{"id":1,"date":"2022-08-14T09:05:24","date_gmt":"2022-08-14T09:05:24","guid":{"rendered":"https:\/\/rannix.cloud\/?p=1"},"modified":"2022-08-17T09:01:01","modified_gmt":"2022-08-17T09:01:01","slug":"hello-world","status":"publish","type":"post","link":"https:\/\/rannix.cloud\/index.php\/2022\/08\/14\/hello-world\/","title":{"rendered":"\u4e91\u539f\u751f\u5e94\u7528\u8d1f\u8f7d\u5747\u8861\u9009\u578b\u6307\u5357"},"content":{"rendered":"<ul class=\"wp-block-categories-list wp-block-categories\">\t<li class=\"cat-item cat-item-6\"><a href=\"https:\/\/rannix.cloud\/index.php\/category\/product-manager\/\">Product Manager<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-4\"><a href=\"https:\/\/rannix.cloud\/index.php\/category\/service-mesh\/\">Service Mesh<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-1\"><a href=\"https:\/\/rannix.cloud\/index.php\/category\/uncategorized\/\">Uncategorized<\/a>\n<\/li>\n<\/ul>\n\n\n<p class=\"is-style-default\">\u5171\u540c\u4f5c\u8005\uff1a\u5218\u65ed<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. \u5f15\u8a00<\/h2>\n\n\n\n<p>\u5e94\u7528\u7684\u5165\u53e3\u6d41\u91cf\u7ba1\u7406\u4e00\u76f4\u662f\u5f00\u53d1\u8fd0\u7ef4\u5173\u6ce8\u7684\u7126\u70b9\u4e4b\u4e00\uff0c\u968f\u4e1a\u52a1\u90e8\u7f72\u7684\u8ba1\u7b97\u8d44\u6e90\u3001\u7f51\u7edc\u73af\u5883\u3001\u5e94\u7528\u67b6\u6784\u7684\u53d1\u5c55\u53d8\u66f4\uff0c\u63a5\u5165\u5c42\u6d41\u91cf\u7ba1\u7406\u65b9\u6848\u7684\u53d1\u5c55\u53ef\u5927\u81f4\u5206\u4e3a\u4f20\u7edf\u67b6\u6784\u3001\u4e91\u539f\u751f\u5bb9\u5668\u5316\u4e24\u4e2a\u9636\u6bb5\u3002\u4e3a\u6ee1\u8db3\u5e94\u7528\u4ea4\u4ed8\u7684\u6548\u7387\u548c\u8bc9\u6c42\uff0c\u5404\u9636\u6bb5\u90fd\u6d8c\u73b0\u4e86\u4e0d\u540c\u7684\u63a5\u5165\u5c42\u89e3\u51b3\u65b9\u6848\uff0c\u4ece\u6700\u521d\u7684\u7b80\u5355\u8d1f\u8f7d\u5747\u8861\uff0c\u5230\u540e\u6765\u7684 HAProxy\u3001Nginx \u7b49\u53cd\u5411\u4ee3\u7406\uff0c\u518d\u5230\u5982\u4eca\u7684\u5bb9\u5668\u5316\u73af\u5883\u4e0b\u7684\u5404\u7c7b Kubernetes Ingress Controller\u3002\u6bcf\u4e2a\u53d1\u5c55\u9636\u6bb5\u6709\u54ea\u4e9b\u7279\u70b9\uff1f\u9762\u4e34\u4ec0\u4e48\u6311\u6218\uff1f\u90fd\u6709\u4ec0\u4e48\u89e3\u51b3\u65b9\u6848\uff1f<\/p>\n\n\n\n<figure class=\"wp-block-table is-style-regular\"><table class=\"has-background\" style=\"background-color:#f6f8f9\"><thead><tr><th class=\"has-text-align-center\" data-align=\"center\">\u9636\u6bb5<\/th><th class=\"has-text-align-center\" data-align=\"center\">\u5e94\u7528\u8d44\u6e90\u90e8\u7f72\u7c92\u5ea6<\/th><th class=\"has-text-align-center\" data-align=\"center\">\u5e94\u7528\u67b6\u6784<\/th><th class=\"has-text-align-center\" data-align=\"center\">\u5e94\u7528\u8bbf\u95ee\u5bfb\u5740<\/th><\/tr><\/thead><tbody><tr><td class=\"has-text-align-center\" data-align=\"center\">\u4f20\u7edf\u7269\u7406\/\u865a\u62df\u673a<\/td><td class=\"has-text-align-center\" data-align=\"center\">\u7269\u7406\/\u865a\u62df\u673a\uff08\u8d44\u6e90\u5229\u7528\u7387\u4f4e\uff09<\/td><td class=\"has-text-align-center\" data-align=\"center\">\u5355\u4f53\u6216\u7b80\u5355\u62c6\u5206\u6a21\u5757<\/td><td class=\"has-text-align-center\" data-align=\"center\">\u57fa\u4e8e\u8f83\u56fa\u5b9a\u7684 IP \u5730\u5740\u7ba1\u7406<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">\u4e91\u539f\u751f\u5bb9\u5668\u5316<\/td><td class=\"has-text-align-center\" data-align=\"center\">\u5bb9\u5668\uff08\u8d44\u6e90\u5229\u7528\u7387\u9ad8\uff09<\/td><td class=\"has-text-align-center\" data-align=\"center\">\u670d\u52a1\u5316<\/td><td class=\"has-text-align-center\" data-align=\"center\">\u5bb9\u5668 IP \u52a8\u6001\u53d8\u5316\uff0c\u901a\u8fc7\u52a8\u6001\u670d\u52a1\u6ce8\u518c\u66f4\u65b0<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><strong>\u4f20\u7edf\u67b6\u6784\u9636\u6bb5<\/strong>\uff0c\u4e1a\u52a1\u4e3a\u5355\u4f53\u5e94\u7528\uff0c\u4e09\u5c42\u67b6\u6784\uff1b\u90e8\u7f72\u4e8e\u7269\u7406\u673a\/\u865a\u62df\u673a\uff1b\u7f51\u7edc\u73af\u5883\u57fa\u4e8e IP \u5730\u5740\u7ba1\u7406\uff0c\u76f8\u5bf9\u56fa\u5b9a\uff0c\u57fa\u672c\u4e0d\u4f1a\u53d8\u5316\uff1b\u4e1a\u52a1\u66f4\u65b0\u8fed\u4ee3\u7684\u901f\u5ea6\u8f83\u6162\uff0c\u63a5\u5165\u5c42\u7684\u4e3b\u8981\u9700\u6c42\u662f\u5177\u5907 4 \u5c42\u548c 7 \u5c42\u7684\u8d1f\u8f7d\u5747\u8861\u80fd\u529b\uff0c\u7528\u4f20\u7edf\u8d1f\u8f7d\u5747\u8861\u5668\u652f\u6301\u5373\u53ef\u3002\u968f\u7740\u5e94\u7528\u67b6\u6784\u6f14\u8fdb\uff08\u5e94\u7528\u505a\u4e86\u4e00\u5b9a\u6a21\u5757\u62c6\u5206\uff09\u548c\u8fed\u4ee3\u6548\u7387\u7684\u63d0\u5347\uff0c\u51fa\u73b0\u4e86\u4e00\u4e9b\u66f4\u590d\u6742\u7684\u63a5\u5165\u5c42\u8bc9\u6c42\uff1a\u6309\u6d41\u91cf\u5185\u5bb9\u7279\u5f81\u8def\u7531\u3001\u7070\u5ea6\u53d1\u5e03\u3001\u9650\u6d41\u3001\u9274\u6743\u7b49\uff0c\u4e00\u822c\u901a\u8fc7\u5728\u8d1f\u8f7d\u5747\u8861\u5668\u540e\u589e\u52a0\u4e00\u5c42\u7f51\u7edc\u4ee3\u7406\uff08e.g. Nginx\uff09\u652f\u6301\uff0c\u7f51\u7edc\u4ee3\u7406 Nginx \u5177\u5907\u66f4\u591a\u7684 7 \u5c42\u6d41\u91cf\u5904\u7406\u7684\u80fd\u529b\uff0c\u53ef\u901a\u8fc7 OpenResty \u793e\u533a\u7684 Lua \u6269\u5c55\u4e0a\u8ff0\u5185\u5bb9\u8def\u7531\u3001\u7070\u5ea6\u53d1\u5e03\u3001\u9274\u6743\u9650\u6d41\u7b49\u9ad8\u7ea7\u529f\u80fd\u3002<\/p>\n\n\n\n<p><strong>\u4e91\u539f\u751f\u5bb9\u5668\u5316\u9636\u6bb5<\/strong>\u7684\u7406\u60f3\u72b6\u6001\u662f\u4e1a\u52a1\u5f00\u53d1\u8005\u53ea\u9700\u4e13\u6ce8\u5b9e\u73b0\u4e1a\u52a1\u903b\u8f91\uff0c\u65e0\u9700\u5173\u5fc3\u8d44\u6e90\u8c03\u5ea6\u548c\u8fd0\u7ef4\u7ba1\u7406\uff0c\u53ef\u771f\u6b63\u505a\u5230\u6309\u9700\u4f7f\u7528\uff0c\u6309\u91cf\u8ba1\u8d39\u3002\u865a\u62df\u673a\/\u7269\u7406\u673a\u8d44\u6e90\u7c92\u5ea6\u7c97\u7cd9\uff0c\u5229\u7528\u6548\u7387\u8f83\u4f4e\uff0c\u9700\u63d0\u524d\u89c4\u5212\u8ba1\u7b97\u3001\u5b58\u50a8\u3001\u7f51\u7edc\u8d44\u6e90\uff0c\u4e0e\u7406\u60f3\u72b6\u6001\u6709\u8f83\u5927\u5dee\u8ddd\u3002<\/p>\n\n\n\n<p>\u4e91\u539f\u751f\u9636\u6bb5\uff0c\u5bb9\u5668\u8d44\u6e90\u7684\u7c92\u5ea6\u66f4\u7ec6\uff0c\u5229\u7528\u7387\u9ad8\uff0c\u542f\u52a8\/\u9500\u6bc1\u901f\u5ea6\u8fbe\u5230\u79d2\u7ea7\uff0c\u53ef\u7075\u6d3b\u5f39\u6027\u4f38\u7f29\uff08Kubernetes \u5df2\u6210\u4e3a\u5bb9\u5668\u7f16\u6392\u8c03\u5ea6\u7684\u4e1a\u754c\u6807\u51c6\uff0c\u4ee5\u4e0b\u5bb9\u5668\u73af\u5883\u5747\u4ee3\u6307 Kubernetes \u96c6\u7fa4\uff09\uff1b\u7f51\u7edc\u7ba1\u7406\u73af\u5883\u4e5f\u53d1\u751f\u4e86\u53d8\u66f4\uff0c\u51fa\u73b0 Service \u7684\u6982\u5ff5\uff0c\u4e00\u4e2a\u5fae\u670d\u52a1\u5f80\u5f80\u662f\u7531\u4e00\u7ec4\u5f39\u6027\u4f38\u7f29\u3001\u52a8\u6001\u8c03\u5ea6\u7684\u5bb9\u5668\uff08Pod\uff09\u627f\u8f7d\uff0cPod \u7684 IP \u5730\u5740\u52a8\u6001\u53d8\u5316\uff0c\u8fd9\u4e00\u7ec4 Pod \u4e00\u822c\u4ee5 Service \u5bf9\u5916\u63d0\u4f9b\u8bbf\u95ee\uff0c\u6d41\u91cf\u7ba1\u7406\u662f\u4ee5 Service \u4e3a\u5355\u4f4d\u3002\u670d\u52a1\u5316\u62c6\u5206\u4e1a\u52a1\u6a21\u5757\u6784\u5efa\u5e94\u7528\u66f4\u5bb9\u6613\uff0c\u52a0\u4e0a\u5bb9\u5668\u73af\u5883\u826f\u597d\u7684\u5f39\u6027\u4f38\u7f29\u80fd\u529b\uff0cDevOps \u7406\u5ff5\u5f97\u4ee5\u5f88\u597d\u7684\u5b9e\u65bd\uff0c\u5fae\u670d\u52a1\u7684\u8fed\u4ee3\u6b65\u4f10\u52a0\u5feb\uff0c\u7ecf\u5e38\u9700\u8981\u6eda\u52a8\u66f4\u65b0\u3002\u6b64\u65f6\u7684\u5165\u53e3\u6d41\u91cf\u7ba1\u7406\u9762\u4e34\u5982\u4e0b\u65b0\u6311\u6218\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>\u9700\u8981\u4e0e Kubernetes \u96c6\u6210\uff0c\u652f\u6301\u8f6c\u53d1\u6d41\u91cf\u5230\u6307\u5b9a Pod\u3002<\/li><li>\u66f4\u65b0\u8fed\u4ee3\u901f\u5ea6\u52a0\u5feb\uff0c\u5bf9\u670d\u52a1\u65b0\u7248\u672c\u7070\u5ea6\u53d1\u5e03\u7684\u8bc9\u6c42\u66f4\u52a0\u5f3a\u70c8\u3002<\/li><li>\u51fa\u73b0\u96c6\u7fa4\u6982\u5ff5\uff0c\u96c6\u7fa4\u4e4b\u95f4\u7684\u670d\u52a1\u53d1\u73b0\u662f\u9694\u79bb\u7684\uff0c\u63a5\u5165\u5c42\u9700\u652f\u6301\u8de8\u96c6\u7fa4\u7684\u670d\u52a1\u53d1\u73b0\uff08\u5373\u63a5\u5165\u5c42\u53ef\u9009\u62e9 backend \u4e3a\u591a\u4e2a\u96c6\u7fa4\u7684 Pod \uff09\uff1b\u8fd9\u533a\u522b\u4e8e\u4f20\u7edf\u7269\u7406\u673a\/\u865a\u62df\u673a\u9636\u6bb5\uff0c\u6ca1\u6709\u96c6\u7fa4\u9694\u79bb\uff0c\u53ea\u9700\u4fdd\u8bc1\u7f51\u7edc\u8054\u901a\u6027\uff0c\u5373\u53ef\u914d\u7f6e\u63a5\u5165\u5c42\u540e\u7aef\u4e3a\u4efb\u610f\u5bf9\u5e94\u670d\u52a1\u7684 IP \u5730\u5740\u3002<\/li><li>\u4f20\u7edf\u9636\u6bb5\u5230\u4e91\u539f\u751f\u9636\u6bb5\u7684\u8fc1\u79fb\u8fc7\u7a0b\u4e2d\uff0c\u51fa\u73b0 VM\u3001\u5bb9\u5668\u73af\u5883\u6df7\u5e03\u7684\u60c5\u51b5\u3002<\/li><\/ol>\n\n\n\n<p>\u57fa\u4e8e\u4e0a\u8ff0\u6311\u6218\uff0c\u51fa\u73b0\u4e86\u4ee5\u4e0b\u5bb9\u5668\u73af\u5883\u7684\u63a5\u5165\u5c42\u6d41\u91cf\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Kubernetes \u5b98\u65b9\u5b9a\u4e49\u7684 Ingress API\uff1a\u8001\u724c\u7f51\u7edc\u4ee3\u7406\uff08e.g. Nginx\uff0cHAProxy\uff09\u6216\u4e91\u5382\u5546\u7684\u8d1f\u8f7d\u5747\u8861\u4ea7\u54c1\uff08e.g. AWS Elastic Load Balancer\uff0c\u817e\u8baf\u4e91 CLB\uff09\u90fd\u5b9e\u73b0\u4e86\u5404\u81ea\u7684 Ingress Controller\uff0c\u4f5c\u4e3a\u5355\u4e2a\u96c6\u7fa4\u7684\u5165\u53e3\u6d41\u91cf\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u7070\u5ea6\u53d1\u5e03\u3001\u9274\u6743\u9650\u6d41\u7b49\u80fd\u529b\uff0c\u89c6 Ingress Controller \u7684\u80fd\u529b\uff0c\u53ef\u901a\u8fc7 Annotation \u6269\u5c55\uff0c\u90e8\u5206 Ingress Controller \u8fd8\u8bbe\u8ba1\u4e86\u81ea\u5df1\u7684\u6d41\u91cf\u7ba1\u7406\u6a21\u578b\u548c\u8bed\u6cd5\u3002<\/li><li>Service Mesh Ingress\uff1a\u670d\u52a1\u7f51\u683c\u7684\u670d\u52a1\u53d1\u73b0\u548c\u7ba1\u7406\u754c\u9650\u5927\u4e8e\u96c6\u7fa4\u7eac\u5ea6\uff0c\u4ee5 Istio Ingress Gateway \u4e3a\u4f8b\uff0c\u57fa\u4e8e Istio \u8de8\u96c6\u7fa4\u7684\u670d\u52a1\u53d1\u73b0\u80fd\u529b\uff0cbackend \u53ef\u4ee5\u6765\u81ea\u4e0d\u540c\u96c6\u7fa4\u7684\u670d\u52a1\uff0c\u540c\u65f6\u8fd8\u652f\u6301\u6ce8\u518c\u5728\u7f51\u683c\u5185\u8fd0\u884c\u5728\u865a\u62df\u673a\u4e0a\u7684\u670d\u52a1\u3002Istio \u4e5f\u8bbe\u8ba1\u4e86\u81ea\u5df1\u7684\u7ba1\u7406\u6a21\u578b\u548c\u8bed\u6cd5\uff0c\u58f0\u660e\u5f0f\u652f\u6301\u914d\u7f6e\u4e00\u81f4\u7684\u5357\u5317 + \u4e1c\u897f\u5411\u6d41\u91cf\u7ba1\u7406\u3002<\/li><li>\u6cbf\u7528\u539f\u6709 VM \u4e0a\u90e8\u7f72\u7684\u7f51\u7edc\u4ee3\u7406\uff0c\u8f6c\u53d1\u6d41\u91cf\u81f3 VM \u670d\u52a1\u6216 Kubernetes \u96c6\u7fa4\u7684\u670d\u52a1\u3002<\/li><\/ol>\n\n\n\n<p>\u4e0b\u9762\u672c\u6587\u5c06\u4ece\u4e91\u539f\u751f\u5bb9\u5668\u5316\u73af\u5883\u5165\u53e3\u6d41\u91cf\u7ba1\u7406\u4f7f\u7528\u573a\u666f\u5207\u5165\uff0c\u5e26\u60a8\u4e86\u89e3\u4e91\u539f\u751f\u63a5\u5165\u5c42\u6d41\u91cf\u7ba1\u7406\u7684\u5404\u7c7b\u89e3\u51b3\u65b9\u6848\u53ca\u4f18\u52a3\u5bf9\u6bd4\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">2. \u4e91\u539f\u751f\u63a5\u5165\u5c42\u6d41\u91cf\u7ba1\u7406\u573a\u666f\u4e0e\u89e3\u51b3\u65b9\u6848<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">2.1.&nbsp;&nbsp;\u573a\u666f\u4e00\uff1a\u57fa\u7840\u6d41\u91cf\u7ba1\u7406<\/h3>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\u5165\u53e3\u6d41\u91cf\u7ba1\u7406\u7684\u9996\u4e2a\u4f7f\u7528\u573a\u666f\u662f\u9700\u8981\u5c06\u670d\u52a1\u66b4\u9732\u7ed9\u5916\u90e8\uff0c\u4f9b\u5ba2\u6237\u7aef\u8c03\u7528\u3002\u5e38\u89c1\u7684\u65b9\u5f0f\u662f\u5c06\u670d\u52a1\u6309 URL \u66b4\u9732\uff0c\u4f8b\u5982\u4e00\u4e2a\u7535\u5546\u7f51\u7ad9\uff0c\u9700\u8981\u5c06&nbsp;<strong>\/login<\/strong>&nbsp;\u7684\u8bf7\u6c42\u8def\u7531\u5230\u767b\u9646\u670d\u52a1\uff0c\u5c06&nbsp;<strong>\/product<\/strong>&nbsp;\u7684\u8bf7\u6c42\u8def\u7531\u5230\u5546\u54c1\u670d\u52a1\u7b49\uff0c\u8be5\u573a\u666f\u8981\u6c42\u63a5\u5165\u5c42\u5177\u5907\u57fa\u4e8e\u6d41\u91cf\u5185\u5bb9\u8def\u7531\u7684\u80fd\u529b\u3002<\/p><\/blockquote>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/sample-content-routing-1.png\" alt=\"\" class=\"wp-image-29\" width=\"804\" height=\"476\"\/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">2.1.1.&nbsp;<strong>\u65b9\u6848\uff1aLoad Balancer + NodePort<\/strong><\/h4>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/ingress-Page-1.png\" alt=\"\" class=\"wp-image-31\" width=\"381\" height=\"308\"\/><\/figure>\n\n\n\n<p>\u5728\u5bb9\u5668\u5316\u7684\u65e9\u671f\u9636\u6bb5\uff0c\u5e94\u7528\u540c\u65f6\u90e8\u7f72\u5728\u865a\u62df\u673a\u548c Kubernetes \u96c6\u7fa4\u4e0a\uff0c\u5f88\u591a\u7528\u6237\u4f1a\u4f7f\u7528\u539f\u6709\u8d1f\u8f7d\u5747\u8861\uff08e.g.&nbsp;Nginx CLB\uff09\u5c06\u8bf7\u6c42\u5206\u522b\u8f6c\u53d1\u5230\u865a\u62df\u673a\u548c\u5bb9\u5668\uff0c\u540c\u65f6\u53d7\u9650\u4e8e\u5bb9\u5668\u7f51\u7edc\u65b9\u6848\uff0c\u539f\u6709\u8d1f\u8f7d\u5747\u8861\u4e0d\u80fd\u76f4\u63a5\u8bbf\u95ee Pod IP\uff0c\u56e0\u6b64\u9700\u8981 NodePort \u66b4\u9732\u96c6\u7fa4\u5185\u7684\u670d\u52a1\u3002<\/p>\n\n\n\n<p>\u4f46\u662f\u8be5\u65b9\u6848\u5b58\u5728\u4ee5\u4e0b\u95ee\u9898\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>NodePort \u7aef\u53e3\u6570\u91cf\u6709\u9650\uff08\u9ed8\u8ba4 30000-32767\uff09<\/li><li>\u968f\u7740\u96c6\u7fa4\u89c4\u6a21\u7684\u6269\u5927\uff0cNginx \u914d\u7f6e\u6587\u4ef6\u8d8a\u6765\u8d8a\u590d\u6742\uff0c\u4e0d\u6613\u7ba1\u7406<\/li><li>\u7528\u6237\u5c06\u5e94\u7528\u53d1\u5e03\u5230&nbsp;Kubernetes&nbsp;\u96c6\u7fa4\u540e\uff0c\u9700\u8981\u518d\u5355\u72ec\u4fee\u6539&nbsp;Nginx \u914d\u7f6e\uff0c\u4f53\u9a8c\u4e0d\u591f\u4e91\u539f\u751f<\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"id-\u7cfb\u52171:\u4e91\u539f\u751f\u5e94\u7528\u8d1f\u8f7d\u5747\u8861\u9009\u578b\u6307\u5357-\u65b9\u6848\uff1aKubernetesIngress\">2.1.2.&nbsp;<strong>\u65b9\u6848\uff1aKubernetes Ingress<\/strong><\/h4>\n\n\n\n<p>Kubernetes \u63d0\u4f9b\u4e86 Ingress API \u7528\u4e8e\u66b4\u9732\u96c6\u7fa4\u5185\u7684 HTTP \u670d\u52a1\uff0cIngress \u652f\u6301\u57fa\u4e8e Host \u548c Path \u5c06\u8bf7\u6c42\u8def\u7531\u5230\u4e0d\u540c Service\u3002\u4e3a\u4e86\u8ba9 Ingress \u5de5\u4f5c\uff0c\u96c6\u7fa4\u5fc5\u987b\u6709\u4e00\u4e2a\u6b63\u5728\u8fd0\u884c\u7684 Ingress \u63a7\u5236\u5668\uff08e.g.&nbsp;Nginx&nbsp;Ingress Controller\uff09\u3002\u539f\u751f Ingress \u8bed\u6cd5\u63d0\u4f9b\u7b80\u5355\u7684\u57fa\u4e8e Host\uff0cPath \u8def\u7531\uff0c\u4ee5\u53ca\u914d\u7f6e TLS \u7684\u80fd\u529b\u3002<\/p>\n\n\n\n<p><strong>&nbsp;1. \u57fa\u4e8e Host \u8def\u7531<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1362\" height=\"603\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/ingress-Page-2-2.png\" alt=\"\" class=\"wp-image-32\"\/><\/figure>\n\n\n\n<p><strong>2. \u57fa\u4e8e Path \u8def\u7531<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1362\" height=\"603\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/ingress-Page-3.png\" alt=\"\" class=\"wp-image-33\"\/><\/figure>\n\n\n\n<p><strong>3.&nbsp; TLS \u914d\u7f6e<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/ingress-Page-4.png\" alt=\"\" class=\"wp-image-34\" width=\"581\" height=\"333\"\/><\/figure>\n\n\n\n<p>Ingress \u4e5f\u63d0\u4f9b\u4e86 TLS \u652f\u6301\uff0c\u53ef\u4ee5\u5c06\u96c6\u7fa4\u5185\u7684 HTTP \u670d\u52a1\u5bf9\u5916\u66b4\u9732\u4e3a HTTPS\uff0c\u6211\u4eec\u9700\u8981\u5148\u5c06 SSL \u8bc1\u4e66\u4ee5 Secret \u7684\u5f62\u5f0f\u4fdd\u5b58\u5728\u96c6\u7fa4\u4e2d\uff0c\u518d\u4f7f\u7528 Ingress \u5f15\u7528\u521a\u521a\u521b\u5efa\u7684 Secret<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apiVersion: v1\nkind: Secret\nmetadata:\n  name: public-services-tls\n  namespace: default\ndata:\n  tls.crt: base64 encoded cert\n  tls.key: base64 encoded key\ntype: kubernetes.io\/tls<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>apiVersion: networking.k8s.io\/v1\nkind: Ingress\nmetadata:\n  name: services-with-tls\n  namespace: default\nspec:\n  tls:\n  - hosts:\n      - services.tencent.com\n    secretName: public-services-tls\n  rules:\n    http:\n      paths:\n      - backend:\n          serviceName: service1\n          servicePort: 80\n        path: \/service1\n      - backend:\n          serviceName: service2\n          servicePort: 80\n        path: \/service2<\/code><\/pre>\n\n\n\n<p><strong>Kubernetes Ingress \u5c0f\u7ed3<\/strong>\uff1a\u5bf9\u4e8e\u7b80\u5355\u7684 HTTP \u6d41\u91cf\u7684\u8def\u7531\uff0c\u4f7f\u7528 Ingress \u914d\u7f6e\u975e\u5e38\u5bb9\u6613\uff0c\u8fd9\u4e5f\u662f\u5f53\u524d Ingress \u53d7\u6b22\u8fce\u7684\u539f\u56e0\uff08\u636e CNCF 2020 \u4e91\u539f\u751f\u8c03\u67e5\u62a5\u544a<sup>[1]<\/sup>\uff0c50% \u7684\u7528\u6237\u6b63\u5728\u6216\u5373\u5c06\u4f7f\u7528\u7b2c\u4e09\u65b9\u4ee3\u7406\u505a\u5e94\u7528\u6d41\u91cf\u8f6c\u53d1\uff0c\u5176\u4e2d Nginx \u548c Envoy \u662f\u6700\u53d7\u6b22\u8fce\u7684 Ingress provider\uff09\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/image2021-4-29_21-30-11.png\" alt=\"\" class=\"wp-image-35\" width=\"557\" height=\"288\"\/><\/figure>\n\n\n\n<p>\u4f46\u662f\u53e6\u4e00\u65b9\u9762\u539f\u751f Ingress \u7684\u529f\u80fd\u5341\u5206\u6709\u9650\uff0c\u4e0d\u80fd\u6ee1\u8db3\u5f88\u591a\u590d\u6742\u573a\u666f\u7684\u9700\u6c42\u3002\u8bb8\u591a\u7b2c\u4e09\u65b9\u7684 Ingress Controller \u901a\u8fc7 annotation \u6216\u65b0\u7684\u914d\u7f6e\u6a21\u578b\u548c\u8bed\u6cd5\u6269\u5c55\u4e86\u539f\u751f Ingress \u7684\u529f\u80fd\uff0c\u4f46\u4ecd\u7136\u53d7\u9650\u4e8e\u96c6\u7fa4\u95f4\u670d\u52a1\u53d1\u73b0\u9694\u79bb\u7684\u95ee\u9898\uff0c\u53ea\u80fd\u4f5c\u4e3a\u5355\u96c6\u7fa4\u5165\u53e3\u6d41\u91cf\u7ba1\u7406\u65b9\u6848\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2.2.&nbsp;&nbsp;\u573a\u666f\u4e8c\uff1a\u7070\u5ea6\u53d1\u5e03<\/h3>\n\n\n\n<p>\u670d\u52a1\u53ef\u66b4\u9732\u7ed9\u5916\u90e8\u8bbf\u95ee\u540e\uff0c\u8fd8\u9700\u8981\u8003\u8651\u5982\u4f55\u505a\u7248\u672c\u53d1\u5e03\uff0c\u505a\u5e73\u6ed1\u3001\u65e0\u98ce\u9669\u5730\u8fed\u4ee3\u3002\u5e38\u89c1\u7684\u4e24\u79cd\u505a\u6cd5\u662f\u6309\u6743\u91cd\u6216\u6d41\u91cf\u5185\u5bb9\u5207\u90e8\u5206\u6d41\u91cf\u81f3\u65b0\u7248\u672c\u9a8c\u8bc1\u7a33\u5b9a\u6027\uff0c\u65e0\u95ee\u9898\u540e\u9010\u6e10\u8fc7\u6e21\u81f3\u65b0\u7248\u672c\uff0c\u5373\u6211\u4eec\u719f\u77e5\u7684\u7070\u5ea6\u53d1\u5e03\u3001AB test\u3002<\/p>\n\n\n\n<p>Kubernetes Ingress API \u539f\u751f\u5e76\u6ca1\u6709\u7070\u5ea6\u53d1\u5e03\u7684\u529f\u80fd\uff0c<a href=\"https:\/\/git.k8s.io\/ingress-nginx\/README.md#readme\" target=\"_blank\" rel=\"noreferrer noopener\">Nginx ingress controller<\/a>&nbsp;\u901a\u8fc7 annotation \u7684\u65b9\u5f0f\u6269\u5c55\u4e86\u539f\u751f Ingress API \u7684\u529f\u80fd\uff0c\u5b9e\u73b0\u4e86\u7070\u5ea6\u53d1\u5e03\uff0c\u4f46\u8fd9\u79cd\u65b9\u5f0f\u5e76\u4e0d\u80fd\u5f88\u597d\u5730\u652f\u6491\u63a7\u5236\u5e94\u7528\u6d41\u91cf\u7684\u53d1\u5e03\u7b56\u7565\uff0c\u76f8\u6bd4\u4e4b\u4e0b\uff0cIstio CRD \u914d\u7f6e\u66f4\u7075\u6d3b\u6613\u7528\uff0c\u4e0b\u9762\u4ecb\u7ecd\u5982\u4f55\u4f7f\u7528 Istio VirtualService \u914d\u7f6e\u7070\u5ea6\u53d1\u5e03\u8def\u7531\u89c4\u5219\u3002<\/p>\n\n\n\n<p><strong>1. \u57fa\u4e8e\u6743\u91cd<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/sample-canary-weight.png\" alt=\"\" class=\"wp-image-36\" width=\"404\" height=\"459\"\/><\/figure>\n\n\n\n<p>Istio \u53ef\u901a\u8fc7 Virtual Service \u914d\u7f6e\u57fa\u4e8e\u6743\u91cd\u7684\u7070\u5ea6\u53d1\u5e03\uff0c\u4ee5\u4e0b\u662f\u914d\u7f6e\u6765\u81ea {namespace}\/{gateway} \u7684\u5165\u53e3\u6d41\u91cf 95% \u8def\u7531\u5230&nbsp;{service} \u7684&nbsp;current \u7248\u672c\uff0c5% \u8def\u7531\u5230 canary \u7248\u672c\u7684\u793a\u4f8b\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apiVersion: ...\nkind: VirtualService\nmetadata:\n  name: canary-weight\nspec:\n  hosts:\n    - '*'\n  gateways:\n    - {namespace}\/{gateway}\n  http:\n    - route:\n        - destination:\n            host: {service}\n            subset: current\n          weight: 95\n        - destination:\n            host: {service}\n            subset: canary\n          weight: 5<\/code><\/pre>\n\n\n\n<p><strong>2. \u57fa\u4e8e\u8bf7\u6c42\u5185\u5bb9<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized is-style-default\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/sample-canary-content.png\" alt=\"\" class=\"wp-image-37\" width=\"432\" height=\"491\"\/><\/figure>\n\n\n\n<p>VirtualService \u4e5f\u652f\u6301\u914d\u7f6e\u57fa\u4e8e\u5185\u5bb9\u7684\u7070\u5ea6\u53d1\u5e03\u8def\u7531\u89c4\u5219\uff0c\u4ee5\u4e0b\u662f\u914d\u7f6e\u6765\u81ea&nbsp;{namespace}\/{gateway} \u7684\u5165\u53e3\u6d41\u91cf header cookie &#8220;version=stable&#8221; \u65f6\u8def\u7531\u5230&nbsp;{service} \u7684 current \u7248\u672c\uff0c&#8221;version=canary&#8221; \u65f6\u8def\u7531\u5230&nbsp;{service} \u7684 canary \u7248\u672c\u7684\u793a\u4f8b\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apiVersion: ...\nkind: VirtualService\nmetadata:\n  name: canary-content\nspec:\n  hosts:\n    - '*'\n  gateways:\n    - {namespace}\/{gateway}\n  http:\n    - match:\n        - headers:\n            cookie:\n              exact: version=stable\n      route:\n        - destination:\n            host: {service}\n            subset: current\n    - match:\n        - headers:\n            cookie:\n              exact: version=canary\n      route:\n        - destination:\n            host: {service}\n            subset: canary<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">2.3.&nbsp;&nbsp;\u573a\u666f\u4e09\uff1a\u5e94\u7528\u6d41\u91cf\u9274\u6743\u4e0e\u9650\u6d41<\/h3>\n\n\n\n<p>\u9274\u6743\u4e0e\u9650\u6d41\uff0c\u662f\u4fdd\u8bc1\u5357\u5317\u6d41\u91cf\u7684\u5b89\u5168\u6027\u4e0e\u5065\u58ee\u6027\u7684\u4e24\u4e2a\u91cd\u8981\u80fd\u529b\u3002<\/p>\n\n\n\n<p>\u63a5\u5165\u5c42\u662f\u8bbf\u95ee\u540e\u7aef\u670d\u52a1\u7684\u7edf\u4e00\u5165\u53e3\uff0c\u4fdd\u8bc1\u63a5\u5165\u5c42\u7684\u5b89\u5168\u662f\u63a5\u5165\u5c42\u6d41\u91cf\u7ba1\u7406\u7684\u4e00\u4e2a\u91cd\u8981\u573a\u666f\uff0c\u4e00\u822c\u5728\u5165\u53e3\u5904\u9700\u8981\u914d\u7f6e\u8ba4\u8bc1\u4e0e\u6388\u6743\u89c4\u5219\uff0c\u4f20\u7edf\u67b6\u6784\u4e0b\u8ba4\u8bc1\u6388\u6743\u529f\u80fd\u4e00\u822c\u901a\u8fc7\u4ee3\u7801\u903b\u8f91\u5b9e\u73b0\uff0cIstio \u81ea 1.5 \u4e4b\u540e\u63d0\u4f9b\u4e86 AuthorizationPolicy \u548c RequestAuthentication CRD\uff0c\u53ef\u7075\u6d3b\u914d\u7f6e\u5165\u53e3\u5c42\u7684\u8ba4\u8bc1\u548c\u6388\u6743\u89c4\u5219\u3002<\/p>\n\n\n\n<p><strong>1. \u8bf7\u6c42\u8eab\u4efd\u8ba4\u8bc1\uff08JWT\uff09<\/strong><\/p>\n\n\n\n<p>\u5165\u53e3\u5904\u8ba4\u8bc1\u8bf7\u6c42\u643a\u5e26\u7684 Json Web Token\uff0c\u653e\u901a\u643a\u5e26\u5408\u6cd5\u4ee4\u724c\u7684\u8bf7\u6c42\uff0c\u62d2\u7edd\u643a\u5e26\u975e\u6cd5\u4ee4\u724c\u7684\u8bf7\u6c42\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/sample-authn.png\" alt=\"\" class=\"wp-image-38\" width=\"426\" height=\"460\"\/><\/figure>\n\n\n\n<p>\u4ee5\u4e0b\u662f\u4f7f\u7528 Istio RequestAuthentication \u914d\u7f6e Ingress Gateway \u653e\u901a\u643a\u5e26\u5408\u6cd5 JWT \u8bf7\u6c42\u7684\u914d\u7f6e\u793a\u4f8b\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apiVersion: ..\nkind: RequestAuthentication\nmetadata:\n  name: jwt-example\n  namespace: istio-system\nspec:\n  selector:\n    matchLabels:\n      istio: ingressgateway\n  jwtRules:\n  - issuer: {issuer that issued the JWT}\n    jwksUri: {URL of the provider\u2019s public key set to validate signature of the JWT}<\/code><\/pre>\n\n\n\n<p><strong>2. \u6388\u6743<\/strong><\/p>\n\n\n\n<p>\u5728\u5165\u53e3\u5904\u914d\u7f6e\u6388\u6743\u7b56\u7565\uff0c\u5904\u6839\u636e\u6d41\u91cf\u5185\u5bb9\u7279\u5f81\uff0c\u5141\u8bb8\/\u62d2\u7edd\u6d41\u91cf\u8bbf\u95ee\uff0c\u4f8b\u5982\u5728\u5165\u53e3\u5904\u914d\u7f6e IP \u9ed1\/\u767d\u540d\u5355\uff1b\u6216\u6709\u5916\u90e8\u9274\u6743\u670d\u52a1\uff0c\u5e0c\u671b\u5165\u53e3\u7ec4\u4ef6\u53ef\u5bf9\u63a5\u5916\u90e8\u9274\u6743\u670d\u52a1\uff0c\u6309\u7167\u5176\u8fd4\u56de\u7684\u9274\u6743\u7ed3\u679c\u653e\u901a\/\u62d2\u7edd\u6d41\u91cf\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1824\" height=\"1066\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/sample-authz-1.png\" alt=\"\" class=\"wp-image-39\"\/><\/figure>\n\n\n\n<p>\u4ee5\u4e0b\u662f\u4f7f\u7528 Istio AuthorizationPolicy \u4e3a Ingress Gateway \u914d\u7f6e IP block \u767d\u540d\u5355\u7684\u793a\u4f8b\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apiVersion: ...\nkind: AuthorizationPolicy\nmetadata:\n  name: white-list\n  namespace: istio-system\nspec:\n  selector:\n    matchLabels:\n      app: istio-ingressgateway\n  action: ALLOW\n  rules:\n  - from:\n    - source:\n        ipBlocks: {single IP or CIDR}<\/code><\/pre>\n\n\n\n<p>Istio 1.9 \u4e4b\u540e\u7684\u7248\u672c\u589e\u5f3a\u4e86\u5bf9 AuthorizationPolicy \u5bf9\u4e8e\u5bf9\u63a5\u5916\u90e8\u9274\u6743\u7cfb\u7edf\u7684\u652f\u6301\uff0c\u53ef\u914d\u7f6e Ingress Gateway \u6309\u7167\u5916\u90e8\u9274\u6743\u7cfb\u7edf\u8fd4\u56de\u7684\u7ed3\u679c\u653e\u901a\u6216\u62d2\u7edd\u6d41\u91cf\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apiVersion: ...\nkind: AuthorizationPolicy\nmetadata:\n  name: ext-authz\n  namespace: istio-system\nspec:\n  selector:\n    matchLabels:\n      app: istio-ingressgateway\n  action: CUSTOM\n  provider:\n    name: \"my-ext-authz-service\"\n  rules: ...<\/code><\/pre>\n\n\n\n<p><strong>3. \u9650\u6d41<\/strong><\/p>\n\n\n\n<p>\u4e1a\u52a1\u89c4\u6a21\u8f83\u5927\uff0c\u540e\u7aef\u670d\u52a1\u63d0\u4f9b\u7ed9\u4f17\u591a\u79df\u6237\u4f7f\u7528\u65f6\uff0c\u9700\u8981\u5728\u5165\u53e3\u5904\u63a7\u5236\u8bf7\u6c42\u7684\u901f\u7387\uff0c\u4f8b\u5982\u9650\u5236\u6bcf\u4e2a User ID \u6bcf\u5206\u949f\u53ea\u80fd\u8bf7\u6c42 \u201c\/product\u201d \u63a5\u53e3 100 \u6b21\u3002<\/p>\n\n\n\n<p>\u4e3a\u4e86\u4f7f\u7528 Istio Ingress Gateway \u7684\u9650\u6d41\u529f\u80fd\uff0c\u9996\u5148\u9700\u8981\u5b89\u88c5 Ratelimit service\uff0c\u53ef\u4ee5\u81ea\u884c\u5b9e\u73b0\u6216\u76f4\u63a5\u4f7f\u7528\u793e\u533a\u7684&nbsp;ratelimit<sup>[7]<\/sup>\uff0c\u7136\u540e\u4f7f\u7528 Envoyfilter \u914d\u7f6e\u9650\u6d41\u89c4\u5219\uff0c\u53ef\u53c2\u8003\u5b98\u65b9\u6587\u6863<sup>[8]<\/sup>\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/ingress-Page-17-1.png\" alt=\"\" class=\"wp-image-40\" width=\"631\" height=\"350\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">2.4.&nbsp;&nbsp;\u573a\u666f\u56db\uff1a\u591a\u96c6\u7fa4\u5f02\u6784\u573a\u666f\u5165\u53e3\u6d41\u91cf\u7ba1\u7406<\/h3>\n\n\n\n<p>\u968f\u7740\u4e1a\u52a1\u89c4\u6a21\u7684\u589e\u52a0\uff0c\u6216\u5bf9\u5bb9\u707e\u3001\u6570\u636e\u5408\u89c4\u6027\u3001\u4e1a\u52a1\u4e4b\u95f4\u9694\u79bb\u8981\u6c42\u7684\u63d0\u5347\uff0c\u4e1a\u52a1\u4f1a\u8003\u8651\u4e0e\u5b9e\u65bd\u90e8\u7f72\u591a\u4e2a Kubernetes \u96c6\u7fa4\uff0c\u751a\u81f3\u4f1a\u51fa\u73b0\u5bb9\u5668\u5316\u73af\u5883\u4e0e\u975e\u5bb9\u5668\u5316\u73af\u5883\u5f02\u6784\u6df7\u5e03\u7684\u60c5\u51b5\uff0c\u7ed9\u5165\u53e3\u6d41\u91cf\u7ba1\u7406\u53c8\u5e26\u6765\u4e86\u4e00\u7cfb\u5217\u65b0\u7684\u6311\u6218\u3002<\/p>\n\n\n\n<p>\u591a Kubernetes \u96c6\u7fa4\u4e00\u822c\u662f\u57fa\u4e8e\u5bb9\u707e\u548c\u4e1a\u52a1\u9694\u79bb\u4e24\u65b9\u9762\u7684\u8003\u8651\uff1a<\/p>\n\n\n\n<p>\uff081\uff09\u5bb9\u707e\u3002Kubernetes \u96c6\u7fa4\u6709\u5730\u57df\u5c5e\u6027\uff0c\u6839\u636e\u5e94\u7528\u4ea4\u4ed8\u63d0\u4f9b\u670d\u52a1\u7684\u8bbf\u95ee\u65f6\u6548\u548c\u5bb9\u707e\u8bc9\u6c42\uff0c\u540c\u4e00\u5e94\u7528\u53ef\u80fd\u5206\u5e03\u5728\u591a\u4e2a\u4e0d\u540c\u7684\u5730\u7406\u533a\u57df\u3002\u591a\uff08\u516c\u6709\uff09\u4e91\u3001\u6df7\u5408\u4e91\uff08IDC + \u516c\u6709\u4e91\uff09\u67b6\u6784\u7684\u5bb9\u707e\uff0c\u4e5f\u9700\u90e8\u7f72\u591a\u4e2a\u96c6\u7fa4\u3002\u8de8\u5730\u57df\u591a\u96c6\u7fa4\u5bb9\u707e\u4e0e\u5c31\u8fd1\u63a5\u5165\u53ef\u901a\u8fc7 DNS \u89e3\u6790\u63d0\u4f9b\uff0c\u4f46 DNS \u6709\u7f13\u5b58\uff0c\u6545\u969c\u8f6c\u79fb\u5b9e\u9645\u751f\u6548\u65f6\u95f4\u53ef\u80fd\u8f83\u957f\uff0c\u5e76\u4e14\u65e0\u6cd5\u89c6\u670d\u52a1\u5065\u5eb7\u7a0b\u5ea6\u5207\u90e8\u5206\u6d41\u91cf\u5230\u5907\u4efd\u5730\u57df\uff0c\u53ea\u80fd\u5168\u90e8\u5207\u6362\u3002<\/p>\n\n\n\n<p>Istio \u57fa\u4e8e\u4ee5\u4e0b\u80fd\u529b\uff1a1. \u591a\u96c6\u7fa4\u670d\u52a1\u53d1\u73b0\u80fd\u529b\uff1b2. \u5730\u57df\u611f\u77e5\u3001\u6545\u969c\u611f\u77e5\u3001\u5bb9\u707e\u6d41\u91cf\u5bb9\u91cf\u89c4\u5212\uff0c\u53ef\u5b9e\u73b0\uff1a1. \u5f53\u6240\u6709\u96c6\u7fa4\u7684\u670d\u52a1\u90fd\u5065\u5eb7\u65f6\uff0c\u6309\u7167\u8bf7\u6c42\u6765\u6e90\u5730\u5c31\u8fd1\u8def\u7531\u81f3\u5bf9\u5e94\u670d\u52a1\uff1b2. \u67d0\u4e2a\u96c6\u7fa4\u7684\u670d\u52a1\u51fa\u73b0\u90e8\u5206\u6545\u969c\u65f6\uff0c\u89c6\u670d\u52a1\u7684\u5065\u5eb7\u7a0b\u5ea6\u8f6c\u79fb\u4e00\u5b9a\u6bd4\u4f8b\u7684\u6d41\u91cf\u5230\u5176\u4ed6\u96c6\u7fa4\u7684\u5907\u4efd\u670d\u52a1\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/sample-multi-cluster-1.png\" alt=\"\" class=\"wp-image-41\" width=\"667\" height=\"457\"\/><\/figure>\n\n\n\n<p>2\uff09\u4e1a\u52a1\u9694\u79bb\u3002\u636e CNCF 2020 \u4e91\u539f\u751f\u8c03\u67e5\u62a5\u544a\u663e\u793a<sup>[1]<\/sup>\uff0c\u7528\u591a\u4e2a\u96c6\u7fa4\u505a\u5e94\u7528\u9694\u79bb\u662f\u4ec5\u6b21\u4e8e\u7528 namespace \u9694\u79bb\u7684\u4f7f\u7528\u65b9\u5f0f\uff0c\u4f7f\u7528\u7387\u4ece 2019 \u5e74\u7684 47% \u4e0a\u5347\u5230\u4e862020\u5e74\u7684 50%\u3002\u591a\u4e2a\u4e1a\u52a1\u4ecd\u5171\u7528\u4e00\u4e2a\u6d41\u91cf\u5165\u53e3\u65f6\uff0c\u63a5\u5165\u5c42\u9700\u5177\u5907\u591a\u96c6\u7fa4\u670d\u52a1\u53d1\u73b0\u7684\u80fd\u529b\uff0c\u5c06\u6d41\u91cf\u6309\u6307\u5b9a\u7b56\u7565\u8def\u7531\u81f3\u6307\u5b9a\u96c6\u7fa4\u7684\u670d\u52a1\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/image2021-4-22_17-41-59.png\" alt=\"\" class=\"wp-image-42\" width=\"507\" height=\"325\"\/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">2.4.1.&nbsp;<strong>\u65b9\u6848\uff1aService Mesh Ingress<\/strong><\/h4>\n\n\n\n<p>Kubernetes Ingress Controller \u9047\u5230\u7684\u4e00\u4e2a\u6311\u6218\u662f\uff0cKubernetes \u96c6\u7fa4\u9694\u79bb\u4e86\u96c6\u7fa4\u95f4\u7684\u670d\u52a1\u53d1\u73b0\uff0cIngress Controller \u53ea\u80fd\u4f5c\u4e3a\u96c6\u7fa4\u7ea7\u522b\u7684\u6d41\u91cf\u5165\u53e3\u3002\u800c Service Mesh \u6280\u672f\u501f\u52a9\u4e8e\u63a7\u5236\u9762\u670d\u52a1\u53d1\u73b0\u7684\u80fd\u529b\uff0c\u53ef\u53d1\u73b0\u6216\u6ce8\u518c\u591a\u4e2a\u96c6\u7fa4\u7684\u670d\u52a1\u751a\u81f3\u5f02\u6784\u670d\u52a1\uff0c\u6253\u901a\u96c6\u7fa4\u95f4\u7684\u670d\u52a1\u53d1\u73b0\u58c1\u5792\uff0c\u4e0d\u53d7\u5e94\u7528\u90e8\u7f72\u5e73\u53f0\u9650\u5236\uff0c\u5929\u7136\u63d0\u4f9b\u4e00\u81f4\u7684\u63a5\u5165\u6d41\u91cf\u8f6c\u53d1\u7ba1\u7406\u80fd\u529b\u3002<\/p>\n\n\n\n<p>Istio \u4f5c\u4e3a\u6700\u53d7\u6b22\u8fce\u7684 Service Mesh \u5f00\u6e90\u9879\u76ee\uff0c\u5b83\u7684\u63a5\u5165\u5c42 Istio Ingress Gateway \u540c\u6837\u63d0\u4f9b\u4e86\u5bf9 Ingress API \u7684\u652f\u6301\uff0c\u4f46\u662f\u4e0d\u5efa\u8bae\u4f7f\u7528 Ingress \u53bb\u914d\u7f6e Ingress Gateway\uff0c\u8fd9\u5927\u5927\u524a\u5f31\u4e86 Istio \u7684\u80fd\u529b\u3002Istio \u5bf9\u6d41\u91cf\u7ba1\u7406\u6a21\u578b\u63d0\u4f9b\u4e86\u66f4\u9ad8\u7a0b\u5ea6\u7684\u62bd\u8c61\uff0c\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528 Istio API \u5b9e\u73b0\u66f4\u7075\u6d3b\u7684\u6d41\u91cf\u7ba1\u7406\u80fd\u529b\uff0c\u5b9e\u73b0\u7070\u5ea6\u53d1\u5e03\uff0c\u8de8\u96c6\u7fa4\u8def\u7531\uff0c\u5730\u57df\u611f\u77e5\u7b49\u9ad8\u7ea7\u7279\u6027\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/ingress-Page-6.png\" alt=\"\" class=\"wp-image-43\" width=\"465\" height=\"265\"\/><\/figure>\n\n\n\n<p>Istio Ingress Gateway \u57fa\u4e8e Envoy \u5b9e\u73b0\uff0cEnvoy&nbsp;\u6700\u521d\u7531 Lyft \u521b\u5efa\uff0c\u662f\u4e00\u6b3e\u4e3a\u4e91\u539f\u751f\u573a\u666f\u8bbe\u8ba1\u7684\u9ad8\u6027\u80fd\u670d\u52a1\u4ee3\u7406\u8f6f\u4ef6\uff0c\u540e\u7531&nbsp;Lyft \u6350\u732e\u5230\u4e86 CNCF \u793e\u533a\uff0c\u5e76\u5df2\u4ece CNCF \u6bd5\u4e1a\u3002<\/p>\n\n\n\n<p><strong>1. \u591a Kubernetes \u96c6\u7fa4\u670d\u52a1\u7ba1\u7406<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/ingress-Page-10-4.png\" alt=\"\" class=\"wp-image-44\" width=\"481\" height=\"307\"\/><\/figure>\n\n\n\n<p>Istiod \u53ef\u4ee5\u901a\u8fc7\u7f51\u683c\u5185\u6240\u6709\u96c6\u7fa4\u7684 API Server \u6765\u83b7\u53d6 endpoints \u4fe1\u606f\uff0c\u805a\u5408\u591a\u4e2a\u96c6\u7fa4\u7684\u4fe1\u606f\u540e\uff0c\u5c06\u6700\u7ec8\u751f\u6210\u7684\u914d\u7f6e\u63a8\u9001\u5230 Ingress Gateway\uff0cIngress Gateway \u53ef\u4ee5\u5c06\u8bf7\u6c42\u6309\u9700\u8f6c\u53d1\u81f3\u7f51\u683c\u5185\u6240\u6709 Pod\u3002<\/p>\n\n\n\n<p><strong>2<\/strong><strong>. \u5730\u57df\u611f\u77e5\u8d1f\u8f7d\u5747\u8861<\/strong><\/p>\n\n\n\n<p>\u5728\u670d\u52a1\u7f51\u683c\u4e2d\uff0c\u4e00\u4e2a Pod \u7684\u5730\u7406\u4fe1\u606f\u5305\u62ec\u4ee5\u4e0b 3 \u4e2a\u90e8\u5206\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Region\uff08\u5730\u57df\uff09\uff1a&nbsp;<\/strong>\u901a\u5e38\u4ee3\u8868\u4e00\u4e2a\u8f83\u5927\u7684\u5730\u7406\u533a\u57df\uff08e.g \u5317\u4eac \u4e0a\u6d77\uff09\uff0c\u5728 Kubernetes \u4e2d\uff0c\u8282\u70b9\u7684\u5730\u57df\u7531\u6807\u7b7e&nbsp;<strong><code>topology.kubernetes.io\/region<\/code><\/strong>&nbsp;\u51b3\u5b9a<\/li><li><strong>Zone\uff08\u53ef\u7528\u533a\uff09\uff1a<\/strong>\u4e00\u4e2a\u5730\u57df\u901a\u5e38\u5305\u542b\u591a\u4e2a\u53ef\u7528\u533a\uff08e.g. \u5317\u4eac\u4e00\u533a \u5317\u4eac\u4e8c\u533a\uff09\uff0c\u5728 Kubernetes \u4e2d\uff0c\u8282\u70b9\u7684\u53ef\u7528\u533a\u7531\u6807\u7b7e&nbsp;<strong><code>topology.kubernetes.io\/zone<\/code><\/strong>&nbsp;\u51b3\u5b9a<\/li><li><strong>Sub-zone \uff1a<\/strong>\u5141\u8bb8\u5bf9\u53ef\u7528\u533a\u505a\u8fdb\u4e00\u6b65\u5212\u5206\u5b9e\u73b0\u66f4\u7ec6\u7c92\u5ea6\u7684\u63a7\u5236\uff0c\u4f8b\u5982\u53ef\u4ee5\u6309\u7167&nbsp;<strong>rack\uff08\u673a\u67b6\uff09<\/strong>\u5212\u5206\uff0c\u5728 Kubernetes \u4e2d\u4e0d\u5b58\u5728 sub-zone \u7684\u6982\u5ff5\uff0cIstio \u4f7f\u7528\u8282\u70b9\u7684&nbsp;<strong><code>topology.istio.io\/subzone<\/code><\/strong>&nbsp;\u6807\u7b7e\u6765\u5b9a\u4e49 sub-zone<\/li><\/ul>\n\n\n\n<p>\u5982\u679c\u4f7f\u7528\u4e91\u5382\u5546\u6258\u7ba1\u7684&nbsp;Kubernetes&nbsp;\u670d\u52a1\uff0c\u8282\u70b9\u7684&nbsp;Region \u548c Zone \u6807\u7b7e\u5df2\u7531\u4e91\u5382\u5546\u914d\u7f6e\uff0c\u4f8b\u5982\u5728 TKE \u96c6\u7fa4\u4e2d\uff0c\u4e0a\u6d77\u4e8c\u533a\u7684\u8282\u70b9\u4f1a\u6709\u4ee5\u4e0b\u6807\u7b7e\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>topology.kubernetes.io\/region: sh<\/strong><\/li><li><strong>topology.kubernetes.io\/zone: &#8220;200002&#8221;<\/strong><\/li><\/ul>\n\n\n\n<p>\u7f51\u683c\u5185\u7684\u96c6\u7fa4\u53ef\u80fd\u5206\u5e03\u5728\u4e0d\u540c\u5730\u57df\u4e0d\u540c\u53ef\u7528\u533a\uff0c\u5927\u591a\u6570\u60c5\u51b5\u4e0b\uff0c\u6211\u4eec\u5e0c\u671b\u5c3d\u91cf\u51cf\u5c11\u8de8\u5730\u57df\/\u8de8\u53ef\u7528\u533a\u7684\u8bf7\u6c42\u8c03\u7528\uff0c\u56e0\u4e3a\u8fd9\u4f1a\u589e\u52a0\u8bf7\u6c42\u65f6\u5ef6\u3002\u56e0\u6b64\u63a5\u5165\u5c42\u9700\u5177\u5907\u611f\u77e5 endpoints \u5730\u7406\u4fe1\u606f\u7684\u80fd\u529b\uff0c\u5e76\u652f\u6301\u6839\u636e\u5730\u7406\u4fe1\u606f\u914d\u7f6e\u8d1f\u8f7d\u5747\u8861\u53ca\u6545\u969c\u8f6c\u79fb\u7b56\u7565\u3002<\/p>\n\n\n\n<p><strong>\uff081\uff09\u5730\u57df\u6545\u969c\u8f6c\u79fb<\/strong><\/p>\n\n\n\n<p>\u5728\u5f00\u542f\u5730\u57df\u8d1f\u8f7d\u5747\u8861\u7684\u60c5\u51b5\u4e0b\uff0cIstio \u4f1a\u544a\u77e5 Ingress Gateway \u5c06\u8bf7\u6c42\u5c31\u8fd1\u8f6c\u53d1\u3002 \u5f53\u6240\u6709\u5b9e\u4f8b\u90fd\u6b63\u5e38\u65f6\uff0c\u8bf7\u6c42\u5c06\u4fdd\u6301\u5728\u540c\u4e00\u5730\u70b9\uff0c\u5f53\u5b9e\u4f8b\u5f02\u5e38\u65f6\uff0c\u6d41\u91cf\u4f1a\u5206\u53d1\u5230\u4e0b\u4e00\u4f18\u5148\u5730\u57df\u7684\u5b9e\u4f8b\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/ingress-Page-15-2.png\" alt=\"\" class=\"wp-image-45\" width=\"476\" height=\"398\"\/><\/figure>\n\n\n\n<p>\u4f8b\u5982\uff0c\u4f4d\u4e8e&nbsp;<code>bj.bj-01<\/code>&nbsp;\u7684 Ingress Gateway \u8f6c\u53d1\u8bf7\u6c42\u7684\u4f18\u5148\u7ea7\u5982\u4e0b\uff1a<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><th class=\"has-text-align-center\" data-align=\"center\">\u4f18\u5148\u7ea7<\/th><th class=\"has-text-align-center\" data-align=\"center\">\u5730\u7406\u4f4d\u7f6e<\/th><th class=\"has-text-align-center\" data-align=\"center\"><\/th><\/tr><\/thead><tbody><tr><td class=\"has-text-align-center\" data-align=\"center\">0<\/td><td class=\"has-text-align-center\" data-align=\"center\">bj.bj-01<\/td><td class=\"has-text-align-center\" data-align=\"center\">Region Zone \u5b8c\u5168\u5339\u914d<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">1<\/td><td class=\"has-text-align-center\" data-align=\"center\">bj.bj-02<\/td><td class=\"has-text-align-center\" data-align=\"center\">Region \u5339\u914d Zone \u4e0d\u5339\u914d<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">2<\/td><td class=\"has-text-align-center\" data-align=\"center\">sh.sh-01\/sh-02<\/td><td class=\"has-text-align-center\" data-align=\"center\">Region Zone \u90fd\u4e0d\u5339\u914d<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><strong>\uff082\uff09\u5730\u57df\u52a0\u6743\u8d1f\u8f7d\u5747\u8861<\/strong><\/p>\n\n\n\n<p>\u5730\u57df\u52a0\u6743\u8d1f\u8f7d\u5747\u8861\u53ef\u4ee5\u5c06\u7528\u6237\u5b9a\u4e49\u7684\u4e00\u5b9a\u767e\u5206\u6bd4\u7684\u6d41\u91cf\u5206\u53d1\u5230\u67d0\u4e9b\u5730\u57df\uff0c\u4f8b\u5982\u6211\u4eec\u53ef\u4ee5\u4f7f\u7528\u5982\u4e0b\u914d\u7f6e\u5206\u53d1\u6d41\u91cf\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>global:\n  localityLbSetting:\n    enabled: true\n    distribute:\n    - from: bj\/bj-01\/*\n        to:\n        \"bj\/bj-01\/*\": 70\n        \"bj\/bj-02\/*\": 20\n        \"sh\/sh-01\/*\": 10<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/ingress-Page-16-3.png\" alt=\"\" class=\"wp-image-46\" width=\"489\" height=\"404\"\/><\/figure>\n\n\n\n<p><strong>3<\/strong><strong>. \u5f02\u6784\u670d\u52a1\u5165\u53e3\u6d41\u91cf\u7ba1\u7406<\/strong><\/p>\n\n\n\n<p>\u9664\u4e86\u591a\u96c6\u7fa4\uff0c\u7528\u6237\u5728\u4e91\u539f\u751f\u6539\u9020\u7684\u8fc7\u7a0b\u4e2d\uff0c\u5e38\u5e38\u4f1a\u9762\u4e34\u90e8\u5206\u670d\u52a1\u5df2\u7ecf\u505a\u4e86\u5bb9\u5668\u5316\u6539\u9020\uff0c\u8fd0\u884c\u5728 Kubernetes \u96c6\u7fa4\uff0c\u90e8\u5206\u4e0d\u4fbf\u6539\u9020\u7684\u670d\u52a1\u4ecd\u5728\u865a\u62df\u673a\u7684\u60c5\u51b5\uff0c\u751a\u81f3\u4f1a\u6709\u90e8\u5206\u4f7f\u7528\u7684\u662f\u4e91\u5382\u5546 serverless \u4e91\u51fd\u6570\u670d\u52a1\uff08e.g. AWS lambda\uff09\u3002\u63a5\u5165\u5c42\u9700\u5177\u5907\u5f02\u6784\u670d\u52a1\u6ce8\u518c\/\u53d1\u73b0\u7684\u80fd\u529b\uff0c\u4ee5\u7ba1\u7406\u5f02\u6784\u90e8\u7f72\u670d\u52a1\u7684\u5357\u5317\u5411\u6d41\u91cf\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/sample-\u5f02\u6784-1.png\" alt=\"\" class=\"wp-image-47\" width=\"455\" height=\"385\"\/><\/figure>\n\n\n\n<p>\u53ef\u4ee5\u901a\u8fc7 Istio \u63d0\u4f9b\u7684&nbsp;WorkloadGroup \u548c&nbsp;WorkloadEntry \u5c06\u865a\u62df\u673a\u4e0a\u7684\u670d\u52a1\u6ce8\u518c\u5230\u7f51\u683c\u5185\uff0c\u540c\u4e00\u4e2a\u670d\u52a1\u53ef\u4ee5\u540c\u65f6\u8fd0\u884c\u5728&nbsp;Kubernetes&nbsp;\u96c6\u7fa4\u548c\u865a\u62df\u673a\u4e0a\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/ingress-Page-13.png\" alt=\"\" class=\"wp-image-48\" width=\"380\" height=\"266\"\/><\/figure>\n\n\n\n<p><strong>Istio Ingress Gateway \u5c0f\u7ed3<\/strong>\uff1aIstio Ingress Gateway \u5728\u5165\u53e3\u7070\u5ea6\u53d1\u5e03\u3001\u5b89\u5168\u3001\u591a\u96c6\u7fa4\u5f02\u6784\u6d41\u91cf\u7ba1\u7406\u7b49\u573a\u666f\u63d0\u4f9b\u4e86\u591a\u96c6\u7fa4\u670d\u52a1\u53d1\u73b0\u3001\u5730\u57df\u611f\u77e5\u3001\u6d41\u91cf\u5bb9\u91cf\u89c4\u5212\uff0c\u4ee5\u53ca\u66f4\u5f3a\u5927\u7075\u6d3b\u7684\u6d41\u91cf\u7ba1\u7406 API \u7684\u652f\u6301\uff0c\u4f46\u4e0e\u6b64\u540c\u65f6\uff0c\u7528\u6237\u4e5f\u4e0d\u5f97\u4e0d\u9762\u5bf9 Istio \u7684\u590d\u6742\u6027\u3002\u9700\u8981\u6295\u5165\u8d44\u6e90\u548c\u4eba\u529b\u6210\u672c\u8fd0\u7ef4 Istiod \u548c Istio Ingress Gateway\uff0c\u96c6\u6210 metric\uff0ctrace\uff0clog \u7b49\u53ef\u89c2\u6d4b\u6027\u53ca\u8bc1\u4e66\u7ba1\u7406\u5468\u8fb9\u7cfb\u7edf\u6210\u672c\u8f83\u9ad8\uff0c\u8fd8\u9700\u8981\u6b63\u786e\u914d\u7f6e\u5404\u79cd CRD\uff08Gateway VirtualService DestinationRule \u7b49\uff09\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"id-\u7cfb\u52171:\u4e91\u539f\u751f\u5e94\u7528\u8d1f\u8f7d\u5747\u8861\u9009\u578b\u6307\u5357-\u63a5\u5165\u5c42\u89e3\u51b3\u65b9\u6848\u529f\u80fd\u5bf9\u6bd4\">2.5.&nbsp;&nbsp;\u63a5\u5165\u5c42\u89e3\u51b3\u65b9\u6848\u529f\u80fd\u5bf9\u6bd4<\/h3>\n\n\n\n<p>\u4ee5\u4e0b\u662f\u817e\u8baf\u4e91\u5bb9\u5668\u73af\u5883\u4e0b\u5e38\u89c1\u7684\u63a5\u5165\u5c42\u89e3\u51b3\u65b9\u6848\u7684\u529f\u80fd\u5bf9\u6bd4\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/WX20220816-180521@2x.png\" alt=\"\" class=\"wp-image-50\" width=\"790\" height=\"510\"\/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"id-\u7cfb\u52171:\u4e91\u539f\u751f\u5e94\u7528\u8d1f\u8f7d\u5747\u8861\u9009\u578b\u6307\u5357-\u591a\u96c6\u7fa4\u7070\u5ea6\u53d1\u5e03\/\u8de8\u96c6\u7fa4\u5bb9\u707eDemo\">3.&nbsp;\u591a\u96c6\u7fa4\u7070\u5ea6\u53d1\u5e03\/\u8de8\u96c6\u7fa4\u5bb9\u707e Demo<\/h2>\n\n\n\n<p>\u4e0b\u9762\u5c06\u4f7f\u7528\u817e\u8baf\u4e91\u670d\u52a1\u7f51\u683c TCM \u63a7\u5236\u53f0\u6f14\u793a Service Mesh Ingress \u505a\u591a Kubernetes \u96c6\u7fa4\u73af\u5883\u4e0b\u7684\u7070\u5ea6\u53d1\u5e03\u548c\u5bb9\u707e\u3002<\/p>\n\n\n\n<p>1.&nbsp;\u521b\u5efa\u670d\u52a1\u7f51\u683c\uff0c\u6dfb\u52a0\u4e24\u4e2a\u90e8\u7f72\u670d\u52a1\u7684\u670d\u52a1\u53d1\u73b0\u96c6\u7fa4\uff08\u57fa\u7840\u76d1\u63a7\u6307\u6807\u81ea\u52a8\u5bf9\u63a5\u5230\u4e91\u76d1\u63a7\uff0c\u53ef\u5728\u63a7\u5236\u53f0\u67e5\u770b\uff0c\u53ef\u89c6\u60c5\u51b5\u5f00\u542f\u4e91\u539f\u751f\u76d1\u63a7\uff0c\u6ee1\u8db3\u81ea\u5b9a\u4e49\u76d1\u63a7\u8bc9\u6c42\uff09\uff0c\u52fe\u9009\u542f\u7528 Ingress Gateway<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"2876\" height=\"1634\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/image2021-4-30_11-40-37.png\" alt=\"\" class=\"wp-image-56\"\/><\/figure>\n\n\n\n<p>2. \u4f7f\u7528 Destination Rule \u5b9a\u4e49 frontend \u670d\u52a1\u7684\u7248\u672c\uff08frontend \u670d\u52a1\u5728\u4e24\u4e2a\u96c6\u7fa4\u5747\u6709\u540c\u6837\u7684\u90e8\u7f72\uff09<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"2878\" height=\"1634\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/image2021-4-30_14-36-10.png\" alt=\"\" class=\"wp-image-58\"\/><\/figure>\n\n\n\n<p>3. \u4f7f\u7528 Gateway \u914d\u7f6e ingress gateway \u76d1\u542c\u89c4\u5219\uff0c\u5f00\u542f 443 \u7aef\u53e3 https \u8bbf\u95ee\uff0c\u4f7f\u7528\u817e\u8baf\u4e91 SSL \u5e73\u53f0\u670d\u52a1\u5668\u8bc1\u4e66<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"2878\" height=\"1582\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/image2021-4-23_12-9-45.png\" alt=\"\" class=\"wp-image-59\"\/><\/figure>\n\n\n\n<p>4. \u4f7f\u7528 VirtualService \u914d\u7f6e\u8def\u7531\u89c4\u5219\uff0c50% \u6d41\u91cf\u8def\u7531\u81f3 v1 \u7248\u672c\uff0c50% \u8def\u7531\u81f3 v2 \u7248\u672c<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"2878\" height=\"1584\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/image2021-4-23_12-11-50.png\" alt=\"\" class=\"wp-image-60\"\/><\/figure>\n\n\n\n<p>5. \u6709\u8bbf\u95ee\u8bf7\u6c42\u540e\uff0c\u67e5\u770b\u5de5\u4f5c\u8d1f\u8f7d\uff08frontend\uff0cfrontend-canary\uff09\u76d1\u63a7\uff0c\u4e24\u4e2a\u7248\u672c\u5747\u6709\u6d41\u91cf\uff0c\u6bd4\u4f8b\u5927\u81f4 1:1<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/image2021-4-23_12-32-42.png\" alt=\"\" class=\"wp-image-61\" width=\"424\" height=\"186\"\/><\/figure>\n\n\n\n<p>6. \u7070\u5ea6\u7ed3\u675f\uff0c\u66f4\u6539\u6743\u91cd\uff0c100% \u7684\u6d41\u91cf\u5747\u8def\u7531\u81f3 v2 \u7248\u672c\uff0c\u518d\u6b21\u67e5\u770b\u5de5\u4f5c\u8d1f\u8f7d\u7684\u76d1\u63a7\u6570\u636e\uff0c\u53d1\u73b0\u6240\u6709\u6d41\u91cf\u90fd\u5df2\u8bf7\u6c42\u81f3 frontend-canary<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/image2021-4-23_12-33-50.png\" alt=\"\" class=\"wp-image-62\" width=\"818\" height=\"286\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/image2021-4-23_13-9-22.png\" alt=\"\" class=\"wp-image-63\" width=\"452\" height=\"213\"\/><\/figure>\n\n\n\n<p>7. \u4e0b\u9762\u6211\u4eec\u901a\u8fc7\u8c03\u6574\u5176\u4e2d\u4e00\u4e2a\u96c6\u7fa4\u7684 frontend \u670d\u52a1\u5de5\u4f5c\u8d1f\u8f7d Pod \u6570\u91cf\u4e3a 0 \u6765\u6a21\u62df\u5176\u4e2d\u4e00\u4e2a\u96c6\u7fa4 frontend \u670d\u52a1\u6545\u969c\u60c5\u51b5\uff0c\u53d1\u73b0\u5176\u4e2d\u4e00\u4e2a\u96c6\u7fa4 frontend \u670d\u52a1\u6545\u969c\u540e\uff0c\u4ecd\u53ef\u4ee5\u6b63\u5e38\u8bbf\u95ee\u8be5\u670d\u52a1\uff0c\u67e5\u770b\u53e6\u4e00\u96c6\u7fa4\u7684 frontend \u670d\u52a1\u7684\u5de5\u4f5c\u8d1f\u8f7d\u76d1\u63a7\uff0c\u4f1a\u53d1\u73b0\u5165\u5e26\u5bbd\u589e\u52a0\u4e86\u4e00\u500d\uff0c\u8868\u660e\u5176\u4e2d\u4e00\u4e2a\u96c6\u7fa4\u7684\u670d\u52a1\u6545\u969c\u540e\uff0c\u6d41\u91cf\u5bb9\u707e\u5207\u5230\u4e86\u53e6\u4e00\u96c6\u7fa4\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/image2021-4-30_15-3-39.png\" alt=\"\" class=\"wp-image-64\" width=\"434\" height=\"254\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/image2021-4-30_15-3-7.png\" alt=\"\" class=\"wp-image-65\" width=\"441\" height=\"136\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/image2021-4-30_15-18-45.png\" alt=\"\" class=\"wp-image-66\" width=\"450\" height=\"188\"\/><\/figure>\n\n\n\n<p>8. \u5982\u6709\u6269\u5c55\u4e1c\u897f\u5411\u6d41\u91cf\u7ba1\u7406\u7684\u9700\u8981\uff0c\u53ef\u4ee5\u7ed9\u4e1a\u52a1\u6ce8\u5165 envoy sidecar\uff0c\u5373\u53ef\u4f7f\u7528\u540c\u4e00\u5957 Istio API \u5b9e\u73b0\u5357\u5317\u4e1c\u897f\u5411\u6d41\u91cf\u4e00\u81f4\u6027\u7ba1\u7406\uff0c\u5f00\u7bb1\u5373\u7528\u7f51\u7edc\u62d3\u6251\u3001\u8c03\u7528\u8ffd\u8e2a\u7b49\u53ef\u89c2\u6d4b\u6027\u529f\u80fd\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/tencent-cloud-mesh.github.io\/meshdemotutorial.github.io\/images\/releaseAndObserve\/2-1-5.png\" alt=\"\u56fe2-1-5-\u7f51\u8def\u62d3\u6251\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/tencent-cloud-mesh.github.io\/meshdemotutorial.github.io\/images\/releaseAndObserve\/2-1-6.png\" alt=\"\u56fe2-1-6-\u94fe\u8def\u8ffd\u8e2a\"\/><\/figure>\n\n\n\n<p>\u817e\u8baf\u4e91\u670d\u52a1\u7f51\u683c TCM\uff0c\u662f\u817e\u8baf\u4e91\u5b8c\u5168\u517c\u5bb9 Istio \u7684 Service Mesh \u4ea7\u54c1\uff0c\u76ee\u524d\u5df2\u5b9e\u73b0\u4e86\u63a7\u5236\u9762\u7ec4\u4ef6\u6258\u7ba1\uff0c\u4f7f\u7528 TCM Ingress Gateway \u53ea\u9700\u8981\u90e8\u7f72\u4e00\u7ec4\u6570\u636e\u9762 envoy pod \u5728\u4e1a\u52a1\u96c6\u7fa4\uff0c\u5373\u53ef\u5f00\u7bb1\u5373\u7528\u4e0a\u8ff0 Istio Ingress Gateway \u7684\u6240\u6709\u5165\u53e3\u6d41\u91cf\u7ba1\u7406\u80fd\u529b\u3002\u540c\u65f6\uff0cTCM \u96c6\u6210\u4e86\u817e\u8baf\u4e91\u76d1\u63a7\u3001\u8bc1\u4e66\u5468\u8fb9\u4ea7\u54c1\uff0c\u63d0\u4f9b\u5f00\u7bb1\u5373\u7528\u7684\u53ef\u89c2\u6d4b\u80fd\u529b\u548c\u8bc1\u4e66\u914d\u7f6e\u529f\u80fd\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/rannix.cloud\/wp-content\/uploads\/2022\/08\/sample-TCM-ingress-gw-1.png\" alt=\"\" class=\"wp-image-67\" width=\"760\" height=\"365\"\/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"id-\u7cfb\u52171:\u4e91\u539f\u751f\u5e94\u7528\u8d1f\u8f7d\u5747\u8861\u9009\u578b\u6307\u5357-\u7ed3\u8bed\">4.&nbsp;&nbsp;\u7ed3\u8bed<\/h2>\n\n\n\n<p>\u672c\u6587\u7531\u4e1a\u52a1\u90e8\u7f72\u53d1\u5c55\u7684\u4e24\u4e2a\u9636\u6bb5\u5f15\u5165\uff0c\u4ecb\u7ecd\u4e86\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>\u4e91\u539f\u751f\u5bb9\u5668\u5316\u73af\u5883\u4e0b\u63a5\u5165\u5c42\u6d41\u91cf\u7ba1\u7406\u7684\u5178\u578b\u573a\u666f\u3002<\/li><li>\u5165\u53e3\u6d41\u91cf\u7ba1\u7406\u7684\u89e3\u51b3\u65b9\u6848\u53ca\u4f18\u52a3\u5bf9\u6bd4\u3002<\/li><li>\u4ee5\u817e\u8baf\u4e91\u670d\u52a1\u7f51\u683c TCM \u4e3a\u4f8b\uff0c\u6f14\u793a Service Mesh Ingress \u591a\u96c6\u7fa4\u73af\u5883\u4e0b\u7070\u5ea6\u53d1\u5e03\u53ca\u670d\u52a1\u8de8\u96c6\u7fa4\u5bb9\u707e\u7684\u80fd\u529b\u3002<\/li><\/ol>\n\n\n\n<p>\u4e3b\u8981\u7ed3\u8bba\u6709\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>\u5bf9\u4e8e\u7b80\u5355\u7684 HTTP \u6d41\u91cf\u7684\u8def\u7531\uff0c\u4f7f\u7528 Kubernetes \u539f\u751f Ingress \u914d\u7f6e\u975e\u5e38\u5bb9\u6613\uff0c\u4e00\u4e9b Ingress Controller \uff08e.g. Nginx, Traefik\uff09\u4e5f\u901a\u8fc7 annotation \u6216 CRD \u6269\u5c55\u4e86\u539f\u751f Ingress \u7684\u529f\u80fd\uff0c\u4f46\u4ecd\u662f<strong>\u96c6\u7fa4\u7ea7\u522b\u7684\u6d41\u91cf\u5165\u53e3<\/strong>\u3002<\/li><li>Service Mesh \u7ea7\u522b\u7684\u63a5\u5165\u5c42\uff0c\u501f\u52a9\u63a7\u5236\u9762\u670d\u52a1\u53d1\u73b0\u7684\u80fd\u529b\uff0c\u53ef\u4f5c\u4e3a<strong>\u591a\u96c6\u7fa4\/\u5f02\u6784\u73af\u5883\u4e0b\u7684\u7edf\u4e00\u6d41\u91cf\u5165\u53e3<\/strong>\uff0c\u53ef\u5177\u5907\u8de8\u96c6\u7fa4\u8def\u7531\uff0c\u5730\u57df\u611f\u77e5\u7b49\u9ad8\u7ea7\u7279\u6027\uff1b\u540e\u7eed\u4e5f\u53ef\u5e73\u6ed1\u6269\u5c55\u4e00\u81f4\u8bed\u6cd5\u7ba1\u7406\u4e1c\u897f\u5411\u6d41\u91cf\u3002<\/li><\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">5. Reference<\/h2>\n\n\n\n<p>[1] https:\/\/kubernetes.io\/docs\/concepts\/services-networking\/ingress\/<\/p>\n\n\n\n<p>[2] https:\/\/www.cncf.io\/wp-content\/uploads\/2020\/12\/CNCF_Survey_Report_2020.pdf<\/p>\n\n\n\n<p>[3] https:\/\/www.envoyproxy.io\/docs\/envoy\/latest\/intro\/what_is_envoy<\/p>\n\n\n\n<p>[4] https:\/\/kubernetes.io\/docs\/concepts\/services-networking\/ingress-controllers\/<\/p>\n\n\n\n<p>[5] https:\/\/istio.io\/latest\/docs\/reference\/config\/security\/<\/p>\n\n\n\n<p>[6] https:\/\/github.com\/envoyproxy\/ratelimit<\/p>\n\n\n\n<p>[7] https:\/\/istio.io\/latest\/docs\/tasks\/policy-enforcement\/rate-limit\/<\/p>\n\n\n\n<p>[8] https:\/\/istio.io\/latest\/docs\/tasks\/traffic-management\/locality-load-balancing\/<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u5171\u540c\u4f5c\u8005\uff1a\u5218\u65ed 1. \u5f15\u8a00 \u5e94\u7528\u7684\u5165\u53e3\u6d41\u91cf\u7ba1\u7406\u4e00\u76f4\u662f\u5f00\u53d1\u8fd0\u7ef4\u5173\u6ce8\u7684\u7126\u70b9\u4e4b\u4e00\uff0c\u968f\u4e1a\u52a1\u90e8\u7f72\u7684\u8ba1\u7b97\u8d44\u6e90\u3001\u7f51\u7edc\u73af\u5883\u3001\u5e94 &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/rannix.cloud\/index.php\/2022\/08\/14\/hello-world\/\" class=\"more-link\">Read more<span class=\"screen-reader-text\"> &#8220;\u4e91\u539f\u751f\u5e94\u7528\u8d1f\u8f7d\u5747\u8861\u9009\u578b\u6307\u5357&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,1],"tags":[],"class_list":["post-1","post","type-post","status-publish","format-standard","hentry","category-service-mesh","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/rannix.cloud\/index.php\/wp-json\/wp\/v2\/posts\/1","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rannix.cloud\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rannix.cloud\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rannix.cloud\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rannix.cloud\/index.php\/wp-json\/wp\/v2\/comments?post=1"}],"version-history":[{"count":7,"href":"https:\/\/rannix.cloud\/index.php\/wp-json\/wp\/v2\/posts\/1\/revisions"}],"predecessor-version":[{"id":68,"href":"https:\/\/rannix.cloud\/index.php\/wp-json\/wp\/v2\/posts\/1\/revisions\/68"}],"wp:attachment":[{"href":"https:\/\/rannix.cloud\/index.php\/wp-json\/wp\/v2\/media?parent=1"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rannix.cloud\/index.php\/wp-json\/wp\/v2\/categories?post=1"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rannix.cloud\/index.php\/wp-json\/wp\/v2\/tags?post=1"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}