欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

Istio - Https-gateway(1.7.4版本)

程序员文章站 2022-06-17 13:09:12
...

官方参考:
Istio - task/traffic-management/ingress/secure-ingress

基本步骤:

1、创建secret

在K8s集群的某台机器上放置证书文件,进到证书文件目录,后基于kubectl命令创建证书secret

kubectl create -n istio-system secret tls mycom-crt --key=cert.key --cert=cert.crt

注意:
secret命令空间一定要选istio-system,否则Istio ingress-gateway pod容器无法加载secret(搞错namespace必被坑,每次一坑???? )

ingress-gateway无法加载证书secret日志:
Istio - Https-gateway(1.7.4版本)
ingress-gateway正确加载证书日志:
Istio - Https-gateway(1.7.4版本)

2、创建gateway

新版本的gateway可直接通过credentialName来关联证书对应的secret

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: mygateway
spec:
  selector:
    istio: ingressgateway # use istio default ingress gateway
  servers:
  - port:
      number: 443
      name: https
      protocol: HTTPS
    tls:
      mode: SIMPLE
      credentialName: mycom-crt # must be the same as secret
    hosts:
    - httpbin.example.com

新版1.7.4 gateway.tls配置
Istio - Https-gateway(1.7.4版本)
3、通过virtualservice关联gateway

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: httpbin
spec:
  hosts:
  - "httpbin.example.com"
  gateways:
  - mygateway
  http:
  - match:
    - uri:
        prefix: /status
    - uri:
        prefix: /delay
    route:
    - destination:
        port:
          number: 8000
        host: httpbin
相关标签: istio