无法通过istio使用浏览器从外部获取产品页面

can't get product page from outside using browser via istio

嘿,制作示例图书应用程序已经好几天了 运行。我是 istio 的新手并试图了解它。我按照 demo 的另一种方式设置 bookinfo。我在带有 docker 作为驱动程序的 virtualbox 机器中使用 minikube。我将 metalLB 设置为 ingress-gateway 的负载均衡器,这是我用于 metalLB 的配置图:

apiVersion: v1
kind: ConfigMap
metadata:
  namespace: metallb-system
  name: config
data:
  config: |
    address-pools:
    - name: custom-ip-space
      protocol: layer2
      addresses:
      - 192.168.49.2/28

192.168.49.2是命令的结果:minikube ip

ingressgateway yaml 文件:

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: bookinfo-gateway
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
    - port:
        number: 80
        name: http
        protocol: HTTP
      hosts:
        - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: bookinfo
spec:
  hosts:
    - "*"
  gateways:
    - bookinfo-gateway
  http:
    - route:
        - destination:
            host: productpage
            port:
              number: 9080

kubectl get svc -n istio-system的输出命令:


NAME                     TYPE           CLUSTER-IP       EXTERNAL-IP    PORT(S)                                                                                                                                      AGE
grafana                  ClusterIP      10.111.105.179   <none>         3000/TCP                                                                                                                                     34m
istio-citadel            ClusterIP      10.100.38.218    <none>         8060/TCP,15014/TCP                                                                                                                           34m
istio-egressgateway      ClusterIP      10.101.66.207    <none>         80/TCP,443/TCP,15443/TCP                                                                                                                     34m
istio-galley             ClusterIP      10.103.112.155   <none>         443/TCP,15014/TCP,9901/TCP                                                                                                                   34m
istio-ingressgateway     LoadBalancer   10.97.23.39      192.168.49.0   15020:32717/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:32199/TCP,15030:30010/TCP,15031:30189/TCP,15032:31134/TCP,15443:30748/TCP   34m
istio-pilot              ClusterIP      10.108.133.31    <none>         15010/TCP,15011/TCP,8080/TCP,15014/TCP                                                                                                       34m
istio-policy             ClusterIP      10.100.74.207    <none>         9091/TCP,15004/TCP,15014/TCP                                                                                                                 34m
istio-sidecar-injector   ClusterIP      10.97.224.99     <none>         443/TCP,15014/TCP                                                                                                                            34m
istio-telemetry          ClusterIP      10.101.165.139   <none>         9091/TCP,15004/TCP,15014/TCP,42422/TCP                                                                                                       34m
jaeger-agent             ClusterIP      None             <none>         5775/UDP,6831/UDP,6832/UDP                                                                                                                   34m
jaeger-collector         ClusterIP      10.111.188.83    <none>         14267/TCP,14268/TCP,14250/TCP                                                                                                                34m
jaeger-query             ClusterIP      10.103.148.144   <none>         16686/TCP                                                                                                                                    34m
kiali                    ClusterIP      10.111.57.222    <none>         20001/TCP                                                                                                                                    34m
prometheus               ClusterIP      10.107.204.95    <none>         9090/TCP                                                                                                                                     34m
tracing                  ClusterIP      10.104.88.173    <none>         80/TCP                                                                                                                                       34m
zipkin                   ClusterIP      10.111.162.93    <none>         9411/TCP                                                                                                                                     34m

并且在尝试卷曲时 192.168.49.0:80/productpage 我得到:

*   Trying 192.168.49.0...
* TCP_NODELAY set
* Immediate connect fail for 192.168.49.0: Network is unreachable
* Closing connection 0
curl: (7) Couldn't connect to server
myhost@k8s:~$ curl 192.168.49.0:80/productpage
curl: (7) Couldn't connect to server

在设置 metalLB 之前,连接被拒绝!

请问有什么解决办法吗?因为已经花了 5 天时间才修复它。

我按照here的步骤操作,一切正常!

在我看来,这是 MetalLB 配置的问题。

您正试图让 MetalLB 控制来自 192.168.49.2/28 网络的 IP。
我们可以为 192.168.49.2/28 网络计算:HostMin=192.168.49.1HostMax=192.168.49.14.

正如我们所见,您的 istio-ingressgateway LoadBalancer 服务分配了地址 192.168.49.0,我认为这就是问题的原因。

我建议从 192.168.49.2/28 更改为一个范围,例如 192.168.49.10-192.168.49.20


我创建了一个示例来说明如何更改配置。

如你所见,一开始我的配置和你一模一样(我也无法使用curl命令连接到服务器):

$ kubectl get svc -n istio-system istio-ingressgateway
NAME                   TYPE           CLUSTER-IP     EXTERNAL-IP                                                                                                                                       
istio-ingressgateway   LoadBalancer   10.109.75.19   192.168.49.0    


$ curl 192.168.49.0:80/productpage
curl: (7) Couldn't connect to server

首先,我修改了config ConfigMap:
注意: 我将 192.168.49.2/28 更改为 192.168.49.10-192.168.49.20

$ kubectl edit cm config -n metallb-system 

然后我重新启动了所有控制器和扬声器 Pods 以强制 MetalLB 使用新配置(参见:Metallb ConfigMap update)。

$ kubectl delete pod -n metallb-system --all      
pod "controller-65db86ddc6-gf49h" deleted
pod "speaker-7l66v" deleted

一段时间后,我们应该看到一个新的 EXTERNAL-IP 分配给了 istio-ingressgateway Service:

kubectl get svc -n istio-system istio-ingressgateway
NAME                   TYPE           CLUSTER-IP       EXTERNAL-IP                                                                                                                                         AGE
istio-ingressgateway   LoadBalancer   10.106.170.227   192.168.49.10  

最后,我们可以检查它是否按预期工作:

$ curl 192.168.49.10:80/productpage                   
<!DOCTYPE html>
<html>
  <head>
    <title>Simple Bookstore App</title>
...