Kubernetes Gateway API 是下一代流量管理标准,通过 GatewayClass、Gateway、HTTPRoute 等 CRD 实现分层解耦。基于若依项目,演示了在 K8s v1.23 环境下部署 Envoy Gateway,配置 MySQL 和 Redis 依赖,构建前后端镜像,并通过 HTTPRoute 实现流量路由。对比了 Gateway API 与传统 Ingress 在协议支持、扩展性及多租户方面的优势,完成从环境准备到访问测试的全流程实践,为生产环境流量治理提供参考。
Gateway API 是 Kubernetes 官方推出的下一代流量管理标准,旨在解决传统 Ingress 在协议支持、扩展性和多租户等方面的不足。它通过 GatewayClass、Gateway、HTTPRoute 等 CRD 实现流量治理的分层解耦,让基础设施和应用团队各司其职。本章将以若依项目为例,实战部署 Envoy Gateway 并实现高级流量路由。
Gateway API 是 Kubernetes 官方下一代'流量入口'标准,用来统一网关、负载均衡和路由管理。它通过一组新的 CRD 拆分了 Ingress 的角色和功能,使其更灵活、更可扩展、也更易于团队协作。
Gateway API 具有四种稳定的 API 类别:
| 维度 | Ingress | Gateway API |
|---|---|---|
| 协议 | 仅 HTTP | HTTP/TCP/UDP/TLS/GRPC |
| 扩展 | 依赖 annotation | 原生扩展字段 |
| 架构 | 单一资源 | 多层:Class/Gateway/Route |
| 多租户 | 不支持 | 强支持(网关与路由权限分离) |
| 服务网格支持 | 不直观 | 深度整合(Nginx、Istio、Envoy) |
| 标准化 | 弱 | 强、实现更一致 |
此实验所使用的是 k8s-v1.23
| 节点 | IP | 角色 |
|---|---|---|
| master01 | 192.168.10.80 | 控制平面 |
| node01 | 192.168.10.81 | 工作节点 |
| node02 | 192.168.10.82 | 工作节点 |
| MySQL | 192.168.10.83 | 数据库 |
docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/openjdk:8-jdk
docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/openjdk:8-jdk openjdk:8-jdk
docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/library/nginx:1.25
docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/library/nginx:1.25 nginx:1.25
docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/library/redis:6.2.17
docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/library/redis:6.2.17 redis:6.2.17
docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/envoyproxy/gateway:v1.0.0
docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/envoyproxy/gateway:v1.0.0 envoyproxy/gateway:v1.0.0
docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/envoyproxy/envoy:distroless-v1.29.2
docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/envoyproxy/envoy:distroless-v1.29.2 envoyproxy/envoy:distroless-v1.29.2
docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/envoyproxy/gateway-dev:72c0cc7
docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/envoyproxy/gateway-dev:72c0cc7 envoyproxy/gateway-dev:72c0cc7
# 安装工具
yum install -y maven npm
# 下载若依
git clone https://gitee.com/y_project/RuoYi-Vue.git
# 修改配置
vim RuoYi-Vue/ruoyi-admin/src/main/resources/application-druid.yml
-----------------------------------------------------------------------------------------
spring:
datasource:
type: com.alibaba.druid.pool.DruidDataSource
driverClassName: com.mysql.cj.jdbc.Driver
druid:
master:
url: ${SPRING_DATASOURCE_URL}
username: ${SPRING_DATASOURCE_USERNAME}
password: ${SPRING_DATASOURCE_PASSWORD}
#----------------------------------------------------------------------------------------
vim RuoYi-Vue/ruoyi-admin/src/main/resources/application.yml
-----------------------------------------------------------------------------------------
spring:
redis:
host: ${SPRING_REDIS_HOST}
port: ${SPRING_REDIS_PORT}
database: 0
password:
timeout: 10s
#----------------------------------------------------------------------------------------
# 本地打包
cd /opt/ry/RuoYi-Vue
mvn clean package
# 构建推送
cd /opt/ry/RuoYi-Vue/ruoyi-admin/target
vim Dockerfile
-----------------------------------------------------------------------------------------
FROM openjdk:8-jdk
WORKDIR /app
COPY ruoyi-admin.jar app.jar
EXPOSE 8080
ENTRYPOINT ["java","-Djava.awt.headless=true","-jar","app.jar"]
#----------------------------------------------------------------------------------------
docker build -t ruoyi-admin:v1.0 .
docker push ruoyi-admin:v1.0
# 将镜像传给 node 节点
docker save -o ruoyi-admin-v1.0.tar ruoyi-admin:v1.0
scp ruoyi-admin-v1.0.tar root@node01:/opt
scp ruoyi-admin-v1.0.tar root@node02:/opt
docker load -i ruoyi-admin-v1.0.tar
# 构建镜像
cd ruoyi-ui
npm install
npm run build:prod
# 编写配置文件
vim nginx.conf
-----------------------------------------------------------------------------------------
server {
listen 80;
location / {
root /usr/share/nginx/html;
index index.html;
try_files $uri$uri/ /index.html;
}
location /prod-api/ {
proxy_pass http://ruoyi-admin:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
#----------------------------------------------------------------------------------------
vim Dockerfile
-----------------------------------------------------------------------------------------
FROM nginx:1.25
COPY dist/ /usr/share/nginx/html/
COPY nginx.conf /etc/nginx/conf.d/default.conf
#----------------------------------------------------------------------------------------
# 构建推送
docker build -t ruoyi-ui:v1.0 .
docker push ruoyi-ui:v1.0
# 将镜像传给 node 节点
docker save -o ruoyi-ui-v1.0.tar ruoyi-ui:v1.0
scp ruoyi-ui-v1.0.tar root@node01:/opt
scp ruoyi-ui-v1.0.tar root@node02:/opt
docker load -i ruoyi-ui-v1.0.tar
# 登入数据库
mysql -uroot -p123456
# 创建一个 ry 的数据库
CREATE DATABASE ry DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
# 查看库
SHOW DATABASES;
# 退出库
CTRL+D
# 下载若依数据库脚本
git clone https://gitee.com/y_project/RuoYi-Vue.git
cd RuoYi-Vue/sql
# 导入数据
mysql -uroot -p ry < ry_*.sql
mysql -uroot -p ry < quartz.sql
# 验证
USE ry;
SHOW TABLES;
# 开启远程访问 (修改后重启 systemctl restart mysqld)
vim /etc/my.cnf
-----------------------------------------------------------------------------------------
bind-address =0.0.0.0
# 授权远程访问
CREATE USER'ruoyi'@'%' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON ry.* TO 'ruoyi'@'%';
FLUSH PRIVILEGES;
# 验证远程连接
mysql -h 192.168.10.83 -u ruoyi -p
vim ruoyi-full.yaml
-----------------------------------------------------------------------------------------
apiVersion: v1
kind: Namespace
metadata:
name: ruoyi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: ruoyi
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: redis:6.2.17
ports:
- containerPort: 6379
---
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: ruoyi
spec:
selector:
app: redis
ports:
- port: 6379
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ruoyi-config
namespace: ruoyi
data:
"SPRING_DATASOURCE_URL": jdbc:mysql://192.168.10.83:3306/ry?useUnicode=true&characterEncoding=utf8&serverTimezone=Asia/Shanghai
SPRING_DATASOURCE_USERNAME: "ruoyi"
SPRING_DATASOURCE_PASSWORD: "123456"
SPRING_REDIS_HOST: "redis"
SPRING_REDIS_PORT: "6379"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ruoyi-admin
namespace: ruoyi
spec:
replicas: 2
selector:
matchLabels:
app: ruoyi-admin
template:
metadata:
labels:
app: ruoyi-admin
spec:
containers:
- name: ruoyi-admin
image: ruoyi-admin:v1.0
imagePullPolicy: Always
ports:
- containerPort: 8080
envFrom:
- configMapRef:
name: ruoyi-config
---
apiVersion: v1
kind: Service
metadata:
name: ruoyi-admin
namespace: ruoyi
spec:
selector:
app: ruoyi-admin
ports:
- port: 8080
targetPort: 8080
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ruoyi-ui
namespace: ruoyi
spec:
replicas: 2
selector:
matchLabels:
app: ruoyi-ui
template:
metadata:
labels:
app: ruoyi-ui
spec:
containers:
- name: ruoyi-ui
image: ruoyi-ui:v1.0
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: ruoyi-ui
namespace: ruoyi
spec:
selector:
app: ruoyi-ui
ports:
- port: 80
targetPort: 80
wget https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml
kubectl apply -f standard-install.yaml
wget https://github.com/envoyproxy/gateway/releases/download/v1.0.0/install.yaml
# 修改镜像拉取策略为 IfNotPresent
sed -i 's/imagePullPolicy:[[:space:]]*Always/imagePullPolicy: IfNotPresent/g' install.yaml
kubectl apply -f install.yaml
---
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
name: eg
spec:
controllerName: gateway.envoyproxy.io/gatewayclass-controller
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: ruoyi-gateway
namespace: ruoyi
spec:
gatewayClassName: eg
listeners:
- name: http
port: 80
protocol: HTTP
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: ruoyi-route
namespace: ruoyi
spec:
parentRefs:
- name: ruoyi-gateway
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: ruoyi-ui
port: 80
# 把 LoadBalancer 改为 NodePort
kubectl get svc -n envoy-gateway-system
kubectl patch service envoy-ruoyi-ruoyi-gateway-1ef7723c -n envoy-gateway-system -p '{"spec":{"type":"NodePort"}}'
# 增加 pod 数量
kubectl get deployment -n envoy-gateway-system
kubectl scale deployment envoy-ruoyi-ruoyi-gateway-1ef7723c -n envoy-gateway-system --replicas=2
curl http://192.168.10.81:30269
# 浏览器访问 192.168.10.81:30269
本章围绕 Gateway API 展开,从理论到实践全面介绍了其在 Kubernetes 环境中的应用。通过部署若依项目并结合 Envoy Gateway,我们实现了以下目标:
Gateway API 作为 Kubernetes 流量管理的下一代标准,正在被越来越多的网关控制器(如 Envoy、Istio、Nginx)所支持。掌握它,不仅有助于提升集群流量治理能力,也为未来多云、多集群场景下的统一路由管理奠定基础。
微信公众号「极客日志」,在微信中扫描左侧二维码关注。展示文案:极客日志 zeeklog
查找任何按下的键的javascript键代码、代码、位置和修饰符。 在线工具,Keycode 信息在线工具,online
JavaScript 字符串转义/反转义;Java 风格 \uXXXX(Native2Ascii)编码与解码。 在线工具,Escape 与 Native 编解码在线工具,online
使用 Prettier 在浏览器内格式化 JavaScript 或 HTML 片段。 在线工具,JavaScript / HTML 格式化在线工具,online
Terser 压缩、变量名混淆,或 javascript-obfuscator 高强度混淆(体积会增大)。 在线工具,JavaScript 压缩与混淆在线工具,online
将字符串编码和解码为其 Base64 格式表示形式即可。 在线工具,Base64 字符串编码/解码在线工具,online
将字符串、文件或图像转换为其 Base64 表示形式。 在线工具,Base64 文件转换器在线工具,online