-18 11:55:59
【问题描述】:

嘿,所以为了项目需要,我已经配置了将在端口 8083 上响应的应用程序,因为我在专用命名空间

中配置了以下部署、网关、服务和虚拟服务 
apiVersion: v1
data:
  my.databag.1: need_triage
kind: ConfigMap
metadata:
  name: my-service-env-variables
  namespace: api

---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: my-service
  name: my-service-service-deployment
  namespace: api
spec:
  replicas: 1
  template:
    metadata:
      annotations:
        traffic.sidecar.istio.io/excludeOutboundIPRanges: 0.0.0.0/0
      labels:
        app: my-service-service-deployment
    spec:
      containers:
      - env:
        - name: my.variable
          valueFrom:
            secretKeyRef:
              key: my_token
              name: my.variable
        envFrom:
        - configMapRef:
            name: my-service-env-variables
        image: imaagepath:tag
        name: my-service-pod
        ports:
        - containerPort: 8080
          name: mysvcport
        resources:
          limits:
            cpu: 700m
            memory: 1.8Gi
          requests:
            cpu: 500m
            memory: 1.7Gi

---
apiVersion: v1
kind: Service
metadata:
  name: my-service
  namespace: api
spec:
  ports:
  - port: 8083
    protocol: TCP
    targetPort: mysvcport
  selector:
    app: my-service-service-deployment

---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: my-service-ingress
  namespace: api
spec:
  gateways:
  - http-gateway
  hosts:
  - my-service.example.com
  http:
  - route:
    - destination:
        host: my-service
        port:
          number: 8083
---
apiVersion: v1
items:
- apiVersion: networking.istio.io/v1alpha3
  kind: Gateway
  metadata:
    clusterName: ""
    creationTimestamp: 2018-11-07T13:17:00Z
    name: http-gateway
    namespace: api
    resourceVersion: "11778445"
    selfLink: /apis/networking.istio.io/v1alpha3/namespaces/api/gateways/http-gateway
    uid: 694f66a4-e28f-11e8-bc21-0ac9e31187a0
  spec:
    selector:
      istio: ingressgateway
    servers:
    - hosts:
      - '*.example.com'
      port:
        name: http
        number: 80
        protocol: HTTP
    - hosts:
      - '*.example.com'
      port:
        name: http-tomcat
        number: 8083
        protocol: TCP
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

kubectl -n istio-system 获取服务 istio-ingressgateway -o yaml

apiVersion: v1
kind: Service
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"app":"istio-ingressgateway","chart":"gateways-1.0.1","heritage":"Tiller","istio":"ingressgateway","release":"istio"},"name":"istio-ingressgateway","namespace":"istio-system"},"spec":{"ports":[{"name":"http2","nodePort":31380,"port":80,"targetPort":80},{"name":"https","nodePort":31390,"port":443},{"name":"tcp","nodePort":31400,"port":31400},{"name":"tcp-pilot-grpc-tls","port":15011,"targetPort":15011},{"name":"tcp-citadel-grpc-tls","port":8060,"targetPort":8060},{"name":"tcp-dns-tls","port":853,"targetPort":853},{"name":"http2-prometheus","port":15030,"targetPort":15030},{"name":"http2-grafana","port":15031,"targetPort":15031}],"selector":{"app":"istio-ingressgateway","istio":"ingressgateway"},"type":"LoadBalancer"}}
  creationTimestamp: 2018-09-06T02:43:34Z
  labels:
    app: istio-ingressgateway
    chart: gateways-1.0.1
    heritage: Tiller
    istio: ingressgateway
    release: istio
  name: istio-ingressgateway
  namespace: istio-system
  resourceVersion: "12960680"
  selfLink: /api/v1/namespaces/istio-system/services/istio-ingressgateway
  uid: a6455551-b17e-11e8-893c-0a872c53b2c0
spec:
  clusterIP: 100.64.235.167
  externalTrafficPolicy: Cluster
  ports:
  - name: http2
    nodePort: 31380
    port: 80
    protocol: TCP
    targetPort: 80
  - name: https
    nodePort: 31390
    port: 443
    protocol: TCP
    targetPort: 443
  - name: tcp
    nodePort: 31400
    port: 31400
    protocol: TCP
    targetPort: 31400
  - name: tcp-pilot-grpc-tls
    nodePort: 30052
    port: 15011
    protocol: TCP
    targetPort: 15011
  - name: tcp-citadel-grpc-tls
    nodePort: 30614
    port: 8060
    protocol: TCP
    targetPort: 8060
  - name: tcp-dns-tls
    nodePort: 30085
    port: 853
    protocol: TCP
    targetPort: 853
  - name: http2-prometheus
    nodePort: 30518
    port: 15030
    protocol: TCP
    targetPort: 15030
  - name: http2-grafana
    nodePort: 31358
    port: 15031
    protocol: TCP
    targetPort: 15031
  **_- name: http-tomcat
    nodePort: 30541
    port: 8083
    protocol: TCP
    targetPort: 8083_**
  selector:
    app: istio-ingressgateway
    istio: ingressgateway
  sessionAffinity: None
  type: LoadBalancer
status:
  loadBalancer:
    ingress:
    - hostname: <elb_endpoint>

正如我们所见,我在服务ingress-gateway 中编辑了端口。但是,当我点击端点时,它会在端口 80 上得到响应,并且我在8083 上收到网关超时,我想知道为什么它发生在我能想到或从文档和社区了解的所有地方。 :)

非常感谢我能在这方面获得任何帮助。

【问题讨论】:

  • 在您的部署中,您有containerPort: 8080,但似乎应该是8083
  • @ArtemGolenyaev 那是容器端口,服务端口确实是8083

标签: nginx kubernetes kubernetes-ingress istio


【解决方案1】:

顺便问一下 istio-ingressgateway 的状态是否正确?我问是因为端口数似乎超过了限制。在我们的集群中,有一天我们发现: Error creating load balancer (will retry): failed to ensure load balancer for service istio-system/istio-ingressgateway: googleapi: Error 400: Invalid value for field 'resource.ports[5]': '853'. Too many ports specified. Maximum is 5., invalid

您可以通过 kubectl describe svc istio-ingressgateway -n istio-system 进行检查

【讨论】:

  • 谢谢 Anna,一定会调查并在此处更新状态
猜你喜欢
  • 1970-01-01
  • 2020-12-27
  • 2020-11-09
  • 2020-06-17
  • 2019-11-01
  • 1970-01-01
  • 2021-07-12
  • 2023-01-12
  • 2022-01-27
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode