我部署在openshift集群中的应用程序需要连接到2个外部kafka代理。由于应用程序位于istio mesh上,所有出站流量都必须通过出口网关。通过ssl上的log4j2appender连接到kafka。我做了如下配置:
kind: ServiceEntry
metadata:
name: se-kafka
spec:
hosts:
- kafka1.host.com
- kafka2.host.com
addresses:
- 10.200.200.1
- 10.200.200.2
ports:
- name: kafka-port
number: 9093
protocol: TCP
location: MESH_EXTERNAL
resolution: NONE
exportTo:
- .
=====================
kind: DestinationRule
metadata:
name: dr-kafka
spec:
host: egressgateway #name egressgateway deployment
subnets:
- name: se-kafka
=====================
kind: Gateway
metadata:
name: gw-kafka
spec:
servers:
- hosts:
- kafka1.host.com
port:
name: kafka1-egress-port
number: 16001
protocol: TCP
- hosts:
- kafka2.host.com
port:
name: kafka2-egress-port
number: 16002
protocol: TCP
selector:
istio: egressgateway
=======================
kind: VirtualService
metadata:
name: vs-kafka
spec:
hosts:
- kafka1.host.com
- kafka2.host.com
gateways:
- mesh
- gw-kafka
tls:
- match:
- gateways:
- mesh
port: 9093
sniHosts:
- kafka1.host.com
route:
- destination:
host: egressgateway
port:
number: 16001
- match:
- gateways:
- mesh
port: 9093
sniHosts:
- kafka2.host.com
route:
- destination:
host: egressgateway
port:
number: 16002
- match:
- gateways:
- gw-kafka
port: 16001
sniHosts:
- kafka1.host.com
route:
- destination:
host: kafka1.host.com
port:
number: 9093
- match:
- gateways:
- gw-kafka
port: 16002
sniHosts:
- kafka2.host.com
route:
- destination:
host: kafka2.host.com
port:
number: 9093
========================
它起作用了。但我认为交通绕过了istio出口通道。在kiali中,serviceentry和ExpressGateway之间没有连接。如果您查看出口网关日志,可以看到以下警告:
gRPC config for envoy.api.v2.ClusterLoadAssigment rejected: malformed IP address: kafka1.host.com. Consider setting resolver_name or setting cluster type to 'STRICT_DNS' or 'LOGICAL_DNS'
问题是什么?如何正确配置出口网关?
暂无答案!
目前还没有任何答案,快来回答吧!