在 GKE 上安装 istio 时无法访问 istio-ingressgateway
Cannot access `istio-ingressgateway` when install istio on GKE
我正在尝试在我的 GKE(Google Kubernetes 引擎)上安装 istio
我已完成以下步骤
- 创建集群时启用
istio。这是 运行 kubectl get deployment,svc -n istio-system 时的验证
kubectl get deployment,svc -n istio-system
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.extensions/cluster-local-gateway 1/1 1 1 5d21h
deployment.extensions/istio-citadel 1/1 1 1 5d22h
deployment.extensions/istio-galley 1/1 1 1 5d22h
deployment.extensions/istio-ingressgateway 1/1 1 1 5d22h
deployment.extensions/istio-pilot 1/1 1 1 5d22h
deployment.extensions/istio-policy 1/1 1 1 5d22h
deployment.extensions/istio-sidecar-injector 1/1 1 1 5d22h
deployment.extensions/istio-telemetry 1/1 1 1 5d22h
deployment.extensions/promsd 1/1 1 1 5d22h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/cluster-local-gateway ClusterIP 10.0.1.88 <none> 80/TCP,443/TCP,31400/TCP,15011/TCP,8060/TCP,15030/TCP,15031/TCP 5d21h
service/istio-citadel ClusterIP 10.0.13.49 <none> 8060/TCP,15014/TCP 5d21h
service/istio-galley ClusterIP 10.0.13.164 <none> 443/TCP,15014/TCP,9901/TCP 5d21h
service/istio-ingressgateway LoadBalancer 10.0.7.201 34.87.63.90 15020:30780/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:32221/TCP,15030:31217/TCP,15031:32218/TCP,15032:31962/TCP,15443:32139/TCP 5d21h
service/istio-pilot ClusterIP 10.0.11.239 <none> 15010/TCP,15011/TCP,8080/TCP,15014/TCP 5d21h
service/istio-policy ClusterIP 10.0.3.193 <none> 9091/TCP,15004/TCP,15014/TCP 5d21h
service/istio-sidecar-injector ClusterIP 10.0.9.213 <none> 443/TCP 5d21h
service/istio-telemetry ClusterIP 10.0.3.90 <none> 9091/TCP,15004/TCP,15014/TCP,42422/TCP 5d21h
service/promsd ClusterIP 10.0.3.213 <none> 9090/TCP 5d21h
- 为我的项目命名空间启用
sidecar 注入
这是 运行 kubectl get namespace -L istio-injection 时的输出
kubectl get namespace -L istio-injection
NAME STATUS AGE ISTIO-INJECTION
default Active 5d22h enabled
ingress-nginx Active 2d23h
istio-system Active 5d22h disabled
knative-serving Active 5d22h
kube-public Active 5d22h
kube-system Active 5d22h
timeline Active 5d20h enabled
- 重新启动
timeline 命名空间服务以便启用注入
这是 运行 kubectl get pod -n timeline 时的输出
kubectl get pod -n timeline
NAME READY STATUS RESTARTS AGE
postgres-569db64f87-qwr82 2/2 Running 0 2d
prisma-5748bc8d8-729zq 2/2 Running 0 2d
prisma-5748bc8d8-kqqr9 2/2 Running 0 2d
prisma-5748bc8d8-r5cg2 2/2 Running 0 2d
redis-7df9bc8655-2tjck 2/2 Running 0 2d
redis-7df9bc8655-pvsrp 2/2 Running 0 2d
redis-7df9bc8655-vc6d8 2/2 Running 0 2d
timeline-779d79d4ff-gm4db 2/2 Running 0 2d
timeline-779d79d4ff-jg5zg 2/2 Running 0 2d
timeline-779d79d4ff-q5s9d 2/2 Running 0 2d
- 使用
设置gateway
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: timeline-gateway
namespace: timeline
spec:
selector:
app: timelline
stage: production
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
- 使用
设置virtualservice
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: timeline-virtualservice
namespace: timeline
spec:
hosts:
- "*"
gateways:
- timeline-gateway
http:
- route:
- destination:
host: timeline
port:
number: 4000
下面是我的 timeline 命名空间 deployment 和 service 当 运行 kubectl get deployment,svc -n timeline
kubectl get deployment,svc -n timeline
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.extensions/postgres 1/1 1 1 4d10h
deployment.extensions/prisma 3/3 3 3 4d10h
deployment.extensions/redis 3/3 3 3 4d10h
deployment.extensions/timeline 3/3 3 3 4d10h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/postgres NodePort 10.0.15.150 <none> 5432:30714/TCP 4d10h
service/prisma NodePort 10.0.8.32 <none> 4466:30480/TCP 4d10h
service/redis NodePort 10.0.0.119 <none> 6379:31032/TCP 4d10h
service/timeline NodePort 10.0.7.225 <none> 4000:31890/TCP 4d4h
问题是我总是无法访问 istio-ingressgateway return cannot be found 页面. I have verify mytimelineservice working withngix-ingress-controller`(见下图)
我的设置有什么问题?我们怎样才能使 istio 工作?
我在下面的所有命名空间中列出了我所有的 deployment 和 service
kubectl get deployment,svc --all-namespaces
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
ingress-nginx deployment.extensions/nginx-ingress-controller 1/1 1 1 2d23h
istio-system deployment.extensions/cluster-local-gateway 1/1 1 1 5d22h
istio-system deployment.extensions/istio-citadel 1/1 1 1 5d22h
istio-system deployment.extensions/istio-galley 1/1 1 1 5d22h
istio-system deployment.extensions/istio-ingressgateway 1/1 1 1 5d22h
istio-system deployment.extensions/istio-pilot 1/1 1 1 5d22h
istio-system deployment.extensions/istio-policy 1/1 1 1 5d22h
istio-system deployment.extensions/istio-sidecar-injector 1/1 1 1 5d22h
istio-system deployment.extensions/istio-telemetry 1/1 1 1 5d22h
istio-system deployment.extensions/promsd 1/1 1 1 5d22h
knative-serving deployment.extensions/activator 1/1 1 1 5d22h
knative-serving deployment.extensions/autoscaler 1/1 1 1 5d22h
knative-serving deployment.extensions/cloudrun-controller 1/1 1 1 5d22h
knative-serving deployment.extensions/controller 1/1 1 1 5d22h
knative-serving deployment.extensions/networking-istio 1/1 1 1 5d22h
knative-serving deployment.extensions/webhook 1/1 1 1 5d22h
kube-system deployment.extensions/event-exporter-v0.2.5 1/1 1 1 5d22h
kube-system deployment.extensions/fluentd-gcp-scaler 1/1 1 1 5d22h
kube-system deployment.extensions/heapster-v1.6.1 1/1 1 1 5d22h
kube-system deployment.extensions/kube-dns 2/2 2 2 5d22h
kube-system deployment.extensions/kube-dns-autoscaler 1/1 1 1 5d22h
kube-system deployment.extensions/l7-default-backend 1/1 1 1 5d22h
kube-system deployment.extensions/metrics-server-v0.3.1 1/1 1 1 5d22h
kube-system deployment.extensions/stackdriver-metadata-agent-cluster-level 1/1 1 1 5d22h
kube-system deployment.extensions/tiller-deploy 1/1 1 1 3d21h
timeline deployment.extensions/postgres 1/1 1 1 4d11h
timeline deployment.extensions/prisma 3/3 3 3 4d11h
timeline deployment.extensions/redis 3/3 3 3 4d10h
timeline deployment.extensions/timeline 3/3 3 3 4d10h
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default service/kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 5d22h
ingress-nginx service/ingress-nginx LoadBalancer 10.0.7.136 35.240.157.212 80:32456/TCP,443:30484/TCP 2d23h
istio-system service/cluster-local-gateway ClusterIP 10.0.1.88 <none> 80/TCP,443/TCP,31400/TCP,15011/TCP,8060/TCP,15030/TCP,15031/TCP 5d22h
istio-system service/istio-citadel ClusterIP 10.0.13.49 <none> 8060/TCP,15014/TCP 5d22h
istio-system service/istio-galley ClusterIP 10.0.13.164 <none> 443/TCP,15014/TCP,9901/TCP 5d22h
istio-system service/istio-ingressgateway LoadBalancer 10.0.7.201 34.87.63.90 15020:30780/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:32221/TCP,15030:31217/TCP,15031:32218/TCP,15032:31962/TCP,15443:32139/TCP 5d22h
istio-system service/istio-pilot ClusterIP 10.0.11.239 <none> 15010/TCP,15011/TCP,8080/TCP,15014/TCP 5d22h
istio-system service/istio-policy ClusterIP 10.0.3.193 <none> 9091/TCP,15004/TCP,15014/TCP 5d22h
istio-system service/istio-sidecar-injector ClusterIP 10.0.9.213 <none> 443/TCP 5d22h
istio-system service/istio-telemetry ClusterIP 10.0.3.90 <none> 9091/TCP,15004/TCP,15014/TCP,42422/TCP 5d22h
istio-system service/promsd ClusterIP 10.0.3.213 <none> 9090/TCP 5d22h
knative-serving service/activator-service ClusterIP 10.0.0.5 <none> 80/TCP,81/TCP,9090/TCP 5d22h
knative-serving service/autoscaler ClusterIP 10.0.12.217 <none> 8080/TCP,9090/TCP 5d22h
knative-serving service/controller ClusterIP 10.0.13.31 <none> 9090/TCP 5d22h
knative-serving service/webhook ClusterIP 10.0.2.121 <none> 443/TCP 5d22h
kube-system service/default-http-backend NodePort 10.0.15.7 <none> 80:30617/TCP 5d22h
kube-system service/heapster ClusterIP 10.0.6.253 <none> 80/TCP 5d22h
kube-system service/kube-dns ClusterIP 10.0.0.10 <none> 53/UDP,53/TCP 5d22h
kube-system service/metrics-server ClusterIP 10.0.8.76 <none> 443/TCP 5d22h
kube-system service/tiller-deploy ClusterIP 10.0.3.125 <none> 44134/TCP 3d21h
timeline service/postgres NodePort 10.0.15.150 <none> 5432:30714/TCP 4d11h
timeline service/prisma NodePort 10.0.8.32 <none> 4466:30480/TCP 4d10h
timeline service/redis NodePort 10.0.0.119 <none> 6379:31032/TCP 4d10h
timeline service/timeline NodePort 10.0.7.225 <none> 4000:31890/TCP 4d5h
更新:我添加了 istio-ingressgateway yaml
apiVersion: v1
kind: Service
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"addonmanager.kubernetes.io/mode":"Reconcile","app":"istio-ingressgateway","chart":"gateways","heritage":"Tiller","istio":"ingressgateway","k8s-app":"istio","kubernetes.io/cluster-service":"true","release":"istio"},"name":"istio-ingressgateway","namespace":"istio-system"},"spec":{"ports":[{"name":"status-port","port":15020,"targetPort":15020},{"name":"http2","nodePort":31380,"port":80,"targetPort":80},{"name":"https","nodePort":31390,"port":443},{"name":"tcp","nodePort":31400,"port":31400},{"name":"https-kiali","port":15029,"targetPort":15029},{"name":"https-prometheus","port":15030,"targetPort":15030},{"name":"https-grafana","port":15031,"targetPort":15031},{"name":"https-tracing","port":15032,"targetPort":15032},{"name":"tls","port":15443,"targetPort":15443}],"selector":{"app":"istio-ingressgateway","istio":"ingressgateway","release":"istio"},"type":"LoadBalancer"}}
creationTimestamp: "2019-06-06T17:27:22Z"
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: istio-ingressgateway
chart: gateways
heritage: Tiller
istio: ingressgateway
k8s-app: istio
kubernetes.io/cluster-service: "true"
release: istio
name: istio-ingressgateway
namespace: istio-system
resourceVersion: "1523"
selfLink: /api/v1/namespaces/istio-system/services/istio-ingressgateway
uid: 580def22-8880-11e9-b69f-42010a940126
spec:
clusterIP: 10.0.7.201
externalTrafficPolicy: Cluster
ports:
- name: status-port
nodePort: 30780
port: 15020
protocol: TCP
targetPort: 15020
- name: http2
nodePort: 31380
port: 80
protocol: TCP
targetPort: 80
- name: https
nodePort: 31390
port: 443
protocol: TCP
targetPort: 443
- name: tcp
nodePort: 31400
port: 31400
protocol: TCP
targetPort: 31400
- name: https-kiali
nodePort: 32221
port: 15029
protocol: TCP
targetPort: 15029
- name: https-prometheus
nodePort: 31217
port: 15030
protocol: TCP
targetPort: 15030
- name: https-grafana
nodePort: 32218
port: 15031
protocol: TCP
targetPort: 15031
- name: https-tracing
nodePort: 31962
port: 15032
protocol: TCP
targetPort: 15032
- name: tls
nodePort: 32139
port: 15443
protocol: TCP
targetPort: 15443
selector:
app: istio-ingressgateway
istio: ingressgateway
release: istio
sessionAffinity: None
type: LoadBalancer
status:
loadBalancer:
ingress:
- ip: 34.87.63.90
更新 2:针对 prometheus 部分。我已经更新了 gateway 和 virtualservice 如下
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: timeline-gateway
namespace: timeline
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
- port:
number: 15030
name: https-prometheus
protocol: HTTP
hosts:
- "*"
和
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: timeline-virtualservice
namespace: timeline
spec:
hosts:
- "*"
gateways:
- timeline-gateway
http:
- match:
- port: 80
route:
- destination:
host: timeline
port:
number: 4000
- match:
- port: 15030
route:
- destination:
host: promsd
port:
number: 9090
检查网关的选择器
spec:
selector:
app: timelline
stage: production
它们与 istio-ingressgateway 个广告连播的标签匹配吗?
我怀疑您不需要 app: timelline 和 stage: production 选择器。或者它可能是一个简单的错字 - timelLine
因此,尝试使用以下定义:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: timeline-gateway
namespace: timeline
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
更新:
为了在网关中公开额外的端口,您只需要为每个端口添加一些定义
- port:
number: 15030
name: https-prometheus
protocol: HTTPS
hosts:
- "*"
对于 HTTPS 流量,您还需要证书和私钥
tls:
mode: SIMPLE # enables HTTPS on this port
serverCertificate: /etc/certs/servercert.pem
privateKey: /etc/certs/privatekey.pem
Istio 官方文档中有一个很好的例子——
https://istio.io/docs/reference/config/networking/v1alpha3/gateway/
我正在尝试在我的 GKE(Google Kubernetes 引擎)上安装 istio
我已完成以下步骤
- 创建集群时启用
istio。这是 运行kubectl get deployment,svc -n istio-system 时的验证
kubectl get deployment,svc -n istio-system
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.extensions/cluster-local-gateway 1/1 1 1 5d21h
deployment.extensions/istio-citadel 1/1 1 1 5d22h
deployment.extensions/istio-galley 1/1 1 1 5d22h
deployment.extensions/istio-ingressgateway 1/1 1 1 5d22h
deployment.extensions/istio-pilot 1/1 1 1 5d22h
deployment.extensions/istio-policy 1/1 1 1 5d22h
deployment.extensions/istio-sidecar-injector 1/1 1 1 5d22h
deployment.extensions/istio-telemetry 1/1 1 1 5d22h
deployment.extensions/promsd 1/1 1 1 5d22h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/cluster-local-gateway ClusterIP 10.0.1.88 <none> 80/TCP,443/TCP,31400/TCP,15011/TCP,8060/TCP,15030/TCP,15031/TCP 5d21h
service/istio-citadel ClusterIP 10.0.13.49 <none> 8060/TCP,15014/TCP 5d21h
service/istio-galley ClusterIP 10.0.13.164 <none> 443/TCP,15014/TCP,9901/TCP 5d21h
service/istio-ingressgateway LoadBalancer 10.0.7.201 34.87.63.90 15020:30780/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:32221/TCP,15030:31217/TCP,15031:32218/TCP,15032:31962/TCP,15443:32139/TCP 5d21h
service/istio-pilot ClusterIP 10.0.11.239 <none> 15010/TCP,15011/TCP,8080/TCP,15014/TCP 5d21h
service/istio-policy ClusterIP 10.0.3.193 <none> 9091/TCP,15004/TCP,15014/TCP 5d21h
service/istio-sidecar-injector ClusterIP 10.0.9.213 <none> 443/TCP 5d21h
service/istio-telemetry ClusterIP 10.0.3.90 <none> 9091/TCP,15004/TCP,15014/TCP,42422/TCP 5d21h
service/promsd ClusterIP 10.0.3.213 <none> 9090/TCP 5d21h
- 为我的项目命名空间启用
sidecar注入 这是 运行kubectl get namespace -L istio-injection 时的输出
kubectl get namespace -L istio-injection
NAME STATUS AGE ISTIO-INJECTION
default Active 5d22h enabled
ingress-nginx Active 2d23h
istio-system Active 5d22h disabled
knative-serving Active 5d22h
kube-public Active 5d22h
kube-system Active 5d22h
timeline Active 5d20h enabled
- 重新启动
timeline命名空间服务以便启用注入 这是 运行kubectl get pod -n timeline 时的输出
kubectl get pod -n timeline
NAME READY STATUS RESTARTS AGE
postgres-569db64f87-qwr82 2/2 Running 0 2d
prisma-5748bc8d8-729zq 2/2 Running 0 2d
prisma-5748bc8d8-kqqr9 2/2 Running 0 2d
prisma-5748bc8d8-r5cg2 2/2 Running 0 2d
redis-7df9bc8655-2tjck 2/2 Running 0 2d
redis-7df9bc8655-pvsrp 2/2 Running 0 2d
redis-7df9bc8655-vc6d8 2/2 Running 0 2d
timeline-779d79d4ff-gm4db 2/2 Running 0 2d
timeline-779d79d4ff-jg5zg 2/2 Running 0 2d
timeline-779d79d4ff-q5s9d 2/2 Running 0 2d
- 使用 设置
gateway
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: timeline-gateway
namespace: timeline
spec:
selector:
app: timelline
stage: production
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
- 使用 设置
virtualservice
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: timeline-virtualservice
namespace: timeline
spec:
hosts:
- "*"
gateways:
- timeline-gateway
http:
- route:
- destination:
host: timeline
port:
number: 4000
下面是我的 timeline 命名空间 deployment 和 service 当 运行 kubectl get deployment,svc -n timeline
kubectl get deployment,svc -n timeline
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.extensions/postgres 1/1 1 1 4d10h
deployment.extensions/prisma 3/3 3 3 4d10h
deployment.extensions/redis 3/3 3 3 4d10h
deployment.extensions/timeline 3/3 3 3 4d10h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/postgres NodePort 10.0.15.150 <none> 5432:30714/TCP 4d10h
service/prisma NodePort 10.0.8.32 <none> 4466:30480/TCP 4d10h
service/redis NodePort 10.0.0.119 <none> 6379:31032/TCP 4d10h
service/timeline NodePort 10.0.7.225 <none> 4000:31890/TCP 4d4h
问题是我总是无法访问 istio-ingressgateway return cannot be found 页面. I have verify mytimelineservice working withngix-ingress-controller`(见下图)
我的设置有什么问题?我们怎样才能使 istio 工作?
我在下面的所有命名空间中列出了我所有的 deployment 和 service
kubectl get deployment,svc --all-namespaces
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
ingress-nginx deployment.extensions/nginx-ingress-controller 1/1 1 1 2d23h
istio-system deployment.extensions/cluster-local-gateway 1/1 1 1 5d22h
istio-system deployment.extensions/istio-citadel 1/1 1 1 5d22h
istio-system deployment.extensions/istio-galley 1/1 1 1 5d22h
istio-system deployment.extensions/istio-ingressgateway 1/1 1 1 5d22h
istio-system deployment.extensions/istio-pilot 1/1 1 1 5d22h
istio-system deployment.extensions/istio-policy 1/1 1 1 5d22h
istio-system deployment.extensions/istio-sidecar-injector 1/1 1 1 5d22h
istio-system deployment.extensions/istio-telemetry 1/1 1 1 5d22h
istio-system deployment.extensions/promsd 1/1 1 1 5d22h
knative-serving deployment.extensions/activator 1/1 1 1 5d22h
knative-serving deployment.extensions/autoscaler 1/1 1 1 5d22h
knative-serving deployment.extensions/cloudrun-controller 1/1 1 1 5d22h
knative-serving deployment.extensions/controller 1/1 1 1 5d22h
knative-serving deployment.extensions/networking-istio 1/1 1 1 5d22h
knative-serving deployment.extensions/webhook 1/1 1 1 5d22h
kube-system deployment.extensions/event-exporter-v0.2.5 1/1 1 1 5d22h
kube-system deployment.extensions/fluentd-gcp-scaler 1/1 1 1 5d22h
kube-system deployment.extensions/heapster-v1.6.1 1/1 1 1 5d22h
kube-system deployment.extensions/kube-dns 2/2 2 2 5d22h
kube-system deployment.extensions/kube-dns-autoscaler 1/1 1 1 5d22h
kube-system deployment.extensions/l7-default-backend 1/1 1 1 5d22h
kube-system deployment.extensions/metrics-server-v0.3.1 1/1 1 1 5d22h
kube-system deployment.extensions/stackdriver-metadata-agent-cluster-level 1/1 1 1 5d22h
kube-system deployment.extensions/tiller-deploy 1/1 1 1 3d21h
timeline deployment.extensions/postgres 1/1 1 1 4d11h
timeline deployment.extensions/prisma 3/3 3 3 4d11h
timeline deployment.extensions/redis 3/3 3 3 4d10h
timeline deployment.extensions/timeline 3/3 3 3 4d10h
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default service/kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 5d22h
ingress-nginx service/ingress-nginx LoadBalancer 10.0.7.136 35.240.157.212 80:32456/TCP,443:30484/TCP 2d23h
istio-system service/cluster-local-gateway ClusterIP 10.0.1.88 <none> 80/TCP,443/TCP,31400/TCP,15011/TCP,8060/TCP,15030/TCP,15031/TCP 5d22h
istio-system service/istio-citadel ClusterIP 10.0.13.49 <none> 8060/TCP,15014/TCP 5d22h
istio-system service/istio-galley ClusterIP 10.0.13.164 <none> 443/TCP,15014/TCP,9901/TCP 5d22h
istio-system service/istio-ingressgateway LoadBalancer 10.0.7.201 34.87.63.90 15020:30780/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:32221/TCP,15030:31217/TCP,15031:32218/TCP,15032:31962/TCP,15443:32139/TCP 5d22h
istio-system service/istio-pilot ClusterIP 10.0.11.239 <none> 15010/TCP,15011/TCP,8080/TCP,15014/TCP 5d22h
istio-system service/istio-policy ClusterIP 10.0.3.193 <none> 9091/TCP,15004/TCP,15014/TCP 5d22h
istio-system service/istio-sidecar-injector ClusterIP 10.0.9.213 <none> 443/TCP 5d22h
istio-system service/istio-telemetry ClusterIP 10.0.3.90 <none> 9091/TCP,15004/TCP,15014/TCP,42422/TCP 5d22h
istio-system service/promsd ClusterIP 10.0.3.213 <none> 9090/TCP 5d22h
knative-serving service/activator-service ClusterIP 10.0.0.5 <none> 80/TCP,81/TCP,9090/TCP 5d22h
knative-serving service/autoscaler ClusterIP 10.0.12.217 <none> 8080/TCP,9090/TCP 5d22h
knative-serving service/controller ClusterIP 10.0.13.31 <none> 9090/TCP 5d22h
knative-serving service/webhook ClusterIP 10.0.2.121 <none> 443/TCP 5d22h
kube-system service/default-http-backend NodePort 10.0.15.7 <none> 80:30617/TCP 5d22h
kube-system service/heapster ClusterIP 10.0.6.253 <none> 80/TCP 5d22h
kube-system service/kube-dns ClusterIP 10.0.0.10 <none> 53/UDP,53/TCP 5d22h
kube-system service/metrics-server ClusterIP 10.0.8.76 <none> 443/TCP 5d22h
kube-system service/tiller-deploy ClusterIP 10.0.3.125 <none> 44134/TCP 3d21h
timeline service/postgres NodePort 10.0.15.150 <none> 5432:30714/TCP 4d11h
timeline service/prisma NodePort 10.0.8.32 <none> 4466:30480/TCP 4d10h
timeline service/redis NodePort 10.0.0.119 <none> 6379:31032/TCP 4d10h
timeline service/timeline NodePort 10.0.7.225 <none> 4000:31890/TCP 4d5h
更新:我添加了 istio-ingressgateway yaml
apiVersion: v1
kind: Service
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"addonmanager.kubernetes.io/mode":"Reconcile","app":"istio-ingressgateway","chart":"gateways","heritage":"Tiller","istio":"ingressgateway","k8s-app":"istio","kubernetes.io/cluster-service":"true","release":"istio"},"name":"istio-ingressgateway","namespace":"istio-system"},"spec":{"ports":[{"name":"status-port","port":15020,"targetPort":15020},{"name":"http2","nodePort":31380,"port":80,"targetPort":80},{"name":"https","nodePort":31390,"port":443},{"name":"tcp","nodePort":31400,"port":31400},{"name":"https-kiali","port":15029,"targetPort":15029},{"name":"https-prometheus","port":15030,"targetPort":15030},{"name":"https-grafana","port":15031,"targetPort":15031},{"name":"https-tracing","port":15032,"targetPort":15032},{"name":"tls","port":15443,"targetPort":15443}],"selector":{"app":"istio-ingressgateway","istio":"ingressgateway","release":"istio"},"type":"LoadBalancer"}}
creationTimestamp: "2019-06-06T17:27:22Z"
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: istio-ingressgateway
chart: gateways
heritage: Tiller
istio: ingressgateway
k8s-app: istio
kubernetes.io/cluster-service: "true"
release: istio
name: istio-ingressgateway
namespace: istio-system
resourceVersion: "1523"
selfLink: /api/v1/namespaces/istio-system/services/istio-ingressgateway
uid: 580def22-8880-11e9-b69f-42010a940126
spec:
clusterIP: 10.0.7.201
externalTrafficPolicy: Cluster
ports:
- name: status-port
nodePort: 30780
port: 15020
protocol: TCP
targetPort: 15020
- name: http2
nodePort: 31380
port: 80
protocol: TCP
targetPort: 80
- name: https
nodePort: 31390
port: 443
protocol: TCP
targetPort: 443
- name: tcp
nodePort: 31400
port: 31400
protocol: TCP
targetPort: 31400
- name: https-kiali
nodePort: 32221
port: 15029
protocol: TCP
targetPort: 15029
- name: https-prometheus
nodePort: 31217
port: 15030
protocol: TCP
targetPort: 15030
- name: https-grafana
nodePort: 32218
port: 15031
protocol: TCP
targetPort: 15031
- name: https-tracing
nodePort: 31962
port: 15032
protocol: TCP
targetPort: 15032
- name: tls
nodePort: 32139
port: 15443
protocol: TCP
targetPort: 15443
selector:
app: istio-ingressgateway
istio: ingressgateway
release: istio
sessionAffinity: None
type: LoadBalancer
status:
loadBalancer:
ingress:
- ip: 34.87.63.90
更新 2:针对 prometheus 部分。我已经更新了 gateway 和 virtualservice 如下
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: timeline-gateway
namespace: timeline
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
- port:
number: 15030
name: https-prometheus
protocol: HTTP
hosts:
- "*"
和
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: timeline-virtualservice
namespace: timeline
spec:
hosts:
- "*"
gateways:
- timeline-gateway
http:
- match:
- port: 80
route:
- destination:
host: timeline
port:
number: 4000
- match:
- port: 15030
route:
- destination:
host: promsd
port:
number: 9090
检查网关的选择器
spec:
selector:
app: timelline
stage: production
它们与 istio-ingressgateway 个广告连播的标签匹配吗?
我怀疑您不需要 app: timelline 和 stage: production 选择器。或者它可能是一个简单的错字 - timelLine
因此,尝试使用以下定义:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: timeline-gateway
namespace: timeline
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
更新: 为了在网关中公开额外的端口,您只需要为每个端口添加一些定义
- port:
number: 15030
name: https-prometheus
protocol: HTTPS
hosts:
- "*"
对于 HTTPS 流量,您还需要证书和私钥
tls:
mode: SIMPLE # enables HTTPS on this port
serverCertificate: /etc/certs/servercert.pem
privateKey: /etc/certs/privatekey.pem
Istio 官方文档中有一个很好的例子—— https://istio.io/docs/reference/config/networking/v1alpha3/gateway/