0 前言
Gateway API 是 Kubernetes 官方推出的下一代流量管理标准,旨在解决传统 Ingress 在协议支持、扩展性和多租户等方面的不足。它通过 GatewayClass、Gateway、HTTPRoute 等 CRD 实现流量治理的分层解耦,让基础设施和应用团队各司其职。本章将以若依项目为例,实战部署 Envoy Gateway 并实现高级流量路由。
1 Gateway的概念
1.1 什么是Gateway
Gateway API 是 Kubernetes 官方下一代“流量入口”标准,用来统一网关、负载均衡和路由管理。它通过一组新的 CRD 拆分了 Ingress 的角色和功能,使其更灵活、更可扩展、也更易于团队协作。
1.2 资源类型
Gateway API 具有四种稳定的 API 类别:
- GatewayClass: 定义网关的类型,实现网关的控制器管理(如 Envoy, Istio, Nginx )。
- Gateway: 定义流量处理基础设施(例如云负载均衡器)的一个实例。
- HTTPRoute: 定义特定于 HTTP 的规则,用于将流量从 Gateway 监听器映射到后端网络端点的某种呈现。 这些端点通常表示为 Service。
- GRPCRoute: 定义特定于 gRPC 的规则,用于将流量从 Gateway 监听器映射到后端网络端点的某种呈现。 这些端点通常表示为 Service。
1.3 Gateway 和 ingress 的区别
| 维度 | Ingress | Gateway API |
|---|---|---|
| 协议 | 仅 HTTP | HTTP/TCP/UDP/TLS/GRPC |
| 扩展 | 依赖 annotation | 原生扩展字段 |
| 架构 | 单一资源 | 多层:Class/Gateway/Route |
| 多租户 | 不支持 | 强支持(网关与路由权限分离) |
| 服务网格支持 | 不直观 | 深度整合(Nginx、Istio、Envoy) |
| 标准化 | 弱 | 强、实现更一致 |
1.4 数据流向
2 环境准备
此实验所使用的是 k8s-v1.23
| 节点 | IP | 角色 |
|---|---|---|
| master01 | 192.168.10.80 | 控制平面 |
| node01 | 192.168.10.81 | 工作节点 |
| node02 | 192.168.10.82 | 工作节点 |
| MySQL | 192.168.10.83 | 数据库 |
3 镜像准备
3.1 拉取镜像
1docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/openjdk:8-jdk && docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/openjdk:8-jdk openjdk:8-jdk 2 3docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/library/nginx:1.25 && docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/library/nginx:1.25 nginx:1.25 4 5docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/library/redis:6.2.17 && docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/library/redis:6.2.17 redis:6.2.17 6 7docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/envoyproxy/gateway:v1.0.0 && docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/envoyproxy/gateway:v1.0.0 envoyproxy/gateway:v1.0.0 8 9docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/envoyproxy/envoy:distroless-v1.29.2 && docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/envoyproxy/envoy:distroless-v1.29.2 envoyproxy/envoy:distroless-v1.29.2 10 11docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/envoyproxy/gateway-dev:72c0cc7 && docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/envoyproxy/gateway-dev:72c0cc7 envoyproxy/gateway-dev:72c0cc7 12
3.2 后端镜像
1# 安装工具 2yum install -y maven npm 3 4# 下载ry 5git clone https://gitee.com/y_project/RuoYi-Vue.git 6 7# 修改配置 8vim RuoYi-Vue/ruoyi-admin/src/main/resources/application-druid.yml 9----------------------------------------------------------------------------------------- 10spring: 11 datasource: 12 type: com.alibaba.druid.pool.DruidDataSource 13 driverClassName: com.mysql.cj.jdbc.Driver 14 druid: 15 master: 16 url: ${SPRING_DATASOURCE_URL} 17 username: ${SPRING_DATASOURCE_USERNAME} 18 password: ${SPRING_DATASOURCE_PASSWORD} 19#---------------------------------------------------------------------------------------- 20vim RuoYi-Vue/ruoyi-admin/src/main/resources/application.yml 21----------------------------------------------------------------------------------------- 22spring: 23 redis: 24 host: ${SPRING_REDIS_HOST} # K8s 内部 Service 名称 25 port: ${SPRING_REDIS_PORT} 26 database: 0 27 password: 28 timeout: 10s 29#---------------------------------------------------------------------------------------- 30# 本地打包 31cd /opt/ry/RuoYi-Vue 32mvn clean package 33 34# 构建推送 35cd /opt/ry/RuoYi-Vue/ruoyi-admin/target 36vim Dockerfile 37----------------------------------------------------------------------------------------- 38FROM openjdk:8-jdk 39WORKDIR /app 40COPY ruoyi-admin.jar app.jar 41EXPOSE 8080 42ENTRYPOINT ["java","-Djava.awt.headless=true","-jar","app.jar"] 43#---------------------------------------------------------------------------------------- 44docker build -t ruoyi-admin:v1.0 . 45docker push ruoyi-admin:v1.0 46 47# 将镜像传给node节点 48docker save -o ruoyi-admin-v1.0.tar ruoyi-admin:v1.0 49scp ruoyi-admin-v1.0.tar root@node01:/opt 50scp ruoyi-admin-v1.0.tar root@node02:/opt 51 52docker load -i ruoyi-admin-v1.0.tar 53
3.3 前端镜像
1# 构建镜像 2cd ruoyi-ui 3npm install 4npm run build:prod 5 6# 编写配置文件 7vim nginx.conf 8----------------------------------------------------------------------------------------- 9server { 10 listen 80; 11 12 location / { 13 root /usr/share/nginx/html; 14 index index.html; 15 try_files $uri $uri/ /index.html; 16 } 17 18 location /prod-api/ { 19 proxy_pass http://ruoyi-admin:8080/; 20 proxy_set_header Host $host; 21 proxy_set_header X-Real-IP $remote_addr; 22 } 23} 24#---------------------------------------------------------------------------------------- 25 26vim Dockerfile 27----------------------------------------------------------------------------------------- 28FROM nginx:1.25 29COPY dist/ /usr/share/nginx/html/ 30COPY nginx.conf /etc/nginx/conf.d/default.conf 31#---------------------------------------------------------------------------------------- 32 33# 构建推送 34docker build -t ruoyi-ui:v1.0 . 35docker push ruoyi-ui:v1.0 36 37# 将镜像传给node节点 38docker save -o ruoyi-ui-v1.0.tar ruoyi-ui:v1.0 39scp ruoyi-ui-v1.0.tar root@node01:/opt 40scp ruoyi-ui-v1.0.tar root@node02:/opt 41 42docker load -i ruoyi-ui-v1.0.tar 43
4 部署前后端数据库
4.1 部署MySQL 数据
1# 登入数据库 2mysql -uroot -p123456 3 4# 创建一个 ry 的数据库 5CREATE DATABASE ry DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; 6# 查看库 7SHOW DATABASES; 8# 退出库 9CTRL+D 10 11# 下载若依数据库脚本 12git clone https://gitee.com/y_project/RuoYi-Vue.git 13 14cd RuoYi-Vue/sql 15 16# 导入数据 17mysql -uroot -p ry < ry_*.sql 18mysql -uroot -p ry < quartz.sql 19 20# 验证 21USE ry; 22SHOW TABLES; 23 24# 开启远程访问(修改后重启 systemctl restart mysqld ) 25vim /etc/my.cnf 26----------------------------------------------------------------------------------------- 27bind-address = 0.0.0.0 28 29# 授权远程访问 30CREATE USER 'ruoyi'@'%' IDENTIFIED BY '123456'; 31GRANT ALL PRIVILEGES ON ry.* TO 'ruoyi'@'%'; 32FLUSH PRIVILEGES; 33 34# 验证远程连接 35mysql -h 192.168.10.83 -u ruoyi -p 36
4.2 完整 K8s YAML
1vim ruoyi-full.yaml 2----------------------------------------------------------------------------------------- 3apiVersion: v1 4kind: Namespace 5metadata: 6 name: ruoyi 7--- 8apiVersion: apps/v1 9kind: Deployment 10metadata: 11 name: redis 12 namespace: ruoyi 13spec: 14 replicas: 1 15 selector: 16 matchLabels: 17 app: redis 18 template: 19 metadata: 20 labels: 21 app: redis 22 spec: 23 containers: 24 - name: redis 25 image: redis:6.2.17 26 ports: 27 - containerPort: 6379 28--- 29apiVersion: v1 30kind: Service 31metadata: 32 name: redis 33 namespace: ruoyi 34spec: 35 selector: 36 app: redis 37 ports: 38 - port: 6379 39--- 40apiVersion: v1 41kind: ConfigMap 42metadata: 43 name: ruoyi-config 44 namespace: ruoyi 45data: 46 "SPRING_DATASOURCE_URL: jdbc:mysql://192.168.10.83:3306/ry?useUnicode=true&characterEncoding=utf8&serverTimezone=Asia/Shanghai" 47 SPRING_DATASOURCE_USERNAME: "ruoyi" 48 SPRING_DATASOURCE_PASSWORD: "123456" 49 SPRING_REDIS_HOST: "redis" 50 SPRING_REDIS_PORT: "6379" 51--- 52apiVersion: apps/v1 53kind: Deployment 54metadata: 55 name: ruoyi-admin 56 namespace: ruoyi 57spec: 58 replicas: 2 59 selector: 60 matchLabels: 61 app: ruoyi-admin 62 template: 63 metadata: 64 labels: 65 app: ruoyi-admin 66 spec: 67 containers: 68 - name: ruoyi-admin 69 image: ruoyi-admin:v1.0 70 imagePullPolicy: Always 71 ports: 72 - containerPort: 8080 73 envFrom: 74 - configMapRef: 75 name: ruoyi-config 76--- 77apiVersion: v1 78kind: Service 79metadata: 80 name: ruoyi-admin 81 namespace: ruoyi 82spec: 83 selector: 84 app: ruoyi-admin 85 ports: 86 - port: 8080 87 targetPort: 8080 88--- 89apiVersion: apps/v1 90kind: Deployment 91metadata: 92 name: ruoyi-ui 93 namespace: ruoyi 94spec: 95 replicas: 2 96 selector: 97 matchLabels: 98 app: ruoyi-ui 99 template: 100 metadata: 101 labels: 102 app: ruoyi-ui 103 spec: 104 containers: 105 - name: ruoyi-ui 106 image: ruoyi-ui:v1.0 107 ports: 108 - containerPort: 80 109--- 110apiVersion: v1 111kind: Service 112metadata: 113 name: ruoyi-ui 114 namespace: ruoyi 115spec: 116 selector: 117 app: ruoyi-ui 118 ports: 119 - port: 80 120 targetPort: 80 121
5 部署Gateway
5.1 安装 Gateway API (CRD资源)
1wget https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml 2 3kubectl apply -f standard-install.yaml 4
5.2 安装 Envoy Gateway
1wget https://github.com/envoyproxy/gateway/releases/download/v1.0.0/install.yaml 2 3# 修改镜像拉取策略为IfNotPresent 4sed -i 's/imagePullPolicy:[[:space:]]*Always/imagePullPolicy: IfNotPresent/g' install.yaml 5 6kubectl apply -f install.yaml 7
5.3 安装 Gayeway
5.3.1 部署gateway资源
1--- 2apiVersion: gateway.networking.k8s.io/v1 3kind: GatewayClass 4metadata: 5 name: eg 6spec: 7 controllerName: gateway.envoyproxy.io/gatewayclass-controller 8--- 9apiVersion: gateway.networking.k8s.io/v1 10kind: Gateway 11metadata: 12 name: ruoyi-gateway 13 namespace: ruoyi 14spec: 15 gatewayClassName: eg 16 listeners: 17 - name: http 18 port: 80 19 protocol: HTTP 20--- 21apiVersion: gateway.networking.k8s.io/v1 22kind: HTTPRoute 23metadata: 24 name: ruoyi-route 25 namespace: ruoyi 26spec: 27 parentRefs: 28 - name: ruoyi-gateway 29 rules: 30 - matches: 31 - path: 32 type: PathPrefix 33 value: / 34 backendRefs: 35 - name: ruoyi-ui 36 port: 80 37
5.3.2 修改配置
1# 把LoadBalancer改为NodePort 2kubectl get svc -n envoy-gateway-system 3 4kubectl patch service envoy-ruoyi-ruoyi-gateway-1ef7723c -n envoy-gateway-system -p '{"spec":{"type":"NodePort"}}' 5 6# 增加pod数量 7kubectl get deployment -n envoy-gateway-system 8 9kubectl scale deployment envoy-ruoyi-ruoyi-gateway-1ef7723c -n envoy-gateway-system --replicas=2 10
6 访问测试
1curl 192.168.10.81:30269 2 3# 浏览器访问 4192.168.10.81:30269 5
7 总结
本章围绕 Gateway API 展开,从理论到实践全面介绍了其在 Kubernetes 环境中的应用。通过部署若依项目并结合 Envoy Gateway,我们实现了以下目标:
- 理解 Gateway API 的核心资源模型:包括 GatewayClass、Gateway、HTTPRoute 等,明确了它们的分工与协作关系。
- 掌握 Gateway API 与传统 Ingress 的区别:从协议支持、扩展性、多租户支持等多个维度进行对比,突出 Gateway API 的优势。
- 完成完整的应用部署与流量接入:从前端到后端,再到数据库,完整构建了一套微服务应用,并通过 Gateway API 实现统一流量入口。
- 体验 Envoy Gateway 的实际部署与配置:包括 CRD 安装、Gateway 资源配置、服务类型调整等操作,为后续生产环境的使用打下基础。
Gateway API 作为 Kubernetes 流量管理的下一代标准,正在被越来越多的网关控制器(如 Envoy、Istio、Nginx)所支持。掌握它,不仅有助于提升集群流量治理能力,也为未来多云、多集群场景下的统一路由管理奠定基础。
《Gateway—— 高级流量路由》 是转载文章,点击查看原文。
