ServiceEntry 定义外部主机:apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
name: external-api
spec:
hosts:
- api.example.com
ports:
- number: 443
name: https
protocol: TLS
resolution: DNS
location: MESH_EXTERNAL
Egress Gateway 定义:apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: istio-egressgateway
namespace: istio-system
spec:
selector:
istio: egressgateway
servers:
- port:
number: 443
name: tls
protocol: TLS
tls:
mode: PASSTHROUGH
hosts:
- api.example.com
VirtualService(从 mesh 指向 Egress Gateway):apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: to-egress-gw
spec:
hosts:
- api.example.com
gateways:
- mesh
tls:
- match:
- sniHosts:
- api.example.com
route:
- destination:
host: istio-egressgateway.istio-system.svc.cluster.local
port:
number: 443
VirtualService(在 Egress Gateway 上转发到外部):apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: egress-gw-forward
namespace: istio-system
spec:
hosts:
- api.example.com
gateways:
- istio-egressgateway
tls:
- match:
- sniHosts:
- api.example.com
port: 443
route:
- destination:
host: api.example.com
port:
number: 443
发表评论 取消回复