Tuesday, March 26, 2019

How to set istio ingress gateway to an application to access from outside the network


To see current gateways and their ips with ports,

# kubectl get svc istio-ingressgateway -n istio-system

Below is the network traffic plan for the application via istio-system,

Client/Browser à http://<Istio ingressgateway External IP> :< gateway port>/<application URL> à Gateway (istio) à VirtualService(istio) à Service(k8s) à Deployment(Pods)

First we need to apply our deployment,
Below is a basic deployment.yaml file content,

apiVersion: apps/v1
kind: Deployment
metadata:
  name: test
  labels:
    app: test
spec:
  replicas: 1
  selector:
    matchLabels:
      app: test
  template:
    metadata:
      labels:
        app: test
        version: v1
    spec:
      containers:
      - name: test
        image: <image location>test:latest   
        ports:
          - name: test
            containerPort: 80 # this is the application port exposing via pod

Use below command to apply the deployment,

#  kubectl.exe deploy -f <your deployement file>.yml

Now you need to apply service.yaml to create a service with clusterIP,

apiVersion: v1
kind: Service
metadata:
  name: test
  labels:
    app: test
spec:
  ports:
  - name: http
    protocol: TCP
    port: 80
  selector:
    app: test

Use below command to apply the service,

#  kubectl.exe deploy -f <your service file>.yml

Now you need to create virtualservice to send the traffic to the service created above,

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: test
spec:
  hosts:
  - "*"
  gateways:
  - test-gateway #this is the gateway referring to get the traffic
  http:
  - match:
    - uri:
        exact: /test-service/getall
    - uri:
        exact: /login
    - uri:
        exact: /logout
    route:
    - destination:
        host: test
        port:
          number: 80

Use below command to apply the virtual service,

#  kubectl.exe deploy -f <your virtual service file>.yml

Finally you need to create a gateway to get the traffic from outside world to send the traffic between virtual services,

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: test-gateway
spec:
  selector:
    istio: ingressgateway # this is the default selector
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "*"

That’s it. Now you have ingress traffic path to your application cluster.
Use below commands to check created resources,

#  kubectl.exe get deployments
#  kubectl.exe get services
#  kubectl.exe get virtualservices
#  kubectl.exe get gateways

Now you can access created application using istio-ingressgateway exteranal IP,

http://<Istio ingressgateway External IP> :< gateway port>/<application URL>

Ex. According to above sample deployments,

http:// ://<Istio ingressgateway External IP> :80/test-service/getall

Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)