我已经完成的步骤:
- 我有两个命名空间一个注入了istio,另一个没有 现在在命名空间中使用这个yaml部署简单的nginx服务器
apiVersion: v1
kind: Service
metadata:
name: software-upgrader
labels:
app: software-upgrader
service: software-upgrader
spec:
ports:
- name: http
port: 25301
selector:
app: software-upgrader
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: software-upgrader
spec:
selector:
matchLabels:
app: software-upgrader
version: v1
template:
metadata:
labels:
app: software-upgrader
version: v1
spec:
containers:
- image: gcr.io/mesh7-public-images/scalability/nginx
imagePullPolicy: IfNotPresent
name: software-upgrader
resources:
limits:
cpu: 20m
memory: 32Mi
requests:
cpu: 20m
memory: 32Mi
- 现在通过以下步骤在两个命名空间中部署HTTPS服务器
- 现在从两个命名空间 中的另一个pod中旋转它
- 未注入istio的Pod将获得200ok,而注入istio的Pod将获得
curl: (56) OpenSSL SSL_read: error:1409445C:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required, errno 0
command terminated with exit code 56
- 请原谅我的无知,我是否必须创建一些服务入口或虚拟服务,以便在同一命名空间中的pod之间发生HTTPS,如果注入istio会发生?
您必须将协议添加到服务端口定义
apiVersion: v1
kind: Service
metadata:
name: test-https-server
labels:
app: test-https-server
service: test-https-server
spec:
ports:
- name: test-https
port: 25302
appProtocol: https
selector:
app: test-https-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: test-https-server
spec:
selector:
matchLabels:
app: test-https-server
template:
metadata:
labels:
app: test-https-server
spec:
containers:
- image: gcr.io/mesh7-public-images/scalability/nginx
command: ["bash", "-c", "python3 ThreadedHTTPSServer.py 25302"]
imagePullPolicy: Always
name: test-https-server
resources:
limits:
cpu: 20m
memory: 32Mi
requests:
cpu: 20m
memory: 32Mi
这是一个工作的例子
ports:
- name: http
port: 25302
appProtocol: https # Should Specify Protocol
Istio appProtocol配置文档