Istio的Ingress与Egress网关
2024-05-25 02:39:57
一、认识Ingress
在Istio的流量控制中,Ingress可以理解为前端应用的一个代理网格,当被转发到代理容器的流量到达服务前,会先经过该服务的Ingress Gateway,之后;再有Ingress Gateway转发至后端的VirtualService资源对象上。
二、Ingress实验
1)部署httpbin服务
➜ cat ../../samples/httpbin/httpbin.yaml
# Copyright Istio Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.##################################################################################################
# httpbin service
##################################################################################################
apiVersion: v1
kind: ServiceAccount
metadata:name: httpbin
---
apiVersion: v1
kind: Service
metadata:name: httpbinlabels:app: httpbinservice: httpbin
spec:ports:- name: httpport: 8000targetPort: 80selector:app: httpbin
---
apiVersion: apps/v1
kind: Deployment
metadata:name: httpbin
spec:replicas: 1selector:matchLabels:app: httpbinversion: v1template:metadata:labels:app: httpbinversion: v1spec:serviceAccountName: httpbincontainers:- image: docker.io/kennethreitz/httpbinimagePullPolicy: IfNotPresentname: httpbinports:- containerPort: 80➜ kubectl apply -f ../../samples/httpbin/httpbin.yaml
serviceaccount/httpbin created
service/httpbin created
deployment.apps/httpbin created
2)查看httpbin服务状态
➜ kubectl get pods -o wide | grep httpbin
httpbin-74fb669cc6-vn897 2/2 Running 0 4m15s 10.1.8.133 docker-desktop <none> <none>➜ kubectl get rs -o wide | grep httpbin
httpbin-74fb669cc6 1 1 1 7m5s httpbin docker.io/kennethreitz/httpbin app=httpbin,pod-template-hash=74fb669cc6,version=v1➜ kubectl get deploy -o wide | grep httpbin
httpbin 1/1 1 1 6m52s httpbin docker.io/kennethreitz/httpbin app=httpbin,version=v1➜ kubectl get svc httpbin
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
httpbin ClusterIP 10.110.191.190 <none> 8000/TCP 12m➜ kubectl describe svc httpbin
Name: httpbin
Namespace: default
Labels: app=httpbinservice=httpbin
Annotations: <none>
Selector: app=httpbin
Type: ClusterIP
IP: 10.110.191.190
Port: http 8000/TCP
TargetPort: 80/TCP
Endpoints: 10.1.8.133:80
Session Affinity: None
Events: <none>➜ kubectl describe pods httpbin-74fb669cc6-vn897
Name: httpbin-74fb669cc6-vn897
Namespace: default
Priority: 0
Node: docker-desktop/192.168.65.4
Start Time: Sat, 03 Jul 2021 17:23:17 +0800
Labels: app=httpbinistio.io/rev=defaultpod-template-hash=74fb669cc6security.istio.io/tlsMode=istioservice.istio.io/canonical-name=httpbinservice.istio.io/canonical-revision=v1version=v1
Annotations: kubectl.kubernetes.io/default-container: httpbinkubectl.kubernetes.io/default-logs-container: httpbinprometheus.io/path: /stats/prometheusprometheus.io/port: 15020prometheus.io/scrape: truesidecar.istio.io/status:{"initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-data","istio-podinfo","istiod-ca-cert"],"ima...
Status: Running
IP: 10.1.8.133
IPs:IP: 10.1.8.133
Controlled By: ReplicaSet/httpbin-74fb669cc6
Init Containers:istio-init:Container ID: docker://c2540ee240389633be39ef2c442f4b3a3bda1316a529d247a594c28bd1cefa32Image: docker.io/istio/proxyv2:1.10.1Image ID: docker-pullable://istio/proxyv2@sha256:d9b295da022ad826c54d5bb49f1f2b661826efd8c2672b2f61ddc2aedac78cfcPort: <none>Host Port: <none>Args:istio-iptables-p15001-z15006-u1337-mREDIRECT-i*-x-b*-d15090,15021,15020State: TerminatedReason: CompletedExit Code: 0Started: Sat, 03 Jul 2021 17:23:21 +0800Finished: Sat, 03 Jul 2021 17:23:21 +0800Ready: TrueRestart Count: 0Limits:cpu: 2memory: 1GiRequests:cpu: 10mmemory: 40MiEnvironment: <none>Mounts:/var/run/secrets/kubernetes.io/serviceaccount from httpbin-token-qk94s (ro)
Containers:httpbin:Container ID: docker://3e4dfc72174241724b7c50c27d8d16947b43d126e435b916e39c5a925d79c1f8Image: docker.io/kennethreitz/httpbinImage ID: docker-pullable://kennethreitz/httpbin@sha256:599fe5e5073102dbb0ee3dbb65f049dab44fa9fc251f6835c9990f8fb196a72bPort: 80/TCPHost Port: 0/TCPState: RunningStarted: Sat, 03 Jul 2021 17:26:41 +0800Ready: TrueRestart Count: 0Environment: <none>Mounts:/var/run/secrets/kubernetes.io/serviceaccount from httpbin-token-qk94s (ro)istio-proxy:Container ID: docker://4c0a5a3b8bc0c7ed9f9fb5fac7690f5302652b76e5adf21dd58e4b6c6a8a5c8bImage: docker.io/istio/proxyv2:1.10.1Image ID: docker-pullable://istio/proxyv2@sha256:d9b295da022ad826c54d5bb49f1f2b661826efd8c2672b2f61ddc2aedac78cfcPort: 15090/TCPHost Port: 0/TCPArgs:proxysidecar--domain$(POD_NAMESPACE).svc.cluster.local--serviceClusterhttpbin.$(POD_NAMESPACE)--proxyLogLevel=warning--proxyComponentLogLevel=misc:error--log_output_level=default:info--concurrency2State: RunningStarted: Sat, 03 Jul 2021 17:26:41 +0800Ready: TrueRestart Count: 0Limits:cpu: 2memory: 1GiRequests:cpu: 10mmemory: 40MiReadiness: http-get http://:15021/healthz/ready delay=1s timeout=3s period=2s #success=1 #failure=30Environment:JWT_POLICY: first-party-jwtPILOT_CERT_PROVIDER: istiodCA_ADDR: istiod.istio-system.svc:15012POD_NAME: httpbin-74fb669cc6-vn897 (v1:metadata.name)POD_NAMESPACE: default (v1:metadata.namespace)INSTANCE_IP: (v1:status.podIP)SERVICE_ACCOUNT: (v1:spec.serviceAccountName)HOST_IP: (v1:status.hostIP)CANONICAL_SERVICE: (v1:metadata.labels['service.istio.io/canonical-name'])CANONICAL_REVISION: (v1:metadata.labels['service.istio.io/canonical-revision'])PROXY_CONFIG: {}ISTIO_META_POD_PORTS: [{"containerPort":80,"protocol":"TCP"}]ISTIO_META_APP_CONTAINERS: httpbinISTIO_META_CLUSTER_ID: KubernetesISTIO_META_INTERCEPTION_MODE: REDIRECTISTIO_META_WORKLOAD_NAME: httpbinISTIO_META_OWNER: kubernetes://apis/apps/v1/namespaces/default/deployments/httpbinISTIO_META_MESH_ID: cluster.localTRUST_DOMAIN: cluster.localMounts:/etc/istio/pod from istio-podinfo (rw)/etc/istio/proxy from istio-envoy (rw)/var/lib/istio/data from istio-data (rw)/var/run/secrets/istio from istiod-ca-cert (rw)/var/run/secrets/kubernetes.io/serviceaccount from httpbin-token-qk94s (ro)
Conditions:Type StatusInitialized True Ready True ContainersReady True PodScheduled True
Volumes:istio-envoy:Type: EmptyDir (a temporary directory that shares a pod's lifetime)Medium: MemorySizeLimit: <unset>istio-data:Type: EmptyDir (a temporary directory that shares a pod's lifetime)Medium: SizeLimit: <unset>istio-podinfo:Type: DownwardAPI (a volume populated by information about the pod)Items:metadata.labels -> labelsmetadata.annotations -> annotationslimits.cpu -> cpu-limitrequests.cpu -> cpu-requestistiod-ca-cert:Type: ConfigMap (a volume populated by a ConfigMap)Name: istio-ca-root-certOptional: falsehttpbin-token-qk94s:Type: Secret (a volume populated by a Secret)SecretName: httpbin-token-qk94sOptional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300snode.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:Type Reason Age From Message---- ------ ---- ---- -------Normal Scheduled 4m32s default-scheduler Successfully assigned default/httpbin-74fb669cc6-vn897 to docker-desktopNormal Pulled 4m28s kubelet Container image "docker.io/istio/proxyv2:1.10.1" already present on machineNormal Created 4m28s kubelet Created container istio-initNormal Started 4m28s kubelet Started container istio-initNormal Pulling 4m28s kubelet Pulling image "docker.io/kennethreitz/httpbin"Normal Pulled 69s kubelet Successfully pulled image "docker.io/kennethreitz/httpbin" in 3m18.6849062sNormal Created 69s kubelet Created container httpbinNormal Started 68s kubelet Started container httpbinNormal Pulled 68s kubelet Container image "docker.io/istio/proxyv2:1.10.1" already present on machineNormal Created 68s kubelet Created container istio-proxyNormal Started 68s kubelet Started container istio-proxy
3)创建Ingress Gateway
➜ cat ingress.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:name: httpbin-gateway
spec:selector:istio: ingressgatewayservers:- port:number: 80name: httpprotocol: HTTPhosts:- "httpbin.example.com"➜ kubectl apply -f ingress.yaml
gateway.networking.istio.io/httpbin-gateway created➜ kubectl get gw httpbin-gateway -o wide
NAME AGE
httpbin-gateway 32s➜ kubectl describe gw httpbin-gateway
Name: httpbin-gateway
Namespace: default
Labels: <none>
Annotations: <none>
API Version: networking.istio.io/v1beta1
Kind: Gateway
Metadata:Creation Timestamp: 2021-07-03T09:32:32ZGeneration: 1Managed Fields:API Version: networking.istio.io/v1alpha3Fields Type: FieldsV1fieldsV1:f:metadata:f:annotations:.:f:kubectl.kubernetes.io/last-applied-configuration:f:spec:.:f:selector:.:f:istio:f:servers:Manager: kubectl-client-side-applyOperation: UpdateTime: 2021-07-03T09:32:32ZResource Version: 632602Self Link: /apis/networking.istio.io/v1beta1/namespaces/default/gateways/httpbin-gatewayUID: d1a475fb-a50a-485d-817c-4dedbb3426a9
Spec:Selector:Istio: ingressgatewayServers:Hosts:httpbin.example.comPort:Name: httpNumber: 80Protocol: HTTP
Events: <none>
4)创建对应的Virtual Service
➜ cat virtualservice.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:name: httpbin
spec:hosts:- "httpbin.example.com"gateways:- httpbin-gatewayhttp:- match:- uri:prefix: /status- uri:prefix: /delayroute:- destination:port:number: 8000host: httpbin➜ kubectl apply -f virtualservice.yaml
virtualservice.networking.istio.io/httpbin created
5)查看Virtual Service状态
➜ kubectl get vs -o wide | grep httpbin
httpbin ["httpbin-gateway"] ["httpbin.example.com"] 56s➜ kubectl describe vs httpbin
Name: httpbin
Namespace: default
Labels: <none>
Annotations: <none>
API Version: networking.istio.io/v1beta1
Kind: VirtualService
Metadata:Creation Timestamp: 2021-07-03T09:39:26ZGeneration: 1Managed Fields:API Version: networking.istio.io/v1alpha3Fields Type: FieldsV1fieldsV1:f:metadata:f:annotations:.:f:kubectl.kubernetes.io/last-applied-configuration:f:spec:.:f:gateways:f:hosts:f:http:Manager: kubectl-client-side-applyOperation: UpdateTime: 2021-07-03T09:39:26ZResource Version: 633475Self Link: /apis/networking.istio.io/v1beta1/namespaces/default/virtualservices/httpbinUID: 4bf50ddd-6d1c-4e3b-948e-56d04b5f2332
Spec:Gateways:httpbin-gatewayHosts:httpbin.example.comHttp:Match:Uri:Prefix: /statusUri:Prefix: /delayRoute:Destination:Host: httpbinPort:Number: 8000
Events: <none>
6)访问测试
httpbin服务有两个测试的url,分别是status与delay,status用于返回客户端传入的状态码,delay用于客户端自定义延迟多久返回响应报文。
➜ curl -I -HHost:httpbin.example.com http://localhost/status/200
HTTP/1.1 200 OK
server: istio-envoy
date: Sat, 03 Jul 2021 09:56:10 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
content-length: 0
x-envoy-upstream-service-time: 29➜ curl -I -HHost:httpbin.example.com http://localhost/status/301
HTTP/1.1 301 Moved Permanently
server: istio-envoy
date: Sat, 03 Jul 2021 09:57:08 GMT
location: /redirect/1
access-control-allow-origin: *
access-control-allow-credentials: true
content-length: 0
x-envoy-upstream-service-time: 44➜ curl -I -HHost:httpbin.example.com http://localhost/status/502
HTTP/1.1 502 Bad Gateway
server: istio-envoy
date: Sat, 03 Jul 2021 09:56:38 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
content-length: 0
x-envoy-upstream-service-time: 39➜ curl -I -HHost:httpbin.example.com http://localhost/status/504
HTTP/1.1 504 Gateway Timeout
server: istio-envoy
date: Sat, 03 Jul 2021 09:56:52 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
content-length: 0
x-envoy-upstream-service-time: 38➜ time curl -I -HHost:httpbin.example.com http://localhost/delay/2
HTTP/1.1 200 OK
server: istio-envoy
date: Sat, 03 Jul 2021 09:57:35 GMT
content-type: application/json
content-length: 737
access-control-allow-origin: *
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2009curl -I -HHost:httpbin.example.com http://localhost/delay/2 0.00s user 0.01s system 0% cpu 2.023 total➜ time curl -I -HHost:httpbin.example.com http://localhost/delay/5
HTTP/1.1 200 OK
server: istio-envoy
date: Sat, 03 Jul 2021 09:58:32 GMT
content-type: application/json
content-length: 737
access-control-allow-origin: *
access-control-allow-credentials: true
x-envoy-upstream-service-time: 5005curl -I -HHost:httpbin.example.com http://localhost/delay/5 0.00s user 0.01s system 0% cpu 5.016 total
三、认识Egress
Egress网关允许您通过自定义Egress网关策略,来管理集群内部服务的流量出集群时的控制管理。
四、Egress实验
1)查看集群Egress Gateway组件是否存在
➜ kubectl get pods -n istio-system | grep egressgateway
istio-egressgateway-5796fb8ccf-jjtjl 1/1 Running 2 14d
2)创建sleep服务
➜ kubectl apply -f ../../samples/sleep/sleep.yaml
serviceaccount/sleep created
service/sleep created
deployment.apps/sleep created➜ kubectl get pods -o wide | grep sleep
sleep-557747455f-rhj7k 2/2 Running 0 28s 10.1.8.134 docker-desktop <none> <none>➜ kubectl get deploy -o wide | grep sleep
sleep 1/1 1 1 49s sleep curlimages/curl app=sleep➜ kubectl get rs -o wide | grep sleep
sleep-557747455f 1 1 1 59s sleep curlimages/curl app=sleep,pod-template-hash=557747455f➜ kubectl get svc -o wide | grep sleep
sleep ClusterIP 10.106.229.29 <none> 80/TCP 66s app=sleep
3)为外部服务定义Service Entry
➜ cat serviceentry.yaml
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:name: httpbin
spec:hosts:- httpbin.orgports:- number: 80name: http-portprotocol: HTTPresolution: DNS➜ kubectl apply -f serviceentry.yaml
serviceentry.networking.istio.io/httpbin created➜ kubectl get serviceentry -o wide
NAME HOSTS LOCATION RESOLUTION AGE
httpbin ["httpbin.org"] DNS 22s➜ kubectl describe serviceentry httpbin
Name: httpbin
Namespace: default
Labels: <none>
Annotations: <none>
API Version: networking.istio.io/v1beta1
Kind: ServiceEntry
Metadata:Creation Timestamp: 2021-07-03T10:11:12ZGeneration: 1Managed Fields:API Version: networking.istio.io/v1alpha3Fields Type: FieldsV1fieldsV1:f:metadata:f:annotations:.:f:kubectl.kubernetes.io/last-applied-configuration:f:spec:.:f:hosts:f:ports:f:resolution:Manager: kubectl-client-side-applyOperation: UpdateTime: 2021-07-03T10:11:12ZResource Version: 637531Self Link: /apis/networking.istio.io/v1beta1/namespaces/default/serviceentries/httpbinUID: ff8a43a4-a5d2-410c-ad7a-62d967f31c02
Spec:Hosts:httpbin.orgPorts:Name: http-portNumber: 80Protocol: HTTPResolution: DNS
Events: <none>
4)查看Egress Gateway日志,查看sleep服务访问外部服务是否经过Egress Gateway
➜ kubectl logs -f istio-egressgateway-5796fb8ccf-jjtjl -n istio-systemkubectl exec -it sleep-557747455f-rhj7k -c sleep -- curl http:/httpbin.org/ip
{"origin": "58.49.32.170"
}
5)定义路由,将流量引导至Egress Gateway
➜ cat virtualservice.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:name: vs-for-egressgateway
spec:hosts:- httpbin.orggateways:- istio-egressgateway- meshhttp:- match:- gateways:- methport: 80route: - destination:host: istio-egressgateway.istio-system.svc.cluster.localsubset: httpbinport:number: 80weight: 100- match:- gateways:- istio-egressgatewayport: 80route:- destination:host: httpbin.orgport: number: 80weight: 100➜ kubectl apply -f virtualservice.yaml
virtualservice.networking.istio.io/vs-for-egressgateway created➜ kubectl get vs -o wide | grep vs-for-egressgateway
vs-for-egressgateway ["istio-egressgateway","mesh"] ["httpbin.org"] 21s➜ kubectl describe vs vs-for-egressgateway
Name: vs-for-egressgateway
Namespace: default
Labels: <none>
Annotations: <none>
API Version: networking.istio.io/v1beta1
Kind: VirtualService
Metadata:Creation Timestamp: 2021-07-03T10:18:46ZGeneration: 1Managed Fields:API Version: networking.istio.io/v1alpha3Fields Type: FieldsV1fieldsV1:f:metadata:f:annotations:.:f:kubectl.kubernetes.io/last-applied-configuration:f:spec:.:f:gateways:f:hosts:f:http:Manager: kubectl-client-side-applyOperation: UpdateTime: 2021-07-03T10:18:46ZResource Version: 638484Self Link: /apis/networking.istio.io/v1beta1/namespaces/default/virtualservices/vs-for-egressgatewayUID: cbd00a94-cb8d-46f5-9669-6df3584e0178
Spec:Gateways:istio-egressgatewaymeshHosts:httpbin.orgHttp:Match:Gateways:methPort: 80Route:Destination:Host: istio-egressgateway.istio-system.svc.cluster.localPort:Number: 80Subset: httpbinWeight: 100Match:Gateways:istio-egressgatewayPort: 80Route:Destination:Host: httpbin.orgPort:Number: 80Weight: 100
Events: <none>
➜ cat destinationrule.yaml
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:name: dr-for-egressgateway
spec:host: istio-egressgateway.istio-system.svc.cluster.localsubsets:- name: httpbin➜ kubectl apply -f destinationrule.yaml
destinationrule.networking.istio.io/dr-for-egressgateway created➜ kubectl get dr -o wide
NAME HOST AGE
dr-for-egressgateway istio-egressgateway.istio-system.svc.cluster.local 6s➜ kubectl describe dr dr-for-egressgateway
Name: dr-for-egressgateway
Namespace: default
Labels: <none>
Annotations: <none>
API Version: networking.istio.io/v1beta1
Kind: DestinationRule
Metadata:Creation Timestamp: 2021-07-03T10:21:31ZGeneration: 1Managed Fields:API Version: networking.istio.io/v1alpha3Fields Type: FieldsV1fieldsV1:f:metadata:f:annotations:.:f:kubectl.kubernetes.io/last-applied-configuration:f:spec:.:f:host:f:subsets:Manager: kubectl-client-side-applyOperation: UpdateTime: 2021-07-03T10:21:31ZResource Version: 638834Self Link: /apis/networking.istio.io/v1beta1/namespaces/default/destinationrules/dr-for-egressgatewayUID: bee9b39e-a9ac-4e36-803d-153bdf40c97d
Spec:Host: istio-egressgateway.istio-system.svc.cluster.localSubsets:Name: httpbin
Events: <none>
6)再次使用sleep服务访问外部服务,查看Egress Gateway是否有相应的日志
kubectl exec -it sleep-557747455f-rhj7k -c sleep -- curl http:/httpbin.org/ip
{"origin": "113.57.121.60"
}➜ kubectl logs -l istio=egressgateway -c istio-proxy -n istio-system | tail
[2021-07-03 T18:38:49.810Z] "GET /politics HTTP/2" 200 - "-" "-" 0 0 1445 1444 "10.80.3.231" "curl/7.64.0" "2151bde2-4382-4e2f-b088-e464943c2a9b" "httpbin.org" "113.57.121.60:80" outbound|80||edition.cnn.com 10.80.3.232:51516 10.80.3.232:8080 10.80.3.231:38072 - -
Istio的Ingress与Egress网关相关推荐
- 六, 跨语言微服务框架 - Istio Ingress和Egress详解(解决Istio无法外网访问问题)
在微服务中另外一个重点就是网关,网关理论包含入口网关和出口网关,传统意义上的网关很难做到出口网络控制,但是对于Istio是一件非常轻松的事情(因为所有的出口流量都会经过Istio),入口网关控制解析路 ...
- k8s ingress and egress
上次面试被问到Ingress 一脸懵逼 -_-||,这回学习记录一下. simple architecture of ingress in k8s: create ingress controller ...
- 7-4 NetworkPolicy网络策略简介与Ingress及Egress案例
文章目录 前言 准备工作 linux命名空间 python命名空间 Ingress策略 podSelector podSelector-SinglePort podSelector-MultiPort ...
- Istio 大咖说第 7 期直播预告:基于 Envoy/Istio 的云原生 API 网关——开源项目 Hango 的设计与实现...
讲师简介 韩佳浩,网易数帆资深研发工程师,主导 Hango 网关开源研发及设计,负责网易数帆轻舟 API 网关集团内部大规模落地及产品化建设.具有三年网关相关研发及大规模实践经验. 话题介绍 云原生架 ...
- Configure an Egress Gateway(0.8)
Control Egress Traffic task 演示了在服务网格内的应用如何访问外部(k8s集群外)的HTTP和HTTPS服务.快速提醒:默认情况下,启用Istio的应用不能访问集群外部的UR ...
- Istio 架构的演进,为什么会有 istiod ?
Service Mesh 化繁为简:基于 Istiod 回归单体设计 作为 Service Mesh 领域最具权威的控制面,Istio 从 2017 年发布第一个版本后,就有着一个堪称"非常 ...
- Istio Egress Gateway出口流量管理
缺省状态下,Istio服务网格内的Pod,由于其iptables将所有外发流量都透明的转发给了sidecar,所以这些集群内的服务无法访问集群之外的 URL,而只能处理集群内部的目标. 控制出口流量描 ...
- 基于Istio Ingress对外提供服务
文章目录 创建应用服务 创建VirtualService 通过Ingress Gateway访问服务 分析请求过程 Ingress Gateway Service iptables规则 Envoy配置 ...
- Istio 首次安全评估结果公布
本文译自 Istio 社区官方博客 Announcing the results of Istio's first security assessment[1],作者 Neeraj Poddar,译者 ...
最新文章
- Unity2D游戏开发基础教程1.2 项目、资源和场景
- 从oracle9i/92数据库中导出数据至 oracle 8.1.7 数据库中
- YoloV5 最强剪枝技术 模型压缩,3ms推理的YoloV5mAP60
- 小波的秘密6_小波包的理解
- 深度学习:神经网络,softmax + cross entropy,非tensorflow方式
- linux svn cleanup 用法,SVN命令之清理命令(clean up)的功能及使用技巧
- 29使用QRcode方式生成二维码
- 手机端判断触摸滑动方向
- b2c京东流程图_京东商城的商业模式及其运作流程(精)
- JavaScript基础知识
- 关于iOS7越狱的整理
- Gsensor驱动调试
- [第一篇] 桌面快捷方式小箭头的取消与恢复
- c/s模型和b/s模型
- Qt 自定义tablewidget(背景色,标题箭头)
- WIN10+VS2015部署PanddleOCR
- 重构机器学习算法的知识体系 - 《终极算法》读书笔记
- Python pip 修改镜像源为豆瓣源的两种方法
- 开机出现“Disk I/O error”的故障解决
- nacl溶解度_科普下氯化钠溶解度