如何配置 Istio VirtualService 以将流量路由到监听 HTTPS 的目标后端?
配置 protocol: HTTPS 或 scheme: HTTPS 无效。
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: api-rpi-access
spec:
hosts:
- "test.example.com"
gateways:
- api-gateway
http:
- match:
- uri:
port: https
prefix: /
route:
- destination:
host: some-https-service
port:
number: 8443
protocol: HTTPS
# scheme: HTTPS
这是我的网关:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: api-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: SIMPLE
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
privateKey: /etc/istio/ingressgateway-certs/tls.key
hosts:
- "test.example.com"
最佳答案
为了在 istio ingressgateway 上执行 LTS 终止并将 https 流量发送到后端,我必须添加以下 DestinationRule
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: some-https-service
spec:
host: diary
trafficPolicy:
tls:
mode: SIMPLE
这是网关和虚拟服务:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: api-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: SIMPLE
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
privateKey: /etc/istio/ingressgateway-certs/tls.key
hosts:
- "test.example.com"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: ext-access
spec:
hosts:
- "test.example.com"
gateways:
- api-gateway
http:
- match:
- uri:
port: https
prefix: /
route:
- destination:
host: some-https-service
port:
number: 8443
关于kubernetes - 如何配置 Istio 虚拟服务目标协议(protocol),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61920458/