当前位置:网站首页>How many of the 10 most common examples of istio traffic management do you know?

How many of the 10 most common examples of istio traffic management do you know?

2022-07-06 04:04:00 Wanmao Society

10 individual Istio Traffic management The most common example , Strongly recommended Collection get up , For a rainy day .

For ease of understanding , With Istio Official Bookinfo Application example , extraction Istio Common examples of traffic management .

Bookinfo The application architecture is shown below :

Weixin search : Wanmao society , Reply after attention 「ebook」 have to 12 This must read technical book .

among , Contains four separate microservices :

  • productpage: call details and reviews Two services , Used to generate pages .
  • details: Contains information about books .
  • reviews: Contains reviews of books . It also calls ratings Microservices .
  • rating: Contains rating information consisting of book reviews .

among ,reviews The service has 3 A version :

  • v1 Version will not call ratings service .
  • v2 Version will call ratings service , And use 1 To 5 individual black Star icon to display rating information .
  • v3 Version will call ratings service , And use 1 To 5 individual Red Star icon to display rating information .

Flow transfer

The goal is 1: hold reviews All traffic from the service is routed to v1 edition .

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: reviews
spec:
  hosts:
  - reviews
  http:
  - route:
    - destination:
        host: reviews
        subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: reviews
spec:
  host: reviews
  subsets:
    - labels:
        version: v1
      name: v1
    - labels:
        version: v2
      name: v2
    - labels:
        version: v3
      name: v3

The goal is 2: hold reviews Service 50% The flow is transferred to v3 edition .

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: reviews
spec:
  hosts:
    - reviews
  http:
  - route:
    - destination:
        host: reviews
        subset: v1
      weight: 50
    - destination:
        host: reviews
        subset: v3
      weight: 50
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: reviews
spec:
  host: reviews
  subsets:
    - labels:
        version: v1
      name: v1
    - labels:
        version: v2
      name: v2
    - labels:
        version: v3
      name: v3

The goal is 3: hold reviews All traffic from the service is routed to v3 edition .

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: reviews
spec:
  hosts:
  - reviews
  http:
  - route:
    - destination:
        host: reviews
        subset: v3
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: reviews
spec:
  host: reviews
  subsets:
    - labels:
        version: v1
      name: v1
    - labels:
        version: v2
      name: v2
    - labels:
        version: v3
      name: v3

User identity based routing

The goal is : From a company named OneMore All traffic from users of are routed to v2 edition , Other traffic is routed to v1 edition .

Istio There is no special built-in mechanism for user identity . In the application example ,productpage Service in all to reviews Service HTTP A custom... Is added to the request end-user Request header , Its value is user name .

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: reviews
spec:
  hosts:
    - reviews
  http:
  - match:
    - headers:
        end-user:
          exact: OneMore
    route:
    - destination:
        host: reviews
        subset: v2
  - route:
    - destination:
        host: reviews
        subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: reviews
spec:
  host: reviews
  subsets:
    - labels:
        version: v1
      name: v1
    - labels:
        version: v2
      name: v2
    - labels:
        version: v3
      name: v3

Inject HTTP Delay fault

The goal is : user OneMore During the interview , ratings The service injects a 2 Second delay ,productpage The page is about 2 Seconds load complete with no errors .

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: ratings
spec:
  hosts:
  - ratings
  http:
  - match:
    - headers:
        end-user:
          exact: OneMore
    fault:
      delay:
        percentage:
          value: 100.0
        fixedDelay: 2s
    route:
    - destination:
        host: ratings
        subset: v1
  - route:
    - destination:
        host: ratings
        subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: ratings
spec:
  host: ratings
  subsets:
    - labels:
        version: v1
      name: v1

Inject HTTP Abort fault

The goal is : user OneMore During the interview , ratings The service injects a 503 Abort failure of ,productpage Pages can be loaded immediately , Show at the same time “Ratings service is currently unavailable” Such news .

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: ratings
spec:
  hosts:
    - ratings
  http:
    - fault:
        abort:
          httpStatus: 503
          percentage:
            value: 100
      match:
        - headers:
            end-user:
              exact: OneMore
      route:
        - destination:
            host: ratings
            subset: v1
    - route:
        - destination:
            host: ratings
            subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: ratings
spec:
  host: ratings
  subsets:
    - labels:
        version: v1
      name: v1

Set request timeout

First , user OneMore During the interview , ratings The service injects a 2 Second delay ,productpage The page is about 2 Seconds load complete with no errors .

As above Inject HTTP Delay fault To operate , I won't repeat .

The goal is : user OneMore During the interview , reviews The request timeout for the service is set to 1 second , Show at the same time “Sorry, product reviews are currently unavailable for this book.” Such news .

kind: VirtualService
apiVersion: networking.istio.io/v1alpha3
metadata:
  name: reviews
spec:
  hosts:
    - reviews
  http:
    - match:
        - headers:
            end-user:
              exact: OneMore
      route:
        - destination:
            host: reviews
            subset: v2
      timeout: 1s
    - route:
        - destination:
            host: reviews
            subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: reviews
spec:
  host: reviews
  subsets:
    - labels:
        version: v1
      name: v1
    - labels:
        version: v2
      name: v2
    - labels:
        version: v3
      name: v3

stay Jaeger You can see the specific call chain as follows :

Set request retry

First , user OneMore During the interview , ratings The service injects a 2 Second delay ,productpage The page is about 2 Seconds load complete with no errors .

As above Inject HTTP Delay fault To operate , I won't repeat .

The goal is : user OneMore During the interview , reviews The number of request retries for the service is 2 Time , Retry timeout is 0.5 second , Show at the same time “Sorry, product reviews are currently unavailable for this book.” Such an error message .

kind: VirtualService
apiVersion: networking.istio.io/v1alpha3
metadata:
  name: reviews
spec:
  hosts:
    - reviews
  http:
    - match:
        - headers:
            end-user:
              exact: OneMore
      route:
        - destination:
            host: reviews
            subset: v2
      retries:
        attempts: 2
        perTryTimeout: 0.5s
    - route:
        - destination:
            host: reviews
            subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: reviews
spec:
  host: reviews
  subsets:
    - labels:
        version: v1
      name: v1
    - labels:
        version: v2
      name: v2
    - labels:
        version: v3
      name: v3

Reject target IP Request

The goal is : except IP by 10.201.240.131 Your client can access /api/v1/products/1, Other clients reject the request .

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: deny-by-ip
spec:
  selector:
    matchLabels:
      app: productpage
  action: DENY
  rules:
  - to:
    - operation:
        paths: ["/api/v1/products/1"]
    when:
    - key: remote.ip
      notValues: ["10.201.240.131"]

Fuse

The goal is : Set up details The upper limit of service concurrency is 1.

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: details
spec:
  host: details
  trafficPolicy:
    connectionPool:
      tcp:
        maxConnections: 1
      http:
        http1MaxPendingRequests: 1
        maxRequestsPerConnection: 1

have access to Fortio Load test , The number of concurrent messages sent is 2 The connection of (-c 2), request 20 Time (-n 20):

kubectl exec fortio-deploy-684b6b47f8-tzsg8 -c fortio -- /usr/bin/fortio load -c 3 -qps 0 -n 20 -loglevel Warning http://details:9080/details/0

among ,fortio-deploy-684b6b47f8-tzsg8 yes Fortio Of Pod name , The effect is as follows :

Traffic image

The goal is : Route all traffic to reviews Service v2 edition , Then mirror all the traffic to v3 edition .

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: reviews
spec:
  hosts:
  - reviews
  http:
  - route:
    - destination:
        host: reviews
        subset: v2
    mirror:
      host: reviews
      subset: v3
    mirrorPercentage:
      value: 100.0
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: reviews
spec:
  host: reviews
  subsets:
    - labels:
        version: v1
      name: v1
    - labels:
        version: v2
      name: v2
    - labels:
        version: v3
      name: v3

Execute the following command to view reviews service v3 Version of Envoy Access log :

kubectl logs -l app=reviews,version=v3 -c istio-proxy

You can see reviews service v3 Log of version being called :

{
    
     "authority": "reviews-shadow:9080",
     "bytes_received": 0,
     "bytes_sent": 375,
     "connection_termination_details": null,
     "downstream_local_address": "10.1.1.64:9080",
     "downstream_remote_address": "10.1.1.59:0",
     "duration": 1914,
     "method": "GET",
     "path": "/reviews/0",
     "protocol": "HTTP/1.1",
     "request_id": "b79cefe6-1277-9c39-b398-f94a704840cc",
     "requested_server_name": "outbound_.9080_.v3_.reviews.default.svc.cluster.local",
     "response_code": 200,
     "response_code_details": "via_upstream",
     "response_flags": "-",
     "route_name": "default",
     "start_time": "2022-06-27T07:34:19.129Z",
     "upstream_cluster": "inbound|9080||",
     "upstream_host": "10.1.1.64:9080",
     "upstream_local_address": "127.0.0.6:59837",
     "upstream_service_time": "1913",
     "upstream_transport_failure_reason": null,
     "user_agent": "curl/7.79.1",
     "x_forwarded_for": "10.1.1.59"
}

Ingress The routing

The goal is : Request header app-id by details All traffic is routed to details In service .

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: bookinfo
spec:
  hosts:
    - '*'
  gateways:
    - bookinfo-gateway
  http:
    - match:
        - uri:
            exact: /productpage
        - uri:
            prefix: /static
        - uri:
            exact: /login
        - uri:
            exact: /logout
        - uri:
            prefix: /api/v1/products
      route:
        - destination:
            host: productpage
            port:
              number: 9080
    - match:
        - headers:
            app-id:
              exact: details
      route:
        - destination:
            host: details
            port:
              number: 9080

Use curl Command to verify :

curl -H "app-id: details" -v http://127.0.0.1/details/2

The results are as follows :

* Trying 127.0.0.1:80...
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> GET /details/2 HTTP/1.1
> Host: 127.0.0.1
> User-Agent: curl/7.79.1
> Accept: */*
> app-id: details
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< content-type: application/json
< server: istio-envoy
< date: Tue, 28 Jun 2022 07:14:40 GMT
< content-length: 178
< x-envoy-upstream-service-time: 4
<

{"id":2,"author":"William Shakespeare","year":1595,"type":"paperback","pages":200,"publisher":"PublisherA","language":"English","ISBN-10":"1234567890","ISBN-13":"123-1234567890"}

* Connection #0 to host 127.0.0.1 left intact

The return result shows , What I visited was details service .

Last , Thank you for being so handsome , Give it back to me. give the thumbs-up .

原网站

版权声明
本文为[Wanmao Society]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/187/202207060403076519.html

边栏推荐

猜你喜欢

随机推荐