我要评论环境准备
5 个 istio 访问外部服务的流量控制常用例子,强烈建议收藏起来,以备不时之需。
部署 sleep 服务,作为发送请求的测试源:
kubectl apply -f samples/sleep/sleep.yaml
在 istio 外部,使用 nginx 搭建 duckling 服务的v1和v2两个版本,访问时显示简单的文本:
> curl -s http://192.168.1.118/ this is the v1 version of duckling. > curl -s http://192.168.1.119/ this is the v2 version of duckling.
访问外部服务
执行如下命名访问外部服务 httpbin.org :
export sleep_pod=$(kubectl get pods -l app=sleep -o 'jsonpath={.items[0].metadata.name}')
kubectl exec "$sleep_pod" -c sleep -- curl -s http://httpbin.org/headers返回结果如下:
{
"headers": {
"accept": "*/*",
"host": "httpbin.org",
"user-agent": "curl/7.81.0-dev",
"x-amzn-trace-id": "root=1-62bbfa10-3237e3b9662c65ae005148ab",
"x-b3-sampled": "0",
"x-b3-spanid": "9e650093bf7ae862",
"x-b3-traceid": "1da46d7fafa5d71c9e650093bf7ae862",
"x-envoy-attempt-count": "1",
"x-envoy-peer-metadata": "......",
"x-envoy-peer-metadata-id": "sidecar~......"
}
}
此时的方法,没有通过service entry,没有 istio 的流量监控和控制特性。创建 service entry :
kubectl apply -f - <<eof
apiversion: networking.istio.io/v1alpha3
kind: serviceentry
metadata:
name: httpbin-ext
spec:
hosts:
- httpbin.org
ports:
- number: 80
name: http
protocol: http
resolution: dns
location: mesh_external
eof再此次访问,返回结果如下:
{
"headers": {
"accept": "*/*",
"host": "httpbin.org",
"user-agent": "curl/7.81.0-dev",
"x-amzn-trace-id": "root=1-62bbfbd6-254b05344b3cde2c0c41b3b8",
"x-b3-sampled": "0",
"x-b3-spanid": "307c0b106c8b262e",
"x-b3-traceid": "f684a50776c088ac307c0b106c8b262e",
"x-envoy-attempt-count": "1",
"x-envoy-decorator-operation": "httpbin.org:80/*",
"x-envoy-peer-metadata": "......",
"x-envoy-peer-metadata-id": "sidecar~......"
}
}
可以发现由 istio 边车添加的请求头:x-envoy-decorator-operation。
设置请求超时
向外部服务 httpbin.org 的 /delay 发出请求:
export sleep_pod=$(kubectl get pods -l app=sleep -o 'jsonpath={.items[0].metadata.name}')
kubectl exec "$sleep_pod" -c sleep -- time curl -o /dev/null -ss -w "%{http_code}\n" http://httpbin.org/delay/5返回结果如下:
200
real 0m 5.69s
user 0m 0.00s
sys 0m 0.00s
请求大约在 5 秒后返回 200 (ok)。
创建虚拟服务,访问外部服务 httpbin.org 时, 请求超时设置为 3 秒:
kubectl apply -f - <<eof
apiversion: networking.istio.io/v1alpha3
kind: virtualservice
metadata:
name: httpbin-ext
spec:
hosts:
- httpbin.org
http:
- timeout: 3s
route:
- destination:
host: httpbin.org
weight: 100
eof再此次访问,返回结果如下:
504
real 0m 3.01s
user 0m 0.00s
sys 0m 0.00s
可以看出,在 3 秒后出现了 504 (gateway timeout)。 istio 在 3 秒后切断了响应时间为 5 秒的 httpbin.org 服务。
注入 http 延迟故障
向外部服务 httpbin.org 的 /get 发出请求:
export sleep_pod=$(kubectl get pods -l app=sleep -o 'jsonpath={.items[0].metadata.name}')
kubectl exec "$sleep_pod" -c sleep -- time curl -o /dev/null -ss -w "%{http_code}\n" http://httpbin.org/get返回结果如下:
200
real 0m 0.45s
user 0m 0.00s
sys 0m 0.00s
请求不到 1 秒就返回 200 (ok)。
创建虚拟服务,访问外部服务 httpbin.org 时, 注入一个 3 秒的延迟:
kubectl apply -f - <<eof
apiversion: networking.istio.io/v1alpha3
kind: virtualservice
metadata:
name: httpbin-ext
spec:
hosts:
- httpbin.org
http:
- fault:
delay:
fixeddelay: 3s
percentage:
value: 100
route:
- destination:
host: httpbin.org
eof再此次访问 httpbin.org 的 /get ,返回结果如下:
200
real 0m 3.43s
user 0m 0.00s
sys 0m 0.00s
可以看出,在 3 秒后出现了 200 (ok)。
流量转移
访问duckling服务时,所有流量都路由到v1版本,具体配置如下:
kubectl apply -f - <<eof
apiversion: networking.istio.io/v1alpha3
kind: serviceentry
metadata:
name: duckling
spec:
hosts:
- duckling.com
ports:
- number: 80
name: http
protocol: http
location: mesh_external
resolution: static
endpoints:
- address: 172.24.29.118
ports:
http: 80
labels:
version: v1
- address: 172.24.29.119
ports:
http: 80
labels:
version: v2
---
apiversion: networking.istio.io/v1alpha3
kind: virtualservice
metadata:
name: duckling
spec:
hosts:
- duckling.com
http:
- route:
- destination:
host: duckling.com
subset: v1
---
apiversion: networking.istio.io/v1alpha3
kind: destinationrule
metadata:
name: duckling
spec:
host: duckling.com
subsets:
- labels:
version: v1
name: v1
- labels:
version: v2
name: v2
eof执行如下命名访问外部服务 duckling.com :
export sleep_pod=$(kubectl get pods -l app=sleep -o 'jsonpath={.items[0].metadata.name}')
kubectl exec "$sleep_pod" -c sleep -- curl -s http://duckling.com/多次访问后,返回结果一直是:this is the v1 version of duckling.
访问duckling服务时,把50%流量转移到v2版本,具体配置如下:
kubectl apply -f - <<eof
apiversion: networking.istio.io/v1alpha3
kind: virtualservice
metadata:
name: duckling
spec:
hosts:
- duckling.com
http:
- route:
- destination:
host: duckling.com
subset: v1
weight: 50
- destination:
host: duckling.com
subset: v2
weight: 50
eof多次访问外部服务 duckling.com ,有时返回this is the v1 version of duckling.,有时返回this is the v2 version of duckling.。
访问duckling服务时,所有流量都路由到v2版本,具体配置如下:
kubectl apply -f - <<eof
apiversion: networking.istio.io/v1alpha3
kind: virtualservice
metadata:
name: duckling
spec:
hosts:
- duckling.com
http:
- route:
- destination:
host: duckling.com
subset: v2
eof多次访问外部服务 duckling.com ,一直返回this is the v2 version of duckling.。
基于请求头的路由
请求头end-user为onemore的所有流量都路由到v2版本,其他流量都路由到v1版本,具体配置如下:
kubectl apply -f - <<eof
apiversion: networking.istio.io/v1alpha3
kind: serviceentry
metadata:
name: duckling
spec:
hosts:
- duckling.com
ports:
- number: 80
name: http
protocol: http
location: mesh_external
resolution: static
endpoints:
- address: 172.24.29.118
ports:
http: 80
labels:
version: v1
- address: 172.24.29.119
ports:
http: 80
labels:
version: v2
---
apiversion: networking.istio.io/v1alpha3
kind: virtualservice
metadata:
name: duckling
spec:
hosts:
- duckling.com
http:
- match:
- headers:
end-user:
exact: onemore
route:
- destination:
host: duckling.com
subset: v2
- route:
- destination:
host: duckling.com
subset: v1
---
apiversion: networking.istio.io/v1alpha3
kind: destinationrule
metadata:
name: duckling
spec:
host: duckling.com
subsets:
- labels:
version: v1
name: v1
- labels:
version: v2
name: v2
eof执行如下命名访问外部服务 duckling.com :
export sleep_pod=$(kubectl get pods -l app=sleep -o 'jsonpath={.items[0].metadata.name}')
kubectl exec "$sleep_pod" -c sleep -- curl -s http://duckling.com/多次访问的返回结果一直是:this is the v1 version of duckling.
设置请求头end-user为onemore,访问外部服务 duckling.com :
kubectl exec "$sleep_pod" -c sleep -- curl -h "end-user:onemore" -s http://duckling.com/
多次访问的返回结果一直是:this is the v2 version of duckling.
以上就是5个 istio 访问外部服务流量控制最常用的例子的详细内容,更多关于istio 访问外部服务流量控制的资料请关注代码网其它相关文章!
发表评论