The instructions for mapping-custom-domains with GKE with Cloud Run works fine for a 1:1 domain:service mapping. But what if I want to have, 1:M domain:services and match with the URI,
myapp.com/login >> login-service
myapp.com/logout >> logout-service
The second domain-mapping creation statement will error as domain must be unique across services:
$ gcloud beta run domain-mappings create --service login-service --domain myapp.com --cluster mycluster --cluster-location europe-west2-a
Creating......done.
RECORD TYPE CONTENTS
A XX.XXX.XXX.XX
$ gcloud beta run domain-mappings create --service login-service --domain myapp.com --cluster mycluster --cluster-location europe-west2-a
ERROR: ... "message": domainmappings.domains.cloudrun.com \"myapp.com\" already exists ...
Previously, when using a manually created Knative environment, I could achieve this with an Istio VirtualService
:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: entry-route
namespace: default
spec:
- knative-ingress-gateway.knative-serving.svc.cluster.local
# Set host to the domain name that you own.
hosts:
- myapp.com
http:
- match:
- uri:
prefix: "/login"
rewrite:
authority: login-service.default.myapp.com
route:
- destination:
host: knative-ingressgateway.istio-system.svc.cluster.local
weight: 100
- match:
- uri:
prefix: "/logout"
rewrite:
authority: logout-service.default.myapp.com
route:
- destination:
host: knative-ingressgateway.istio-system.svc.cluster.local
weight: 100
But whilst I can apply this on GKE with Cloud Run, everything is routed to the service mapped to the domain.
I've also tried deleting the gcloud beta run domain-mappings
created, setting the istio-ingressgateway
LoadBalancer to a reserved static IP, and pointing my domain at the LoadBalancer. However, this just results in 503s
.
Why can't I just point to the istio-ingressgateway
LoadBalancer and let a VirtualService
route for me?
It is possible to use a VirtualService
to reroute traffic using the same domain and its path to multiple services.
istio-ingressgateway
is now the default Knative service hostname (I was using an older Knative version and knative-ingressgateway
has since been removed).
gcloud beta run domain-mappings create ...
. It is not necessary for an M:1 service:domain mapping.EXTERNAL-IP
used by your istio-ingressgateway LoadBalancer
(kubectl get svc istio-ingressgateway -n istio-system
) and point your domain at it (e.g. myapp.com
)kubectl get svc
(listed under EXTERNAL-IP
- i.e. istio-ingressgateway.istio-system.svc.cluster.local
)VirtualService
that maps its route destinations to istio-ingressgateway.istio-system.svc.cluster.local
:# e.g. routing.yaml (`kubectl apply -f routing.yaml`)
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: entry-route
namespace: default
spec:
- knative-ingress-gateway.knative-serving.svc.cluster.local
# Set host to the domain name that you own.
hosts:
- myapp.com
http:
- match:
- uri:
prefix: "/login"
rewrite:
authority: login-service.default.myapp.com
route:
- destination:
host: istio-ingressgateway.istio-system.svc.cluster.local
weight: 100
- match:
- uri:
prefix: "/logout"
rewrite:
authority: logout-service.default.myapp.com
route:
- destination:
host: istio-ingressgateway.istio-system.svc.cluster.local
weight: 100
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments