TCP for unencrypted requests :: Gloo Gateway Docs |
您所在的位置:网站首页 › istio 15021 › TCP for unencrypted requests :: Gloo Gateway Docs |
|
Navigation :
TCP for unencrypted requests
Set up a TCP listener on the gateway that serves one or more hosts and passes TCP traffic through to a destination. Because TCP traffic is directly forwarded to the destination, the destination must be capable of handling incoming TLS traffic. Before you beginTo follow the example that is outlined on this page, you must set up Gloo Gateway must in a single cluster as described in the getting started guide. You do not need to deploy sample apps or set up routing, as you create the TCP helloworld sample app as part of this example. Open the TCP port on the ingress gatewayWhen you followed the get started guide, the ingress gateway is set up without a TCP port. To configure a TCP listener on your gateway, you must first open up a TCP port on the ingress gateway. Get the details of the ingress gateway service and check if port 9000 with the name tcp is open on your ingress gateway. kubectl get service istio-ingressgateway -n gloo-mesh-gateways -o yamlExample output if the TCP port is open on the gateway: ... spec: ports: - name: tcp nodePort: 30358 port: 9000 protocol: TCP targetPort: 9000If the port is not yet open on your ingress gateway, perform an upgrade of your Istio ingress gateway to open up the TCP port. Follow the steps to perform a test or canary upgrade of your managed gateway proxies. Add the following section to your Helm values file, and use these updated values during the upgrade. istioInstallations: controlPlane: enabled: true installations: - clusters: null istioOperatorSpec: {} revision: auto eastWestGateways: null enabled: true northSouthGateways: - enabled: true installations: - clusters: null gatewayRevision: auto istioOperatorSpec: components: ingressGateways: - enabled: true name: istio-ingressgateway namespace: gloo-mesh-gateways k8s: service: type: LoadBalancer ports: - name: status-port port: 15021 targetPort: 15021 - name: http2 port: 80 targetPort: 8080 - name: https port: 443 targetPort: 8443 - name: tls port: 15443 targetPort: 15443 - name: tcp port: 9000 targetPort: 9000 name: istio-ingressgateway namespace: gloo-mesh-gatewaysAfter the upgrade, verify that the TCP port is now open on your ingress gateway. kubectl get service istio-ingressgateway -n gloo-mesh-gateways -o yaml Deploy the helloworld TCP sample appThe helloworld sample app is a simple way to test responses for different app versions. The following examples install four versions of helloworld in your cluster. Create a helloworld namespace. kubectl create ns helloworldDeploy helloworld v1, v2, v3, and v4 to your cluster. kubectl -n helloworld apply -f https://raw.githubusercontent.com/solo-io/gloo-mesh-use-cases/main/policy-demo/helloworld.yamlVerify that the helloworld apps are running. kubectl -n helloworld get pods Set up a TCP listener on your gatewayTo route TCP traffic to the TCP app directly without originating a TLS connection at the gateway, you create a virtual gateway and configure a TCP listener. Create the virtual gateway and configure your TCP listener. Note that the tcp section of your virtual gateway config must remain empty so that the gateway is instructed to directly forward the traffic to the TCP workload in the cluster. kubectl apply -f- |
| CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |