【06】VirtualService高级流量功能

5.3 weight

部署demoapp v10和v11版本

---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: demoappv10
    version: v1.0
  name: demoappv10
spec:
  progressDeadlineSeconds: 600
  replicas: 3
  selector:
    matchLabels:
      app: demoapp
      version: v1.0
  template:
    metadata:
      labels:
        app: demoapp
        version: v1.0
    spec:
      containers:
      - image: ikubernetes/demoapp:v1.0
        imagePullPolicy: IfNotPresent
        name: demoapp
        env:
        - name: "PORT"
          value: "8080"
        ports:
        - containerPort: 8080
          name: web
          protocol: TCP
        resources:
          limits:
            cpu: 50m
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: demoappv11
    version: v1.1
  name: demoappv11
spec:
  progressDeadlineSeconds: 600
  replicas: 2
  selector:
    matchLabels:
      app: demoapp
      version: v1.1
  template:
    metadata:
      labels:
        app: demoapp
        version: v1.1
    spec:
      containers:
      - image: ikubernetes/demoapp:v1.1
        imagePullPolicy: IfNotPresent
        name: demoapp
        env:
        - name: "PORT"
          value: "8080"
        ports:
        - containerPort: 8080
          name: web
          protocol: TCP
        resources:
          limits:
            cpu: 50m
---
apiVersion: v1
kind: Service
metadata:
  name: demoapp
spec:
  ports:
    - name: http
      port: 8080
      protocol: TCP
      targetPort: 8080
  selector:
    app: demoapp
  type: ClusterIP
---

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

定义subset

apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
  name: demoapp
spec:
  host: demoapp
  subsets:
  - name: v10
    labels:
      version: v1.0
  - name: v11
    labels:
      version: v1.1
1
2
3
4
5
6
7
8
9
10
11
12
13

定义基于weight的virtualservice

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: demoapp
spec:
  hosts:
  - demoapp
  http:
  - name: weight-based-routing
    route:
    - destination:
        host: demoapp
        subset: v10
      weight: 90
    - destination:
        host: demoapp
        subset: v11
      weight: 10

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

测试

访问http://demoapp:8080

kiali查看拓扑

5.4 rewrite

定义demoapp v1.0和demoapp v1.1版本和subset的dr规则。参考weight中定义

定义rewrite的virtualservice

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: demoapp
spec:
  hosts:
  - demoapp
  http:
  - name: rewrite
    match:
    - uri:
        prefix: /canary
    rewrite:
      uri: /
    route:
    - destination:
        host: demoapp
        subset: v11
  - name: default
    route:
    - destination:
        host: demoapp
        subset: v10

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

测试

访问：http://demoapp:8080/canary

访问：http://demoapp:8080

5.5 header

定义demoapp v1.0和demoapp v1.1版本和subset的dr规则。参考weight中定义

定义header规则

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: demoapp
spec:
  hosts:
  - demoapp
  http:
  - name: canary
    match:
    - headers:
        x-canary:
          exact: "true"
    route:
    - destination:
        host: demoapp
        subset: v11
      headers:
        request:
          set: 
            User-Agent: Chrome   #set字段修改request的value的值
        response:
          add:
            x-canary: "true"  # 在reponse中利用add字段进行添加
  - name: default
    headers:
      response:
        add:
          X-Envoy: test
    route:
    - destination:
        host: demoapp
        subset: v10

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

测试功能

按照定义的header的vs规则：

当请求demoapp:8080会匹配上default规则，并且在response的header加上x-Envoy: test的标头

/ $ curl -I demoapp:8080
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-length: 114
server: envoy
date: Tue, 22 Aug 2023 09:14:02 GMT
x-envoy-upstream-service-time: 2
x-envoy: test
1
2
3
4
5
6
7
8

当请求demoapp:8080加上x-canary: true 的标头，会在reponse中增加标头，以及会将request的User-Agent: Chrome修改

/ $ curl -I -H "x-canary: true" demoapp:8080
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-length: 116
server: envoy
date: Tue, 22 Aug 2023 09:18:06 GMT
x-envoy-upstream-service-time: 2
x-canary: true
1
2
3
4
5
6
7
8

/ $ curl -H "x-canary: true" demoapp:8080/user-agent
User-Agent: Chrome
/ $ 
1
2
3

5.6 fault injection

定义demoapp v1.0和demoapp v1.1版本和subset的dr规则。参考weight中定义

定义fault injection的规则

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: demoapp
spec:
  hosts:
  - demoapp
  http:
  - name: canary
    match:
    - uri:
        prefix: /canary
    rewrite:
      uri: /
    route:
    - destination:
        host: demoapp
        subset: v11
    fault:         # 故障注入的一种方式abort,会在发往v11版本的20%的流量上注入abort故障，返回的http code为555
      abort:
        percentage:
          value: 20
        httpStatus: 555
  - name: default
    route:
    - destination:
        host: demoapp
        subset: v10
    fault:
      delay:              # 故障注入的另外一种方式延迟，会在发往v10的版本上20%的流量上注入delay故障，延迟时间为3秒
        percentage:
          value: 20
        fixedDelay: 3s
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

测试

当访问demoapp:8080/canary的时候，按照上诉定义的规则，会有20%的比例注入abort故障：

/ $ curl demoapp:8080/canary
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-vxmgv, ServerIP: 172.16.140.87!
/ $ curl demoapp:8080/canary
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-k2xzl, ServerIP: 172.16.196.145!
/ $ curl demoapp:8080/canary
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-k2xzl, ServerIP: 172.16.196.145!
/ $ curl demoapp:8080/canary
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-k2xzl, ServerIP: 172.16.196.145!
/ $ curl demoapp:8080/canary
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-vxmgv, ServerIP: 172.16.140.87!
/ $ curl demoapp:8080/canary
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-vxmgv, ServerIP: 172.16.140.87!
/ $ curl demoapp:8080/canary
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-k2xzl, ServerIP: 172.16.196.145!
/ $ curl demoapp:8080/canary
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-k2xzl, ServerIP: 172.16.196.145!
/ $ curl demoapp:8080/canary
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-k2xzl, ServerIP: 172.16.196.145!
/ $ curl demoapp:8080/canary
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-k2xzl, ServerIP: 172.16.196.145!
/ $ curl demoapp:8080/canary
fault filter abort/ $ 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

当访问demoapp:8080的时候，按照规则，会有20%的流量注入延迟3秒的故障

/ $ curl demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-f9vfv, ServerIP: 172.16.140.88!
/ $ curl demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-fglcx, ServerIP: 172.16.140.86!
/ $ curl demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-qfnw5, ServerIP: 172.16.196.146!
/ $ curl demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-fglcx, ServerIP: 172.16.140.86!
/ $ curl demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-f9vfv, ServerIP: 172.16.140.88!
/ $ curl demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-f9vfv, ServerIP: 172.16.140.88!
/ $ curl demoapp:8080
^C

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

5.7 retry

定义demoapp v1.0和demoapp v1.1版本和subset的dr规则。参考weight中定义

定义proxy的deployment和gateway 以及virtualservice

apiVersion: apps/v1
kind: Deployment
metadata:
  name: proxy
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  selector:
    matchLabels:
      app: proxy
  template:
    metadata:
      labels:
        app: proxy
    spec:
      containers:
        - env:
          - name: PROXYURL
            value: http://demoapp:8080
          image: ikubernetes/proxy:v0.1.1
          imagePullPolicy: IfNotPresent
          name: proxy
          ports:
            - containerPort: 8080
              name: web
              protocol: TCP
          resources:
            limits:
              cpu: 50m
---
apiVersion: v1
kind: Service
metadata:
  name: proxy
spec:
  ports:
    - name: http-80
      port: 80
      protocol: TCP
      targetPort: 8080
  selector:
    app: proxy
---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: proxy-gateway
  namespace: istio-system        # 要指定为ingress gateway pod所在名称空间
spec:
  selector:
    app: istio-ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "fe.icloud2native.com"
---
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

在demoapp中定义fault

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: demoapp
spec:
  hosts:
  - demoapp
  http:
  - name: canary
    match:
    - uri:
        prefix: /canary
    rewrite:
      uri: /
    route:
    - destination:
        host: demoapp
        subset: v11
    fault:         # 故障注入的一种方式abort,会在发往v11版本的20%的流量上注入abort故障，返回的http code为555
      abort:
        percentage:
          value: 50
        httpStatus: 555
  - name: default
    route:
    - destination:
        host: demoapp
        subset: v10
    fault:
      delay:              # 故障注入的另外一种方式延迟，会在发往v10的版本上20%的流量上注入delay故障，延迟时间为3秒
        percentage:
          value: 50
        fixedDelay: 3s
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

定义retry机制

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: proxy
spec:
  hosts:
  - "fe.icloud2native.com"                     # 对应于gateways/proxy-gateway
  gateways:
  - istio-system/proxy-gateway       # 相关定义仅应用于Ingress Gateway上
  - mesh                             # 应用在网格内所有的sidercar上
  http:
  - name: default
    route:
    - destination:
        host: proxy
    timeout: 1s
    retries:
      attempts: 5   # 加上第一次请求，在log里面看到的应该是请求了6次。
      perTryTimeout: 1s # 每次重试超过1s，就会发起第二次重试
      retryOn: 5xx,connect-failure,refused-stream
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

测试

上述定义的规则是：后端demoapp注入了abort和delay的故障，前端服务proxy请求demoapp的时候，在proxy中定义了retry，当请求后端出现5xx,connect-failure,refused-stream的时候，会进行retry机制。在前端的log里面看到的应该是请求了6次。

5.8 Traffic mirror

场景：有时候想要用线上真实流量来测试将要上线的服务，这样更能模拟出真实的线上测试效果。所以会将线上真实流量mirror到测试环境。

定义demoapp v1.0和demoapp v1.1版本和subset的dr规则。参考weight中定义

定义traffic mirror的virtualservice规则

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: demoapp
spec:
  hosts:
  - demoapp
  http:
  - name: traffic-mirror
    route:
    - destination:
        host: demoapp
        subset: v10
    mirror:
      host: demoapp
      subset: v11
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

测试

我们在客户端请求curl demoapp:8080,虽然请求到了v10 版本，但是我们在v11版本的pod里面看到了有流量进入。

相关阅读:
Essential Steps in Natural Language Processing (NLP)
苹果或挖走Meta AR公关总监，2022年的头显是真的要来了？
高薪程序员&面试题精讲系列149之你熟悉单点登录吗？说说单点登录的实现原理及流程
 负载均衡（LoadBanlance）
Idea快速修改实体类属性的数据类型
 【Web前端】HTML详解(上篇)
【Windows】Edge浏览器自动更新服务启用选禁用被拒绝访问的解决方案
 leetcode 1812
springboot项目中定时任务注解@Scheduled未按cron表达式执行
 基于jeecgboot流程管理平台的在线表单设计修改成formdesigner（二）
原文地址：https://blog.csdn.net/weixin_38753143/article/details/134385848