网关描述了在网格边缘操作的负载均衡器,用于接收传入或传出的HTTP/TCP连接。使用如下yaml定义中提供的声明来部署自定义网关应用:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: istio-myexample-customingressgateway
namespace: default
labels:
chart: gateways-1.2.3
release: myexample-customingressgateway
heritage: Tiller
app: istio-myexample-customingressgateway
istio: istio-myexample-customingressgateway
spec:
replicas: 1
template:
metadata:
labels:
app: istio-myexample-customingressgateway
istio: istio-myexample-customingressgateway
annotations:
sidecar.istio.io/inject: "false"
scheduler.alpha.kubernetes.io/critical-pod: ""
spec:
serviceAccountName: istio-myexample-customingressgateway-service-account
containers:
- name: istio-proxy
image: "registry.cn-beijing.aliyuncs.com/aliacs-app-catalog/proxyv2:1.2.3"
imagePullPolicy:
ports:
- containerPort: 80
- containerPort: 443
args:
- proxy
- router
- -v
- "2"
- --discoveryRefreshDelay
- '1s' #discoveryRefreshDelay
- --drainDuration
- '45s' #drainDuration
- --parentShutdownDuration
- '1m0s' #parentShutdownDuration
- --connectTimeout
- '10s' #connectTimeout
- --serviceCluster
- istio-myexample-customingressgateway
- --zipkinAddress
- zipkin.istio-system:9411
- --proxyAdminPort
- "15000"
- --controlPlaneAuthPolicy
- NONE
- --discoveryAddress
- istio-pilot.istio-system:8080
resources:
null
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INSTANCE_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: ISTIO_META_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
volumeMounts:
- name: istio-certs
mountPath: /etc/certs
readOnly: true
- name: ingressgateway-certs
mountPath: "/etc/istio/ingressgateway-certs"
readOnly: true
- name: ingressgateway-ca-certs
mountPath: "/etc/istio/ingressgateway-ca-certs"
readOnly: true
volumes:
- name: istio-certs
secret:
secretName: istio.istio-myexample-customingressgateway-service-account
optional: true
- name: ingressgateway-certs
secret:
secretName: "istio-myexample-customingressgateway-certs"
optional: true
- name: ingressgateway-ca-certs
secret:
secretName: "istio-ingressgateway-ca-certs"
optional: true
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
- ppc64le
- s390x
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 2
preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
- weight: 2
preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- ppc64le
- weight: 2
preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- s390x
以下网关配置设置代理以充当负载均衡器,为入口公开端口80和443(https)。使用如下yaml定义中提供的声明来创建自定义网关的服务:
apiVersion: v1
kind: Service
metadata:
name: istio-myexample-customingressgateway
namespace: default
annotations:
labels:
chart: gateways-1.2.3
release: myexample-customingressgateway
heritage: Tiller
app: istio-myexample-customingressgateway
istio: istio-myexample-customingressgateway
spec:
type: LoadBalancer
externalTrafficPolicy: Local
selector:
app: istio-myexample-customingressgateway
istio: istio-myexample-customingressgateway
ports:
- name: http2
port: 80
- name: https
port: 443