在Istio1.1.0以後,增強了對TCP路由的支持(Weight、Port),因爲有項目使用TCP連接,故對TCP路由進行了探索;
官網示例
官方參考:TCP Traffic Shifting
官網的示例配置:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: tcp-echo-v1
spec:
replicas: 1
template:
metadata:
labels:
app: tcp-echo
version: v1
spec:
containers:
- name: tcp-echo
image: istio/tcp-echo-server:1.1
imagePullPolicy: IfNotPresent
args: [ "9000", "one" ]
ports:
- containerPort: 9000
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: tcp-echo-v2
spec:
replicas: 1
template:
metadata:
labels:
app: tcp-echo
version: v2
spec:
containers:
- name: tcp-echo
image: istio/tcp-echo-server:1.1
imagePullPolicy: IfNotPresent
args: [ "9000", "two" ]
ports:
- containerPort: 9000
---
apiVersion: v1
kind: Service
metadata:
name: tcp-echo
labels:
app: tcp-echo
spec:
ports:
- name: tcp
port: 9000
selector:
app: tcp-echo
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: tcp-echo-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 31400
name: tcp
protocol: TCP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- port: 31400
route:
- destination:
host: tcp-echo
port:
number: 9000
subset: v1
weight: 80
- destination:
host: tcp-echo
port:
number: 9000
subset: v2
weight: 20
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: tcp-echo-destination
spec:
host: tcp-echo
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
以上有幾點需要注意:
(1)Gateway中31340端口爲istio-ingressgateway默認綁定的tcp端口,可通過istio-system.service.istio-ingressgateway進行查看;
(2)Gateway中host定義爲*,表示接受所有域名,同時VirtualService中host同爲*,與Gateway中host相對應;
(3)VirtualService中match.port爲Gateway中監聽的port 31340,並且將Gateway port 31340映射到目標應用destination port 9000端口(應用service實際端口),即將外部端口31340映射到具體tcp服務的9000端口;
使用其他(非31340)端口
官網示例中默認使用了31340端口,若想在Gateway中使用31340以外的端口(例如28674等),在Istio官網中沒有提到,參考了阿里雲棲社區的Istio流量管理實踐之(1): 通過Istio規則來實現TCP入口流量路由的統一管理,並經過摸索,總結出若想使用31340以外的端口,則需要在istio-system.service.istio-ingressgateway中添加端口定義,例如我想在gateway中使用28674端口,則在istio-system.service.istio-ingressgateway中添加28674端口的定義,name有意義不重複即可,修改如下圖:
之後便可在Gateway中使用該28674端口,否則除31340以外沒有被定義的端口都是不好用的
補充:關於Istio-ingressgateway中端口定義, 可以動態添加端口定義,其中port爲Gateway中監聽的port,而nodePort爲外部服務進入的端口,例如port=80,nodePort=31380,則通過domainName訪問進入nodePort 31380端口,但是在Gateway中配置監聽的port爲80;