当前位置:网站首页>How many of the 10 most common examples of istio traffic management do you know?
How many of the 10 most common examples of istio traffic management do you know?
2022-07-06 04:04:00 【Wanmao Society】
10 individual Istio Traffic management The most common example , Strongly recommended Collection get up , For a rainy day .
For ease of understanding , With Istio Official Bookinfo Application example , extraction Istio Common examples of traffic management .
Bookinfo The application architecture is shown below :
among , Contains four separate microservices :
productpage: calldetailsandreviewsTwo services , Used to generate pages .details: Contains information about books .reviews: Contains reviews of books . It also calls ratings Microservices .rating: Contains rating information consisting of book reviews .
among ,reviews The service has 3 A version :
- v1 Version will not call
ratingsservice . - v2 Version will call
ratingsservice , And use 1 To 5 individual black Star icon to display rating information . - v3 Version will call
ratingsservice , And use 1 To 5 individual Red Star icon to display rating information .
Flow transfer
The goal is 1: hold
reviewsAll traffic from the service is routed to v1 edition .
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews
spec:
host: reviews
subsets:
- labels:
version: v1
name: v1
- labels:
version: v2
name: v2
- labels:
version: v3
name: v3
The goal is 2: hold
reviewsService 50% The flow is transferred to v3 edition .
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
weight: 50
- destination:
host: reviews
subset: v3
weight: 50
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews
spec:
host: reviews
subsets:
- labels:
version: v1
name: v1
- labels:
version: v2
name: v2
- labels:
version: v3
name: v3
The goal is 3: hold
reviewsAll traffic from the service is routed to v3 edition .
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v3
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews
spec:
host: reviews
subsets:
- labels:
version: v1
name: v1
- labels:
version: v2
name: v2
- labels:
version: v3
name: v3
User identity based routing
The goal is : From a company named OneMore All traffic from users of are routed to v2 edition , Other traffic is routed to v1 edition .
Istio There is no special built-in mechanism for user identity . In the application example ,productpage Service in all to reviews Service HTTP A custom... Is added to the request end-user Request header , Its value is user name .
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- headers:
end-user:
exact: OneMore
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews
spec:
host: reviews
subsets:
- labels:
version: v1
name: v1
- labels:
version: v2
name: v2
- labels:
version: v3
name: v3
Inject HTTP Delay fault
The goal is : user OneMore During the interview ,
ratingsThe service injects a 2 Second delay ,productpageThe page is about 2 Seconds load complete with no errors .
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: ratings
spec:
hosts:
- ratings
http:
- match:
- headers:
end-user:
exact: OneMore
fault:
delay:
percentage:
value: 100.0
fixedDelay: 2s
route:
- destination:
host: ratings
subset: v1
- route:
- destination:
host: ratings
subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: ratings
spec:
host: ratings
subsets:
- labels:
version: v1
name: v1
Inject HTTP Abort fault
The goal is : user OneMore During the interview ,
ratingsThe service injects a 503 Abort failure of ,productpagePages can be loaded immediately , Show at the same time “Ratings service is currently unavailable” Such news .
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: ratings
spec:
hosts:
- ratings
http:
- fault:
abort:
httpStatus: 503
percentage:
value: 100
match:
- headers:
end-user:
exact: OneMore
route:
- destination:
host: ratings
subset: v1
- route:
- destination:
host: ratings
subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: ratings
spec:
host: ratings
subsets:
- labels:
version: v1
name: v1
Set request timeout
First , user OneMore During the interview , ratings The service injects a 2 Second delay ,productpage The page is about 2 Seconds load complete with no errors .
As above Inject HTTP Delay fault To operate , I won't repeat .
The goal is : user OneMore During the interview ,
reviewsThe request timeout for the service is set to 1 second , Show at the same time “Sorry, product reviews are currently unavailable for this book.” Such news .
kind: VirtualService
apiVersion: networking.istio.io/v1alpha3
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- headers:
end-user:
exact: OneMore
route:
- destination:
host: reviews
subset: v2
timeout: 1s
- route:
- destination:
host: reviews
subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews
spec:
host: reviews
subsets:
- labels:
version: v1
name: v1
- labels:
version: v2
name: v2
- labels:
version: v3
name: v3
stay Jaeger You can see the specific call chain as follows :
Set request retry
First , user OneMore During the interview , ratings The service injects a 2 Second delay ,productpage The page is about 2 Seconds load complete with no errors .
As above Inject HTTP Delay fault To operate , I won't repeat .
The goal is : user OneMore During the interview ,
reviewsThe number of request retries for the service is 2 Time , Retry timeout is 0.5 second , Show at the same time “Sorry, product reviews are currently unavailable for this book.” Such an error message .
kind: VirtualService
apiVersion: networking.istio.io/v1alpha3
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- headers:
end-user:
exact: OneMore
route:
- destination:
host: reviews
subset: v2
retries:
attempts: 2
perTryTimeout: 0.5s
- route:
- destination:
host: reviews
subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews
spec:
host: reviews
subsets:
- labels:
version: v1
name: v1
- labels:
version: v2
name: v2
- labels:
version: v3
name: v3
Reject target IP Request
The goal is : except IP by
10.201.240.131Your client can access/api/v1/products/1, Other clients reject the request .
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: deny-by-ip
spec:
selector:
matchLabels:
app: productpage
action: DENY
rules:
- to:
- operation:
paths: ["/api/v1/products/1"]
when:
- key: remote.ip
notValues: ["10.201.240.131"]
Fuse
The goal is : Set up
detailsThe upper limit of service concurrency is 1.
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: details
spec:
host: details
trafficPolicy:
connectionPool:
tcp:
maxConnections: 1
http:
http1MaxPendingRequests: 1
maxRequestsPerConnection: 1
have access to Fortio Load test , The number of concurrent messages sent is 2 The connection of (-c 2), request 20 Time (-n 20):
kubectl exec fortio-deploy-684b6b47f8-tzsg8 -c fortio -- /usr/bin/fortio load -c 3 -qps 0 -n 20 -loglevel Warning http://details:9080/details/0
among ,fortio-deploy-684b6b47f8-tzsg8 yes Fortio Of Pod name , The effect is as follows :
Traffic image
The goal is : Route all traffic to reviews Service v2 edition , Then mirror all the traffic to v3 edition .
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v2
mirror:
host: reviews
subset: v3
mirrorPercentage:
value: 100.0
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews
spec:
host: reviews
subsets:
- labels:
version: v1
name: v1
- labels:
version: v2
name: v2
- labels:
version: v3
name: v3
Execute the following command to view reviews service v3 Version of Envoy Access log :
kubectl logs -l app=reviews,version=v3 -c istio-proxy
You can see reviews service v3 Log of version being called :
{
"authority": "reviews-shadow:9080",
"bytes_received": 0,
"bytes_sent": 375,
"connection_termination_details": null,
"downstream_local_address": "10.1.1.64:9080",
"downstream_remote_address": "10.1.1.59:0",
"duration": 1914,
"method": "GET",
"path": "/reviews/0",
"protocol": "HTTP/1.1",
"request_id": "b79cefe6-1277-9c39-b398-f94a704840cc",
"requested_server_name": "outbound_.9080_.v3_.reviews.default.svc.cluster.local",
"response_code": 200,
"response_code_details": "via_upstream",
"response_flags": "-",
"route_name": "default",
"start_time": "2022-06-27T07:34:19.129Z",
"upstream_cluster": "inbound|9080||",
"upstream_host": "10.1.1.64:9080",
"upstream_local_address": "127.0.0.6:59837",
"upstream_service_time": "1913",
"upstream_transport_failure_reason": null,
"user_agent": "curl/7.79.1",
"x_forwarded_for": "10.1.1.59"
}
Ingress The routing
The goal is : Request header
app-idbydetailsAll traffic is routed todetailsIn service .
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- '*'
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
port:
number: 9080
- match:
- headers:
app-id:
exact: details
route:
- destination:
host: details
port:
number: 9080
Use curl Command to verify :
curl -H "app-id: details" -v http://127.0.0.1/details/2
The results are as follows :
* Trying 127.0.0.1:80...
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> GET /details/2 HTTP/1.1
> Host: 127.0.0.1
> User-Agent: curl/7.79.1
> Accept: */*
> app-id: details
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< content-type: application/json
< server: istio-envoy
< date: Tue, 28 Jun 2022 07:14:40 GMT
< content-length: 178
< x-envoy-upstream-service-time: 4
<
{"id":2,"author":"William Shakespeare","year":1595,"type":"paperback","pages":200,"publisher":"PublisherA","language":"English","ISBN-10":"1234567890","ISBN-13":"123-1234567890"}
* Connection #0 to host 127.0.0.1 left intact
The return result shows , What I visited was details service .
Last , Thank you for being so handsome , Give it back to me. give the thumbs-up .
边栏推荐
- Ks008 SSM based press release system
- Stack and queue
- User perceived monitoring experience
- No qualifying bean of type ‘......‘ available
- Why do you want to start pointer compression?
- [matlab] - draw a five-star red flag
- Chinese brand hybrid technology: there is no best technical route, only better products
- Yyds dry goods inventory hcie security Day11: preliminary study of firewall dual machine hot standby and vgmp concepts
- Pandora IOT development board learning (HAL Library) - Experiment 9 PWM output experiment (learning notes)
- asp. Core is compatible with both JWT authentication and cookies authentication
猜你喜欢
自动化测试怎么规范部署?
LTE CSFB test analysis
Scalpel like analysis of JVM -- this article takes you to peek into the secrets of JVM
KS003基于JSP和Servlet实现的商城系统
绑定在游戏对象上的脚本的执行顺序
Le compte racine de la base de données MySQL ne peut pas se connecter à distance à la solution
DM8 backup set deletion
The Research Report "2022 RPA supplier strength matrix analysis of China's banking industry" was officially launched
Yyds dry goods inventory web components series (VII) -- life cycle of custom components
ESP32_ FreeRTOS_ Arduino_ 1_ Create task
随机推荐
[001] [stm32] how to download STM32 original factory data
自动化测试怎么规范部署?
Cf603e pastoral oddities [CDQ divide and conquer, revocable and search set]
C#(三十一)之自定义事件
判断当天是当月的第几周
Ethernet port &arm & MOS &push-pull open drain &up and down &high and low sides &time domain and frequency domain Fourier
Detailed explanation of serialization and deserialization
【按鍵消抖】基於FPGA的按鍵消抖模塊開發
After five years of testing in byte, I was ruthlessly dismissed in July, hoping to wake up my brother who was paddling
SSTI template injection explanation and real problem practice
MySql數據庫root賬戶無法遠程登陸解决辦法
【leetcode】1189. Maximum number of "balloons"
Conditionally [jsonignore]
Determine which week of the month the day is
Custom event of C (31)
[FPGA tutorial case 12] design and implementation of complex multiplier based on vivado core
[matlab] - draw a five-star red flag
Maxay paper latex template description
Basic knowledge of binary tree, BFC, DFS
Basic concepts of LTE user experience