当前位置:网站首页>5个 Istio 访问外部服务流量控制最常用的例子,你知道几个?
5个 Istio 访问外部服务流量控制最常用的例子,你知道几个?
2022-08-09 21:43:00 【InfoQ】
5 个 Istio 访问外部服务的流量控制常用例子,强烈建议
收藏
起来,以备不时之需。
环境准备
部署
sleep 服务,作为发送请求的测试源:
kubectl apply -f samples/sleep/sleep.yaml在 Istio 外部,使用 Nginx 搭建
duckling 服务的v1和v2两个版本,访问时显示简单的文本:
> curl -s http://192.168.1.118/
This is the v1 version of duckling.
> curl -s http://192.168.1.119/
This is the v2 version of duckling.访问外部服务
执行如下命名访问外部服务 httpbin.org :
export SLEEP_POD=$(kubectl get pods -l app=sleep -o 'jsonpath={.items[0].metadata.name}')
kubectl exec "$SLEEP_POD" -c sleep -- curl -s http://httpbin.org/headers返回结果如下:
{
"headers": {
"Accept": "*/*",
"Host": "httpbin.org",
"User-Agent": "curl/7.81.0-DEV",
"X-Amzn-Trace-Id": "Root=1-62bbfa10-3237e3b9662c65ae005148ab",
"X-B3-Sampled": "0",
"X-B3-Spanid": "9e650093bf7ae862",
"X-B3-Traceid": "1da46d7fafa5d71c9e650093bf7ae862",
"X-Envoy-Attempt-Count": "1",
"X-Envoy-Peer-Metadata": "......",
"X-Envoy-Peer-Metadata-Id": "sidecar~......"
}
}此时的方法,没有通过Service Entry,没有 Istio 的流量监控和控制特性。创建 Service Entry :
kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: httpbin-ext
spec:
hosts:
- httpbin.org
ports:
- number: 80
name: http
protocol: HTTP
resolution: DNS
location: MESH_EXTERNAL
EOF再此次访问,返回结果如下:
{
"headers": {
"Accept": "*/*",
"Host": "httpbin.org",
"User-Agent": "curl/7.81.0-DEV",
"X-Amzn-Trace-Id": "Root=1-62bbfbd6-254b05344b3cde2c0c41b3b8",
"X-B3-Sampled": "0",
"X-B3-Spanid": "307c0b106c8b262e",
"X-B3-Traceid": "f684a50776c088ac307c0b106c8b262e",
"X-Envoy-Attempt-Count": "1",
"X-Envoy-Decorator-Operation": "httpbin.org:80/*",
"X-Envoy-Peer-Metadata": "......",
"X-Envoy-Peer-Metadata-Id": "sidecar~......"
}
}可以发现由 Istio 边车添加的请求头:
X-Envoy-Decorator-Operation。
设置请求超时
向外部服务 httpbin.org 的 /delay 发出请求:
export SLEEP_POD=$(kubectl get pods -l app=sleep -o 'jsonpath={.items[0].metadata.name}')
kubectl exec "$SLEEP_POD" -c sleep -- time curl -o /dev/null -sS -w "%{http_code}\n" http://httpbin.org/delay/5返回结果如下:
200
real 0m 5.69s
user 0m 0.00s
sys 0m 0.00s请求大约在 5 秒后返回 200 (OK)。
创建虚拟服务,访问外部服务 httpbin.org 时, 请求超时设置为 3 秒:
kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: httpbin-ext
spec:
hosts:
- httpbin.org
http:
- timeout: 3s
route:
- destination:
host: httpbin.org
weight: 100
EOF再此次访问,返回结果如下:
504
real 0m 3.01s
user 0m 0.00s
sys 0m 0.00s可以看出,在 3 秒后出现了 504 (Gateway Timeout)。 Istio 在 3 秒后切断了响应时间为 5 秒的 httpbin.org 服务。
注入 HTTP 延迟故障
向外部服务 httpbin.org 的 /get 发出请求:
export SLEEP_POD=$(kubectl get pods -l app=sleep -o 'jsonpath={.items[0].metadata.name}')
kubectl exec "$SLEEP_POD" -c sleep -- time curl -o /dev/null -sS -w "%{http_code}\n" http://httpbin.org/get返回结果如下:
200
real 0m 0.45s
user 0m 0.00s
sys 0m 0.00s请求不到 1 秒就返回 200 (OK)。
创建虚拟服务,访问外部服务 httpbin.org 时, 注入一个 3 秒的延迟:
kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: httpbin-ext
spec:
hosts:
- httpbin.org
http:
- fault:
delay:
fixedDelay: 3s
percentage:
value: 100
route:
- destination:
host: httpbin.org
EOF再此次访问 httpbin.org 的 /get ,返回结果如下:
200
real 0m 3.43s
user 0m 0.00s
sys 0m 0.00s可以看出,在 3 秒后出现了 200 (OK)。
流量转移
访问
duckling服务时,所有流量都路由到v1版本,具体配置如下:
kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: duckling
spec:
hosts:
- duckling.com
ports:
- number: 80
name: http
protocol: HTTP
location: MESH_EXTERNAL
resolution: STATIC
endpoints:
- address: 172.24.29.118
ports:
http: 80
labels:
version: v1
- address: 172.24.29.119
ports:
http: 80
labels:
version: v2
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: duckling
spec:
hosts:
- duckling.com
http:
- route:
- destination:
host: duckling.com
subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: duckling
spec:
host: duckling.com
subsets:
- labels:
version: v1
name: v1
- labels:
version: v2
name: v2
EOF执行如下命名访问外部服务 duckling.com :
export SLEEP_POD=$(kubectl get pods -l app=sleep -o 'jsonpath={.items[0].metadata.name}')
kubectl exec "$SLEEP_POD" -c sleep -- curl -s http://duckling.com/多次访问后,返回结果一直是:
This is the v1 version of duckling.访问
duckling服务时,把50%流量转移到v2版本,具体配置如下:
kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: duckling
spec:
hosts:
- duckling.com
http:
- route:
- destination:
host: duckling.com
subset: v1
weight: 50
- destination:
host: duckling.com
subset: v2
weight: 50
EOF多次访问外部服务 duckling.com ,有时返回
This is the v1 version of duckling.,有时返回
This is the v2 version of duckling.。
访问
duckling服务时,所有流量都路由到v2版本,具体配置如下:
kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: duckling
spec:
hosts:
- duckling.com
http:
- route:
- destination:
host: duckling.com
subset: v2
EOF多次访问外部服务 duckling.com ,一直返回
This is the v2 version of duckling.。
基于请求头的路由
请求头
end-user为OneMore的所有流量都路由到v2版本,其他流量都路由到v1版本,具体配置如下:
kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: duckling
spec:
hosts:
- duckling.com
ports:
- number: 80
name: http
protocol: HTTP
location: MESH_EXTERNAL
resolution: STATIC
endpoints:
- address: 172.24.29.118
ports:
http: 80
labels:
version: v1
- address: 172.24.29.119
ports:
http: 80
labels:
version: v2
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: duckling
spec:
hosts:
- duckling.com
http:
- match:
- headers:
end-user:
exact: OneMore
route:
- destination:
host: duckling.com
subset: v2
- route:
- destination:
host: duckling.com
subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: duckling
spec:
host: duckling.com
subsets:
- labels:
version: v1
name: v1
- labels:
version: v2
name: v2
EOF执行如下命名访问外部服务 duckling.com :
export SLEEP_POD=$(kubectl get pods -l app=sleep -o 'jsonpath={.items[0].metadata.name}')
kubectl exec "$SLEEP_POD" -c sleep -- curl -s http://duckling.com/多次访问的返回结果一直是:
This is the v1 version of duckling.设置请求头
end-user为OneMore,访问外部服务 duckling.com :
kubectl exec "$SLEEP_POD" -c sleep -- curl -H "end-user:OneMore" -s http://duckling.com/多次访问的返回结果一直是:
This is the v2 version of duckling.最后,感谢你这么帅,还给我
点赞
。
边栏推荐
- UE4_定序器控制蓝图对象
- 必看设计干货|易知微设计师是怎么做标准可视化设计服务的?
- Usage of placeholder function in Tensorflow
- Word箭头上面怎么打字
- SQLi-LABS Page-2 (Adv Injections)
- TF generates uniformly distributed tensor
- kvm虚拟机出现启动不了,NOT available,PV大于分区
- hdu 1333 Smith Numbers(暴力思路)
- 简单问题窥见数学
- Technology Sharing | How to use the JSON Schema mode of interface automation testing?
猜你喜欢
![[corctf 2022] 部分](/img/03/ee1ead55805a2ac690ec79c675c3e6.png)
[corctf 2022] 部分
POWER SOURCE ETA埃塔电源维修FHG24SX-U概述
AI识万物:从0搭建和部署手语识别系统
TF generates uniformly distributed tensor
Jmeter 使用正则表达式提取器将返回值全部保存到一个文件中
Don't use array.length-1 to get the last item of the array
hdu 1503 Advanced Fruits(最长公共子序列的应用)
Optimization of SQL Statements and Indexes
QGIS编译SIP的问题
SQLi-LABS Page-2 (Adv Injections)
随机推荐
埃氏筛选法:统计素数个数
微软Excel表格点击单元格行和列都显示颜色怎么弄?聚光灯效果设置
AI Knows Everything: Building and Deploying a Sign Language Recognition System from Zero
MySQL:错误1153(08S01):得到的数据包大于“ max_allowed_packet”字节
题解:Edu Codeforces 109(div2)
威纶通触摸屏制作自定义弹出窗口的具体方法(3种)
Word第一页不要页眉怎么设置?设置Word首页不要页眉方法教程
TF中使用zeros(),ones(), fill()方法生成数据
如何让您的公司内容满足 GDPR 合规性
LeetCode26:删除有序数组中的重复项
SQLi-LABS Page-2 (Adv Injections)
Use zeros(), ones(), fill() methods to generate data in TF
cad图纸怎么复制到word文档里面?Word里插CAD图怎么弄?
SQL语句及索引的优化
字符串哈希(2014 SERC J题)
MySQL慢查询的多个原因
Problems with compiling SIP with QGIS
Unity_物体自转
[Graphic and textual] How to reinstall Win7 system
Word第一页空白页怎么删除?删除Word第一页空白页方法教程