Istio:在每个节点上运行ingress gateway

我使用的是外部TCP/UDP网络负载均衡器(Fortigate(Kubernetes 1.20.6和Istio 1.9.4。我已经设置了setexternalTrafficPolicy:Local，并且需要在每个节点上运行ingress网关(如网络负载均衡器选项卡中所述(。我该怎么做？

这是我的入口网关服务：

kind: Service
apiVersion: v1
metadata:
name: istio-ingressgateway
namespace: istio-system
uid: d1a86f50-ad14-415f-9c1e-d186fd72cb31
resourceVersion: '1063961'
creationTimestamp: '2021-04-28T19:25:37Z'
labels:
app: istio-ingressgateway
install.operator.istio.io/owning-resource: unknown
install.operator.istio.io/owning-resource-namespace: istio-system
istio: ingressgateway
istio.io/rev: default
operator.istio.io/component: IngressGateways
operator.istio.io/managed: Reconcile
operator.istio.io/version: 1.9.4
release: istio
annotations:
kubectl.kubernetes.io/last-applied-configuration: >
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"app":"istio-ingressgateway","install.operator.istio.io/owning-resource":"unknown","install.operator.istio.io/owning-resource-namespace":"istio-system","istio":"ingressgateway","istio.io/rev":"default","operator.istio.io/component":"IngressGateways","operator.istio.io/managed":"Reconcile","operator.istio.io/version":"1.9.4","release":"istio"},"name":"istio-ingressgateway","namespace":"istio-system"},"spec":{"ports":[{"name":"status-port","port":15021,"protocol":"TCP","targetPort":15021},{"name":"http2","port":80,"protocol":"TCP","targetPort":8080},{"name":"https","port":443,"protocol":"TCP","targetPort":8443},{"name":"tcp-istiod","port":15012,"protocol":"TCP","targetPort":15012},{"name":"tls","port":15443,"protocol":"TCP","targetPort":15443}],"selector":{"app":"istio-ingressgateway","istio":"ingressgateway"},"type":"LoadBalancer"}}
managedFields:
- manager: istio-operator
........operation: Apply
apiVersion: v1
time: '2021-05-04T18:02:38Z'
fieldsType: FieldsV1
fieldsV1:
'f:metadata':
'f:annotations':
'f:kubectl.kubernetes.io/last-applied-configuration': {}
'f:labels':
'f:app': {}
'f:install.operator.istio.io/owning-resource': {}
'f:install.operator.istio.io/owning-resource-namespace': {}
'f:istio': {}
'f:istio.io/rev': {}
'f:operator.istio.io/component': {}
'f:operator.istio.io/managed': {}
'f:operator.istio.io/version': {}
'f:release': {}
'f:spec':
'f:ports':
'k:{"port":80,"protocol":"TCP"}':
.: {}
'f:name': {}
'f:port': {}
'f:protocol': {}
'f:targetPort': {}
'k:{"port":443,"protocol":"TCP"}':
.: {}
'f:name': {}
'f:port': {}
'f:protocol': {}
'f:targetPort': {}
'k:{"port":15012,"protocol":"TCP"}':
.: {}
'f:name': {}
'f:port': {}
'f:protocol': {}
'f:targetPort': {}
'k:{"port":15021,"protocol":"TCP"}':
.: {}
'f:name': {}
'f:port': {}
'f:protocol': {}
'f:targetPort': {}
'k:{"port":15443,"protocol":"TCP"}':
.: {}
'f:name': {}
'f:port': {}
'f:protocol': {}
'f:targetPort': {}
'f:selector':
'f:app': {}
'f:istio': {}
'f:type': {}
- manager: kubectl-patch
operation: Update
apiVersion: v1
time: '2021-05-04T18:01:23Z'
fieldsType: FieldsV1
fieldsV1:
'f:spec':
'f:externalIPs': {}
'f:externalTrafficPolicy': {}
'f:type': {}
selfLink: /api/v1/namespaces/istio-system/services/istio-ingressgateway
spec:
ports:
- name: status-port
protocol: TCP
port: 15021
targetPort: 15021
nodePort: 30036
- name: http2
protocol: TCP
port: 80
targetPort: 8080
nodePort: 32415
- name: https
protocol: TCP
port: 443
targetPort: 8443
nodePort: 32418
- name: tcp-istiod
protocol: TCP
port: 15012
targetPort: 15012
nodePort: 31529
- name: tls
protocol: TCP
port: 15443
targetPort: 15443
nodePort: 30478
selector:
app: istio-ingressgateway
istio: ingressgateway
clusterIP: 10.103.72.212
clusterIPs:
- 10.103.72.212
type: LoadBalancer
externalIPs:
- 10.43.34.38
- 10.43.34.77
sessionAffinity: None
externalTrafficPolicy: Local
healthCheckNodePort: 30788
status:
loadBalancer: {}

防火墙具有这两个地址10.43.438和10.43.477，并将请求中继到端口32415(http(和32415(https(上的两个K8S节点。