Istio-GateWay:负责控制域名流量的请求(请求/拒绝),以及一些证书配置
官方解释:
描述一个在网格边缘操作的负载平衡器,它接收传入或传出的HTTP/TCP连接。该规范描述了一组应该公开的端口、要使用的协议类型、负载平衡器的SNI配置等
官网地址:https://istio.io/latest/zh/docs/reference/config/networking/gateway/
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: test-gateway-wai
namespace: apm
spec:
#选择定义的ingressgateway,即为外网负载均衡
selector:
istio: ingressgateway
app: istio-ingressgateway
servers:
- port:
number: 80
name: http-Redirect
protocol: HTTP
hosts:
- 'www.test.com'
- 'edit.test.com'
- 'node.test.com'
tls:
httpsRedirect: true #开启强制跳转https
#允许进来的域名请求
- hosts:
- '*.test.com'
- '*.test.net'
- '*.test.cn'
- '*.test.com.cn'
- '*.testha.cn'
- 'test.com'
- '*.test222.com'
- 'm5.test222.com'
- 'm5.test222.com.cn'
- 'm5.test222.com'
- 'm5.test222.cn'
- 'm5.test222.net'
#匹配根域名,需要去掉域名中的'.'
port:
name: http
number: 80
protocol: HTTP
- hosts:
- '*.laosiji.com'
port:
name: https
number: 443
protocol: HTTPS
tls:
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
privateKey: /etc/istio/ingressgateway-certs/tls.key
mode: SIMPLE
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: test-gateway-nei
namespace: apm
spec:
#选择定义的ingressgateway,即为内网负载均衡
selector:
istio: ingressgateway
app: istio-ingressgateway-nei
servers:
- hosts:
- '*.test.com'
port:
name: http
number: 80
protocol: HTTP