• 10个 Istio 流量管理 最常用的例子,你知道几个?


    10 个 Istio 流量管理 最常用的例子,强烈建议收藏起来,以备不时之需。

    为了方便理解,以Istio官方提供的Bookinfo应用示例为例,引出 Istio 流量管理的常用例子。

    Bookinfo应用的架构图如下:

    薇信搜索:万猫学社,关注后回复「ebook」得12本必读技术书籍。

    其中,包含四个单独的微服务:

    • productpage:调用 detailsreviews 两个服务,用来生成页面。
    • details:包含了书籍的信息。
    • reviews:包含了书籍相关的评论。它还会调用 ratings 微服务。
    • rating:包含了由书籍评价组成的评级信息。

    其中,reviews 服务有 3 个版本:

    • v1 版本不会调用 ratings 服务。
    • v2 版本会调用 ratings 服务,并使用 1 到 5 个黑色星形图标来显示评分信息。
    • v3 版本会调用 ratings 服务,并使用 1 到 5 个红色星形图标来显示评分信息。

    流量转移

    目标1:把reviews 服务的所有流量都路由到v1版本。

    apiVersion: networking.istio.io/v1alpha3
    kind: VirtualService
    metadata:
      name: reviews
    spec:
      hosts:
      - reviews
      http:
      - route:
        - destination:
            host: reviews
            subset: v1
    ---
    apiVersion: networking.istio.io/v1alpha3
    kind: DestinationRule
    metadata:
      name: reviews
    spec:
      host: reviews
      subsets:
        - labels:
            version: v1
          name: v1
        - labels:
            version: v2
          name: v2
        - labels:
            version: v3
          name: v3
    
    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28
    • 29

    目标2:把reviews 服务的50%流量转移到v3版本。

    apiVersion: networking.istio.io/v1alpha3
    kind: VirtualService
    metadata:
      name: reviews
    spec:
      hosts:
        - reviews
      http:
      - route:
        - destination:
            host: reviews
            subset: v1
          weight: 50
        - destination:
            host: reviews
            subset: v3
          weight: 50
    ---
    apiVersion: networking.istio.io/v1alpha3
    kind: DestinationRule
    metadata:
      name: reviews
    spec:
      host: reviews
      subsets:
        - labels:
            version: v1
          name: v1
        - labels:
            version: v2
          name: v2
        - labels:
            version: v3
          name: v3
    
    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28
    • 29
    • 30
    • 31
    • 32
    • 33
    • 34

    目标3:把reviews 服务的所有流量都路由到v3版本。

    apiVersion: networking.istio.io/v1alpha3
    kind: VirtualService
    metadata:
      name: reviews
    spec:
      hosts:
      - reviews
      http:
      - route:
        - destination:
            host: reviews
            subset: v3
    ---
    apiVersion: networking.istio.io/v1alpha3
    kind: DestinationRule
    metadata:
      name: reviews
    spec:
      host: reviews
      subsets:
        - labels:
            version: v1
          name: v1
        - labels:
            version: v2
          name: v2
        - labels:
            version: v3
          name: v3
    
    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28
    • 29

    基于用户身份的路由

    目标:来自名为 OneMore 的用户的所有流量都路由到v2版本,其他流量都路由到v1版本。

    Istio 对用户身份没有任何特殊的内置机制。在应用示例中,productpage服务在所有到 reviews 服务的 HTTP 请求中都增加了一个自定义的 end-user 请求头,其值为用户名。

    apiVersion: networking.istio.io/v1alpha3
    kind: VirtualService
    metadata:
      name: reviews
    spec:
      hosts:
        - reviews
      http:
      - match:
        - headers:
            end-user:
              exact: OneMore
        route:
        - destination:
            host: reviews
            subset: v2
      - route:
        - destination:
            host: reviews
            subset: v1
    ---
    apiVersion: networking.istio.io/v1alpha3
    kind: DestinationRule
    metadata:
      name: reviews
    spec:
      host: reviews
      subsets:
        - labels:
            version: v1
          name: v1
        - labels:
            version: v2
          name: v2
        - labels:
            version: v3
          name: v3
    
    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28
    • 29
    • 30
    • 31
    • 32
    • 33
    • 34
    • 35
    • 36
    • 37

    注入 HTTP 延迟故障

    目标:用户 OneMore 访问时, ratings 服务注入一个 2 秒的延迟,productpage页面在大约 2 秒钟加载完成并且没有错误。

    apiVersion: networking.istio.io/v1alpha3
    kind: VirtualService
    metadata:
      name: ratings
    spec:
      hosts:
      - ratings
      http:
      - match:
        - headers:
            end-user:
              exact: OneMore
        fault:
          delay:
            percentage:
              value: 100.0
            fixedDelay: 2s
        route:
        - destination:
            host: ratings
            subset: v1
      - route:
        - destination:
            host: ratings
            subset: v1
    ---
    apiVersion: networking.istio.io/v1alpha3
    kind: DestinationRule
    metadata:
      name: ratings
    spec:
      host: ratings
      subsets:
        - labels:
            version: v1
          name: v1
    
    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28
    • 29
    • 30
    • 31
    • 32
    • 33
    • 34
    • 35
    • 36

    注入 HTTP 中止故障

    目标:用户 OneMore 访问时, ratings 服务注入一个503的中止故障,productpage 页面能够立即被加载,同时显示 “Ratings service is currently unavailable” 这样的消息。

    apiVersion: networking.istio.io/v1alpha3
    kind: VirtualService
    metadata:
      name: ratings
    spec:
      hosts:
        - ratings
      http:
        - fault:
            abort:
              httpStatus: 503
              percentage:
                value: 100
          match:
            - headers:
                end-user:
                  exact: OneMore
          route:
            - destination:
                host: ratings
                subset: v1
        - route:
            - destination:
                host: ratings
                subset: v1
    ---
    apiVersion: networking.istio.io/v1alpha3
    kind: DestinationRule
    metadata:
      name: ratings
    spec:
      host: ratings
      subsets:
        - labels:
            version: v1
          name: v1
    
    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28
    • 29
    • 30
    • 31
    • 32
    • 33
    • 34
    • 35
    • 36

    设置请求超时

    首先,用户 OneMore 访问时, ratings 服务注入一个 2 秒的延迟,productpage页面在大约 2 秒钟加载完成并且没有错误。

    按照上文注入 HTTP 延迟故障进行操作,不再赘述。

    目标:用户 OneMore 访问时, reviews 服务的请求超时设置为 1 秒,同时显示 “Sorry, product reviews are currently unavailable for this book.” 这样的消息。

    kind: VirtualService
    apiVersion: networking.istio.io/v1alpha3
    metadata:
      name: reviews
    spec:
      hosts:
        - reviews
      http:
        - match:
            - headers:
                end-user:
                  exact: OneMore
          route:
            - destination:
                host: reviews
                subset: v2
          timeout: 1s
        - route:
            - destination:
                host: reviews
                subset: v1
    ---
    apiVersion: networking.istio.io/v1alpha3
    kind: DestinationRule
    metadata:
      name: reviews
    spec:
      host: reviews
      subsets:
        - labels:
            version: v1
          name: v1
        - labels:
            version: v2
          name: v2
        - labels:
            version: v3
          name: v3
    
    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28
    • 29
    • 30
    • 31
    • 32
    • 33
    • 34
    • 35
    • 36
    • 37
    • 38

    在Jaeger可以看到具体的调用链如下:

    设置请求重试

    首先,用户 OneMore 访问时, ratings 服务注入一个 2 秒的延迟,productpage页面在大约 2 秒钟加载完成并且没有错误。

    按照上文注入 HTTP 延迟故障进行操作,不再赘述。

    目标:用户 OneMore 访问时, reviews 服务的请求重试次数为2次,重试超时时间为 0.5 秒,同时显示 “Sorry, product reviews are currently unavailable for this book.” 这样的错误消息。

    kind: VirtualService
    apiVersion: networking.istio.io/v1alpha3
    metadata:
      name: reviews
    spec:
      hosts:
        - reviews
      http:
        - match:
            - headers:
                end-user:
                  exact: OneMore
          route:
            - destination:
                host: reviews
                subset: v2
          retries:
            attempts: 2
            perTryTimeout: 0.5s
        - route:
            - destination:
                host: reviews
                subset: v1
    ---
    apiVersion: networking.istio.io/v1alpha3
    kind: DestinationRule
    metadata:
      name: reviews
    spec:
      host: reviews
      subsets:
        - labels:
            version: v1
          name: v1
        - labels:
            version: v2
          name: v2
        - labels:
            version: v3
          name: v3
    
    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28
    • 29
    • 30
    • 31
    • 32
    • 33
    • 34
    • 35
    • 36
    • 37
    • 38
    • 39
    • 40

    拒绝目标IP的请求

    目标:除了IP为10.201.240.131的客户端可以访问/api/v1/products/1,其他客户端拒绝请求。

    apiVersion: security.istio.io/v1beta1
    kind: AuthorizationPolicy
    metadata:
      name: deny-by-ip
    spec:
      selector:
        matchLabels:
          app: productpage
      action: DENY
      rules:
      - to:
        - operation:
            paths: ["/api/v1/products/1"]
        when:
        - key: remote.ip
          notValues: ["10.201.240.131"]
    
    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16

    熔断

    目标:设置details服务的并发上限为1。

    apiVersion: networking.istio.io/v1alpha3
    kind: DestinationRule
    metadata:
      name: details
    spec:
      host: details
      trafficPolicy:
        connectionPool:
          tcp:
            maxConnections: 1
          http:
            http1MaxPendingRequests: 1
            maxRequestsPerConnection: 1
    
    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13

    可以使用 Fortio 进行负载测试,发送并发数为 2 的连接(-c 2),请求 20 次(-n 20):

    kubectl exec fortio-deploy-684b6b47f8-tzsg8 -c fortio -- /usr/bin/fortio load -c 3 -qps 0 -n 20 -loglevel Warning http://details:9080/details/0
    
    • 1

    其中,fortio-deploy-684b6b47f8-tzsg8是Fortio的Pod名称,效果如下:

    流量镜像

    目标:把流量全部路由到reviews服务的 v2 版本,再把流量全部镜像到 v3 版本。

    apiVersion: networking.istio.io/v1alpha3
    kind: VirtualService
    metadata:
      name: reviews
    spec:
      hosts:
      - reviews
      http:
      - route:
        - destination:
            host: reviews
            subset: v2
        mirror:
          host: reviews
          subset: v3
        mirrorPercentage:
          value: 100.0
    ---
    apiVersion: networking.istio.io/v1alpha3
    kind: DestinationRule
    metadata:
      name: reviews
    spec:
      host: reviews
      subsets:
        - labels:
            version: v1
          name: v1
        - labels:
            version: v2
          name: v2
        - labels:
            version: v3
          name: v3
    
    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28
    • 29
    • 30
    • 31
    • 32
    • 33
    • 34

    执行如下命令查看reviews服务 v3 版本的 Envoy 访问日志:

    kubectl logs -l app=reviews,version=v3 -c istio-proxy
    
    • 1

    可以看到reviews服务 v3 版本被调用的日志:

    {
         "authority": "reviews-shadow:9080",
         "bytes_received": 0,
         "bytes_sent": 375,
         "connection_termination_details": null,
         "downstream_local_address": "10.1.1.64:9080",
         "downstream_remote_address": "10.1.1.59:0",
         "duration": 1914,
         "method": "GET",
         "path": "/reviews/0",
         "protocol": "HTTP/1.1",
         "request_id": "b79cefe6-1277-9c39-b398-f94a704840cc",
         "requested_server_name": "outbound_.9080_.v3_.reviews.default.svc.cluster.local",
         "response_code": 200,
         "response_code_details": "via_upstream",
         "response_flags": "-",
         "route_name": "default",
         "start_time": "2022-06-27T07:34:19.129Z",
         "upstream_cluster": "inbound|9080||",
         "upstream_host": "10.1.1.64:9080",
         "upstream_local_address": "127.0.0.6:59837",
         "upstream_service_time": "1913",
         "upstream_transport_failure_reason": null,
         "user_agent": "curl/7.79.1",
         "x_forwarded_for": "10.1.1.59"
    }
    
    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26

    Ingress的路由

    目标:请求头app-iddetails的所有流量都路由到details服务中。

    apiVersion: networking.istio.io/v1alpha3
    kind: VirtualService
    metadata:
      name: bookinfo
    spec:
      hosts:
        - '*'
      gateways:
        - bookinfo-gateway
      http:
        - match:
            - uri:
                exact: /productpage
            - uri:
                prefix: /static
            - uri:
                exact: /login
            - uri:
                exact: /logout
            - uri:
                prefix: /api/v1/products
          route:
            - destination:
                host: productpage
                port:
                  number: 9080
        - match:
            - headers:
                app-id:
                  exact: details
          route:
            - destination:
                host: details
                port:
                  number: 9080
    
    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28
    • 29
    • 30
    • 31
    • 32
    • 33
    • 34
    • 35

    使用curl命令验证一下:

    curl -H "app-id: details" -v http://127.0.0.1/details/2
    
    • 1

    返回结果如下:

    * Trying 127.0.0.1:80...
    * Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
    > GET /details/2 HTTP/1.1
    > Host: 127.0.0.1
    > User-Agent: curl/7.79.1
    > Accept: */*
    > app-id: details
    >
    * Mark bundle as not supporting multiuse
    < HTTP/1.1 200 OK
    < content-type: application/json
    < server: istio-envoy
    < date: Tue, 28 Jun 2022 07:14:40 GMT
    < content-length: 178
    < x-envoy-upstream-service-time: 4
    <
    
    {"id":2,"author":"William Shakespeare","year":1595,"type":"paperback","pages":200,"publisher":"PublisherA","language":"English","ISBN-10":"1234567890","ISBN-13":"123-1234567890"}
    
    * Connection #0 to host 127.0.0.1 left intact
    
    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20

    返回结果可以看出,访问的是details服务。

    最后,感谢你这么帅,还给我点赞

  • 相关阅读:
    智能优化算法:白鲸优化算法-附代码
    Elasticsearch集群搭建学习
    Python: Decorator Pattern
    阿里云多款ECS产品全面升级 性能最多提升40%
    [STL]map与set
    MySQL-函数
    JDK8 stream常见用法
    Android Studio插件版本与Gradle 版本对应关系
    集线器-交换机-路由器
    杭州高职画室哪家好?如何选择高职画室?高职美术学习选哪家画室?
  • 原文地址:https://blog.csdn.net/heihaozi/article/details/125619297