istio断路器

本小节主要讲解针对连接、请求、和异常点检测如何配置断路器。

 

断路是创建弹性微服务应用程序的重要模式，断路允许您编写应用程序来限制故障，延迟峰值和网络特性的其他不良影响的影响。

一.准备工作

清除之前的规则

[root@k8s-master01 httpbin]# kubectl delete -f ../../samples/bookinfo/networking/virtual-service-all-v1.yaml -n istio
virtualservice.networking.istio.io "productpage" deleted
virtualservice.networking.istio.io "reviews" deleted
virtualservice.networking.istio.io "ratings" deleted
virtualservice.networking.istio.io "details" deleted

1.本环境假定已经开启了sidecar注入，部署httpbin服务。

root@k8s-master01 httpbin]# vim httpbin.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: httpbin
spec:
  replicas: 1
  selector:
    matchLabels:
      app: httpbin
      version: v1
  template:
    metadata:
      labels:
        app: httpbin
        version: v1
    spec:
      serviceAccountName: httpbin
      containers:
      - image: docker.io/kennethreitz/httpbin
        imagePullPolicy: IfNotPresent
        name: httpbin
        ports:
        - containerPort: 80
                           

 

[root@k8s-master01 httpbin]# kubectl apply -f httpbin.yaml -n istio
serviceaccount/httpbin created
service/httpbin created
deployment.apps/httpbin created
[root@k8s-master01 httpbin]#
[root@k8s-master01 httpbin]#
二：配置断路器

1.当调用httpbin服务时，创建destination rule去应用断路器。

        如果您安装了配置了Istio，并且启用了相互TLS身份验证，那么在应用之前，您必须在DestinationRule中添加一个TLS流量策略模式：ISTIO_MUTUAL,否则请求将产生503错误，

 

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: httpbin
spec:
  host: httpbin
  trafficPolicy:
    connectionPool:
      tcp:
        maxConnections: 1
      http:
        http1MaxPendingRequests: 1
        maxRequestsPerConnection: 1
    outlierDetection:
      consecutiveErrors: 1
      interval: 1s
      baseEjectionTime: 3m
      maxEjectionPercent: 100

2. 创建正确的目标规则：

[root@k8s-master01 httpbin]# kubectl get dr -n istio httpbin
NAME      HOST      AGE
httpbin   httpbin   85m

 

二：添加客户端：

创建一个像httpbin服务发送流量的客户机，客户机是一个简单的负载测试机，名为fortio，fortio允许您控制发出http调用的连接数、并发性和延迟。

您将使用此客户端“测试”，您在DestinationRule中的设置断路器策略。

 

[root@k8s-master01 httpbin]# kubectl apply -f fortio-deploy.yaml -n istio

 

 

 

登入客户端pod，使用fortio工具调用httpbin 传送 -curl去表面你想调用一次。

 

[root@k8s-master01 sample-client]# kubectl exec -it -n istio fortio-deploy-775895c686-blthm -c fortio -- /usr/bin/fortio load -curl http://httpbin:8000/get
HTTP/1.1 200 OK
server: envoy
date: Mon, 22 May 2023 14:38:27 GMT
content-type: application/json
content-length: 590
access-control-allow-origin: *
access-control-allow-credentials: true
x-envoy-upstream-service-time: 13

{
  "args": {},
  "headers": {
    "Host": "httpbin:8000",
    "User-Agent": "fortio.org/fortio-1.17.1",
    "X-B3-Parentspanid": "b5aa456a4bae83fe",
    "X-B3-Sampled": "1",
    "X-B3-Spanid": "c86414d8a33c2c44",
    "X-B3-Traceid": "27628dba8762e844b5aa456a4bae83fe",
    "X-Envoy-Attempt-Count": "1",
    "X-Forwarded-Client-Cert": "By=spiffe://cluster.local/ns/istio/sa/httpbin;Hash=90e4c3904355f3c1ea62667e01b8b450a81250381dddb2b7d7cdb61058d8d2d0;Subject=\"\";URI=spiffe://cluster.local/ns/istio/sa/default"
  },
  "origin": "127.0.0.6",
  "url": "http://httpbin:8000/get"
}

[root@k8s-master01 sample-client]# kubectl exec -it -n istio fortio-deploy-775895c686-blthm -c fortio -- /usr/bin/fortio load -curl http://httpbin:8000/get
HTTP/1.1 200 OK
server: envoy
date: Mon, 22 May 2023 14:38:27 GMT
content-type: application/json
content-length: 590
access-control-allow-origin: *
access-control-allow-credentials: true
x-envoy-upstream-service-time: 13

{
  "args": {},
  "headers": {
    "Host": "httpbin:8000",
    "User-Agent": "fortio.org/fortio-1.17.1",
    "X-B3-Parentspanid": "b5aa456a4bae83fe",
    "X-B3-Sampled": "1",
    "X-B3-Spanid": "c86414d8a33c2c44",
    "X-B3-Traceid": "27628dba8762e844b5aa456a4bae83fe",
    "X-Envoy-Attempt-Count": "1",
    "X-Forwarded-Client-Cert": "By=spiffe://cluster.local/ns/istio/sa/httpbin;Hash=90e4c3904355f3c1ea62667e01b8b450a81250381dddb2b7d7cdb61058d8d2d0;Subject=\"\";URI=spiffe://cluster.local/ns/istio/sa/default"
  },
  "origin": "127.0.0.6",
  "url": "http://httpbin:8000/get"
}

三：使用断路器

在目标规则中，指定了maxConnections：1和 http1MaxPendingRequests：1 ，这表明加入你执行超过一个连接和并发请求超过一个的话，那么应该看到一些错误，这是因为istio-proxy为进一步的请求和连接打开断路。

 

1. 调用服务使用两个并发连接 （-c 2）和发送20个请求 （-你20）：

# FORTIO_POD=$(kubectl get pod -n istio -lapp=fortio -o 'jsonpath={.items[0].metadata.name}')

[root@k8s-master01 k8s]# kubectl exec -it "$FORTIO_POD" -n istio -c fortio -- /usr/bin/fortio load -c 4 -qps 0 -n 40 -loglevel Warning  http://httpbin:8000/get
14:20:31 I logger.go:127> Log level is now 3 Warning (was 2 Info)
Fortio 1.17.1 running at 0 queries per second, 16->16 procs, for 40 calls: http://httpbin:8000/get
Starting at max qps with 4 thread(s) [gomax 16] for exactly 40 calls (10 per thread + 0)
14:20:31 W http_client.go:806> [0] Non ok http code 503 (HTTP/1.1 503)
14:20:31 W http_client.go:806> [3] Non ok http code 503 (HTTP/1.1 503)
14:20:31 W http_client.go:806> [2] Non ok http code 503 (HTTP/1.1 503)
14:20:31 W http_client.go:806> [3] Non ok http code 503 (HTTP/1.1 503)
Code 200 : 13 (65.0 %)
Code 503 : 7 (35.0 %)