当前位置:网站首页>5个 Istio 访问外部服务流量控制最常用的例子,你知道几个?
5个 Istio 访问外部服务流量控制最常用的例子,你知道几个?
2022-08-09 21:43:00 【InfoQ】
5 个 Istio 访问外部服务的流量控制常用例子,强烈建议
收藏
起来,以备不时之需。
环境准备
部署
sleep 服务,作为发送请求的测试源:
kubectl apply -f samples/sleep/sleep.yaml在 Istio 外部,使用 Nginx 搭建
duckling 服务的v1和v2两个版本,访问时显示简单的文本:
> curl -s http://192.168.1.118/
This is the v1 version of duckling.
> curl -s http://192.168.1.119/
This is the v2 version of duckling.访问外部服务
执行如下命名访问外部服务 httpbin.org :
export SLEEP_POD=$(kubectl get pods -l app=sleep -o 'jsonpath={.items[0].metadata.name}')
kubectl exec "$SLEEP_POD" -c sleep -- curl -s http://httpbin.org/headers返回结果如下:
{
"headers": {
"Accept": "*/*",
"Host": "httpbin.org",
"User-Agent": "curl/7.81.0-DEV",
"X-Amzn-Trace-Id": "Root=1-62bbfa10-3237e3b9662c65ae005148ab",
"X-B3-Sampled": "0",
"X-B3-Spanid": "9e650093bf7ae862",
"X-B3-Traceid": "1da46d7fafa5d71c9e650093bf7ae862",
"X-Envoy-Attempt-Count": "1",
"X-Envoy-Peer-Metadata": "......",
"X-Envoy-Peer-Metadata-Id": "sidecar~......"
}
}此时的方法,没有通过Service Entry,没有 Istio 的流量监控和控制特性。创建 Service Entry :
kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: httpbin-ext
spec:
hosts:
- httpbin.org
ports:
- number: 80
name: http
protocol: HTTP
resolution: DNS
location: MESH_EXTERNAL
EOF再此次访问,返回结果如下:
{
"headers": {
"Accept": "*/*",
"Host": "httpbin.org",
"User-Agent": "curl/7.81.0-DEV",
"X-Amzn-Trace-Id": "Root=1-62bbfbd6-254b05344b3cde2c0c41b3b8",
"X-B3-Sampled": "0",
"X-B3-Spanid": "307c0b106c8b262e",
"X-B3-Traceid": "f684a50776c088ac307c0b106c8b262e",
"X-Envoy-Attempt-Count": "1",
"X-Envoy-Decorator-Operation": "httpbin.org:80/*",
"X-Envoy-Peer-Metadata": "......",
"X-Envoy-Peer-Metadata-Id": "sidecar~......"
}
}可以发现由 Istio 边车添加的请求头:
X-Envoy-Decorator-Operation。
设置请求超时
向外部服务 httpbin.org 的 /delay 发出请求:
export SLEEP_POD=$(kubectl get pods -l app=sleep -o 'jsonpath={.items[0].metadata.name}')
kubectl exec "$SLEEP_POD" -c sleep -- time curl -o /dev/null -sS -w "%{http_code}\n" http://httpbin.org/delay/5返回结果如下:
200
real 0m 5.69s
user 0m 0.00s
sys 0m 0.00s请求大约在 5 秒后返回 200 (OK)。
创建虚拟服务,访问外部服务 httpbin.org 时, 请求超时设置为 3 秒:
kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: httpbin-ext
spec:
hosts:
- httpbin.org
http:
- timeout: 3s
route:
- destination:
host: httpbin.org
weight: 100
EOF再此次访问,返回结果如下:
504
real 0m 3.01s
user 0m 0.00s
sys 0m 0.00s可以看出,在 3 秒后出现了 504 (Gateway Timeout)。 Istio 在 3 秒后切断了响应时间为 5 秒的 httpbin.org 服务。
注入 HTTP 延迟故障
向外部服务 httpbin.org 的 /get 发出请求:
export SLEEP_POD=$(kubectl get pods -l app=sleep -o 'jsonpath={.items[0].metadata.name}')
kubectl exec "$SLEEP_POD" -c sleep -- time curl -o /dev/null -sS -w "%{http_code}\n" http://httpbin.org/get返回结果如下:
200
real 0m 0.45s
user 0m 0.00s
sys 0m 0.00s请求不到 1 秒就返回 200 (OK)。
创建虚拟服务,访问外部服务 httpbin.org 时, 注入一个 3 秒的延迟:
kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: httpbin-ext
spec:
hosts:
- httpbin.org
http:
- fault:
delay:
fixedDelay: 3s
percentage:
value: 100
route:
- destination:
host: httpbin.org
EOF再此次访问 httpbin.org 的 /get ,返回结果如下:
200
real 0m 3.43s
user 0m 0.00s
sys 0m 0.00s可以看出,在 3 秒后出现了 200 (OK)。
流量转移
访问
duckling服务时,所有流量都路由到v1版本,具体配置如下:
kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: duckling
spec:
hosts:
- duckling.com
ports:
- number: 80
name: http
protocol: HTTP
location: MESH_EXTERNAL
resolution: STATIC
endpoints:
- address: 172.24.29.118
ports:
http: 80
labels:
version: v1
- address: 172.24.29.119
ports:
http: 80
labels:
version: v2
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: duckling
spec:
hosts:
- duckling.com
http:
- route:
- destination:
host: duckling.com
subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: duckling
spec:
host: duckling.com
subsets:
- labels:
version: v1
name: v1
- labels:
version: v2
name: v2
EOF执行如下命名访问外部服务 duckling.com :
export SLEEP_POD=$(kubectl get pods -l app=sleep -o 'jsonpath={.items[0].metadata.name}')
kubectl exec "$SLEEP_POD" -c sleep -- curl -s http://duckling.com/多次访问后,返回结果一直是:
This is the v1 version of duckling.访问
duckling服务时,把50%流量转移到v2版本,具体配置如下:
kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: duckling
spec:
hosts:
- duckling.com
http:
- route:
- destination:
host: duckling.com
subset: v1
weight: 50
- destination:
host: duckling.com
subset: v2
weight: 50
EOF多次访问外部服务 duckling.com ,有时返回
This is the v1 version of duckling.,有时返回
This is the v2 version of duckling.。
访问
duckling服务时,所有流量都路由到v2版本,具体配置如下:
kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: duckling
spec:
hosts:
- duckling.com
http:
- route:
- destination:
host: duckling.com
subset: v2
EOF多次访问外部服务 duckling.com ,一直返回
This is the v2 version of duckling.。
基于请求头的路由
请求头
end-user为OneMore的所有流量都路由到v2版本,其他流量都路由到v1版本,具体配置如下:
kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: duckling
spec:
hosts:
- duckling.com
ports:
- number: 80
name: http
protocol: HTTP
location: MESH_EXTERNAL
resolution: STATIC
endpoints:
- address: 172.24.29.118
ports:
http: 80
labels:
version: v1
- address: 172.24.29.119
ports:
http: 80
labels:
version: v2
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: duckling
spec:
hosts:
- duckling.com
http:
- match:
- headers:
end-user:
exact: OneMore
route:
- destination:
host: duckling.com
subset: v2
- route:
- destination:
host: duckling.com
subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: duckling
spec:
host: duckling.com
subsets:
- labels:
version: v1
name: v1
- labels:
version: v2
name: v2
EOF执行如下命名访问外部服务 duckling.com :
export SLEEP_POD=$(kubectl get pods -l app=sleep -o 'jsonpath={.items[0].metadata.name}')
kubectl exec "$SLEEP_POD" -c sleep -- curl -s http://duckling.com/多次访问的返回结果一直是:
This is the v1 version of duckling.设置请求头
end-user为OneMore,访问外部服务 duckling.com :
kubectl exec "$SLEEP_POD" -c sleep -- curl -H "end-user:OneMore" -s http://duckling.com/多次访问的返回结果一直是:
This is the v2 version of duckling.最后,感谢你这么帅,还给我
点赞
。
边栏推荐
猜你喜欢
Synchronization lock synchronized traces the source
Unity2D_线框材质
Optimization of SQL Statements and Indexes
poj 3070 Fibonacci(简单矩阵连乘)
![[Graphic and textual] How to reinstall Win7 system](/img/24/3acccb93e5e219f39477dc77229a58.png)
[Graphic and textual] How to reinstall Win7 system
Word怎么制作双面席卡?使用Word制作双面席卡方法
POWER SOURCE ETA埃塔电源维修FHG24SX-U概述
Word第一页空白页怎么删除?删除Word第一页空白页方法教程
蓝牙模块有哪些种类?BLE低功耗蓝牙模块有什么特点?
同步锁synchronized追本溯源
随机推荐
knn到底咋回事?
凸集与凸函数
Unity_物体自转
ACM MM 2022 | Cloud2Sketch: 长空云作画,AI笔生花
Cookie、session、token
《强化学习周刊》第57期:DL-DRL、FedDRL & Deep VULMAN
消防安全培训|“蓝朋友”,开课了!
[Graphic and textual] How to reinstall Win7 system
别叫我玩,我要考PMP:考PMP选择机构需要了解的那些事儿
题解:Edu Codeforces 109(div2)
简单问题窥见数学
Technology Sharing | How to Handle Header Cookies in Interface Automation Testing
LeetCode26: remove duplicates in sorted array
【stack】【queue】【priority_queue】【deque】详解
windos安装Mysql8.0,及解决重新登录异常问题 ERROR 1045 (28000)
STC8H development (15): GPIO drive Ci24R1 wireless module
MySQL:错误1153(08S01):得到的数据包大于“ max_allowed_packet”字节
The round functions in the np, ceil function and floor function
技术分享 | 接口自动化测试之JSON Schema模式该如何使用?
DSPE-PEG-Silane, DSPE-PEG-SIL, phospholipid-polyethylene glycol-silane modified silica particles