如何为公共和私有域运行多个入口网关 [英] How to run multiple ingress gateway for public and private domains

问题描述

我的kubernetes集群中运行着多个公共和私有应用程序.我想通过运行多个istio-gateway部署来区分每种类型的流量.有没有直接的方法可以使用istio来实现它.

I have multiple public and private applications running in my kubernetes cluster. I want to separate out traffic for each type by running multiple istio-gateway deployments. Is there any straight methods to implement it with istio.

对于这两种类型的应用程序，我都使用自定义CA并手动将证书作为密钥导入.我是否需要证书管理者的任何部分来实现我的用例

For both type of application I am using custom CA and importing certificates as secret manually. Do I need to anything cert manager part to achieve my use case

推荐答案

不需要cert-manager即可实现此配置.

The cert-manager is not required to achieve this configuration.

要在默认域名(公共域名)旁边安装自定义istio-ingress-gateway(私有域名)，您可以举个例子'

To install custom istio-ingress-gateway (for you private domain) next to the default one (for public domain), you can take as an example 'example-values/values-istio-gateways.yaml' values file (part of official Istio github project), and use it with helm, to generate all necessary manifest files to upgrade/extend your current Istio installation.

要生成清单文件，请使用以下命令:

To generate manifest files use the following command:

helm template install/kubernetes/helm/istio --set gateways.custom-gateway.namespace=nepomucen-custom -f install/kubernetes/istio-demo.yaml -f install/kubernetes/helm/istio/example-values/values-istio-gateways.yaml

注意:这会在非默认名称空间中创建自定义网关

Note: This creates custom gateway in non-default namespace

这篇关于如何为公共和私有域运行多个入口网关的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！