istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/content/en/docs/tasks/traffic-management/ingress/gateway-api/index.md

3.6 KiB
Raw Blame History

title description weight aliases keywords owner test
Kubernetes Gateway API Describes how to configure the Kubernetes Gateway API with Istio. 50
/docs/tasks/traffic-management/ingress/service-apis/
/latest/docs/tasks/traffic-management/ingress/service-apis/
traffic-management
ingress
istio/wg-networking-maintainers yes

This task describes how to configure Istio to expose a service outside of the service mesh cluster, using the Kubernetes Gateway API. These APIs are an actively developed evolution of the Kubernetes Service and Ingress APIs.

Setup

  1. Install the Gateway API CRDs:

    {{< text bash >}} $ kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v0.4.0-rc1" | kubectl apply -f - {{< /text >}}

  2. Install Istio:

    {{< text bash >}} $ istioctl install {{< /text >}}

  3. Follow the instructions in the Determining the ingress IP and ports sections of the Ingress Gateways task in order to retrieve the external IP address of your ingress gateway.

Configuring a Gateway

See the Gateway API documentation for information about the APIs.

  1. Deploy a test application:

    {{< text bash >}} $ kubectl apply -f @samples/httpbin/httpbin.yaml@ {{< /text >}}

  2. Deploy the Gateway API configuration:

    {{< text bash >}} $ kubectl apply -f - <<EOF apiVersion: gateway.networking.k8s.io/v1alpha2 kind: GatewayClass metadata: name: istio spec: controller: istio.io/gateway-controller

    apiVersion: gateway.networking.k8s.io/v1alpha2 kind: Gateway metadata: name: gateway namespace: istio-system spec: gatewayClassName: istio listeners:

    • name: default hostname: "*.example.com" port: 80 protocol: HTTP allowedRoutes: namespaces: from: All

    apiVersion: gateway.networking.k8s.io/v1alpha2 kind: HTTPRoute metadata: name: http namespace: default spec: parentRefs:

    • name: gateway namespace: istio-system hostnames: ["httpbin.example.com"] rules:
    • matches:
      • path: type: Prefix value: /get filters:
      • type: RequestHeaderModifier requestHeaderModifier: add:
        • name: my-added-header value: added-value backendRefs:
      • name: httpbin port: 8000 EOF {{< /text >}}

  3. Access the httpbin service using curl:

    {{< text bash >}} $ curl -s -I -HHost:httpbin.example.com "http://$INGRESS_HOST:$INGRESS_PORT/get" HTTP/1.1 200 OK server: istio-envoy ... {{< /text >}}

    Note the use of the -H flag to set the Host HTTP header to "httpbin.example.com". This is needed because the HTTPRoute is configured to handle "httpbin.example.com", but in your test environment you have no DNS binding for that host and are simply sending your request to the ingress IP.

  4. Access any other URL that has not been explicitly exposed. You should see an HTTP 404 error:

    {{< text bash >}} $ curl -s -I -HHost:httpbin.example.com "http://$INGRESS_HOST:$INGRESS_PORT/headers" HTTP/1.1 404 Not Found ... {{< /text >}}