随着业务的扩展,有时候希望客户能就近访问我们的网站,减少网络延迟,但是很多时候会在多地域部署相同的服务,其实有了istio后,我们可以利用就近接入来解决这个问题,这样无需在另一地域集群部署整套业务,只需在网格管理的另一个集群中部署边缘代理网关并配置好监听规则,即可以另一集群为入口访问电商网站业务

腾讯云上的服务网格如果不同地域通过云联网打通了可以通过同一个网格管理,下面我们通过同一个vpc下的2个集群模拟多个地域来配置下就近访问

首先我们在网格主集群A中部署一个nginx服务,通过gateway提供访问

apiVersion: apps/v1
kind: Deployment
metadata:
  generation: 5
  labels:
    k8s-app: nginx
    qcloud-app: nginx
  name: nginx
  namespace: mesh
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: nginx
      qcloud-app: nginx
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        k8s-app: nginx
        qcloud-app: nginx
    spec:
      containers:
      - image: nginx
        imagePullPolicy: Always
        name: nginx
        resources:
          limits:
            cpu: 500m
            memory: 1Gi
          requests:
            cpu: 250m
            memory: 256Mi
        securityContext:
          privileged: false
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      imagePullSecrets:
      - name: qcloudregistrykey
      restartPolicy: Always

---

apiVersion: v1
kind: Service
metadata:
  name: nginx-test
  namespace: mesh
spec:
  ports:
  - name: 80-80-tcp
    port: 80
    protocol: TCP
    targetPort: 80
  selector:
    k8s-app: nginx
    qcloud-app: nginx
  sessionAffinity: None
  type: ClusterIP

主集群A部署gateway

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: nginx-gw
  namespace: mesh
spec:
  servers:
    - port:
        number: 88
        name: HTTP-88-ebsi
        protocol: HTTP
      hosts:
        - '*'
  selector:
    app: istio-ingressgateway
    istio: ingressgateway

我们将子集群B加入网格内,也会部署一个istio-ingressgateway作为访问的入口,然后在B集群部署一个gateway来访问我们A集群部署的服务

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: child-gw
  namespace: mesh
spec:
  servers:
    - port:
        number: 80
        name: HTTP-80-6pnq
        protocol: HTTP
      hosts:
        - '*'
  selector:
    app: istio-ingressgateway-2
    istio: ingressgateway

然后我们创建一个VirtualService来关联这2个gateway

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: nearest-access-vs
  namespace: mesh
spec:
  hosts:
    - '*'
  gateways:
    - mesh/child-gw
    - mesh/nginx-gw
  http:
    - route:
        - destination:
            host: nginx-test.mesh.svc.cluster.local
            port:
              number: 80

现在我们在B集群没有部署nginx服务,然后我们用B集群的gateway来访问我们服务看是否能访问到

[root@VM-17-4-centos ~]# kubectl get svc -n istio-system
NAME                     TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                         AGE
istio-ingressgateway-2   LoadBalancer   172.22.253.209   10.0.0.31     80:31199/TCP,15021:30299/TCP    4h5m
istiod-1-8-1             LoadBalancer   172.22.255.147   10.0.0.141    15012:32190/TCP,443:31540/TCP   4h28m
istiod-1-8-1-injector    ClusterIP      None             <none>        443/TCP                         4h28m
kube-mesh                LoadBalancer   172.22.254.32    10.0.0.144    443:30431/TCP                   4h28m
zipkin                   ClusterIP      172.22.255.45    <none>        9411/TCP                        4h27m
[root@VM-17-4-centos ~]# kubectl get pod -n mesh
No resources found in mesh namespace.
[root@VM-17-4-centos ~]# kubectl get svc -n istio-system
NAME                     TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                         AGE
istio-ingressgateway-2   LoadBalancer   172.22.253.209   10.0.0.31     80:31199/TCP,15021:30299/TCP    4h5m
istiod-1-8-1             LoadBalancer   172.22.255.147   10.0.0.141    15012:32190/TCP,443:31540/TCP   4h28m
istiod-1-8-1-injector    ClusterIP      None             <none>        443/TCP                         4h28m
kube-mesh                LoadBalancer   172.22.254.32    10.0.0.144    443:30431/TCP                   4h28m
zipkin                   ClusterIP      172.22.255.45    <none>        9411/TCP                        4h27m
[root@VM-17-4-centos ~]# kubectl get pod -n mesh
No resources found in mesh namespace.
[root@VM-17-4-centos ~]# curl 10.0.0.31:80
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

从上面测试结果看,我们的ingressgateway的service是一个内网lb,并且我们在mesh命名空间下没有部署服务,我们通过lb的vip和80端口是可以访问到nginx服务的,这里说明我们访问B集群的流量被路由到了主集群A中。

© vishon all right reserved,powered by GitbookUpdated at 2021-06-04 19:06:27

results matching ""

    No results matching ""