Kubernete Gateway API實戰案例
作者:尹正杰
版權聲明:原創作品,謝絕轉載!否則將追究法律責任。
一.Gateway API概述
1.什么是Gateway API
由于Ingress資源對象不能很好的滿足網絡需求,很多場景下Ingress控制器都需要通過定義annotations或者crd來進行功能擴展,這對于使用標準和支持是非常不利的,新推出的Gateway API旨在通過可擴展的面向角色的接口來增強服務網絡。
Gateway API之前叫"Service API",是由SIG-NETWORK社區管理的開源項目。Gateway API是Kubernetes的官方項目,專注于Kubernete中的L4和L7路由。
該項目代表了下一代Kubernetes入口、負載平衡和服務網格API。從一開始,它就被設計成通用的、富有表現力的和面向角色的。
Gateway API是Kubernetes中的一個API資源集合,此API中的大部分配置都包含在路由層中,包括GatewayClass、Gateway、HTTPRoute、TCPRoute、Service等,這些資源共同為各種網絡用例構建模型,為Ingress和Mesh提供了高級路由功能。
官網鏈接:
https://gateway-api.sigs.k8s.io/
2.Gateway API和Ingress的比較
Gateway API的改進比當前的Ingress資源對象有很多更好的設計:
- 面向角色:
Gateway由各種API資源組成,這些資源根據使用和配置Kubernetes服務網絡的角色進行建模。
- 通用性:
和Ingress一樣是一個具有眾多實現的通用規范,Gateway API是一個被設計成由許多實現支持的規范標準。
- 更具表現力:
Gateway API資源支持基于Header頭的匹配、流量權重等核心功能,這些功能在Ingress中只能通過自定義注解才能實現。
- 可擴展性:
Gateway API 允許自定義資源鏈接到 API 的各個層,這就允許在 API 結構的適當位置進行更精細的定制。
還有一些其他值得關注的功能:
- GatewayClasses:
將負載均衡實現的類型形式化,這些類使用戶可以很容易了解到通過Kubernetes資源可以獲得什么樣的能力。
- 共享網關和跨命名空間支持:
它們允許共享負載均衡器和VIP,允許獨立的路由資源綁定到同一個網關,這使得團隊可以安全地共享(包括跨命名空間)基礎設施,而不需要直接協調。
- 規范化路由和后端:
Gateway API支持類型化的路由資源和不同類型的后端。
這使得API可以靈活地支持各種協議(如: HTTP和gRPC)和各種后端服務(如: Kubernetes Service、存儲桶或函數)。
3.Gateway API面向角色設計更加靈活
如上圖所示,一個集群運維人員創建了一個基于GatewayClass的Gateway資源,這個Gateway部署或配置了它所代表的基礎網絡資源,集群運維和特定的團隊必須溝通什么可以附加到這個Gateway上來暴露他們的應用。集中的策略,如TLS可以由集群運維在Gateway上強制執行,同時,Store和Site應用在他們自己的命名空間中運行,但將他們的路由附加到相同的共享網關上,允許他們獨立控制他們的路由邏輯。
這種關注點分離的設計可以使不同的團隊能夠管理他們自己的流量,同時將集中的策略和控制留給集群運維。
Gateway API通過對Kubernetes服務網絡進行面向角色的設計來實現這一目標,平衡了靈活性和集中控制。它允許共享的網絡基礎設施(硬件負載均衡器、云網絡、集群托管的代理等)被許多不同的團隊使用,所有這些都受到集群運維設置的各種策略和約束。下面的例子顯示了是如何在實踐中運行的。
參考鏈接:
https://gateway-api.sigs.k8s.io/concepts/use-cases/#multiple-applications-behind-a-single-gateway
4.Gateway API的資源模型
在整個Gateway API中涉及到3個角色:基礎設施提供商、集群管理員、應用開發人員,在某些場景下可能還會涉及到應用管理員等角色。
Gateway API 中定義了3種主要的資源模型:GatewayClass、Gateway、Route。
- GatewayClass
定義了一組共享相同配置和動作的網關。
每個GatewayClass 由一個控制器處理,是一個集群范圍的資源,必須至少有一個GatewayClass被定義。
這與Ingress的IngressClass類似,在Ingress v1beta1版本中,與GatewayClass類似的是ingress-class注解。
而在Ingress V1版本中,最接近的就是IngressClass資源對象。
- Gateway
網關描述了如何將流量轉化為集群內的服務,也就是說,它定義了一個請求,要求將流量從不了解Kubernetes的地方轉換到集群內的服務。
例如,由云端負載均衡器、集群內代理或外部硬件負載均衡器發送到Kubernetes服務的流量。
它定義了對特定負載均衡器配置的請求,該配置實現了GatewayClass的配置和行為規范。
該資源可以由管理員直接創建,也可以由處理GatewayClass的控制器創建。
Gateway可以附加到一個或多個路由引用上,這些路由引用的作用是將流量的一個子集導向特定的服務。
- Route
路由資源定義了特定的規則,用于將請求從網關映射到Kubernetes服務。
從v1alpha2版本開始,API中包含四種Route路由資源類型。
對于其他未定義的協議,鼓勵采用特定實現的自定義路由類型,當然未來也可能會添加新的路由類型。
主流的Route路由資源類型
- HTTPRoute
適用于HTTP或HTTPS連接,適用于我們想要檢查HTTP請求并使用HTTP請求進行路由或修改的場景。
比如使用HTTP Headers頭進行路由,或在請求過程中對它們進行修改。
- TLSRoute
用于TLS連接,通過SNI進行區分,它適用于希望使用SNI作為主要路由方法的地方。
并且對HTTP等更高級別協議的屬性不感興趣,連接的字節流不經任何檢查就被代理到后端。
- TCPRoute
旨在用于將一個或多個端口映射到單個后端。
在這種情況下,沒有可以用來選擇同一端口的不同后端的判別器,所以每個TCPRoute在監聽器上需要一個不同的端口。
你可以使用TLS,在這種情況下,未加密的字節流會被傳遞到后端,當然也可以不使用TLS,這樣加密的字節流將傳遞到后端。
- UDPRoute
和TCPRoute類似,旨在用于將一個或多個端口映射到單個后端,只不過走的是UDP協議。
5.Gateway API資源模型組合關系
GatewayClass、Gateway、xRoute和服務的組合定義了一個可實現的負載均衡器。如上圖所示,說明了不同資源之間的關系。
使用反向代理實現的網關的典型客戶端/網關 API 請求流程如下所示:
- 1.客戶端向"http://foo.example.com"發出請求;
- 2.DNS將域名解析為Gateway網關地址;
- 3.反向代理在監聽器上接收請求,并使用"Host Header"來匹配HTTPRoute;
- 4.(可選)反向代理可以根據"HTTPRoute"的匹配規則進行路由;
- 5.(可選)反向代理可以根據"HTTPRoute"的過濾規則修改請求,即添加或刪除headers;
- 6.最后,反向代理根據"HTTPRoute"的"forwardTo"規則,將請求轉發給集群中的一個或多個對象,即服務;
參考鏈接:
https://gateway-api.sigs.k8s.io/concepts/api-overview/#combined-types
6.Gateway API支持的組件
如上圖所示,主流的開源軟件幾乎都支持Gateway API功能。包括但不限于:Envoy,Istio,Nginx,Traefik等。
參考鏈接:
https://gateway-api.sigs.k8s.io/implementations/
二.Traefik啟用kubernetes Gateway功能
1.默認Traefik并未啟用kubernetes Gateway功能
如上圖所示,Traefik默認是沒有啟用Kubernetes Gateway API功能的。
2.Traefik啟用kubernetes Gateway功能
1.啟用kubernetesGateway功能
[root@master241 traefik]# vim traefik/values.yaml
...
providers:
...
kubernetesGateway:
...
enabled: true
2.卸載服務
[root@master241 traefik]# helm -n kube-public uninstall jiege-traefik
release "jiege-traefik" uninstalled
[root@master241 traefik]#
3.再次安裝服務
[root@master241 traefik]# helm install jiege-traefik traefik -n kube-public
NAME: jiege-traefik
LAST DEPLOYED: Sun Jun 8 14:30:27 2025
NAMESPACE: kube-public
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
jiege-traefik with docker.io/traefik:v3.4.0 has been deployed successfully on kube-public namespace !
[root@master241 traefik]#
4.查看gatewayclass資源
[root@master241 traefik]# kubectl get pods,gatewayclass -n kube-public -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/jiege-traefik-77cb88db-vgp5x 1/1 Running 0 6s 10.100.207.54 worker243 <none> <none>
NAME CONTROLLER ACCEPTED AGE DESCRIPTION
gatewayclass.gateway.networking.k8s.io/traefik traefik.io/gateway-controller True 6s
[root@master241 traefik]#
5.查看Traefik的WebUI驗證
如上圖所示,我們成功啟用了Gateway API功能喲。
三.kubernetes Gateway API應用案例
1.通過Gateway API方式暴露traefik dashboard
1.1 查看默認的entryPoint
[root@master241 traefik]# vim traefik/values.yaml
... # 注意觀察gateway定義的listeners,這是默認的entryPoint,也支持我們自行定義,但后面的案例要用到該配置
gateway:
...
enabled: true
...
listeners:
web:
port: 8000
...
protocol: HTTP
...
1.2 創建Gateway資源
1.編寫資源清單
[root@master241 gatewayAPI]# cat 01-Gateway-Traefik-dashboard.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: http-gateway
namespace: kube-public
spec:
gatewayClassName: traefik
listeners:
- protocol: HTTP
port: 8000
name: web
[root@master241 gatewayAPI]#
2.創建資源
[root@master241 gatewayAPI]# kubectl apply -f 01-Gateway-Traefik-dashboard.yaml
gateway.gateway.networking.k8s.io/http-gateway created
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]# kubectl describe -f 01-Gateway-Traefik-dashboard.yaml
Name: http-gateway
Namespace: kube-public
Labels: <none>
Annotations: <none>
API Version: gateway.networking.k8s.io/v1
Kind: Gateway
Metadata:
Creation Timestamp: 2025-06-09T07:28:36Z
Generation: 1
Resource Version: 2720485
UID: 9b3329bd-ba6d-4ee5-850e-e112425cccaf
Spec:
Gateway Class Name: traefik
Listeners:
Allowed Routes:
Namespaces:
From: Same
Name: web
Port: 8000
Protocol: HTTP
Status:
Addresses:
Type: IPAddress
Value: 10.0.0.150
Conditions:
Last Transition Time: 2025-06-09T07:28:36Z
Message: Gateway successfully scheduled
Observed Generation: 1
Reason: Accepted
Status: True
Type: Accepted
Last Transition Time: 2025-06-09T07:28:36Z
Message: Gateway successfully scheduled
Observed Generation: 1
Reason: Programmed
Status: True
Type: Programmed
Listeners:
Attached Routes: 0
Conditions:
Last Transition Time: 2025-06-09T07:28:36Z
Message: No error found
Observed Generation: 1
Reason: Accepted
Status: True
Type: Accepted
Last Transition Time: 2025-06-09T07:28:36Z
Message: No error found
Observed Generation: 1
Reason: ResolvedRefs
Status: True
Type: ResolvedRefs
Last Transition Time: 2025-06-09T07:28:36Z
Message: No error found
Observed Generation: 1
Reason: Programmed
Status: True
Type: Programmed
Name: web
Supported Kinds:
Group: gateway.networking.k8s.io
Kind: HTTPRoute
Group: gateway.networking.k8s.io
Kind: GRPCRoute
Events: <none>
[root@master241 gatewayAPI]#
1.3 創建HTTPRoute資源引用Gateway
1.編寫資源清單
[root@master241 gatewayAPI]# cat 02-HTTPRoute-Traefik-dashboard.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: traefik-dashboard-httproute
namespace: kube-public
labels:
role: traefik-dashboard
spec:
hostnames:
- "v1.yinzhengjie.com"
parentRefs:
# 注意哈,這里的名稱要指定的是Gateway的地址喲~
- name: http-gateway
rules:
- matches:
- path:
type: PathPrefix
value: /
timeouts:
request: 100ms
backendRefs:
- name: jiege-traefik-dashboard
port: 8080
weight: 1
[root@master241 gatewayAPI]#
2.創建資源并查看詳細信息
[root@master241 gatewayAPI]# kubectl apply -f 02-HTTPRoute-Traefik-dashboard.yaml
httproute.gateway.networking.k8s.io/traefik-dashboard-httproute created
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]# kubectl describe -f 02-HTTPRoute-Traefik-dashboard.yaml
Name: traefik-dashboard-httproute
Namespace: kube-public
Labels: role=traefik-dashboard
Annotations: <none>
API Version: gateway.networking.k8s.io/v1
Kind: HTTPRoute
Metadata:
Creation Timestamp: 2025-06-09T07:31:18Z
Generation: 1
Resource Version: 2720814
UID: 8e1b8c69-bb7e-404b-917e-a89fa3320da5
Spec:
Hostnames:
v1.yinzhengjie.com
Parent Refs:
Group: gateway.networking.k8s.io
Kind: Gateway
Name: http-gateway
Rules:
Backend Refs:
Group:
Kind: Service
Name: jiege-traefik-dashboard
Port: 8080
Weight: 1
Matches:
Path:
Type: PathPrefix
Value: /
Timeouts:
Request: 100ms
Status:
Parents:
Conditions:
Last Transition Time: 2025-06-09T07:31:18Z
Message:
Observed Generation: 1
Reason: Accepted
Status: True
Type: Accepted
Last Transition Time: 2025-06-09T07:31:18Z
Message:
Observed Generation: 1
Reason: ResolvedRefs
Status: True
Type: ResolvedRefs
Controller Name: traefik.io/gateway-controller
Parent Ref:
Group: gateway.networking.k8s.io
Kind: Gateway
Name: http-gateway
Events: <none>
[root@master241 gatewayAPI]#
1.4 客戶端訪問測試
如上圖所示,在windows添加解析后就可以正常訪問啦。
參考鏈接:
http://v1.yinzhengjie.com/dashboard/
2.通過Gateway API方式暴露WEB應用
2.1 創建測試應用
1.編寫資源清單
[root@master241 gatewayAPI]# cat 03-deploy-xiuxian.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-xiuxian
spec:
replicas: 1
selector:
matchLabels:
apps: xiuxian
template:
metadata:
labels:
apps: xiuxian
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
name: c1
ports:
- containerPort: 80
name: web
---
apiVersion: v1
kind: Service
metadata:
name: svc-xiuxian
spec:
ports:
- port: 80
targetPort: web
selector:
apps: xiuxian
[root@master241 gatewayAPI]#
2.創建資源
[root@master241 gatewayAPI]# kubectl apply -f 03-deploy-xiuxian.yaml
deployment.apps/deploy-xiuxian created
service/svc-xiuxian created
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]# kubectl get po,svc -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/deploy-xiuxian-cc594d75-2k76p 1/1 Running 0 11s 10.100.207.57 worker243 <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kubernetes ClusterIP 10.192.0.1 <none> 443/TCP 3d6h <none>
service/svc-xiuxian ClusterIP 10.203.121.190 <none> 80/TCP 11s apps=xiuxian
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]# curl 10.203.121.190
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<title>yinzhengjie apps v1</title>
<style>
div img {
width: 900px;
height: 600px;
margin: 0;
}
</style>
</head>
<body>
<h1 style="color: green">凡人修仙傳 v1 </h1>
<div>
<img src="1.jpg">
<div>
</body>
</html>
[root@master241 gatewayAPI]#
2.2 創建Gateway資源并指定allowedRoutes
1.編寫資源清單
[root@master241 gatewayAPI]# cat 04-Gateway-xiuxian.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: xiuxian-gateway
spec:
gatewayClassName: traefik
listeners:
- protocol: HTTP
port: 8000
name: web
# 注意哈,我們可以配置允許的路由類型喲,如果不定義,則默認允許所有的路由都可以訪問該網關。
allowedRoutes:
kinds:
- kind: HTTPRoute
namespaces:
from: All
selector:
matchLabels:
role: xiuxian
[root@master241 gatewayAPI]#
2.創建資源并查看信息
[root@master241 gatewayAPI]# kubectl apply -f 04-Gateway-xiuxian.yaml
gateway.gateway.networking.k8s.io/xiuxian-gateway created
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]# kubectl describe -f 04-Gateway-xiuxian.yaml
Name: xiuxian-gateway
Namespace: default
Labels: <none>
Annotations: <none>
API Version: gateway.networking.k8s.io/v1
Kind: Gateway
Metadata:
Creation Timestamp: 2025-06-09T08:47:25Z
Generation: 1
Resource Version: 2730223
UID: ff4fb2a6-6c62-4cb9-bc2f-14b10b12996f
Spec:
Gateway Class Name: traefik
Listeners:
Allowed Routes:
Kinds:
Group: gateway.networking.k8s.io
Kind: HTTPRoute
Namespaces:
From: All
Selector:
Match Labels:
Role: xiuxian
Name: web
Port: 8000
Protocol: HTTP
Status:
Addresses:
Type: IPAddress
Value: 10.0.0.150
Conditions:
Last Transition Time: 2025-06-09T08:47:25Z
Message: Gateway successfully scheduled
Observed Generation: 1
Reason: Accepted
Status: True
Type: Accepted
Last Transition Time: 2025-06-09T08:47:25Z
Message: Gateway successfully scheduled
Observed Generation: 1
Reason: Programmed
Status: True
Type: Programmed
Listeners:
Attached Routes: 0
Conditions:
Last Transition Time: 2025-06-09T08:47:25Z
Message: No error found
Observed Generation: 1
Reason: Accepted
Status: True
Type: Accepted
Last Transition Time: 2025-06-09T08:47:25Z
Message: No error found
Observed Generation: 1
Reason: ResolvedRefs
Status: True
Type: ResolvedRefs
Last Transition Time: 2025-06-09T08:47:25Z
Message: No error found
Observed Generation: 1
Reason: Programmed
Status: True
Type: Programmed
Name: web
Supported Kinds:
Group: gateway.networking.k8s.io
Kind: HTTPRoute
Events: <none>
[root@master241 gatewayAPI]#
2.3 創建HTTPRoute資源引用Gateway
1.編寫資源清單
[root@master241 gatewayAPI]# cat 05-HTTPRoute-xiuxian.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: httproute-xiuxian
labels:
role: xiuxian
spec:
hostnames:
- "v2.yinzhengjie.com"
parentRefs:
- name: xiuxian-gateway
rules:
- matches:
- path:
type: PathPrefix
value: /
timeouts:
request: 100ms
backendRefs:
- name: svc-xiuxian
port: 80
weight: 1
[root@master241 gatewayAPI]#
2.創建并測試
[root@master241 gatewayAPI]# kubectl apply -f 05-HTTPRoute-xiuxian.yaml
httproute.gateway.networking.k8s.io/httproute-xiuxian created
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]# kubectl describe -f 05-HTTPRoute-xiuxian.yaml
Name: httproute-xiuxian
Namespace: default
Labels: role=xiuxian
Annotations: <none>
API Version: gateway.networking.k8s.io/v1
Kind: HTTPRoute
Metadata:
Creation Timestamp: 2025-06-09T08:47:58Z
Generation: 1
Resource Version: 2730289
UID: a7125151-4e85-4faf-bffc-f26d831bf273
Spec:
Hostnames:
v2.yinzhengjie.com
Parent Refs:
Group: gateway.networking.k8s.io
Kind: Gateway
Name: xiuxian-gateway
Rules:
Backend Refs:
Group:
Kind: Service
Name: svc-xiuxian
Port: 80
Weight: 1
Matches:
Path:
Type: PathPrefix
Value: /
Timeouts:
Request: 100ms
Status:
Parents:
Conditions:
Last Transition Time: 2025-06-09T08:47:58Z
Message:
Observed Generation: 1
Reason: Accepted
Status: True
Type: Accepted
Last Transition Time: 2025-06-09T08:47:58Z
Message:
Observed Generation: 1
Reason: ResolvedRefs
Status: True
Type: ResolvedRefs
Controller Name: traefik.io/gateway-controller
Parent Ref:
Group: gateway.networking.k8s.io
Kind: Gateway
Name: xiuxian-gateway
Events: <none>
[root@master241 gatewayAPI]#
2.4 訪問測試
如上圖所示,我們成功訪問啦。。
3.Gateway API實現灰度發布案例
3.1 準備測試案例
1.編寫資源清單
[root@master241 gatewayAPI]# cat 06-deploy-apps.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-blog
spec:
replicas: 1
selector:
matchLabels:
apps: blog
template:
metadata:
labels:
apps: blog
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
command:
- /bin/sh
- -c
- 'echo http://www.rzrgm.cn/yinzhengjie > /usr/share/nginx/html/index.html && nginx && tail -f /etc/hosts'
name: c1
ports:
- containerPort: 80
name: web
---
apiVersion: v1
kind: Service
metadata:
name: svc-blog
spec:
ports:
- port: 80
targetPort: web
selector:
apps: blog
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-bilibili
spec:
replicas: 1
selector:
matchLabels:
apps: bilibili
template:
metadata:
labels:
apps: bilibili
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
command:
- /bin/sh
- -c
- 'echo https://space.bilibili.com/600805398/lists > /usr/share/nginx/html/index.html && nginx && tail -f /etc/hosts'
name: c1
ports:
- containerPort: 80
name: web
---
apiVersion: v1
kind: Service
metadata:
name: svc-bilibili
spec:
ports:
- port: 80
targetPort: web
selector:
apps: bilibili
[root@master241 gatewayAPI]#
2.創建資源并訪問測試
[root@master241 gatewayAPI]# kubectl apply -f 06-deploy-apps.yaml
deployment.apps/deploy-blog created
service/svc-blog created
deployment.apps/deploy-bilibili created
service/svc-bilibili created
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]# kubectl get svc,po -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kubernetes ClusterIP 10.192.0.1 <none> 443/TCP 3d8h <none>
service/svc-bilibili ClusterIP 10.203.4.189 <none> 80/TCP 5s apps=bilibili
service/svc-blog ClusterIP 10.197.240.224 <none> 80/TCP 5s apps=blog
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/deploy-bilibili-54dc5fd76c-76jsz 1/1 Running 0 5s 10.100.207.17 worker243 <none> <none>
pod/deploy-blog-7fc476b465-xznz2 1/1 Running 0 5s 10.100.207.16 worker243 <none> <none>
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]# curl 10.203.4.189
https://space.bilibili.com/600805398/lists
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]# curl 10.197.240.224
http://www.rzrgm.cn/yinzhengjie
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]#
3.2 創建Gateway資源
1.查看資源清單
[root@master241 gatewayAPI]# cat 04-Gateway-xiuxian.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: xiuxian-gateway
spec:
gatewayClassName: traefik
listeners:
- protocol: HTTP
port: 8000
name: web
allowedRoutes:
kinds:
- kind: HTTPRoute
namespaces:
from: All
selector:
matchLabels:
role: xiuxian
[root@master241 gatewayAPI]#
2.創建資源
[root@master241 gatewayAPI]# kubectl apply -f 04-Gateway-xiuxian.yaml
gateway.gateway.networking.k8s.io/xiuxian-gateway created
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]# kubectl describe -f 04-Gateway-xiuxian.yaml
Name: xiuxian-gateway
Namespace: default
Labels: <none>
Annotations: <none>
API Version: gateway.networking.k8s.io/v1
Kind: Gateway
Metadata:
Creation Timestamp: 2025-06-09T10:34:37Z
Generation: 1
Resource Version: 2745394
UID: fd24234b-aaa0-41d6-a221-9adeb187688f
Spec:
Gateway Class Name: traefik
Listeners:
Allowed Routes:
Kinds:
Group: gateway.networking.k8s.io
Kind: HTTPRoute
Namespaces:
From: All
Selector:
Match Labels:
Role: xiuxian
Name: web
Port: 8000
Protocol: HTTP
Status:
Addresses:
Type: IPAddress
Value: 10.0.0.150
Conditions:
Last Transition Time: 2025-06-09T10:34:37Z
Message: Gateway successfully scheduled
Observed Generation: 1
Reason: Accepted
Status: True
Type: Accepted
Last Transition Time: 2025-06-09T10:34:37Z
Message: Gateway successfully scheduled
Observed Generation: 1
Reason: Programmed
Status: True
Type: Programmed
Listeners:
Attached Routes: 0
Conditions:
Last Transition Time: 2025-06-09T10:34:37Z
Message: No error found
Observed Generation: 1
Reason: Accepted
Status: True
Type: Accepted
Last Transition Time: 2025-06-09T10:34:37Z
Message: No error found
Observed Generation: 1
Reason: ResolvedRefs
Status: True
Type: ResolvedRefs
Last Transition Time: 2025-06-09T10:34:37Z
Message: No error found
Observed Generation: 1
Reason: Programmed
Status: True
Type: Programmed
Name: web
Supported Kinds:
Group: gateway.networking.k8s.io
Kind: HTTPRoute
Events: <none>
[root@master241 gatewayAPI]#
3.3 創建HTTPRoute資源引用Gateway
1.編寫資源清單
[root@master241 gatewayAPI]# cat 07-HTTPRoute-huidu.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: httproute-xiuxian
labels:
role: xiuxian
spec:
hostnames:
- "v3.yinzhengjie.com"
parentRefs:
- name: xiuxian-gateway
rules:
- matches:
- path:
type: PathPrefix
value: /
timeouts:
request: 100ms
backendRefs:
- name: svc-bilibili
port: 80
weight: 8
- name: svc-blog
port: 80
weight: 2
[root@master241 gatewayAPI]#
2.創建資源并查看詳細信息
[root@master241 gatewayAPI]# kubectl apply -f 07-HTTPRoute-huidu.yaml
httproute.gateway.networking.k8s.io/httproute-xiuxian created
[root@master241 gatewayAPI]#
[root@master241 gatewayAPI]# kubectl describe -f 07-HTTPRoute-huidu.yaml
Name: httproute-xiuxian
Namespace: default
Labels: role=xiuxian
Annotations: <none>
API Version: gateway.networking.k8s.io/v1
Kind: HTTPRoute
Metadata:
Creation Timestamp: 2025-06-09T10:37:21Z
Generation: 1
Resource Version: 2745801
UID: d96819e5-3587-4341-8520-87ac0fc7946b
Spec:
Hostnames:
v3.yinzhengjie.com
Parent Refs:
Group: gateway.networking.k8s.io
Kind: Gateway
Name: xiuxian-gateway
Rules:
Backend Refs:
Group:
Kind: Service
Name: svc-bilibili
Port: 80
Weight: 8
Group:
Kind: Service
Name: svc-blog
Port: 80
Weight: 2
Matches:
Path:
Type: PathPrefix
Value: /
Timeouts:
Request: 100ms
Status:
Parents:
Conditions:
Last Transition Time: 2025-06-09T10:37:21Z
Message:
Observed Generation: 1
Reason: Accepted
Status: True
Type: Accepted
Last Transition Time: 2025-06-09T10:37:21Z
Message:
Observed Generation: 1
Reason: ResolvedRefs
Status: True
Type: ResolvedRefs
Controller Name: traefik.io/gateway-controller
Parent Ref:
Group: gateway.networking.k8s.io
Kind: Gateway
Name: xiuxian-gateway
Events: <none>
[root@master241 gatewayAPI]#
3.4 訪問測試
[root@worker242 ~]# for i in `seq 10`; do curl -H "HOST: v3.yinzhengjie.com" 10.0.0.150; done
http://www.rzrgm.cn/yinzhengjie
https://space.bilibili.com/600805398/lists
https://space.bilibili.com/600805398/lists
https://space.bilibili.com/600805398/lists
https://space.bilibili.com/600805398/lists
http://www.rzrgm.cn/yinzhengjie
https://space.bilibili.com/600805398/lists
https://space.bilibili.com/600805398/lists
https://space.bilibili.com/600805398/lists
https://space.bilibili.com/600805398/lists
[root@worker242 ~]#
[root@worker242 ~]# for i in `seq 10`; do curl -s -H "HOST: v3.yinzhengjie.com" 10.0.0.150; done | sort | uniq -c
8 https://space.bilibili.com/600805398/lists
2 http://www.rzrgm.cn/yinzhengjie
[root@worker242 ~]#
4.彩蛋-參考路由信息
[root@master241 ~]# curl -s -H 'HOST: traefik.yinzhengjie.com' http://10.0.0.150/api/http/routers | jq
[
{
"entryPoints": [
"web"
],
"service": "httproute-default-httproute-xiuxian-gw-default-xiuxian-gateway-ep-web-0-57f88e29a90f5af2090b-wrr",
"rule": "Host(`v3.yinzhengjie.com`) && PathPrefix(`/`)",
"ruleSyntax": "default",
"priority": 20,
"observability": {
"accessLogs": true,
"tracing": true,
"metrics": true
},
"status": "enabled",
"using": [
"web"
],
"name": "httproute-default-httproute-xiuxian-gw-default-xiuxian-gateway-ep-web-0-57f88e29a90f5af2090b@kubernetesgateway",
"provider": "kubernetesgateway"
},
{
"entryPoints": [
"metrics",
"mysql",
"redis",
"tcpcase",
"web"
],
"service": "kube-public-jiege-traefik-dashboard-8080",
"rule": "Host(`traefik.yinzhengjie.com`) && PathPrefix(`/`)",
"priority": 50,
"observability": {
"accessLogs": true,
"tracing": true,
"metrics": true
},
"status": "enabled",
"using": [
"metrics",
"mysql",
"redis",
"tcpcase",
"web"
],
"name": "kube-public-ingress-traefik-traefik-yinzhengjie-com@kubernetes",
"provider": "kubernetes"
},
{
"entryPoints": [
"traefik"
],
"service": "api@internal",
"rule": "PathPrefix(`/dashboard`) || PathPrefix(`/api`)",
"priority": 46,
"observability": {
"accessLogs": true,
"tracing": true,
"metrics": true
},
"status": "enabled",
"using": [
"traefik"
],
"name": "kube-public-jiege-traefik-dashboard-d012b7f875133eeab4e5@kubernetescrd",
"provider": "kubernetescrd"
},
{
"entryPoints": [
"traefik"
],
"service": "ping@internal",
"rule": "PathPrefix(`/ping`)",
"ruleSyntax": "default",
"priority": 9223372036854776000,
"observability": {
"accessLogs": true,
"tracing": true,
"metrics": true
},
"status": "enabled",
"using": [
"traefik"
],
"name": "ping@internal",
"provider": "internal"
},
{
"entryPoints": [
"metrics"
],
"service": "prometheus@internal",
"rule": "PathPrefix(`/metrics`)",
"ruleSyntax": "default",
"priority": 9223372036854776000,
"observability": {
"accessLogs": true,
"tracing": true,
"metrics": true
},
"status": "enabled",
"using": [
"metrics"
],
"name": "prometheus@internal",
"provider": "internal"
},
{
"entryPoints": [
"websecure"
],
"service": "kube-public-jiege-traefik-dashboard-8080",
"rule": "Host(`traefik.yinzhengjie.com`) && PathPrefix(`/`)",
"priority": 50,
"tls": {
"options": "default"
},
"observability": {
"accessLogs": true,
"tracing": true,
"metrics": true
},
"status": "enabled",
"using": [
"websecure"
],
"name": "websecure-kube-public-ingress-traefik-traefik-yinzhengjie-com@kubernetes",
"provider": "kubernetes"
}
]
[root@master241 ~]#
本文來自博客園,作者:尹正杰,轉載請注明原文鏈接:http://www.rzrgm.cn/yinzhengjie/p/18921453,個人微信: "JasonYin2020"(添加時請備注來源及意圖備注,有償付費)
當你的才華還撐不起你的野心的時候,你就應該靜下心來學習。當你的能力還駕馭不了你的目標的時候,你就應該沉下心來歷練。問問自己,想要怎樣的人生。
浙公網安備 33010602011771號