如何为示例Istio应用程序公开外部IP地址 [英] How to expose an external IP address for a sample Istio application

问题描述

我正在尝试在一个小型集群上为Istio和Kubernetes设置bookinfo示例应用程序. 集群由两台机器组成，分别是主机和工作器，它们在两个Amazon AWS EC2实例的Ubuntu 18.04上运行. 每个实例都有一个分配的外部IP地址.

I am trying to set up the bookinfo sample application for Istio and Kubernetes on a small cluster. The cluster consists of two machines, a master and a worker, running on Ubuntu 18.04 on two Amazon AWS EC2 instances. Each of the instances has an external IP address assigned.

我无法做的是弄清楚如何将bookinfo服务公开给外界.

What I'm unable to do is figure out how to expose the bookinfo service to the outside world.

对于是否需要分别公开Istio入口网关或每个bookinfo服务，我感到困惑.

I am confused as to whether I need to expose the Istio ingress gateway or each one of the bookinfo services separately.

在列出入口网关时，外部IP字段仅显示待定. 另外，在描述工作程序节点时，在输出中没有提及外部IP地址.

When listing the ingress gateway, the external IP field just says pending. Also, when describing the worker node, there's no mention of an external IP address in the output.

我已经浏览过Google，但实际上找不到合适的解决方案. 描述入口网关仅提供内部(即10.x.x.x)地址.

I've gone through google but can't really find a proper solution. Describing the ingress gateway only gives internal (i.e. 10.x.x.x) addresses.

get和describe命令的输出:

Output from get and describe commands:

kubectl get svc istio-ingressgateway -n istio-system
NAME                   TYPE           CLUSTER-IP   EXTERNAL-IP   PORT(S)                                                                                                                                      AGE
istio-ingressgateway   LoadBalancer   10.96.39.4   <pending>     15020:31451/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:31075/TCP,15030:32093/TCP,15031:31560/TCP,15032:30526/TCP,15443:31526/TCP   68m

kubectl describe  svc istio-ingressgateway  -n istio-system
Name:                     istio-ingressgateway
Namespace:                istio-system
Labels:                   app=istio-ingressgateway
                          chart=gateways
                          heritage=Tiller
                          istio=ingressgateway
                          release=istio
Annotations:              kubectl.kubernetes.io/last-applied-configuration:
                            {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"app":"istio-ingressgateway","chart":"gateways","heritage":"Til...
Selector:                 app=istio-ingressgateway,istio=ingressgateway,release=istio
Type:                     LoadBalancer
IP:                       10.96.39.4
Port:                     status-port  15020/TCP
TargetPort:               15020/TCP
NodePort:                 status-port  31451/TCP
Endpoints:                10.244.1.6:15020
Port:                     http2  80/TCP
TargetPort:               80/TCP
NodePort:                 http2  31380/TCP
Endpoints:                10.244.1.6:80
Port:                     https  443/TCP
TargetPort:               443/TCP
NodePort:                 https  31390/TCP
Endpoints:                10.244.1.6:443
Port:                     tcp  31400/TCP
TargetPort:               31400/TCP
NodePort:                 tcp  31400/TCP
Endpoints:                10.244.1.6:31400
Port:                     https-kiali  15029/TCP
TargetPort:               15029/TCP
NodePort:                 https-kiali  31075/TCP
Endpoints:                10.244.1.6:15029
Port:                     https-prometheus  15030/TCP
TargetPort:               15030/TCP
NodePort:                 https-prometheus  32093/TCP
Endpoints:                10.244.1.6:15030
Port:                     https-grafana  15031/TCP
TargetPort:               15031/TCP
NodePort:                 https-grafana  31560/TCP
Endpoints:                10.244.1.6:15031
Port:                     https-tracing  15032/TCP
TargetPort:               15032/TCP
NodePort:                 https-tracing  30526/TCP
Endpoints:                10.244.1.6:15032
Port:                     tls  15443/TCP
TargetPort:               15443/TCP
NodePort:                 tls  31526/TCP
Endpoints:                10.244.1.6:15443
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

任何帮助表示赞赏.

推荐答案

引用Istio的官方文档:

Quoting Istio's official documentation:

如果您的群集在不支持以下操作的环境中运行 外部负载平衡器(例如minikube)，EXTERNAL-IP为 istio-ingressgateway会说-pending-.要访问网关，请使用 服务的NodePort，或改为使用端口转发.

If your cluster is running in an environment that does not support an external load balancer (e.g., minikube), the EXTERNAL-IP of istio-ingressgateway will say -pending-. To access the gateway, use the service’s NodePort, or use port-forwarding instead.

您的集群似乎属于设置 Kubernetes的自定义(云)"方式，默认情况下不支持负载均衡器.

Your cluster seems to fall into 'Custom (cloud)' way of setting up Kubernetes, which by default does not support Load Balancer.

为您提供的解决方案:

• 您必须允许进入到充当工作角色的AWS EC2实例的入站流量
  (换句话说，您必须在防火墙上打开istio-ingressgateway服务的NodePort，请参见下面如何获取此端口号)
• 获取istio-ingressgateway的NodePort:

• You must allow inbound traffic to your AWS EC2 instance serving worker role
  (in other words you have to open NodePort of istio-ingressgateway's service on firewall, see below how to get this port number)
• Get NodePort of istio-ingressgateway:

使用命令:

export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')

• 获取您的工作程序节点的EXTERNAL_IP

使用命令:

export INGRESS_HOST=$(kubectl get nodes --selector='!node-role.kubernetes.io/master' -o jsonpath='{.items[*].status.addresses[?(@.type=="ExternalIP")].address}')

并遵循bookinfo示例的其余部分，而无需进行任何更改.

and follow the remaining part of bookinfo sample without any changes.

这篇关于如何为示例Istio应用程序公开外部IP地址的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！