问题描述
我想知道如何在同一端口上匹配gRPC路由.这是我希望通过VirtualService完成的示例:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: istio-ingress
spec:
hosts:
- "*"
gateways:
- istio-gateway
http:
- match:
- uri:
prefix: "/custom.api/stream"
- port: 31400
route:
- destination:
host: stream-handler.default.svc.cluster.local
port:
number: 8444
timeout: 60s
retries:
attempts: 3
perTryTimeout: 2s
- match:
- port: 31400
route:
- destination:
host: api.default.svc.cluster.local
port:
number: 8443
timeout: 60s
retries:
attempts: 3
perTryTimeout: 2s
所以基本上:对于31400中的所有请求,第一个匹配项都在"/custom.api/stream"中查找要流式传输的请求,该流具有我的流服务器的目的地.
第二条通则是进入我的主要API.
我的目标是使所有连接都通过31400,然后将请求分解为专用的内部服务.将来,我可能会进一步拆分服务(不仅用于流媒体). IE.端点的整个组可能由单独的群集处理.
当我部署此规则时,尽管整个VS似乎都失败了,但没有任何反应.
端口在Ingressgateway
中对外公开,应使用Gateway
在内部进行配置. VirtualService
仅用于第7层路由(一旦连接到Gateway
).
在您的 match
配置中,您指定要寻址的主机应在端口31400中接收请求,而不是该服务正在此处侦听.从文档:
在您的情况下,您可能需要创建一个新的Gateway
来处理暴露端口的配置,然后使用VirtualService
附加路由部分:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: grpc-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 31400
name: grpc
protocol: GRPC
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: grpc-virtualservice
spec:
hosts:
- "*"
gateways:
- grcp-gateway
http:
- match:
- uri:
exact: "/custom.api/stream"
route:
- destination:
host: stream-handler.default.svc.cluster.local
port:
number: 8444
timeout: 60s
retries:
attempts: 3
perTryTimeout: 2s
- match:
- uri:
prefix: "/"
route:
- destination:
host: api.default.svc.cluster.local
port:
number: 8443
timeout: 60s
retries:
attempts: 3
perTryTimeout: 2s
由于match
不能为空,您需要为其添加前缀,以获取除先前的URI exact 匹配项之外的所有内容.
I'm wondering how I can match gRPC routes on the same port. Here's an example of what I was hoping to accomplish with my VirtualService:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: istio-ingress
spec:
hosts:
- "*"
gateways:
- istio-gateway
http:
- match:
- uri:
prefix: "/custom.api/stream"
- port: 31400
route:
- destination:
host: stream-handler.default.svc.cluster.local
port:
number: 8444
timeout: 60s
retries:
attempts: 3
perTryTimeout: 2s
- match:
- port: 31400
route:
- destination:
host: api.default.svc.cluster.local
port:
number: 8443
timeout: 60s
retries:
attempts: 3
perTryTimeout: 2s
So basically: for all requests into 31400 the first match looks for requests to stream at "/custom.api/stream" which has a destination of my stream server.
The second rule as a catch all to gain entry to my main API.
My goal is to have all connections coming through 31400 and then splinter off the request to a dedicated internal service. In the future I'll likely split off services even further (not just for streaming). ie. entire groups of the endpoint might be handled by separate clusters.
When I deploy this rule though the whole VS seems to fail and nothing responds.
Ports are externally exposed in the Ingressgateway
and should be internally configured using a Gateway
. The VirtualService
is intended for layer 7 routing only (once attached to a Gateway
).
In your match
configuration, you're specifying that the addressed host should receive requests in the port 31400, not that the service is listening there. From the documentation:
In your case, you might want to create a new Gateway
to take care of the exposed port's configuration and then, attach the routing part using your VirtualService
:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: grpc-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 31400
name: grpc
protocol: GRPC
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: grpc-virtualservice
spec:
hosts:
- "*"
gateways:
- grcp-gateway
http:
- match:
- uri:
exact: "/custom.api/stream"
route:
- destination:
host: stream-handler.default.svc.cluster.local
port:
number: 8444
timeout: 60s
retries:
attempts: 3
perTryTimeout: 2s
- match:
- uri:
prefix: "/"
route:
- destination:
host: api.default.svc.cluster.local
port:
number: 8443
timeout: 60s
retries:
attempts: 3
perTryTimeout: 2s
Since match
cannot be empty, you need to prefix it to pick up whatever is coming except for the previous URI exact match.
这篇关于为同一端口上的不同路径匹配Istio虚拟服务路由的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!