After istio is installed, follow these steps:
0. Label the default namespace for istio sidecar injection
kubectl label namespace default istio-injection=enabled --overwrite
1. Patch istio-ingressgateway service so that the new port is supported.
Create a file named patch-service.yaml with the following content:
spec:
ports:
- name: tcp-31400
protocol: TCP
port: 31400
targetPort: 31400
Run the following command
kubectl -n istio-system patch service istio-ingressgateway --patch "$(cat patch-service.yaml)"
2. Create deployment, service, gateway and virtual service
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-world-deployment
spec:
selector:
matchLabels:
greeting: hello
department: world
replicas: 1
template:
metadata:
labels:
greeting: hello
department: world
spec:
containers:
- name: hello
image: "email4tong/pathecho:latest"
imagePullPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: hello-world
spec:
selector:
greeting: hello
department: world
ports:
- protocol: TCP
port: 7000
targetPort: 8080
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: tcp-echo-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 31400
name: tcp
protocol: TCP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- port: 31400
route:
- destination:
host: hello-world.default.svc.cluster.local
port:
number: 7000
3. Now use the istio-ingressgateway service external endpoint (IP or hostname) and port 31400 to access the service. In above example, it is a simple http echo, so use curl to test is fine. If the actual service is not http but using any other tcp protocols, then you cannot use curl to test