访问网格外部服务(ServiceEntry - WorkloadEntry)【八】
ServiceEntry对象可根据指定的标签器筛选VM,从而让ServiceEnty专注于服务定义,而由WorkloadEntry负责定义各端点
WorkloadEntry
通过自定义WorkloadEntry=自定义endpoint 让Envoy发现 再配置ServiceEntry时 指定 workloadSelector进行绑定之前WorkloadEntry配置的标签 ,让Envoy发现 网格外的服务。
[root@xksmaster1 02-Workload-Entry]# ll
total 16
-rw-r--r-- 1 root root 514 Aug 20 2022 01-workloadentry-nginx.yaml
-rw-r--r-- 1 root root 303 Aug 20 2022 02-serviceentry-nginx.yaml
-rw-r--r-- 1 root root 574 Aug 20 2022 03-destinationrule-nginx.yaml
-rw-r--r-- 1 root root 387 Aug 20 2022 04-virtualservice-nginx.yaml
[root@xksmaster1 02-Workload-Entry]# cat 01-workloadentry-nginx.yaml
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
name: workload-nginx2001
labels:
version: v1.20
spec:
address: "172.29.1.201"
ports:
http: 8091
labels:
app: nginx
version: v1.20
instance-id: Nginx2001
---
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
name: workload-nginx2002
labels:
version: v1.20
spec:
address: "172.29.1.202"
ports:
http: 8091
labels:
app: nginx
version: v1.20
instance-id: Nginx2002
---
[root@xksmaster1 02-Workload-Entry]# cat 02-serviceentry-nginx.yaml
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
name: nginx-external
spec:
hosts:
- nginx.magedu.com
ports:
- number: 80
name: http
protocol: HTTP
targetPort: 8091
location: MESH_EXTERNAL
resolution: STATIC
workloadSelector:
labels:
app: nginx
[root@xksmaster1 02-Workload-Entry]# cat 03-destinationrule-nginx.yaml
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: nginx-external
spec:
host: nginx.magedu.com
trafficPolicy:
loadBalancer:
simple: RANDOM
connectionPool:
tcp:
maxConnections: 10000
connectTimeout: 10ms
tcpKeepalive:
time: 7200s
interval: 75s
http:
http2MaxRequests: 1000
maxRequestsPerConnection: 10
outlierDetection:
maxEjectionPercent: 50
consecutive5xxErrors: 5
interval: 2m
baseEjectionTime: 1m
minHealthPercent: 40
[root@xksmaster1 02-Workload-Entry]# cat 04-virtualservice-nginx.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: nginx-external
spec:
hosts:
- nginx.magedu.com
http:
- name: falut-injection
route:
- destination:
host: nginx.magedu.com
fault:
delay:
percentage:
value: 5
fixedDelay: 2s
abort:
percentage:
value: 5
httpStatus: 555
此时 请求 nginx.magedu.com 分发到两个服务上了
ServiceEntry
直接在ServiceEntry中定义 端点 参数 直接让网格发现。
[root@xksmaster1 01-Service-Entry]# ll
total 12
-rw-r--r-- 1 root root 486 Aug 20 2022 01-serviceentry-nginx.yaml
-rw-r--r-- 1 root root 606 Aug 20 2022 02-destinationrule-nginx.yaml
-rw-r--r-- 1 root root 542 Aug 20 2022 03-virtualservice-nginx.yaml
[root@xksmaster1 01-Service-Entry]# cat 01-serviceentry-nginx.yaml
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
name: nginx-external
spec:
hosts:
- nginx.magedu.com
addresses:
- "172.29.1.201"
- "172.29.1.202"
- "172.29.1.203"
ports:
- number: 8091
name: http
protocol: HTTP
location: MESH_EXTERNAL
resolution: STATIC
endpoints:
- address: "172.29.1.201"
ports:
http: 8091
- address: "172.29.1.202"
ports:
http: 8091
- address: "172.29.1.203"
ports:
http: 8091
[root@xksmaster1 01-Service-Entry]# cat 02-destinationrule-nginx.yaml
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: nginx-external
spec:
host: nginx.magedu.com
trafficPolicy:
loadBalancer:
consistentHash:
httpHeaderName: X-User
connectionPool:
tcp:
maxConnections: 10000
connectTimeout: 10ms
tcpKeepalive:
time: 7200s
interval: 75s
http:
http2MaxRequests: 1000
maxRequestsPerConnection: 10
outlierDetection:
maxEjectionPercent: 50
consecutive5xxErrors: 5
interval: 2m
baseEjectionTime: 1m
minHealthPercent: 40
[root@xksmaster1 01-Service-Entry]# cat 03-virtualservice-nginx.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: nginx-external
spec:
hosts:
- nginx.magedu.com
http:
- name: falut-injection
match:
- headers:
X-Testing:
exact: "true"
route:
- destination:
host: nginx.magedu.com
fault:
delay:
percentage:
value: 5
fixedDelay: 2s
abort:
percentage:
value: 5
httpStatus: 555
- name: nginx-external
route:
- destination:
host: nginx.magedu.com
EngressGateway
[root@xksmaster1 04-Egress-Gateway]# ll
total 24
-rw-r--r-- 1 root root 690 Aug 20 2022 01-workloadentry-nginx.yaml
-rw-r--r-- 1 root root 281 Aug 20 2022 02-serviceentry-nginx.yaml
-rw-r--r-- 1 root root 687 Aug 20 2022 03-destinationrule-subsets.yaml
-rw-r--r-- 1 root root 249 Aug 20 2022 04-gateway-egress.yaml
-rw-r--r-- 1 root root 557 Aug 20 2022 05-virtualservice-wegit-based-routing.yaml
-rw-r--r-- 1 root root 636 Aug 20 2022 README.md
[root@xksmaster1 04-Egress-Gateway]# cat 01-workloadentry-nginx.yaml
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
name: workload-nginx2001
spec:
address: "172.29.1.201"
ports:
http: 8091
labels:
app: nginx
version: "v1.20"
instance-id: Nginx2001
---
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
name: workload-nginx2002
spec:
address: "172.29.1.202"
ports:
http: 8091
labels:
app: nginx
version: "v1.20"
instance-id: Nginx2002
---
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
name: workload-nginx2101
spec:
address: "172.29.1.203"
ports:
http: 8091
labels:
app: nginx
version: "v1.21"
instance-id: Nginx2101
---
[root@xksmaster1 04-Egress-Gateway]# cat 02-serviceentry-nginx.yaml
---
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
name: nginx
spec:
hosts:
- nginx.magedu.com
ports:
- number: 80
name: http
protocol: HTTP
location: MESH_EXTERNAL
resolution: STATIC
workloadSelector:
labels:
app: nginx
---
[root@xksmaster1 04-Egress-Gateway]# cat 03-destinationrule-subsets.yaml
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: nginx-external
spec:
host: nginx.magedu.com
trafficPolicy:
loadBalancer:
simple: RANDOM
connectionPool:
tcp:
maxConnections: 10000
connectTimeout: 10ms
tcpKeepalive:
time: 7200s
interval: 75s
http:
http2MaxRequests: 1000
maxRequestsPerConnection: 10
outlierDetection:
maxEjectionPercent: 50
consecutive5xxErrors: 5
interval: 2m
baseEjectionTime: 1m
minHealthPercent: 40
subsets:
- name: v20
labels:
version: "v1.20"
- name: v21
labels:
version: "v1.21"
---
[root@xksmaster1 04-Egress-Gateway]# cat 04-gateway-egress.yaml
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: egress
namespace: istio-system
spec:
selector:
app: istio-egressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
[root@xksmaster1 04-Egress-Gateway]# cat 05-virtualservice-wegit-based-routing.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: nginx-external
spec:
hosts:
- nginx.magedu.com
gateways:
- istio-system/egress
- mesh
http:
- match:
- gateways:
- mesh
route:
- destination:
host: istio-egressgateway.istio-system.svc.cluster.local
- match:
- gateways:
- istio-system/egress
route:
- destination:
host: nginx.magedu.com
subset: v21
weight: 5
- destination:
host: nginx.magedu.com
subset: v20
weight: 95
浙公网安备 33010602011771号