当前位置：首页 > news >正文

higress开通tcp和websocket网关

news 2025/10/24 14:31:20

higress是由阿里开发的API网关工具，可用于替代traefik或kong等国外产品。软件安装相对简单，参考官网执行，没什么坑。但直接安装，一般只会开放http和https服务，对于tcp网关服务需要另行配置。下面是记录C/S模式下tcp网关开通过程，做个备忘录。

参考官网教程直接安装，安装成功后会启动如下几个svc

# kubectl get svc -n higress-system
NAME                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                                                             AGE
higress-console      NodePort    78.96.11.40    <none>        8080:31201/TCP                                                      66d
higress-controller   ClusterIP   78.96.12.160   <none>        8888/TCP,8889/TCP,15051/TCP,15010/TCP,15012/TCP,443/TCP,15014/TCP   66d
higress-gateway      NodePort    78.96.5.95     <none>        80:31172/TCP,443:32505/TCP                          66d

只要将higress-gateway服务的type改为NodePort, 并在dashboard中绑定域名和你开发的服务的映射，然后在本机的host中绑定刚才设定的服务域名和任意宿主机节点的ip（一般选择设置高可用虚拟ip）, 此时访问域名加上80或443对应的端口号，如上31172或32505,就可用正常访问到你开发的服务了。

对于tcp网关，需要先设置几个环境变量，默认是不开的，方法如下：

# kubectl edit deployment higress-controller -n higress-system# 在env中添加如下配置项，这里需注意，higress-controller是有2个容器的，里面的env也有两块，需要同时添加下面内容env:- name: PILOT_ENABLE_GATEWAY_APIvalue: "true"- name: PILOT_ENABLE_ALPHA_GATEWAY_APIvalue: "true"- name: ENABLE_GATEWAY_APIvalue: "true"- name: ENABLE_GATEWAY_API_TCPROUTEvalue: "true"
# 然后保存退出
# 使用命令查看配置效果
kubectl get deployment higress-controller -n higress-system -o yaml | grep -A 20 "env:"
# 核对是否有遗漏项
# 然后重启pod,也可以直接删除当前pod
# 重启控制器确保环境变量生效
kubectl rollout restart deployment/higress-controller -n higress-system
# 等待重启完成
kubectl rollout status deployment/higress-controller -n higress-system

修改完环境变量后，需要创建gateway和TCPRoute, 参考的yaml脚本如下：

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:name: higress-gateway-cometnamespace: higress-system
spec:gatewayClassName: higress   #这里配置的是当前k8s中部署的higress.io/gateway-controller 的gatewayclass的名称，可以通过kubectl get gatewayclass -A 命令查看listeners:- name: comet-tcpprotocol: TCPport: 3101allowedRoutes:namespaces:from: Allkinds:- kind: TCPRoute
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: TCPRoute
metadata:name: tcp-route-cometnamespace: eqim
spec:parentRefs:- name: higress-gateway-cometnamespace: higress-systemsectionName: comet-tcprules:- backendRefs:- name: comet-svcport: 3101

这里我的微服务名称为comet-svc 在eqim的命名空间，服务暴露的端口号为3101。.部署gateway和tcproute, 如果正常会显示类似下面内容：

# kubectl get gateway -A
NAMESPACE        NAME                    CLASS     ADDRESS                                            PROGRAMMED   AGE
higress-system   higress-gateway-comet   higress   higress-gateway.higress-system.svc.cluster.local   True         3h18m# kubectl describe tcproute tcp-route-comet -n eqim
Name:         tcp-route-comet
Namespace:    eqim
Labels:       <none>
Annotations:  <none>
API Version:  gateway.networking.k8s.io/v1alpha2
Kind:         TCPRoute
Metadata:Creation Timestamp:  2025-10-20T03:22:20ZGeneration:          1Resource Version:    19070937UID:                 9e933b61-fd24-4803-9610-ff60b3c2fef8
Spec:Parent Refs:Group:         gateway.networking.k8s.ioKind:          GatewayName:          higress-gateway-cometNamespace:     higress-systemSection Name:  comet-tcpRules:Backend Refs:Group:   Kind:    ServiceName:    comet-svcPort:    3101Weight:  1
Status:Parents:Conditions:Last Transition Time:  2025-10-20T06:35:39ZMessage:               Route was validObserved Generation:   1Reason:                AcceptedStatus:                TrueType:                  AcceptedLast Transition Time:  2025-10-20T06:35:39ZMessage:               All references resolvedObserved Generation:   1Reason:                ResolvedRefsStatus:                TrueType:                  ResolvedRefsController Name:         higress.io/gateway-controllerParent Ref:Group:         gateway.networking.k8s.ioKind:          GatewayName:          higress-gateway-cometNamespace:     higress-systemSection Name:  comet-tcp
Events:              <none>

如果显示的不对，一是查看上面的env配置是否正确，二是查看是否安装了Gateway API CRD资源。类似如下内容：

# kubectl get crds | grep gateway.networking.k8s.io# 预期显示gatewayclasses.gateway.networking.k8s.io
gateways.gateway.networking.k8s.io
httproutes.gateway.networking.k8s.io
referencegrants.gateway.networking.k8s.io

如果需要安装Gateway API CRD 可参考官网文档

接下来，需要修改higress-gateway 添加 tcp服务端口号

# kubectl edit svc higress-gateway -n higress-system# 在ports下添加如下内容- name: comet-tcpnodePort: 31101  # 这里可以根据你自己的环境实际修改一个不冲突的暴露端口号port: 3101protocol: TCPtargetPort: 3101

最后就是测试了。在客户端配置 "宿主机任意IP地址:31101" ，运行，看是否可以正常通信。或者用简易方法 nc -zv 宿主机任意IP地址 31101 测试连通性。

websocket网关的开通方式和http网关的开通方式一样，按照http方式在dashboard中操作即可。

也可以用HTTPRoute 开通，脚本如下：

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:name: ws-gateway-cometnamespace: higress-system
spec:gatewayClassName: higresslisteners:- name: http-wsprotocol: HTTPport: 80allowedRoutes:namespaces:from: All---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:name: ws-route-cometnamespace: eqim
spec:parentRefs:- name: ws-gateway-cometnamespace: higress-systemrules:- matches:- path:type: PathPrefixvalue: /backendRefs:- name: comet-svcport: 3102

测试时配置地址如： ws://宿主机IP地址:（80端口暴露的端口号）或者ws://域名:（80端口暴露的端口号）,注意要想用域名，需要先在本机host中绑定域名地址。

查看全文

http://www.dtcms.com/a/511945.html