一般情况是应用提供http服务,通过网关使用https方式访问,这个配置在istio官网上可以看到例子,但有些时候,我们却要反过来,要访问的应用本身是https的,但我们要通过网关提供http访问,这种方式可能有些违反常理,但如果给istio开发http filter时,就得使用这种场景了,在istio中,tls方式不支持http filter。
配置ServiceEntry
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: httpk8s-com
spec:
hosts:
- httpk8s.com
ports:
- number: 80
name: http-port
protocol: HTTP
targetPort: 6443
- number: 6443
name: https-port
protocol: HTTPS
resolution: STATIC
endpoints:
- address: 192.168.18.3
location: MESH_EXTERNAL
配置DestinationRule
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: httpk8s-com
spec:
host: httpk8s.com
trafficPolicy:
portLevelSettings:
- port:
number: 80
tls:
mode: SIMPLE
配置Gateway
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: apiserver-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "httpk8s.com"
配置
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: apiserver-vs
spec:
hosts:
- "httpk8s.com"
gateways:
- apiserver-gateway
http:
- match:
- uri:
prefix: /
route:
- destination:
host: httpk8s.com
port:
number: 80
配置摘要