Istio ICA考试之路---2-6
1. 题目
Using Kubernetes context cluster-2
Create and configure Istio resources necessary for routing all traffic destined
for http://example.org through the default Istio egress gateway running in the
istio-system namespace. Ensure the following:
Use istio=egressgateway as the gateway selector.
Use ServiceEntry for the host example.org and HTTP protocol.
The gateway resource must be named exampleorg-egress.
Use fully qualified hostnames when referencing.
All resources must be created in the egress namespace.
2. 解题
2.1 获取模板
这题一共需要4段配置.
- serviceEntry
- gateway
- dr
- vs
获取第一段SE配置
继续往下翻复制第二段和第三段
继续往下获取第四段
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: cnn
spec:
hosts:
- edition.cnn.com
ports:
- number: 80
name: http-port
protocol: HTTP
- number: 443
name: https
protocol: HTTPS
resolution: DNS
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: istio-egressgateway
spec:
selector:
istio: egressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- edition.cnn.com
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: egressgateway-for-cnn
spec:
host: istio-egressgateway.istio-system.svc.cluster.local
subsets:
- name: cnn
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: direct-cnn-through-egress-gateway
spec:
hosts:
- edition.cnn.com
gateways:
- istio-egressgateway
- mesh
http:
- match:
- gateways:
- mesh
port: 80
route:
- destination:
host: istio-egressgateway.istio-system.svc.cluster.local
subset: cnn
port:
number: 80
weight: 100
- match:
- gateways:
- istio-egressgateway
port: 80
route:
- destination:
host: edition.cnn.com
port:
number: 80
weight: 100
2.3 整理yaml
这里修改内容比较多不要遗漏
域名可以用vi的替换进行批量修改
- 按esc
- 输入 “:%s#edition.cnn.com#example.org#g”
当然手动改也是可以的
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: cnn
namespace: egress #
spec:
hosts:
- example.org #
ports:
- number: 80
name: http-port
protocol: HTTP
resolution: DNS
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: exampleorg-egress #
namespace: egress #
spec:
selector:
istio: egressgateway #
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- example.org #
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: egressgateway-for-cnn
namespace: egress #
spec:
host: istio-egressgateway.istio-system.svc.cluster.local
subsets:
- name: cnn
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: direct-cnn-through-egress-gateway
namespace: egress #
spec:
hosts:
- example.org #
gateways:
- exampleorg-egress #这里千万别漏改
- mesh
http:
- match:
- gateways:
- mesh
port: 80
route:
- destination:
host: istio-egressgateway.istio-system.svc.cluster.local
subset: cnn
port:
number: 80
weight: 100
- match:
- gateways:
- exampleorg-egress #这里千万别漏改
port: 80
route:
- destination:
host: example.org #
port:
number: 80
weight: 100
部署应用
kubectl apply -f 2-6.yaml
3. 测试
在egress ns下创建一个测试的pod
kubectl run --image nginx:1.25 test -n egress
通过该pod访问example.org
kubectl exec -n egress test -- curl -I example.org
查看测试pod的日志
kubectl logs -n egress test |tail -5
可以看到并不是直接从它上面出去的
再查看sidecar的日志,可以看到是由sidecar发起的
kubectl logs -n egress test -c istio-proxy|tail -5
再查看istio-egress的日志
kubectl logs -n istio-system istio-egressgateway-56c98656d-wnqv2 |tail -5
可以看到最后一条就是访问example.org的
至此此题配置测试完毕,这题是整个考试中最复杂的一题,其实修改的内容也不是特别多,且模板内容都在同一个页面的连续位置上.所以熟悉了之后也就这样.