Gateway—— 高级流量路由
0 前言
Gateway API 是 Kubernetes 官方推出的下一代流量管理标准,旨在解决传统 Ingress 在协议支持、扩展性和多租户等方面的不足。它通过 GatewayClass、Gateway、HTTPRoute 等 CRD 实现流量治理的分层解耦,让基础设施和应用团队各司其职。本章将以若依项目为例,实战部署 Envoy Gateway 并实现高级流量路由。
1 Gateway的概念
1.1 什么是Gateway
Gateway API 是 Kubernetes 官方下一代“流量入口”标准,用来统一网关、负载均衡和路由管理。它通过一组新的 CRD 拆分了 Ingress 的角色和功能,使其更灵活、更可扩展、也更易于团队协作。
1.2 资源类型
Gateway API 具有四种稳定的 API 类别:
- GatewayClass: 定义网关的类型,实现网关的控制器管理(如 Envoy, Istio, Nginx )。
- Gateway: 定义流量处理基础设施(例如云负载均衡器)的一个实例。
- HTTPRoute: 定义特定于 HTTP 的规则,用于将流量从 Gateway 监听器映射到后端网络端点的某种呈现。 这些端点通常表示为 Service。
- GRPCRoute: 定义特定于 gRPC 的规则,用于将流量从 Gateway 监听器映射到后端网络端点的某种呈现。 这些端点通常表示为 Service。
1.3 Gateway 和 ingress 的区别
| 维度 | Ingress | Gateway API |
|---|---|---|
| 协议 | 仅 HTTP | HTTP/TCP/UDP/TLS/GRPC |
| 扩展 | 依赖 annotation | 原生扩展字段 |
| 架构 | 单一资源 | 多层:Class/Gateway/Route |
| 多租户 | 不支持 | 强支持(网关与路由权限分离) |
| 服务网格支持 | 不直观 | 深度整合(Nginx、Istio、Envoy) |
| 标准化 | 弱 | 强、实现更一致 |
1.4 数据流向
2 环境准备
此实验所使用的是 k8s-v1.23
| 节点 | IP | 角色 |
|---|---|---|
| master01 | 192.168.10.80 | 控制平面 |
| node01 | 192.168.10.81 | 工作节点 |
| node02 | 192.168.10.82 | 工作节点 |
| MySQL | 192.168.10.83 | 数据库 |
3 镜像准备
3.1 拉取镜像
docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/openjdk:8-jdk &&docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/openjdk:8-jdk openjdk:8-jdk docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/library/nginx:1.25 &&docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/library/nginx:1.25 nginx:1.25 docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/library/redis:6.2.17 &&docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/library/redis:6.2.17 redis:6.2.17 docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/envoyproxy/gateway:v1.0.0 &&docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/envoyproxy/gateway:v1.0.0 envoyproxy/gateway:v1.0.0 docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/envoyproxy/envoy:distroless-v1.29.2 &&docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/envoyproxy/envoy:distroless-v1.29.2 envoyproxy/envoy:distroless-v1.29.2 docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/envoyproxy/gateway-dev:72c0cc7 &&docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/envoyproxy/gateway-dev:72c0cc7 envoyproxy/gateway-dev:72c0cc7 3.2 后端镜像
# 安装工具 yum install -y maven npm# 下载rygit clone https://gitee.com/y_project/RuoYi-Vue.git # 修改配置vim RuoYi-Vue/ruoyi-admin/src/main/resources/application-druid.yml ----------------------------------------------------------------------------------------- spring: datasource: type: com.alibaba.druid.pool.DruidDataSource driverClassName: com.mysql.cj.jdbc.Driver druid: master: url: ${SPRING_DATASOURCE_URL} username: ${SPRING_DATASOURCE_USERNAME} password: ${SPRING_DATASOURCE_PASSWORD}#----------------------------------------------------------------------------------------vim RuoYi-Vue/ruoyi-admin/src/main/resources/application.yml ----------------------------------------------------------------------------------------- spring: redis: host: ${SPRING_REDIS_HOST}# K8s 内部 Service 名称 port: ${SPRING_REDIS_PORT} database: 0 password: timeout: 10s #----------------------------------------------------------------------------------------# 本地打包cd /opt/ry/RuoYi-Vue mvn clean package # 构建推送cd /opt/ry/RuoYi-Vue/ruoyi-admin/target vim Dockerfile ----------------------------------------------------------------------------------------- FROM openjdk:8-jdk WORKDIR /app COPY ruoyi-admin.jar app.jar EXPOSE 8080 ENTRYPOINT ["java","-Djava.awt.headless=true","-jar","app.jar"]#----------------------------------------------------------------------------------------docker build -t ruoyi-admin:v1.0 .docker push ruoyi-admin:v1.0 # 将镜像传给node节点docker save -o ruoyi-admin-v1.0.tar ruoyi-admin:v1.0 scp ruoyi-admin-v1.0.tar root@node01:/opt scp ruoyi-admin-v1.0.tar root@node02:/opt docker load -i ruoyi-admin-v1.0.tar 3.3 前端镜像
# 构建镜像cd ruoyi-ui npminstallnpm run build:prod # 编写配置文件vim nginx.conf ----------------------------------------------------------------------------------------- server { listen 80; location / { root /usr/share/nginx/html; index index.html; try_files $uri$uri/ /index.html;} location /prod-api/ { proxy_pass http://ruoyi-admin:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr;}}#----------------------------------------------------------------------------------------vim Dockerfile ----------------------------------------------------------------------------------------- FROM nginx:1.25 COPY dist/ /usr/share/nginx/html/ COPY nginx.conf /etc/nginx/conf.d/default.conf #----------------------------------------------------------------------------------------# 构建推送docker build -t ruoyi-ui:v1.0 .docker push ruoyi-ui:v1.0 # 将镜像传给node节点docker save -o ruoyi-ui-v1.0.tar ruoyi-ui:v1.0 scp ruoyi-ui-v1.0.tar root@node01:/opt scp ruoyi-ui-v1.0.tar root@node02:/opt docker load -i ruoyi-ui-v1.0.tar 4 部署前后端数据库
4.1 部署MySQL 数据
# 登入数据库 mysql -uroot -p123456 # 创建一个 ry 的数据库 CREATE DATABASE ry DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;# 查看库 SHOW DATABASES;# 退出库 CTRL+D # 下载若依数据库脚本git clone https://gitee.com/y_project/RuoYi-Vue.git cd RuoYi-Vue/sql # 导入数据 mysql -uroot -p ry < ry_*.sql mysql -uroot -p ry < quartz.sql # 验证 USE ry; SHOW TABLES;# 开启远程访问(修改后重启 systemctl restart mysqld )vim /etc/my.cnf ----------------------------------------------------------------------------------------- bind-address =0.0.0.0 # 授权远程访问 CREATE USER'ruoyi'@'%' IDENTIFIED BY '123456'; GRANT ALL PRIVILEGES ON ry.* TO 'ruoyi'@'%'; FLUSH PRIVILEGES;# 验证远程连接 mysql -h 192.168.10.83 -u ruoyi -p 4.2 完整 K8s YAML
vim ruoyi-full.yaml ----------------------------------------------------------------------------------------- apiVersion: v1 kind: Namespace metadata: name: ruoyi --- apiVersion: apps/v1 kind: Deployment metadata: name: redis namespace: ruoyi spec: replicas: 1 selector: matchLabels: app: redis template: metadata: labels: app: redis spec: containers: - name: redis image: redis:6.2.17 ports: - containerPort: 6379 --- apiVersion: v1 kind: Service metadata: name: redis namespace: ruoyi spec: selector: app: redis ports: - port: 6379 --- apiVersion: v1 kind: ConfigMap metadata: name: ruoyi-config namespace: ruoyi data: "SPRING_DATASOURCE_URL: jdbc:mysql://192.168.10.83:3306/ry?useUnicode=true&characterEncoding=utf8&serverTimezone=Asia/Shanghai" SPRING_DATASOURCE_USERNAME: "ruoyi" SPRING_DATASOURCE_PASSWORD: "123456" SPRING_REDIS_HOST: "redis" SPRING_REDIS_PORT: "6379" --- apiVersion: apps/v1 kind: Deployment metadata: name: ruoyi-admin namespace: ruoyi spec: replicas: 2 selector: matchLabels: app: ruoyi-admin template: metadata: labels: app: ruoyi-admin spec: containers: - name: ruoyi-admin image: ruoyi-admin:v1.0 imagePullPolicy: Always ports: - containerPort: 8080 envFrom: - configMapRef: name: ruoyi-config --- apiVersion: v1 kind: Service metadata: name: ruoyi-admin namespace: ruoyi spec: selector: app: ruoyi-admin ports: - port: 8080 targetPort: 8080 --- apiVersion: apps/v1 kind: Deployment metadata: name: ruoyi-ui namespace: ruoyi spec: replicas: 2 selector: matchLabels: app: ruoyi-ui template: metadata: labels: app: ruoyi-ui spec: containers: - name: ruoyi-ui image: ruoyi-ui:v1.0 ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: ruoyi-ui namespace: ruoyi spec: selector: app: ruoyi-ui ports: - port: 80 targetPort: 805 部署Gateway
5.1 安装 Gateway API (CRD资源)
wget https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml kubectl apply -f standard-install.yaml 5.2 安装 Envoy Gateway
wget https://github.com/envoyproxy/gateway/releases/download/v1.0.0/install.yaml # 修改镜像拉取策略为IfNotPresentsed -i 's/imagePullPolicy:[[:space:]]*Always/imagePullPolicy: IfNotPresent/g' install.yaml kubectl apply -f install.yaml 5.3 安装 Gayeway
5.3.1 部署gateway资源
--- apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass metadata: name: eg spec: controllerName: gateway.envoyproxy.io/gatewayclass-controller --- apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: name: ruoyi-gateway namespace: ruoyi spec: gatewayClassName: eg listeners: - name: http port: 80 protocol: HTTP --- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: ruoyi-route namespace: ruoyi spec: parentRefs: - name: ruoyi-gateway rules: - matches: - path: type: PathPrefix value: / backendRefs: - name: ruoyi-ui port: 80 5.3.2 修改配置
# 把LoadBalancer改为NodePort kubectl get svc -n envoy-gateway-system kubectl patch service envoy-ruoyi-ruoyi-gateway-1ef7723c -n envoy-gateway-system -p '{"spec":{"type":"NodePort"}}'# 增加pod数量 kubectl get deployment -n envoy-gateway-system kubectl scale deployment envoy-ruoyi-ruoyi-gateway-1ef7723c -n envoy-gateway-system --replicas=26 访问测试
curl192.168.10.81:30269 # 浏览器访问192.168.10.81:30269 7 总结
本章围绕 Gateway API 展开,从理论到实践全面介绍了其在 Kubernetes 环境中的应用。通过部署若依项目并结合 Envoy Gateway,我们实现了以下目标:
- 理解 Gateway API 的核心资源模型:包括 GatewayClass、Gateway、HTTPRoute 等,明确了它们的分工与协作关系。
- 掌握 Gateway API 与传统 Ingress 的区别:从协议支持、扩展性、多租户支持等多个维度进行对比,突出 Gateway API 的优势。
- 完成完整的应用部署与流量接入:从前端到后端,再到数据库,完整构建了一套微服务应用,并通过 Gateway API 实现统一流量入口。
- 体验 Envoy Gateway 的实际部署与配置:包括 CRD 安装、Gateway 资源配置、服务类型调整等操作,为后续生产环境的使用打下基础。
Gateway API 作为 Kubernetes 流量管理的下一代标准,正在被越来越多的网关控制器(如 Envoy、Istio、Nginx)所支持。掌握它,不仅有助于提升集群流量治理能力,也为未来多云、多集群场景下的统一路由管理奠定基础。
