Kubernetes - Gateway API 配置

背景简介

Kubernetes Gateway API 是一种用于定义、管理和配置服务网格边缘流量的标准API，提供统一的入口流量管理。

本笔记以 NGINX Gateway Fabric 为示例

环境配置

1. Kubernetes v1.29.1。【Kubernetes - 安装】

参考链接

• 【从 Ingress 迁移】
• 【Gateway API】
• 【Gateway Guides】
• 【NGINX Gateway Fabric】

示例需求

1. 启动两个名为 coffee 的 pod
2. 启动一个名为 coffee 的 ClusterIP service
3. 配置 Gateway API 使外部可以访问 coffee

详细步骤

第一步： 安装 Gateway API

• 方法一：下载配置文件本地启动

获取 Gateway API 配置文件

$ wget https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.1/standard-install.yaml

启动 Gateway API

kubectl apply -f standard-install.yaml

customresourcedefinition.apiextensions.k8s.io/gatewayclasses.gateway.networking.k8s.io created
customresourcedefinition.apiextensions.k8s.io/gateways.gateway.networking.k8s.io created
customresourcedefinition.apiextensions.k8s.io/grpcroutes.gateway.networking.k8s.io created
customresourcedefinition.apiextensions.k8s.io/httproutes.gateway.networking.k8s.io created
customresourcedefinition.apiextensions.k8s.io/referencegrants.gateway.networking.k8s.io created

• 方法二：一键启动

kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.1/standard-install.yaml

customresourcedefinition.apiextensions.k8s.io/gatewayclasses.gateway.networking.k8s.io created
customresourcedefinition.apiextensions.k8s.io/gateways.gateway.networking.k8s.io created
customresourcedefinition.apiextensions.k8s.io/grpcroutes.gateway.networking.k8s.io created
customresourcedefinition.apiextensions.k8s.io/httproutes.gateway.networking.k8s.io created
customresourcedefinition.apiextensions.k8s.io/referencegrants.gateway.networking.k8s.io created

• 方法三：根据 nginx-gateway-fabric 配置启动

$ kubectl kustomize "https://github.com/nginx/nginx-gateway-fabric/config/crd/gateway-api/standard?ref=v1.6.1" | kubectl apply -f -

customresourcedefinition.apiextensions.k8s.io/gatewayclasses.gateway.networking.k8s.io created
customresourcedefinition.apiextensions.k8s.io/gateways.gateway.networking.k8s.io created
customresourcedefinition.apiextensions.k8s.io/grpcroutes.gateway.networking.k8s.io created
customresourcedefinition.apiextensions.k8s.io/httproutes.gateway.networking.k8s.io created
customresourcedefinition.apiextensions.k8s.io/referencegrants.gateway.networking.k8s.io created

第二步： 安装 NGINX Gateway Fabric CRDs 

$ kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v1.6.1/deploy/crds.yaml

customresourcedefinition.apiextensions.k8s.io/clientsettingspolicies.gateway.nginx.org created
customresourcedefinition.apiextensions.k8s.io/nginxgateways.gateway.nginx.org created
customresourcedefinition.apiextensions.k8s.io/nginxproxies.gateway.nginx.org created
customresourcedefinition.apiextensions.k8s.io/observabilitypolicies.gateway.nginx.org created
customresourcedefinition.apiextensions.k8s.io/snippetsfilters.gateway.nginx.org created
customresourcedefinition.apiextensions.k8s.io/upstreamsettingspolicies.gateway.nginx.org created

第三步： 安装 NGINX Gateway Fabric 

$ kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v1.6.1/deploy/default/deploy.yaml

namespace/nginx-gateway created
serviceaccount/nginx-gateway created
clusterrole.rbac.authorization.k8s.io/nginx-gateway created
clusterrolebinding.rbac.authorization.k8s.io/nginx-gateway created
configmap/nginx-includes-bootstrap created
service/nginx-gateway created
deployment.apps/nginx-gateway created
gatewayclass.gateway.networking.k8s.io/nginx created
nginxgateway.gateway.nginx.org/nginx-gateway-config created

默认使用的是 LoadBalancer 的模式配置，如需修改为 NodePort 的形式，请下载 deploy.yaml 后修改 service 配置。

******

---
apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/instance: nginx-gateway
    app.kubernetes.io/name: nginx-gateway
    app.kubernetes.io/version: 1.6.1
  name: nginx-gateway
  namespace: nginx-gateway
spec:
  externalTrafficPolicy: Local
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 80
    nodePort: 30055
  - name: https
    port: 443
    protocol: TCP  
    targetPort: 443
    nodePort: 30056
  selector:
    app.kubernetes.io/instance: nginx-gateway
    app.kubernetes.io/name: nginx-gateway
  type: NodePort 
  
******

查看部署结果

$ kubectl get pod,svc -n nginx-gateway

NAME                                READY   STATUS    RESTARTS   AGE
pod/nginx-gateway-84587bd6d-mjmxv   2/2     Running   0          17s

NAME                    TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
service/nginx-gateway   NodePort   10.103.207.230   <none>        80:30055/TCP,443:30056/TCP   17s

第四步： 测试 pod 配置与启动

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: coffee
spec:
  replicas: 2
  selector:
    matchLabels:
      app: coffee
  template:
    metadata:
      labels:
        app: coffee
    spec:
      containers:
      - name: coffee
        image: nginxdemos/nginx-hello:plain-text
        ports:
        - containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: coffee
spec:
  ports:
  - port: 80
    targetPort: 8080
    protocol: TCP
    name: http
  selector:
    app: coffee

创建 namespace

$ kubectl create namespace coffee

namespace/coffee created

启动 pod

$ kubectl apply -f coffee-deploy.yaml  -n coffee

deployment.apps/coffee created
service/coffee created

查看 pod 状态

$ kubectl get pod,svc -n coffee

NAME                          READY   STATUS    RESTARTS   AGE
pod/coffee-6d9ccc4bfb-98tr9   1/1     Running   0          2m30s
pod/coffee-6d9ccc4bfb-9wxvr   1/1     Running   0          2m30s

NAME             TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
service/coffee   ClusterIP   10.105.32.154   <none>        80/TCP    2m48s

第五步： 创建 Gateway API resources 

• 配置 Gateway

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: cafe
spec:
  gatewayClassName: nginx
  listeners:
  - name: http
    port: 80
    protocol: HTTP

应用 Gateway

$ kubectl apply -f coffee-gateway.yaml -n coffee

gateway.gateway.networking.k8s.io/cafe created

• 配置 HTTPRoute

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: coffee
spec:
  parentRefs:
  - name: cafe
  hostnames:
  - "cafe-example-com"
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /
    backendRefs:
    - name: coffee
      port: 80

应用 HTTPRoute

$ kubectl apply -f coffee-httproute.yaml -n coffee

httproute.gateway.networking.k8s.io/coffee created

查看完整配置

$ kubectl get pod,svc,gateway,httproute -n coffee

NAME                          READY   STATUS    RESTARTS   AGE
pod/coffee-6d9ccc4bfb-98tr9   1/1     Running   0          155m
pod/coffee-6d9ccc4bfb-9wxvr   1/1     Running   0          155m

NAME             TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
service/coffee   ClusterIP   10.105.32.154   <none>        80/TCP    155m

NAME                                     CLASS   ADDRESS   PROGRAMMED   AGE
gateway.gateway.networking.k8s.io/cafe   nginx             True         5m21s

NAME                                         HOSTNAMES              AGE
httproute.gateway.networking.k8s.io/coffee   ["cafe-example-com"]   62s

查看 nginx-gateway 监听信息

$ kubectl exec -it -n nginx-gateway nginx-gateway-84587bd6d-mjmxv -c nginx -- nginx -T

******

server {
    listen 80;
    listen [::]:80;

    server_name cafe-example-com;

        
    location / {
        

        

        proxy_http_version 1.1;
        proxy_set_header Host "$gw_api_compliant_host";
        proxy_set_header X-Forwarded-For "$proxy_add_x_forwarded_for";
        proxy_set_header X-Real-IP "$remote_addr";
        proxy_set_header X-Forwarded-Proto "$scheme";
        proxy_set_header X-Forwarded-Host "$host";
        proxy_set_header X-Forwarded-Port "$server_port";
        proxy_set_header Upgrade "$http_upgrade";
        proxy_set_header Connection "$connection_upgrade";
        proxy_pass http://coffee_coffee_80$request_uri;
            
            
            
    }
}

******

**第六步：**浏览器访问

以上便是本文的全部内容，感谢您的阅读，如遇到任何问题，欢迎在评论区留言讨论。