将网关绑定到特定命名空间?

huangapple
go评论87阅读模式
英文:

How to bind gateway to a specific namespace?

问题

I have the following scenario:

  • 当用户 A 在浏览器中输入地址 foo.example1.example.com 时,应调用命名空间 example1 中的服务 FOO
  • 当用户 B 在浏览器中输入地址 foo.example1.example.com 时,应调用命名空间 example2 中的服务 FOO

我正在使用 Istio,问题是如何配置网关,使其绑定到特定的命名空间:

请看 Istio 网关配置示例:

  1. $ kubectl apply -f - <<EOF
  2. apiVersion: networking.istio.io/v1alpha3
  3. kind: Gateway
  4. metadata:
  5.   name: ns_example1
  6. spec:
  7.   selector:
  8.     istio: ingressgateway # 使用 Istio 默认的网关实现
  9.   servers:
  10.   - port:
  11.       number: 80
  12.       name: http
  13.       protocol: HTTP
  14.     hosts:
  15.     - "example1.example.com"
  16. EOF

当我部署网关时,它将应用于当前命名空间,但我想要指定一个命名空间。

如何将网关分配给特定的命名空间?

英文:

I have the following scenario:
将网关绑定到特定命名空间?

  • When the user A enter the address foo.example1.example.com in the
    browser, then it should call the service FOO in the namespace
    example1.
  • When the user B enter the address foo.example1.example.com in the
    browser, then it should call the service FOO in the namespace
    example2.

I am using istio, the question is, how to configure the gateway, that is bind specific to a namespace:

Look at an example of istio gateway configuration:

  1.   $ kubectl apply -f - &lt;&lt;EOF
  2.   apiVersion: networking.istio.io/v1alpha3
  3.   kind: Gateway
  4.   metadata:
  5.     name: ns_example1
  6.   spec:
  7.     selector:
  8.       istio: ingressgateway # use Istio default gateway implementation
  9.     servers:
  10.     - port:
  11.         number: 80
  12.         name: http
  13.         protocol: HTTP
  14.       hosts:
  15.       - &quot;example1.example.com&quot;
  16.   EOF

When I would deploy the gateway, then it will apply to current namespace but I would like to specify a namespace.

How to assign a gateway to specific namespace?

答案1

得分: 2

我认为这个链接应该能解答你的问题。

有许多你不需要的东西,但有一个想法,你想要应用到你的Istio集群中。

所以你需要一个网关和两个虚拟服务。

  1. apiVersion: networking.istio.io/v1alpha3
  2. kind: Gateway
  3. metadata:
  4.   name: foocorp-gateway
  5.   namespace: default
  6. spec:
  7.   selector:
  8.     istio: ingressgateway # 使用 Istio 默认的入口网关
  9.   servers:
  10.   - port:
  11.       number: 80
  12.       name: http-example1
  13.       protocol: HTTP
  14.     hosts:
  15.     - "example1.example.com"
  16.   - port:
  17.       number: 80
  18.       name: http-example2
  19.       protocol: HTTP
  20.     hosts:
  21.     - "example2.example.com"
  1. apiVersion: networking.istio.io/v1alpha3
  2. kind: VirtualService
  3. metadata:
  4.   name: example1
  5.   namespace: ex1
  6. spec:
  7.   hosts:
  8.   - "example1.example.com"
  9.   gateways:
  10.   - foocorp-gateway
  11.   http:
  12.   - match:
  13.     - uri:
  14.         exact: /
  15.     route:
  16.     - destination:
  17.         host: example1.ex1.svc.cluster.local
  18.         port:
  19.           number: 80
  20. ---
  21. apiVersion: networking.istio.io/v1alpha3
  22. kind: VirtualService
  23. metadata:
  24.   name: example2
  25.   namespace: ex2
  26. spec:
  27.   hosts:
  28.   - "example2.example.com"
  29.   gateways:
  30.   - foocorp-gateway
  31.   http:
  32.   - match:
  33.     - uri:
  34.         exact: /
  35.     route:
  36.     - destination:
  37.         host: example2.ex2.svc.cluster.local
  38.         port:
  39.           number: 80

编辑

你可以在命名空间ex1和ex2中创建网关,然后只需更改虚拟服务中的网关字段,它应该能正常工作。

记得添加命名空间/网关,不仅仅是网关名称,就像这里

  1. gateways:
  2.   - some-config-namespace/gateway-name

如果这对你有帮助,请告诉我。

英文:

I think this link should answer your question.

There is many things You won't need, but there is idea You want to apply to your istio cluster.

So You need 1 gateway and 2 virtual services.

  1. apiVersion: networking.istio.io/v1alpha3
  2. kind: Gateway
  3. metadata:
  4.   name: foocorp-gateway
  5.   namespace: default
  6. spec:
  7.   selector:
  8.     istio: ingressgateway # use istio default ingress gateway
  9.   servers:
  10.   - port:
  11.       number: 80
  12.       name: http-example1
  13.       protocol: HTTP
  14.     hosts:
  15.     - &quot;example1.example.com&quot;
  16.   - port:
  17.       number: 80
  18.       name: http-example2
  19.       protocol: HTTP
  20.     hosts:
  21.     - &quot;example2.example.com&quot;
  1. apiVersion: networking.istio.io/v1alpha3
  2. kind: VirtualService
  3. metadata:
  4.   name: example1
  5.   namespace: ex1
  6. spec:
  7.   hosts:
  8.   - &quot;example1.example.com&quot;
  9.   gateways:
  10.   - foocorp-gateway
  11.   http:
  12.   - match:
  13.     - uri:
  14.         exact: /
  15.     route:
  16.     - destination:
  17.         host: example1.ex1.svc.cluster.local
  18.         port:
  19.           number: 80
  20. ---
  21. apiVersion: networking.istio.io/v1alpha3
  22. kind: VirtualService
  23. metadata:
  24.   name: example2
  25.   namespace: ex2
  26. spec:
  27.   hosts:
  28.   - &quot;example2.example.com&quot;
  29.   gateways:
  30.   - foocorp-gateway
  31.   http:
  32.   - match:
  33.     - uri:
  34.         exact: /
  35.     route:
  36.     - destination:
  37.         host: example2.ex2.svc.cluster.local
  38.         port:
  39.           number: 80

EDIT

You can create gateway in namespace ex1 and ex2, then just change gateway field in virtual service and it should work.

Remember to add namespace/gateway, not only gateway name, like there.

  1. gateways:
  2.   - some-config-namespace/gateway-name

Let me know if that help You.

huangapple
  • 本文由 发表于 2020年1月3日 17:43:05
  • 转载请务必保留本文链接:https://go.coder-hub.com/59576218.html
  • istio
  • kubernetes
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定