Istio 网关配置中的 spec/selector label 是什么?
[英]What is spec/selector label in an Istio Gateway configuration?
问题描述
I am new to Istio Gateway and my goal is to create a Ingress Gateway for a service deployed on K8s.
我是 Istio Gateway 的新手,我的目标是为部署在 K8s 上的服务创建一个 Ingress Gateway。
I am a bit confused with the Gateway example in the official document: https://istio.io/latest/docs/concepts/traffic-management/#gateway-example .我对官方文档中的网关示例有点困惑: https://istio.io/latest/docs/concepts/traffic-management/#gateway-example 。
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: ext-host-gwy
spec:
selector:
app: my-gateway-controller
servers:
- port:
number: 443
name: https
protocol: HTTPS
hosts:
- ext-host.example.com
tls:
mode: SIMPLE
credentialName: ext-host-cert
In this example, what is app: my-gateway-controller under spec/selector?在本例中,spec/selector 下的app: my-gateway-controller是什么? Is there additional configuration/deployment needed for this my-gateway-controller?这个 my-gateway-controller 是否需要额外的配置/部署?
I tried searching "my-gateway-controller" in the rest of the document, but didn't find further explanation.我尝试在文档的 rest 中搜索“my-gateway-controller”,但没有找到进一步的解释。
2 个解决方案
解决方案1
0 2023-01-19 05:42:04
Its usually istio ingress gateway pod label name which needs to be given in selector, as the external traffic will enter through ingress gateway pod.它通常是 istio 入口网关 pod label 名称,需要在选择器中给出,因为外部流量将通过入口网关 pod 进入。 unless the name of ingress gateway is changed during istio installation.除非在 istio 安装期间更改了入口网关的名称。
Please mention as below in the gateway definition which will route the traffic to application.请在网关定义中提及以下内容,它将流量路由到应用程序。
spec:
selector:
istio: ingressgateway
解决方案2
0 2023-01-20 06:56:40
Istio can be installed with different options. Istio 可以使用不同的选项安装。 They have different profiles that can be used for testing, for default scenarios and custom setup.它们具有不同的配置文件,可用于测试、默认场景和自定义设置。 One option is to configure an ingress-controller (but you could also have non and use a different non-istio ingress-controller).一种选择是配置一个入口控制器(但你也可以没有并使用不同的非 istio 入口控制器)。
Depending on your setup you can either have no ingress-gateway, the default ingress-gateway or a custom gateway.根据您的设置,您可以没有入口网关、默认入口网关或自定义网关。
The default gateway has a label that's called istio: ingressgateway .默认网关有一个名为istio: ingressgateway 。 You can find that in most of the example/getting started docs, eg in how to setup a secure ingress您可以在大多数示例/入门文档中找到它,例如如何设置安全入口
Here the Gateway looks like that:这里的Gateway看起来像这样:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: mygateway
spec:
selector:
istio: ingressgateway # use istio default ingress gateway
[...]
The other option would be to setup a second ingress-gateway that might have a different name.另一种选择是设置第二个可能具有不同名称的入口网关。 You can for example use the IstioOperator manifest to configure this.例如,您可以使用IstioOperator清单来配置它。
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
components:
ingressGateways:
- enabled: true
name: my-gateway-controller
That ingress-gateway pod will get a label of app: my-gateway-controller .该入口网关 pod 将获得一个 label 的app: my-gateway-controller 。 This label can than be used as it has been in the example you posted.这个 label 可以像您发布的示例中那样使用。 So you can check all ingress-gateway pods you have and choose the label you need.因此,您可以检查您拥有的所有入口网关 pod,然后选择您需要的 label。
If you went with the default setup, you probably have the default ingress-gateway and can simple change the selector to istio: ingressgateway .如果你使用默认设置,你可能有默认的 ingress-gateway 并且可以简单地将选择器更改为istio: ingressgateway 。
For the beginning I would recommend to stick with the tasks section for configuring your setup, because it's uses the default istio setup most people have.一开始我建议坚持使用任务部分来配置您的设置,因为它使用大多数人拥有的默认 istio 设置。 If you need more details or something special you can always check the docs pages.如果您需要更多详细信息或特殊内容,您可以随时查看文档页面。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.