Red Hat Summit Red Hat Summit지원콘솔개발자평가판 시작연락처

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Chapter 2. Getting traffic into a mesh

Route external traffic to mesh services by configuring Istio gateway proxies and exposing them through LoadBalancer services or OpenShift routes.

2.1. About ingress traffic routing approaches
링크 복사

Red Hat OpenShift Service Mesh offers two approaches to configure ingress traffic routing to services in the mesh. The approach depends on the service mesh deployment mode and traffic management requirements.

Ingress routing with gateway injection and Istio APIs
When you install a gateway by using gateway injection, you can configure it to receive ingress traffic by using the Istio Gateway and VirtualService resources in combination.

The gateway injection approach is compatible with sidecar-based service mesh deployments where you enable sidecar injection in namespaces by using the istio-injection=enabled label or the istio.io/rev=<revision> label.

Ingress routing with Kubernetes Gateway API
The Kubernetes Gateway API provides a standardized approach for configuring ingress traffic routing using native Kubernetes resources. With this approach, you use Gateway and HTTPRoute (or GRPCRoute) resources to configure how traffic enters the mesh and routes to services.

While Istio Gateway and VirtualService resources support certain ingress use cases in ambient mode, the recommended approach is to use the Kubernetes Gateway API, which provides full support and integration with ambient. You can also use the Gateway API with sidecar-based deployments.

2.2. Exposing a service by using the Istio Gateway and VirtualService resources
링크 복사

Expose mesh services to external traffic by configuring injected gateways with Istio Gateway and VirtualService resources to route traffic from outside the cluster.

Note

You can set the gateway Service type to LoadBalancer to allow traffic from outside the cluster.

Prerequisites

  • You have installed Istio gateways using gateway injection.
  • You are using the Istio Gateway and VirtualService resources.
  • You have existing VirtualService configurations and do not plan on migrating to ambient mode.

Procedure

  1. Create namespace called httpbin by running the following command: 

    $ oc create namespace httpbin

  2. Enable sidecar injection in the namespace. If you are using the InPlace upgrade strategy, run the following command: 

    $ oc label namespace httpbin istio-injection=enabled
    Note

    If you are using the RevisionBased upgrade strategy, run the following commands:

    1. To find your <revision-name>, run the following command: 

      $ oc get istiorevisions.sailoperator.io

      You should see output similar to the following example: 

      NAME      TYPE    READY   STATUS    IN USE   VERSION   AGE
default   Local   True    Healthy   True    v1.24.3   3m33s

    2. Label the namespace with the revision name to enable sidecar injection: 

      $ oc label namespace httpbin istio.io/rev=default

  3. Deploy a sample service named httpbin by running the following command: 

    $ oc apply -n httpbin -f https://raw.githubusercontent.com/openshift-service-mesh/istio/refs/heads/master/samples/httpbin/httpbin.yaml

  4. Create a YAML file named httpbin-gw.yaml that defines an Istio Gateway resource. This resource configures gateway proxies to expose port 80 (HTTP) for the host, httpbin.example.com.

    You can see the following example configuration for reference: 

    apiVersion: networking.istio.io/v1
kind: Gateway
metadata:
  name: httpbin-gateway
  namespace: httpbin
spec:
  selector:
    istio: <gateway_name>
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - httpbin.example.com
    • spec.selector specifies the unique label or set of labels in the pod template of the gateway proxy Deployment. By default, the Istio Gateway resource configuration will apply to matching gateway pods in all namespaces.
    • spec.servers.hosts specifies a list of addresses that the clients use when attempting to access a mesh service at the associated port.

  5. Apply the YAML file by running the following command: 

    $ oc apply -f httpbin-gw.yaml

  6. Create a YAML file named httpbin-vs.yaml for a VirtualService. The VirtualService defines the rules that route traffic from the gateway proxy to the httpbin service.

    You can see the following example configuration for reference: 

    apiVersion: networking.istio.io/v1
kind: VirtualService
metadata:
  name: httpbin
  namespace: httpbin
spec:
  hosts:
  - httpbin.example.com
  gateways:
  - httpbin-gateway
  http:
  - match:
    - uri:
        prefix: /status
    - uri:
        prefix: /headers
    route:
    - destination:
        port:
          number: 8000
        host: httpbin
    • spec.hosts the destination hosts for the VirtualService routing rules. The Istio Gateway resource must expose the hosts that you bind to the VirtualService.
    • spec.gateways binds the VirtualService to the Istio Gateway resource created in the previous step by adding the Gateway name to the list of gateways.
    • spec.http.route route matching traffic to the httpbin service deployed earlier by defining a destination that includes the host and port of the httpbin Service.

  7. Apply the YAML file by running the following command: 

    $ oc apply -f httpbin-vs.yaml

  8. For verification purposes, create a namespace for a curl client by running the following command: 

    $ oc create namespace curl

  9. Deploy the curl client by running the following command: 

    $ oc apply -n curl -f https://raw.githubusercontent.com/openshift-service-mesh/istio/refs/heads/master/samples/curl/curl.yaml

  10. Set a CURL_POD variable with the name of the curl pod by running the following command: 

    $ CURL_POD=$(oc get pods -n curl -l app=curl -o jsonpath='{.items[*].metadata.name}')

  11. Using the curl client, send a request to the /headers endpoint of the httpbin application through the ingress gateway Service resource. Set the Host header of the request to httpbin.example.com to match the host that the Istio Gateway and VirtualService resources specify. Run the following curl command to send the request: 

    $ oc exec $CURL_POD -n curl -- \
  curl -s -I \
    -H Host:httpbin.example.com \
    <gateway_name>.<gateway_namespace>.svc.cluster.local/headers

  12. The response should have a 200 OK HTTP status indicating that the request was successful. 

    HTTP/1.1 200 OK
server: istio-envoy
...

  13. Send a curl request to an endpoint that does not have a corresponding URI prefix match defined in the httpbin VirtualService by running the following command: 

    $ oc exec $CURL_POD -n curl -- \
  curl -s -I \
    -H Host:httpbin.example.com \
    <gateway_name>.<gateway_namespace>.svc.cluster.local/get

    The response should return a 404 Not Found status as the httpbin VirtualService resource lacks a matching URI prefix for the /get endpoint. 

    HTTP/1.1 404 Not Found
server: istio-envoy
...

  14. Expose the gateway proxy to traffic outside the cluster by setting the Service type to LoadBalancer: 

    $ oc patch service <gateway_name> -n <gateway_namespace> -p '{"spec": {"type": "LoadBalancer"}}'
    Note

    OpenShift Routes can also expose a gateway to traffic outside the cluster. For more information, see "Exposing a gateway to traffic outside the cluster using OpenShift Routes".

  15. Verify that you can access the httpbin service from outside the cluster when using the external hostname or IP address of the gateway Service resource. Ensure that you set the INGRESS_HOST variable appropriately for the environment that your cluster is running in.

    1. If the cluster runs on AWS, set the INGRESS_HOST variable by running the following command: 

      $ INGRESS_HOST=$(oc get service <gateway_name> -n <gateway_namespace> -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')

    2. If the cluster runs on GCP or Azure, set the INGRESS_HOST variable by running the following command: 

      $ INGRESS_HOST=$(oc get service <gateway_name> -n <gateway_namespace> -o jsonpath='{.status.loadBalancer.ingress[0].ip}')

    3. Send a curl request to the httpbin service using the host of the gateway by running the following command: 

      $ curl -s -I -H Host:httpbin.example.com http://$INGRESS_HOST/headers
  16. Verify that the response has the HTTP/1.1 200 OK status, which indicates that the request was successful.

2.3. About exposing services to traffic outside a cluster
링크 복사

To enable traffic from outside an OpenShift cluster to access services in a mesh, you must expose a gateway proxy by either setting its Service type to LoadBalancer or by using the OpenShift Router.

Using Kubernetes load balancing to handle incoming traffic directly through the inbound gateway can reduce latency associated with data encryption. By managing encryption at the inbound gateway, you avoid the intermediate decryption and re-encryption steps within the mesh that often add latency. This approach encrypts and decrypts mesh traffic only once, which is generally more efficient.

The OpenShift Router provides a standard approach for managing ingress traffic, and you can use the router to manage certificates for all cluster ingress traffic by using the same methods. However, the OpenShift Router introduces an additional hop between the inbound traffic and the mesh applications. Typically, you route the traffic by decrypting it at the router and then re-encrypting it at the service mesh ingress gateway, which introduces latency.

2.3.1. Exposing a gateway to traffic outside the cluster by using OpenShift Routes
링크 복사

You can expose a gateway to traffic outside the cluster by using OpenShift Routes. This approach provides an alternative to using Kubernetes LoadBalancer service when you have to expose gateways to traffic outside the cluster.

Prerequisites

  • You have completed the procedure, "Exposing a Service by using the Istio Gateway and VirtualService resources".

Procedure

  1. Ensure that you set the Service type to ClusterIP by running the following command: 

    $ oc patch service <gateway_name> -n <gateway_namespace> -p '{"spec": {"type": "ClusterIP"}}'

  2. Create a YAML file named httpbin-route.yaml that defines a Route for the httpbin service similar to the following example: 

    apiVersion: route.openshift.io/v1
kind: Route
metadata:
  name: httpbin
  namespace: <gateway_namespace>
spec:
  host: httpbin.example.com
  port:
    targetPort: http2
  to:
    kind: Service
    name: <gateway_name>
    weight: 100
  wildcardPolicy: None

  3. Apply the YAML file by running the following command: 

    $ oc apply -f httpbin-route.yaml

  4. Verify that you can access the httpbin service from outside the cluster through the ingress router. Ensure that you set the INGRESS_HOST variable appropriately for the environment that your cluster is running in.

    1. If the cluster runs on AWS, set the INGRESS_HOST variable by running the following command: 

      $ INGRESS_HOST=$(oc get service router-default -n openshift-ingress -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')

    2. If the cluster runs on GCP or Azure, set the INGRESS_HOST variable by running the following command: 

      $ INGRESS_HOST=$(oc get service router-default -n openshift-ingress -o jsonpath='{.status.loadBalancer.ingress[0].ip}')

    3. Send a curl request to the httpbin service using the host of the ingress router by running the following command: 

      $ curl -s -I -H Host:httpbin.example.com http://$INGRESS_HOST/headers
  5. Verify that the response has the HTTP/1.1 200 OK status, which indicates that the request was successful.

2.4. Exposing a service by using the Kubernetes Gateway API in sidecar mode
링크 복사

You can use the Kubernetes Gateway API to create Gateway and HTTPRoute resources and deploy a gateway. The resources configure the gateway to expose a service in the mesh to traffic outside the mesh.

Prerequisites

  • You have logged in to the OpenShift Container Platform web console as a user with the cluster-admin role.
  • You installed the Red Hat OpenShift Service Mesh Operator.
  • You have deployed the Istio resource.

Procedure

  1. Create a namespace called httpbin by running the following command: 

    $ oc create namespace httpbin

  2. When using sidecar injection instead of ambient mode, you must enable the sidecar injection in the namespace:

    1. For the InPlace upgrade strategy, run the following command: 

      $ oc label namespace httpbin istio-injection=enabled

    2. For the RevisionBased upgrade strategy, run the following command: 

      $ oc label namespace httpbin istio.io/rev=<revision-name>

  3. Deploy a sample service named httpbin by running the following command: 

    $ oc apply -n httpbin -f https://raw.githubusercontent.com/openshift-service-mesh/istio/refs/heads/master/samples/httpbin/httpbin.yaml

  4. Create a YAML file named httpbin-gw.yaml that defines a Kubernetes Gateway resource, similar to the following example: 

    apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: httpbin-gateway
  namespace: httpbin
spec:
  gatewayClassName: istio
  listeners:
  - name: default
    hostname: "httpbin.example.com"
    port: 80
    protocol: HTTP
    allowedRoutes:
      namespaces:
        from: All
    "httpbin.example.com"
    Specifies the virtual hostname that clients use when attempting to access a mesh service on the associated port.

    The HTTPRoute resource specifies the rules that route traffic from the gateway proxy to the httpbin service.

  5. Apply the YAML file by running the following command: 

    $ oc apply -f httpbin-gw.yaml

  6. Create a YAML file named httpbin-ingress-hr.yaml that defines an HTTPRoute resource for the ingress gateway, similar to the following example: 

    apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: httpbin-ingress
  namespace: httpbin
spec:
  parentRefs:
  - name: httpbin-gateway
    namespace: httpbin
  hostnames:
  - "httpbin.example.com"
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /status
    - path:
        type: PathPrefix
        value: /headers
  - backendRefs:
    - name: httpbin
      port: 8000
    • spec.parentRefs binds the HTTPROUTE resource to the Kubernetes Gateway resource you created in the previous step.
    • spec.rules.backendRefs routes the matching traffic to the httpbin service by defining a backendRefs that includes the name and port of the httpbin service.

    The HTTPRoute resource specifies the rules that route traffic from the gateway proxy to the httpbin service.

  7. Apply the YAML file by running the following command: 

    $ oc apply -f httpbin-ingress-hr.yaml

  8. Ensure that the Gateway API service is ready and has an allocated address by running the following command: 

    $ oc wait --for=condition=programmed gtw httpbin-gateway -n httpbin

Verification

  1. Create a namespace for a curl client by running the following command: 

    $ oc create namespace curl

  2. Deploy a curl client by running the following command: 

    $ oc apply -n curl -f https://raw.githubusercontent.com/openshift-service-mesh/istio/refs/heads/master/samples/curl/curl.yaml

  3. Set a CURL_POD variable with the name of the curl pod by running the following command: 

    $ CURL_POD=$(oc get pods -n curl -l app=curl -o jsonpath='{.items[*].metadata.name}')

  4. Using the curl client, send a request to the /headers endpoint of the httpbin application through the ingress gateway Service resource. Set the Host header of the request to httpbin.example.com to match the host that the Kubernetes Gateway and HTTPROUTE resources specify. Send the curl request by running the following command: 

    $ oc exec $CURL_POD -n curl -- \
  curl -s -I \
    -H Host:httpbin.example.com \
    <gateway_name>-istio.<gateway_namespace>.svc.cluster.local/headers

    The response should return a 200 OK HTTP status, which indicates that the request was successful, similar to the following example: 

    HTTP/1.1 200 OK
server: istio-envoy
...

  5. Send a curl request to an endpoint that does not have a corresponding Uniform Resource Identifier (URI) prefix match defined in the httpbin HTTPROUTE by running the following command: 

    $ oc exec $CURL_POD -n curl -- \
  curl -s -I \
    -H Host:httpbin.example.com \
    <gateway_name>-istio.<gateway_namespace>.svc.cluster.local/get

    The response returns a 404 Not Found status, as expected, because the /get endpoint does not have a matching URI prefix in the httpbin HTTPROUTE resource, similar to the following example: 

    HTTP/1.1 404 Not Found
server: istio-envoy
...

  6. Expose the gateway proxy to traffic outside the cluster by setting the Service type to LoadBalancer. Run the following command: 

    $ oc patch service <gateway_name>-istio -n <gateway_namespace> -p '{"spec": {"type": "LoadBalancer"}}'
    Note

    OpenShift Routes can also expose a gateway to traffic outside the cluster. For more information, see "Exposing a gateway to traffic outside the cluster using OpenShift Routes".

  7. Verify that you can access the httpbin service from outside the cluster when using the external hostname or IP address of the gateway Service resource. Ensure that you set the INGRESS_HOST variable appropriately for the environment in which your cluster is running.

    1. Set the INGRESS_HOST variable by running the following command: 

      $ export INGRESS_HOST=$(oc get gtw <gateway_name> -n <gateway_namespace> -o jsonpath='{.status.addresses[0].value}')

    2. Set the INGRESS_PORT variable by running the following command: 

      $ INGRESS_PORT=$(oc get gtw <gateway_name> -n <gateway_namespace> -o jsonpath='{.spec.listeners[?(@.name=="http")].port}')

    3. Using the gateway host, send a curl request to the httpbin service by running the following command: 

      $ curl -s -I -H Host:httpbin.example.com http://$INGRESS_HOST:$INGRESS_PORT/headers
  8. Verify that the response has the HTTP/1.1 200 OK status, which indicates that the request was successful.

2.5. About ingress traffic routing approaches in ambient mode
링크 복사

When using the Istio ambient mode, you can use the Kubernetes Gateway API to configure ingress traffic routing.

Waypoint proxies for Layer 7 routing
You can deploy a waypoint proxy in the namespace that has your service to apply Layer 7 (L7) routing policies, such as path-based routing or header matching. In ambient mode, waypoint proxies process L7 traffic and enforce HTTPRoute and GRPCRoute rules.
Important

Service Mesh classifies VirtualService resources as Technology Preview (TP) in ambient mode. Therefore, you should not mix them with Gateway API configuration. The recommended approach in ambient mode is to use Kubernetes Gateway API resources.

2.6. Exposing a service by using the Kubernetes Gateway API in ambient mode
링크 복사

You can use the Kubernetes Gateway API to create Gateway and HTTPRoute resources and deploy a gateway in ambient mode. The resources configure the gateway to expose a service in the mesh to traffic outside the mesh.

Prerequisites

  • You have logged in to the OpenShift Container Platform web console as a user with the cluster-admin role.
  • You have installed the Red Hat OpenShift Service Mesh Operator.
  • You have deployed the Istio resource.
  • You use the Kubernetes-native Gateway API resources.
  • You are either using the Istio ambient mode or planning on migrating to the ambient mode.
Note

Service Mesh recommends the Kubernetes Gateway API for ingress configuration in ambient mode (istio.io/dataplane-mode=ambient), because Istio Gateway and VirtualService resources lack full compatibility.

Procedure

  1. Create a namespace called httpbin by running the following command: 

    $ oc create namespace httpbin

  2. Apply the label for ambient mode by running the following command: 

    $ oc label namespace httpbin istio.io/dataplane-mode=ambient

  3. Deploy a sample service named httpbin by running the following command: 

    $ oc apply -n httpbin -f https://raw.githubusercontent.com/openshift-service-mesh/istio/refs/heads/master/samples/httpbin/httpbin.yaml

  4. Deploy a waypoint proxy by creating a YAML file named httpbin-waypoint.yaml, similar to the following example: 

    apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: httpbin-waypoint
  namespace: httpbin
  labels:
    istio.io/waypoint-for: service
spec:
  gatewayClassName: istio-waypoint
  listeners:
  - name: mesh
    port: 15008
    protocol: HBONE

  5. Apply the YAML file by running the following command: 

    $ oc apply -f httpbin-waypoint.yaml

  6. Enable ingress waypoint routing on the httpbin service by running the following command: 

    $ oc label service httpbin -n httpbin istio.io/ingress-use-waypoint=true

    The label ensures that the ingress gateway routes traffic through the waypoint proxy, which applies its Layer 7 (L7) policies to the traffic before it reaches the httpbin service.

  7. Apply the waypoint label to the namespace so that all the services inside the namespace routes through the waypoint, by running the following command: 

    $ oc label ns httpbin istio.io/use-waypoint=httpbin-waypoint

  8. Create a YAML file named httpbin-gw.yaml that defines a Kubernetes Gateway resource. This resource configures gateway proxies to expose port 80 (HTTP) for the host, httpbin.example.com. 

    apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: httpbin-gateway
  namespace: httpbin
spec:
  gatewayClassName: istio
  listeners:
  - name: default
    hostname: "httpbin.example.com"
    port: 80
    protocol: HTTP
    allowedRoutes:
      namespaces:
        from: All
    "httpbin.example.com"
    Specifies the virtual hostname that clients use when attempting to access a mesh service on the associated port.

  9. Apply the YAML file by running the following command: 

    $ oc apply -f httpbin-gw.yaml

  10. Create a YAML file named httpbin-ingress-hr.yaml that defines an HTTPRoute resource for the ingress gateway, similar to the following example: 

    apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: httpbin-ingress
  namespace: httpbin
spec:
  parentRefs:
  - name: httpbin-gateway
    namespace: httpbin
  hostnames:
  - "httpbin.example.com"
  rules:
  - backendRefs:
    - name: httpbin
      port: 8000
    • spec.parentRefs binds the HTTPROUTE resource to the Kubernetes Gateway resource that you created in the previous step.
    • spec.rules.backendRefs routes the matching traffic to the httpbin service by defining a backendRefs that includes the name and port of the httpbin service.

    The HTTPRoute resource specifies the rules that route traffic from the gateway proxy to the httpbin service.

  11. Apply the YAML file by running the following command: 

    $ oc apply -f httpbin-ingress-hr.yaml

  12. Create a YAML file named httpbin-waypoint-hr.yaml that defines an HTTPRoute resource for the waypoint proxy. 

    apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: httpbin-waypoint-route
  namespace: httpbin
spec:
  parentRefs:
  - group: ""
    kind: service
    name: httpbin
    namespace: httpbin
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /status
    - path:
        type: PathPrefix
        value: /headers
    backendRefs:
    - name: httpbin
      port: 8000
    • spec.parentRefs binds the HTTPRoute resource to the httpbin service. When combined with the istio.io/ingress-use-waypoint=true label on the service, the HTTPRoute configures the L7 routing rules that the waypoint proxy will enforce for traffic destined to that service.
    • spec.rules.backendRefs routes the matching traffic to the httpbin service by defining a backendRefs that includes the name and port of the httpbin service.

  13. Apply the YAML file by running the following command: 

    $ oc apply -f httpbin-waypoint-hr.yaml
    Note

    In this example use case, traffic from the ingress gateway flows through the waypoint proxy because of the istio.io/ingress-use-waypoint=true label. The HTTPRoute resource then applies path-based routing policies before the traffic reaches the httpbin service.

  14. Ensure that the waypoint proxy is ready by running the following command: 

    $ oc wait --for=condition=programmed gtw httpbin-waypoint -n httpbin

Verification

  1. Create a namespace for a curl client by running the following command: 

    $ oc create namespace curl

  2. Deploy a curl client by running the following command: 

    $ oc apply -n curl -f https://raw.githubusercontent.com/openshift-service-mesh/istio/refs/heads/master/samples/curl/curl.yaml

  3. Apply the label for ambient mode to the curl namespace by running the following command: 

    $ oc label namespace curl istio.io/dataplane-mode=ambient

  4. Set a CURL_POD variable with the name of the curl pod by running the following command: 

    $ CURL_POD=$(oc get pods -n curl -l app=curl -o jsonpath='{.items[*].metadata.name}')

  5. Using the curl client, send a request to the /headers endpoint of the httpbin application through the ingress gateway Service resource. Set the Host header of the request to httpbin.example.com to match the host that the Kubernetes Gateway and HTTPROUTE resources specify. Send the curl request by running the following command: 

    $ oc exec $CURL_POD -n curl -- \
  curl -s -I \
    -H Host:httpbin.example.com \
    httpbin-gateway-istio.httpbin.svc.cluster.local/headers

    The response should return a 200 OK HTTP status, which indicates that the request was successful, similar to the following example: 

    HTTP/1.1 200 OK
server: istio-envoy
...

  6. Send a curl request to an endpoint that does not have a corresponding Uniform Resource Identifier (URI) prefix match defined in the httpbin HTTPROUTE by running the following command: 

    $ oc exec $CURL_POD -n curl -- \
  curl -s -I \
    -H Host:httpbin.example.com \
    httpbin-gateway-istio.httpbin.svc.cluster.local/get

    The response returns a 404 Not Found status, as expected, because the /get endpoint does not have a matching URI prefix in the httpbin HTTPROUTE resource, similar to the following example: 

    HTTP/1.1 404 Not Found
server: istio-envoy
...

  7. Expose the gateway proxy to traffic outside the cluster by setting the Service type to LoadBalancer. Run the following command: 

    $ oc patch service httpbin-gateway-istio -n httpbin -p '{"spec": {"type": "LoadBalancer"}}'
    Note

    OpenShift Routes can also expose a gateway to traffic outside the cluster. For more information, see "Exposing a gateway to traffic outside the cluster using OpenShift Routes".

  8. Verify that the you can access the httpbin service from outside the cluster when using the external hostname or IP address of the gateway Service resource. Ensure that you set the INGRESS_HOST variable appropriately for the environment in which your cluster is running.

    1. Set the INGRESS_HOST variable by running the following command: 

      $ export INGRESS_HOST=$(oc get gtw httpbin-gateway -n httpbin -o jsonpath='{.status.addresses[0].value}')

    2. Set the INGRESS_PORT variable by running the following command: 

      $ INGRESS_PORT=$(oc get gtw httpbin-gateway -n httpbin -o jsonpath='{.spec.listeners[?(@.name=="http")].port}')

    3. Using the gateway host, send a curl request to the httpbin service by running the following command: 

      $ curl -s -I -H Host:httpbin.example.com http://$INGRESS_HOST:$INGRESS_PORT/headers
  9. Verify that the response has the HTTP/1.1 200 OK status, which indicates that the request was successful.
Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

Theme

© 2026 Red Hat맨 위로 이동