如何为 istio 入口网关添加自定义端口?
How to add custom port for istio ingress gateway?
我是 istio 新手。我有一个简单的入口网关yaml文件,监听端口是26931,但是在我应用yaml之后,端口26931并没有出现在入口网关公开的端口集中。那么我是缺少一些必要的步骤还是其他什么?
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: batman-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 26931
name: http
protocol: HTTP
hosts:
- "*"
您公开的端口不是网关对象,而是 istio-ingressgateway 服务。
kubectl edit svc istio-ingressgateway -n istio-system
所以如果你想暴露端口 26931,你应该使用网关服务
ports:
- name: http
nodePort: 30001
port: 26931
protocol: TCP
targetPort: 80
还评论了您之前的 post-
端口设置在 Helm subchart for gateways 中完成。您可以在 Istio 的 values.yaml 中以声明方式定义其他端口,而不是直接编辑服务,如下所示。
注意:从 Istio v1.2 和 v1.3.0 开始,原始子图中定义的默认端口列表将被 覆盖这样。为了保持默认不变,下面的代码片段有一些硬复制的值。
gateways:
istio-ingressgateway:
ports:
# Default port list copied from the original subchart values
# Ref: https://github.com/istio/istio/blob/release-1.2/install/kubernetes/helm/istio/charts/gateways/values.yaml
# (the ports below override the default and do not get merged, and thus need to be copied here)
- port: 15020
targetPort: 15020
name: status-port
- port: 80
targetPort: 80
name: http2
nodePort: 31380
- port: 443
name: https
nodePort: 31390
- port: 15029
targetPort: 15029
name: https-kiali
- port: 15030
targetPort: 15030
name: https-prometheus
- port: 15031
targetPort: 15031
name: https-grafana
- port: 15032
targetPort: 15032
name: https-tracing
# This is the port where sni routing happens
- port: 15443
targetPort: 15443
name: tls
##=== Additional Ports =======================##
- port: 8080
targetPort: 8080
name: http-custom
- port: 8081
targetPort: 8081
name: http-custom-backup
##____________________________________________##
从 Istio 1.5.1 开始,使用 istioctl 和以下命令安装(参见 official doc):
istioctl manifest apply -f your-overlay-config.yaml
可以在 your-overlay-config.yaml 文件的 components.ingressGateways 部分下指定其他端口。例如:
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
spec:
components:
citadel:
enabled: true
sidecarInjector:
enabled: true
telemetry:
enabled: true
ingressGateways:
- name: istio-ingressgateway
enabled: true
k8s:
service:
ports:
# We have to specify original ports otherwise it will be erased
- port: 15020
targetPort: 15020
name: status-port
- port: 80
targetPort: 80
name: http2
- port: 443
name: https
- port: 15029
targetPort: 15029
name: kiali
- port: 15030
targetPort: 15030
name: prometheus
- port: 15031
targetPort: 15031
name: grafana
- port: 15032
targetPort: 15032
name: tracing
- port: 15443
targetPort: 15443
name: tls
- port: 31400
name: tcp
# Your additional ports
- port: 10000
name: misc
addonComponents:
prometheus:
enabled: false
values:
sidecarInjectorWebhook:
enableNamespacesByDefault: true
global:
proxy:
accessLogFile: "/dev/stdout"
gateways:
istio-egressgateway:
enabled: false
istio-ingressgateway:
sds:
enabled: true
值得注意的是,对于 Istio 1.5 和 Istio 1.4 端口必须在 values.gateways.istio-ingressgateway 部分指定。
我是 istio 新手。我有一个简单的入口网关yaml文件,监听端口是26931,但是在我应用yaml之后,端口26931并没有出现在入口网关公开的端口集中。那么我是缺少一些必要的步骤还是其他什么?
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: batman-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 26931
name: http
protocol: HTTP
hosts:
- "*"
您公开的端口不是网关对象,而是 istio-ingressgateway 服务。
kubectl edit svc istio-ingressgateway -n istio-system
所以如果你想暴露端口 26931,你应该使用网关服务
ports:
- name: http
nodePort: 30001
port: 26931
protocol: TCP
targetPort: 80
还评论了您之前的 post-
端口设置在 Helm subchart for gateways 中完成。您可以在 Istio 的 values.yaml 中以声明方式定义其他端口,而不是直接编辑服务,如下所示。
注意:从 Istio v1.2 和 v1.3.0 开始,原始子图中定义的默认端口列表将被 覆盖这样。为了保持默认不变,下面的代码片段有一些硬复制的值。
gateways:
istio-ingressgateway:
ports:
# Default port list copied from the original subchart values
# Ref: https://github.com/istio/istio/blob/release-1.2/install/kubernetes/helm/istio/charts/gateways/values.yaml
# (the ports below override the default and do not get merged, and thus need to be copied here)
- port: 15020
targetPort: 15020
name: status-port
- port: 80
targetPort: 80
name: http2
nodePort: 31380
- port: 443
name: https
nodePort: 31390
- port: 15029
targetPort: 15029
name: https-kiali
- port: 15030
targetPort: 15030
name: https-prometheus
- port: 15031
targetPort: 15031
name: https-grafana
- port: 15032
targetPort: 15032
name: https-tracing
# This is the port where sni routing happens
- port: 15443
targetPort: 15443
name: tls
##=== Additional Ports =======================##
- port: 8080
targetPort: 8080
name: http-custom
- port: 8081
targetPort: 8081
name: http-custom-backup
##____________________________________________##
从 Istio 1.5.1 开始,使用 istioctl 和以下命令安装(参见 official doc):
istioctl manifest apply -f your-overlay-config.yaml
可以在 your-overlay-config.yaml 文件的 components.ingressGateways 部分下指定其他端口。例如:
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
spec:
components:
citadel:
enabled: true
sidecarInjector:
enabled: true
telemetry:
enabled: true
ingressGateways:
- name: istio-ingressgateway
enabled: true
k8s:
service:
ports:
# We have to specify original ports otherwise it will be erased
- port: 15020
targetPort: 15020
name: status-port
- port: 80
targetPort: 80
name: http2
- port: 443
name: https
- port: 15029
targetPort: 15029
name: kiali
- port: 15030
targetPort: 15030
name: prometheus
- port: 15031
targetPort: 15031
name: grafana
- port: 15032
targetPort: 15032
name: tracing
- port: 15443
targetPort: 15443
name: tls
- port: 31400
name: tcp
# Your additional ports
- port: 10000
name: misc
addonComponents:
prometheus:
enabled: false
values:
sidecarInjectorWebhook:
enableNamespacesByDefault: true
global:
proxy:
accessLogFile: "/dev/stdout"
gateways:
istio-egressgateway:
enabled: false
istio-ingressgateway:
sds:
enabled: true
值得注意的是,对于 Istio 1.5 和 Istio 1.4 端口必须在 values.gateways.istio-ingressgateway 部分指定。