Istio 流量治理 (重定向、流量分割、Http请求头、故障注入、重试、流量镜像、集群负载均衡、连接池、异常值检测)【六】
一、URL重定向
#正常数据流向:
Client =》 Proxy =》 demoapp
Demoapp VS
#1.访问/canary 重写为 / 转给后端demoapp v11
Client => /canary => / (demoapp v11)
#2.访问demoapp/backend 重定向到 backend/服务
Client =》 demoapp/backend => backend:8082/
#3.默认访问demoapp-v10
Proxy VS
#1.访问Proxy/backend服务时 再次转给Client 由Client再转到backend/
Client =》 Proxy/backend => Client => backend/
#3.默认访问proxy
[root@xksmaster1 05-url-redirect-and-rewrite]# cat deploy-backend.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: backend
version: v3.6
name: backendv36
spec:
progressDeadlineSeconds: 600
replicas: 2
selector:
matchLabels:
app: backend
version: v3.6
template:
metadata:
creationTimestamp: null
labels:
app: backend
version: v3.6
spec:
containers:
- image: ikubernetes/gowebserver:v0.1.0
imagePullPolicy: IfNotPresent
name: gowebserver
env:
- name: "SERVICE_NAME"
value: "backend"
- name: "SERVICE_PORT"
value: "8082"
- name: "SERVICE_VERSION"
value: "v3.6"
ports:
- containerPort: 8082
name: web
protocol: TCP
resources:
limits:
cpu: 50m
---
apiVersion: v1
kind: Service
metadata:
name: backend
spec:
ports:
- name: http-web
port: 8082
protocol: TCP
targetPort: 8082
selector:
app: backend
version: v3.6
---
[root@xksmaster1 05-url-redirect-and-rewrite]# cat virtualservice-demoapp.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: demoapp
spec:
hosts:
- demoapp
http:
- name: rewrite
match:
- uri:
prefix: /canary
rewrite:
uri: /
route:
- destination:
host: demoapp
subset: v11
- name: redirect
match:
- uri:
prefix: "/backend"
redirect:
uri: /
authority: backend
port: 8082
- name: default
route:
- destination:
host: demoapp
subset: v10
[root@xksmaster1 05-url-redirect-and-rewrite]# cat virtualservice-proxy.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: proxy
spec:
hosts:
- proxy
http:
- name: redirect
match:
- uri:
prefix: "/backend"
redirect:
uri: /
authority: backend
port: 8082
- name: default
route:
- destination:
host: proxy
[root@xksmaster1 05-url-redirect-and-rewrite]# kubectl apply -f ./
[root@xksmaster1 05-url-redirect-and-rewrite]# kubectl get pods
NAME READY STATUS RESTARTS AGE
backendv36-697647965b-mdprv 2/2 Running 0 76s
backendv36-697647965b-zsxph 2/2 Running 0 76s
demoappv10-54757f48d6-lvtn9 2/2 Running 2 (4h56m ago) 23h
demoappv10-54757f48d6-sbkpb 2/2 Running 2 (4h56m ago) 23h
demoappv10-54757f48d6-vwr4k 2/2 Running 2 (4h56m ago) 23h
demoappv11-6b479f5664-9frlg 2/2 Running 2 (4h56m ago) 23h
demoappv11-6b479f5664-vll6r 2/2 Running 2 (4h56m ago) 23h
proxy-645cd54b84-xsrx8 2/2 Running 2 (4h56m ago) 23h
sleep-bc9998558-bl49z 2/2 Running 2 (4h56m ago) 2d
[root@xksmaster1 05-url-redirect-and-rewrite]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
backend ClusterIP 10.103.174.1 <none> 8082/TCP 89s
demoapp ClusterIP 10.111.52.87 <none> 8080/TCP 23h
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 93d
proxy ClusterIP 10.99.105.132 <none> 80/TCP 23h
sleep ClusterIP 10.109.135.158 <none> 80/TCP 2d
#通过客户端进行测试
[root@xksmaster1 05-url-redirect-and-rewrite]# kubectl exec -it sleep-bc9998558-bl49z /bin/sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
#访问proxy 默认到v10
/ $ curl proxy
Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
- Took 56 milliseconds.
/ $ curl proxy
Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
- Took 5 milliseconds.
/ $ curl proxy
Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
- Took 6 milliseconds.
/ $ curl proxy
Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
- Took 5 milliseconds.
#访问proxy/backend 会重定向到 /backend:8082/
/ $ curl proxy/backend
/ $ curl -I proxy/backend
HTTP/1.1 301 Moved Permanently
location: http://backend:8082/
date: Fri, 02 Jun 2023 06:25:01 GMT
server: envoy
transfer-encoding: chunked
#访问backend本身 8082 服务
/ $ curl backend:8082
Hello from backend, reqest: /, Client: 127.0.0.6:44246, === Version: v3.6 ===
/ $ curl backend:8082
Hello from backend, reqest: /, Client: 127.0.0.6:44246, === Version: v3.6 ===
#访问demoapp 8080默认是v10
/ $ curl demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
/ $ curl demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
/ $ curl demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
#访问demoapp:8080/canary 重写到/ v11版本
/ $ curl demoapp:8080/canary
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
/ $ curl demoapp:8080/canary
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
/ $ curl demoapp:8080/canary
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
#访问demoapp:8080/backend 重定向
/ $ curl demoapp:8080/backend
/ $ curl -I demoapp:8080/backend
HTTP/1.1 301 Moved Permanently
location: http://backend:8082/
date: Fri, 02 Jun 2023 06:27:03 GMT
server: envoy
transfer-encoding: chunked二、流量分割-weight 权重
[root@xksmaster1 06-weight-based-routing]# cat virtualservice-demoapp.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: demoapp
spec:
hosts:
- demoapp
http:
- name: weight-based-routing
route:
- destination:
host: demoapp
subset: v10
weight: 90
- destination:
host: demoapp
subset: v11
weight: 10
[root@xksmaster1 06-weight-based-routing]# kubectl apply -f virtualservice-demoapp.yaml
virtualservice.networking.istio.io/demoapp configured
You have new mail in /var/spool/mail/root
[root@xksmaster1 06-weight-based-routing]# kubectl describe vs demoapp
#通过客户端访问 - 90/10分割流量
[root@xksmaster1 ~]# kubectl exec -it sleep-bc9998558-bl49z /bin/sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
/ $ while true; do curl demoapp:8080; sleep 0.$RANDOM; done
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-lvtn9, ServerIP: 10.244.182.47!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-lvtn9, ServerIP: 10.244.182.47!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
#可以动态 配置流量比例 实时生效 10/90比例
route:
- destination:
host: demoapp
subset: v10
weight: 10
- destination:
host: demoapp
subset: v11
weight: 90
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-lvtn9, ServerIP: 10.244.182.47!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
#可以动态 配置流量比例 实时生效 0 100比例 做到流量全部切换至新版本
route:
- destination:
host: demoapp
subset: v10
weight: 0
- destination:
host: demoapp
subset: v11
weight: 100
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!三、 headers-operation
#1.默认 流量到v10、响应报文头添加:X-Envoy:test
#2.请求报文标头有 x-canary:true 路由到 v11版本 并且路由请求报文上设置为User-Agent:Chrome 并且响应报文添加x-canary:true
[root@xksmaster1 07-headers-operation]# cat virtualservice-demoapp.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: demoapp
spec:
hosts:
- demoapp
http:
- name: canary
match:
- headers:
x-canary:
exact: "true"
route:
- destination:
host: demoapp
subset: v11
headers:
request:
set:
User-Agent: Chrome
response:
add:
x-canary: "true"
- name: default
headers:
response:
add:
X-Envoy: test
route:
- destination:
host: demoapp
subset: v10
[root@xksmaster1 07-headers-operation]# kubectl apply -f virtualservice-demoapp.yaml
#1.默认 流量到v10、响应报文头添加:X-Envoy:test
/ $ curl demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-lvtn9, ServerIP: 10.244.182.47!
/ $ curl -I demoapp:8080
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-length: 116
server: envoy
date: Fri, 02 Jun 2023 07:32:54 GMT
x-envoy-upstream-service-time: 3
x-envoy: test
#2.请求报文标头有 x-canary:true 路由到 v11版本 并且路由请求报文上设置为User-Agent:Chrome 并且响应报文添加x-canary:true
/ $ curl -H "X-Canary: true" demoapp:8080
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
/ $ curl -H "X-Canary: true" demoapp:8080
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
/ $ curl -I -H "X-Canary: true" demoapp:8080
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-length: 116
server: envoy
date: Fri, 02 Jun 2023 07:33:48 GMT
x-envoy-upstream-service-time: 3
x-canary: true
[root@xksmaster1 07-headers-operation]# kubectl logs demoappv11-6b479f5664-9frlg -c istio-proxy
[2023-06-02T07:33:48.709Z] "HEAD / HTTP/1.1" 200 - via_upstream - "-" 0 0 2 1 "-" "Chrome" "558aadfe-8ea7-9718-8ee5-3270970edb66" "demoapp:8080" "10.244.207.107:8080" inbound|8080|| 127.0.0.6:51619 10.244.207.107:8080 10.244.182.50:59240 outbound_.8080_.v11_.demoapp.default.svc.cluster.local default四、故障注入
#1./canary 重写为 / 默认到v11 故障注入中断故障20%比例中断响应555
#2.默认v10 故障注入延迟 20%比例 延迟3秒
[root@xksmaster1 08-fault-injection]# cat virtualservice-demoapp.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: demoapp
spec:
hosts:
- demoapp
http:
- name: canary
match:
- uri:
prefix: /canary
rewrite:
uri: /
route:
- destination:
host: demoapp
subset: v11
fault:
abort:
percentage:
value: 20
httpStatus: 555
- name: default
route:
- destination:
host: demoapp
subset: v10
fault:
delay:
percentage:
value: 20
fixedDelay: 3s
[root@xksmaster1 08-fault-injection]# kubectl apply -f virtualservice-demoapp.yaml
virtualservice.networking.istio.io/demoapp configured
#1./canary 重写为 / 默认到v11 故障注入中断故障20%比例中断响应555
/ $ curl demoapp:8080/canary
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
/ $ curl demoapp:8080/canary
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
/ $ curl demoapp:8080/canary
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
/ $ curl demoapp:8080/canary
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
/ $ curl demoapp:8080/canary
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
/ $ curl demoapp:8080/canary
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-9frlg, ServerIP: 10.244.207.107!
/ $ curl demoapp:8080/canary #故障注入中断故障20%比例中断响应555
/ $ curl demoapp:8080/canary
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
/ $ curl demoapp:8080/canary
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
/ $ curl demoapp:8080/canary
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
/ $ curl demoapp:8080/canary
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-6b479f5664-vll6r, ServerIP: 10.244.182.48!
#2.默认v10 故障注入延迟 20%比例 延迟3秒
/ $ curl demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
/ $ curl demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-lvtn9, ServerIP: 10.244.182.47!
/ $ curl demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
/ $ curl demoapp:8080 #此时 故障注入3s
^C
/ $ curl demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
/ $ curl demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-lvtn9, ServerIP: 10.244.182.47!
/ $ curl demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!五、重试
#1.demoapp /canary 重写为 / 路由到v11 并且故障注入中断50%比例 555 、默认路由v10 故障注入延迟 50% 3s
#2.proxy 在网格和网关上同时 重试机制 超过1s 5XX、conect-failure、refused-stream 进行重试5次 每次重试超时1s
[root@xksmaster1 09-http-retry]# cat virtualservice-demoapp.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: demoapp
spec:
hosts:
- demoapp
http:
- name: canary
match:
- uri:
prefix: /canary
rewrite:
uri: /
route:
- destination:
host: demoapp
subset: v11
fault:
abort:
percentage:
value: 50
httpStatus: 555
- name: default
route:
- destination:
host: demoapp
subset: v10
fault:
delay:
percentage:
value: 50
fixedDelay: 3s
[root@xksmaster1 09-http-retry]# cat virtualservice-proxy.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: proxy
spec:
hosts:
- "fe.magedu.com" # 对应于gateways/proxy-gateway
- "proxy"
- "proxy.default.svc"
gateways:
- istio-system/proxy-gateway # 相关定义仅应用于Ingress Gateway上
- mesh
http:
- name: default
route:
- destination:
host: proxy
timeout: 1s
retries:
attempts: 5
perTryTimeout: 1s
retryOn: 5xx,connect-failure,refused-stream
#1.demoapp /canary 重写为 / 路由到v11 并且故障注入中断50%比例 555 、默认路由v10 故障注入延迟 50% 3s
#2.proxy 在网格和网关上同时 重试机制 超过1s 5XX、conect-failure、refused-stream 进行重试5次 每次重试超时1s
/ $ curl proxy
Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
- Took 26 milliseconds.
/ $ curl proxy
upstream request timeout/ $六、流量镜像
# 当客户端请求访问 v10 流量 也分发到v11上 但是用户无感
[root@xksmaster1 10-traffic-mirror]# cat virtualservice-demoapp.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: demoapp
spec:
hosts:
- demoapp
http:
- name: traffic-mirror
route:
- destination:
host: demoapp
subset: v10
mirror:
host: demoapp
subset: v11
[root@xksmaster1 10-traffic-mirror]# kubectl apply -f virtualservice-demoapp.yaml
virtualservice.networking.istio.io/demoapp configured
/ $ curl proxy
Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
- Took 11 milliseconds.
/ $ curl proxy
Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
- Took 11 milliseconds.
/ $ curl proxy
Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
- Took 7 milliseconds.
/ $ curl proxy
Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
- Took 4 milliseconds.
/ $ curl proxy
Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
- Took 5 milliseconds.
#此时有影子流量
[root@xksmaster1 10-traffic-mirror]# kubectl logs demoappv11-6b479f5664-9frlg -c istio-proxy
2023-06-02T07:55:43.172143Z info xdsproxy connected to upstream XDS server: istiod.istio-system.svc:15012
2023-06-02T08:28:17.861703Z info xdsproxy connected to upstream XDS server: istiod.istio-system.svc:15012
[2023-06-02T08:37:45.608Z] "GET / HTTP/1.1" 200 - via_upstream - "-" 0 116 3 2 "10.244.207.100" "-" "48d8d8eb-681f-9a41-b803-ecfafd3b2659" "demoapp-shadow:8080" "10.244.207.107:8080" inbound|8080|| 127.0.0.6:56748 10.244.207.107:8080 10.244.207.100:0 outbound_.8080_.v11_.demoapp.default.svc.cluster.local default
[2023-06-02T08:37:46.120Z] "GET / HTTP/1.1" 200 - via_upstream - "-" 0 116 1 1 "10.244.207.100" "-" "5fd43a6a-2404-9ad5-b7f6-9b5797b16c77" "demoapp-shadow:8080" "10.244.207.107:8080" inbound|8080|| 127.0.0.6:50377 10.244.207.107:8080 10.244.207.100:0 outbound_.8080_.v11_.demoapp.default.svc.cluster.local default
[2023-06-02T08:37:47.238Z] "GET / HTTP/1.1" 200 - via_upstream - "-" 0 116 1 1 "10.244.207.100" "-" "dbfd9fd4-91b5-94ef-aba0-ef70af5231a6" "demoapp-shadow:8080" "10.244.207.107:8080" inbound|8080|| 127.0.0.6:52575 10.244.207.107:8080 10.244.207.100:0 outbound_.8080_.v11_.demoapp.default.svc.cluster.local default
七、cluter-loadbalance -适用于集群
# 默认全局流量策略为 LEAST_CONN 、子集v10 流量策略为 X-User 同一个名称 进行固定绑定端点
[root@xksmaster1 11-cluster-loadbalancing]# cat destinationrule-demoapp.yaml
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: demoapp
spec:
host: demoapp
trafficPolicy:
loadBalancer:
simple: LEAST_CONN
subsets:
- name: v10
labels:
version: v1.0
trafficPolicy:
loadBalancer:
consistentHash:
httpHeaderName: X-User
- name: v11
labels:
version: v1.1
#正常访问 v10
/ $ curl demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-lvtn9, ServerIP: 10.244.182.47!
/ $ curl demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-lvtn9, ServerIP: 10.244.182.47!
/ $ curl demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
/ $ curl demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
#同一个"X-User: xks" 绑定到 同一个端点
/ $ curl -H "X-User: xks" demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
/ $ curl -H "X-User: xks" demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
/ $ curl -H "X-User: xks" demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
/ $ curl -H "X-User: xks" demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
/ $ curl -H "X-User: xks" demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
/ $ curl -H "X-User: xks" demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!九、连接池
[root@xksmaster1 12-connection-pool]# cat destinationrule-demoapp.yaml
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: demoapp
spec:
host: demoapp
trafficPolicy:
loadBalancer:
simple: LEAST_CONN
connectionPool: #
tcp: #
maxConnections: 100
connectTimeout: 30ms
tcpKeepalive:
time: 7200s
interval: 75s
http: #
http2MaxRequests: 1000
maxRequestsPerConnection: 10
subsets:
- name: v10
labels:
version: v1.0
trafficPolicy:
loadBalancer:
consistentHash:
httpHeaderName: X-User
- name: v11
labels:
version: v1.1
[root@xksmaster1 12-connection-pool]# cat virutalservice-demoapp.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: demoapp
spec:
hosts:
- demoapp
http:
- name: canary
match:
- uri:
prefix: /canary
rewrite:
uri: /
route:
- destination:
host: demoapp
subset: v11
- name: default
route:
- destination:
host: demoapp
subset: v10十、outlier-detection
#每隔10s 进行检查 连续检查5次 进行弹出1分钟 最大弹出比例 50% 最小健康比例 40%
[root@xksmaster1 13-outlier-detection]# cat destinationrule-demoapp.yaml
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: demoapp
spec:
host: demoapp
trafficPolicy:
loadBalancer:
simple: RANDOM
connectionPool:
tcp:
maxConnections: 100
connectTimeout: 30ms
tcpKeepalive:
time: 7200s
interval: 75s
http:
http2MaxRequests: 1000
maxRequestsPerConnection: 10
outlierDetection:
maxEjectionPercent: 50
consecutive5xxErrors: 5
interval: 10s
baseEjectionTime: 1m
minHealthPercent: 40
subsets:
- name: v10
labels:
version: v1.0
- name: v11
labels:
version: v1.1
[root@xksmaster1 13-outlier-detection]# kubectl apply -f destinationrule-demoapp.yaml
destinationrule.networking.istio.io/demoapp configured
#正常发给 v10
/ $ while true;do curl demoapp:8080; sleep 0.2; done
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-lvtn9, ServerIP: 10.244.182.47!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-lvtn9, ServerIP: 10.244.182.47!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-lvtn9, ServerIP: 10.244.182.47!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-lvtn9, ServerIP: 10.244.182.47!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-lvtn9, ServerIP: 10.244.182.47!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-lvtn9, ServerIP: 10.244.182.47!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
/ $ while true;do curl demoapp:8080/livez; sleep 0.2; done
OKOKOKOKOKOKOKOKOKOKOKOKOKOKOKOKOKOKOKOKOKOKOKOKOKOKOK
#人为改为 FAIL状态 随便找一个端点 livez设置为FAIL
[root@xksmaster1 13-outlier-detection]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
backendv36-697647965b-mdprv 2/2 Running 0 162m 10.244.182.58 xksnode1 <none> <none>
backendv36-697647965b-zsxph 2/2 Running 0 162m 10.244.207.114 xksnode2 <none> <none>
demo-pod 2/2 Running 65 (36m ago) 78d 10.244.207.104 xksnode2 <none> <none>
demo-pod-1 1/1 Running 1 (7h37m ago) 78d 10.244.207.108 xksnode2 <none> <none>
demoappv10-54757f48d6-lvtn9 2/2 Running 2 (7h37m ago) 26h 10.244.182.47 xksnode1 <none> <none>
demoappv10-54757f48d6-sbkpb 2/2 Running 2 (7h37m ago) 26h 10.244.207.102 xksnode2 <none> <none>
demoappv10-54757f48d6-vwr4k 2/2 Running 2 (7h37m ago) 26h 10.244.207.110 xksnode2 <none> <none>
demoappv11-6b479f5664-9frlg 2/2 Running 2 (7h37m ago) 26h 10.244.207.107 xksnode2 <none> <none>
demoappv11-6b479f5664-vll6r 2/2 Running 2 (7h37m ago) 26h 10.244.182.48 xksnode1 <none> <none>
proxy-645cd54b84-xsrx8 2/2 Running 2 (7h37m ago) 26h 10.244.207.100 xksnode2 <none> <none>
sleep-bc9998558-bl49z 2/2 Running 2 (7h37m ago) 2d3h 10.244.182.50 xksnode1 <none> <none>
[root@xksmaster1 13-outlier-detection]# curl -X POST -d 'livez=FAIL' 10.244.182.47:8080/livez
[root@xksmaster1 13-outlier-detection]# curl 10.244.182.47:8080/livez
FAIL[root@xksmaster1 13-outlier-detection]#
$ while true;do curl demoapp:8080/livez; sleep 0.2; done
KOKOKOKOKOKOKOKOKOKOKFAILFAILOKOKFAILOKFAILFAILOKOKOKOKFAILFAILFAILFAIL
#由于端点已经挂了 所以端点被去掉了 没有了10.244.182.47
/ $ while true;do curl demoapp:8080; sleep 0.2; done
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-sbkpb, ServerIP: 10.244.207.102!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-54757f48d6-vwr4k, ServerIP: 10.244.207.110!
浙公网安备 33010602011771号