After istio is installed, follow these steps:
0. Label the default namespace for istio sidecar injectionkubectl label namespace default istio-injection=enabled --overwrite
1. Patch istio-ingressgateway service so that the new port is supported.
Create a file named patch-service.yaml with the following content:
spec:
ports:
- name: tcp-31400
protocol: TCP
port: 31400
targetPort: 31400
Run the following command
kubectl -n istio-system patch service istio-ingressgateway --patch "$(cat patch-service.yaml)"
2. Create deployment, service, gateway and virtual service
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-world-deployment
spec:
selector:
matchLabels:
greeting: hello
department: world
replicas: 1
template:
metadata:
labels:
greeting: hello
department: world
spec:
containers:
- name: hello
image: "email4tong/pathecho:latest"
imagePullPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: hello-world
spec:
selector:
greeting: hello
department: world
ports:
- protocol: TCP
port: 7000
targetPort: 8080
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: tcp-echo-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 31400
name: tcp
protocol: TCP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- port: 31400
route:
- destination:
host: hello-world.default.svc.cluster.local
port:
number: 7000
3. Now use the istio-ingressgateway service external endpoint (IP or hostname) and port 31400 to access the service. In above example, it is a simple http echo, so use curl to test is fine. If the actual service is not http but using any other tcp protocols, then you cannot use curl to test
No comments:
Post a Comment