Alibaba Cloud Service Mesh (ASM) allows you to create an ingress gateway for your ASM instance in the console. Alternatively, you can use the Kubernetes API to create and manage an ingress gateway. This topic describes how to create and query information about an ingress gateway by using the Kubernetes API.
Prerequisites
Background information
ASM provides a Kubernetes custom resource definition (CRD) in which thekind parameter is set to IstioGateway and the apiVersion parameter is set to istio.alibabacloud.com/v1beta1. ASM also provides a controller for the Kubernetes CRD. The controller monitors the changes of the Kubernetes CRD, and updates the service, deployment, and service account of the Kubernetes cluster in which the controller runs. You can use the Kubernetes API server to manage the CRD. Create an ingress gateway
Important You must deploy an ingress gateway in the istio-system namespace so that the configurations of the ingress gateway can be obtained when it is started. This ensures a successful startup. If you deploy an ingress gateway in another namespace, the ingress gateway fails to be started if the Istio version is 1.6 or later because the configurations of the ingress gateway cannot be obtained.
- Create a myexample-customingressgateway.yaml file that contains the following content. For more information about the parameters, see Modify an ingress gateway service.
apiVersion: istio.alibabacloud.com/v1beta1 kind: IstioGateway metadata: name: "myexample-customingressgateway" namespace: "istio-system" spec: clusterIds: - "cluster1Id" - "cluster2Id" cpu: targetAverageUtilization: 80 env: - name: "envname1" value: "envvalue1" externalTrafficPolicy: Local podLabels: key1: value1 ports: - name: status-port port: 15020 targetPort: 15020 - name: http2 port: 80 targetPort: 80 - name: https port: 443 targetPort: 0 - name: tls port: 15443 targetPort: 15443 replicaCount: 1 resources: limits: cpu: '2' memory: 2G requests: cpu: 200m memory: 256Mi # - name: config-volume-lua # configMapName: lua-libs # mountPath: /var/lib/lua # secretVolumes: # - name: myexample-customingressgateway-certs # secretName: istio-myexample-customingressgateway-certs # mountPath: /etc/istio/myexample-customingressgateway-certs serviceType: LoadBalancer serviceAnnotations: service.beta.kubernetes.io/alicloud-loadbalancer-address-type: internet serviceLabels: serviceLabelKey1: "serviceLabelValue1" podAnnotations: podAnnotationsKey1: "podAnnotationsValue1" rollingMaxSurge: "100%" rollingMaxUnavailable: "25%" overrides: cluster1Id: replicaCount: 1 resources: limits: cpu: '2' memory: 2G requests: cpu: 200m memory: 256Mi serviceAnnotations: service.beta.kubernetes.io/alicloud-loadbalancer-address-type: internet service.beta.kubernetes.io/alibaba-cloud-loadbalancer-spec: "slb.s1.small" cluster2Id: replicaCount: 2 resources: limits: cpu: '4' memory: 4G requests: cpu: 400m memory: 512Mi serviceAnnotations: service.beta.kubernetes.io/alicloud-loadbalancer-address-type: internet service.beta.kubernetes.io/alibaba-cloud-loadbalancer-spec: "slb.s2.small" hostNetwork: true dnsPolicy: "ClusterFirstWithHostNet"Note If you want to use Go client for Kubernetes to create and manage an ingress gateway, see the sample Go types file of Istiogateway. - Use kubectl to connect to the ASM instance. For more information, see Use kubectl to connect to an ASM instance.
- Create a namespace that is named myexample. For more information, see Create a namespace.
- Run the following command to deploy the ingress gateway:
kubectl apply -f myexample-customingressgateway.yaml
Query information of the ingress gateway
You can view the details and pod information of the ingress gateway in the Container Service for Kubernetes (ACK) console.
View the details of the ingress gateway
- Log on to the ACK console and click Clusters in the left-side navigation pane.
- On the Clusters page, click the name of a cluster and choose in the left-side navigation pane.
- On the Services page, select myexample from the Namespace drop-down list.
- Find the ingress gateway that you want to view and click Details in the Actions column.
View the pod information of the ingress gateway
- Log on to the ACK console and click Clusters in the left-side navigation pane.
- On the Clusters page, click the name of a cluster and choose in the left-side navigation pane.
- On the Pods page, select myexample from the Namespace drop-down list.
- Find the pod that you want to view and click Details in the Actions column.
References
The following code shows a sample Go types file of Istiogateway:
package v1beta1
import (
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
type GatewayType string
type ConfigState string
const (
GatewayTypeIngress GatewayType = "ingress"
GatewayTypeEgress GatewayType = "egress"
)
// IstioGatewaySpec defines the desired state of Istio
// +k8s:openapi-gen=true
type IstioGatewaySpec struct {
// +kubebuilder:validation:Enum=ingress;egress
GatewayType GatewayType `json:"gatewayType,omitempty"`
IstioGatewayBasicConfiguration `json:",inline"`
ClusterIds []string `json:"clusterIds,omitempty"`
clusterId string `json:"clusterId,omitempty"`
Overrides map[string]IstioGatewayBasicConfiguration `json:"overrides,omitempty"`
}
type KernelParameters struct {
NetCoreSoMaxConn *string `json:"net.core.somaxconn,omitempty"`
NetCoreNetdevMaxBacklog *string `json:"net.core.netdev_max_backlog,omitempty"`
NetIpv4TcpRMem *string `json:"net.ipv4.tcp_rmem,omitempty"`
NetIpv4TcpWMem *string `json:"net.ipv4.tcp_wmem,omitempty"`
NetIpv4IpLocalPortRange *string `json:"net.ipv4.ip_local_port_range,omitempty"`
NetIpv4TcpFinTimeout *string `json:"net.ipv4.tcp_fin_timeout,omitempty"`
NetIpv4TcpTwTimeout *string `json:"net.ipv4.tcp_tw_timeout,omitempty"`
NetIpv4TcpTwReuse *string `json:"net.ipv4.tcp_tw_reuse,omitempty"`
NetIpv4TcpTwRecycle *string `json:"net.ipv4.tcp_tw_recycle,omitempty"`
NetIpv4TcpTimestamps *string `json:"net.ipv4.tcp_timestamps,omitempty"`
NetIpv4TcpRetries2 *string `json:"net.ipv4.tcp_retries2,omitempty"`
NetIpv4TcpSlowStartAfterIdle *string `json:"net.ipv4.tcp_slow_start_after_idle,omitempty"`
NetIpv4TcpMaxOrphans *string `json:"net.ipv4.tcp_max_orphans,omitempty"`
NetIpv4TcpMaxSynBacklog *string `json:"net.ipv4.tcp_max_syn_backlog,omitempty"`
NetIpv4TcpNoMetricsSave *string `json:"net.ipv4.tcp_no_metrics_save,omitempty"`
NetIpv4TcpAutocorking *string `json:"net.ipv4.tcp_autocorking,omitempty"`
KernelPrintk *string `json:"kernel.printk,omitempty"`
VmSwappiness *string `json:"vm.swappiness,omitempty"`
}
type KernelConfiguration struct {
Enabled *bool `json:"enabled,omitempty"`
Parameters KernelParameters `json:"parameters,omitempty"`
}
type GzipCompressorConfiguration struct {
MemoryLevel *uint32 `json:"memory_level,omitempty"`
CompressionLevel *string `json:"compression_level,omitempty"`
CompressionStrategy *string `json:"compression_strategy,omitempty"`
WindowBits *uint32 `json:"window_bits,omitempty"`
ChunkSize *uint32 `json:"chunk_size,omitempty"`
}
type CompressorConfiguration struct {
Enabled *bool `json:"enabled,omitempty"`
MinContentLength *uint32 `json:"min_content_length,omitempty"`
ContentType *[]string `json:"content_type,omitempty"`
DisableOnETagHeader *bool `json:"disable_on_etag_header,omitempty"`
RemoveAcceptEncodingHeader *bool `json:"remove_accept_encoding_header,omitempty"`
Gzip *GzipCompressorConfiguration `json:"gzip,omitempty"`
}
type ReadinessProbeConfiguration struct {
FailureThreshold int32 `json:"failureThreshold,omitempty"`
PeriodSeconds int32 `json:"periodSeconds,omitempty"`
SuccessThreshold int32 `json:"successThreshold,omitempty"`
}
// +k8s:openapi-gen=true
type IstioGatewayBasicConfiguration struct {
ReplicaCount int32 `json:"replicaCount,omitempty"`
AutoscaleEnabled bool `json:"autoscaleEnabled,omitempty"`
MinReplicas int32 `json:"minReplicas,omitempty"`
MaxReplicas int32 `json:"maxReplicas,omitempty"`
// +kubebuilder:validation:Enum=ClusterIP;NodePort;LoadBalancer
ServiceType corev1.ServiceType `json:"serviceType,omitempty"`
LoadBalancerIP string `json:"loadBalancerIP,omitempty"`
ExternalTrafficPolicy string `json:"externalTrafficPolicy,omitempty"`
ServiceAnnotations map[string]string `json:"serviceAnnotations,omitempty"`
PodAnnotations map[string]string `json:"podAnnotations,omitempty"`
ServiceLabels map[string]string `json:"serviceLabels,omitempty"`
PodLabels map[string]string `json:"podLabels,omitempty"`
Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
EnvVars []corev1.EnvVar `json:"env,omitempty"`
Ports []corev1.ServicePort `json:"ports,omitempty"`
MeshExpansionPorts []corev1.ServicePort `json:"meshExpansionPorts,omitempty"`
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
ApplicationPorts string `json:"applicationPorts,omitempty"`
RequestedNetworkView string `json:"requestedNetworkView,omitempty"`
Affinity *corev1.Affinity `json:"affinity,omitempty"`
Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
SecretVolumes []SecretVolume `json:"secretVolumes,omitempty"`
ConfigVolumes []ConfigVolume `json:"configVolumes,omitempty"`
RollingMaxSurge *string `json:"rollingMaxSurge,omitempty"`
RollingMaxUnavailable *string `json:"rollingMaxUnavailable,omitempty"`
CPU HpaCPU `json:"cpu,omitempty"`
Memory HpaMemory `json:"memory,omitempty"`
Kernel KernelConfiguration `json:"kernel,omitempty"`
Compressor CompressorConfiguration `json:"compression,omitempty"`
RunAsRoot *bool `json:"runAsRoot,omitempty"`
Lifecycle *corev1.Lifecycle `json:"lifecycle,omitempty"`
ReadinessProbe ReadinessProbeConfiguration `json:"readinessProbe,omitempty"`
HostNetwork *bool `json:"hostNetwork,omitempty"`
DnsPolicy corev1.DNSPolicy `json:"dnsPolicy,omitempty"`
AutoCreateGatewayYaml *bool `json:"autoCreateGatewayYaml,omitempty"`
}
type SecretVolume struct {
Name string `json:"name,omitempty"`
SecretName string `json:"secretName,omitempty"`
MountPath string `json:"mountPath,omitempty"`
}
type ConfigVolume struct {
Name string `json:"name,omitempty"`
ConfigMapName string `json:"configMapName,omitempty"`
MountPath string `json:"mountPath,omitempty"`
}
// +k8s:openapi-gen=true
type HpaCPU struct {
TargetAverageUtilization *int32 `json:"targetAverageUtilization,omitempty"`
}
// +k8s:openapi-gen=true
type HpaMemory struct {
TargetAverageUtilization *int32 `json:"targetAverageUtilization,omitempty"`
}
// +k8s:openapi-gen=true
type IstioGatewayStatus struct {
// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
// Important: Run "operator-sdk generate k8s" to regenerate code after modifying this file
// Add custom validation using kubebuilder tags: https://book.kubebuilder.io/beyond_basics/generating_crd.html
Status ConfigState `json:"Status,omitempty"`
GatewayAddress []string `json:"GatewayAddress,omitempty"`
ClusterIdGatewayAddressMap []GatewayAddress `json:"ClusterIdGatewayAddressMap,omitempty"`
ErrorMessage string `json:"ErrorMessage,omitempty"`
}
// +k8s:openapi-gen=true
type GatewayAddress struct {
IPAddress string `json:"ipAddress,omitempty"`
ClusterId string `json:"clusterId,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// IstioGateway is the Schema for the istiogateways API
// +k8s:openapi-gen=true
// +kubebuilder:subresource:status
type IstioGateway struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec IstioGatewaySpec `json:"spec,omitempty"`
Status IstioGatewayStatus `json:"status,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// IstioGatewayList contains a list of IstioGateway
type IstioGatewayList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []IstioGateway `json:"items"`
}