当前位置:网站首页>How many of the 10 most common examples of istio traffic management do you know?
How many of the 10 most common examples of istio traffic management do you know?
2022-07-06 04:04:00 【Wanmao Society】
10 individual Istio Traffic management The most common example , Strongly recommended Collection get up , For a rainy day .
For ease of understanding , With Istio Official Bookinfo Application example , extraction Istio Common examples of traffic management .
Bookinfo The application architecture is shown below :
among , Contains four separate microservices :
productpage: calldetailsandreviewsTwo services , Used to generate pages .details: Contains information about books .reviews: Contains reviews of books . It also calls ratings Microservices .rating: Contains rating information consisting of book reviews .
among ,reviews The service has 3 A version :
- v1 Version will not call
ratingsservice . - v2 Version will call
ratingsservice , And use 1 To 5 individual black Star icon to display rating information . - v3 Version will call
ratingsservice , And use 1 To 5 individual Red Star icon to display rating information .
Flow transfer
The goal is 1: hold
reviewsAll traffic from the service is routed to v1 edition .
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews
spec:
host: reviews
subsets:
- labels:
version: v1
name: v1
- labels:
version: v2
name: v2
- labels:
version: v3
name: v3
The goal is 2: hold
reviewsService 50% The flow is transferred to v3 edition .
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
weight: 50
- destination:
host: reviews
subset: v3
weight: 50
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews
spec:
host: reviews
subsets:
- labels:
version: v1
name: v1
- labels:
version: v2
name: v2
- labels:
version: v3
name: v3
The goal is 3: hold
reviewsAll traffic from the service is routed to v3 edition .
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v3
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews
spec:
host: reviews
subsets:
- labels:
version: v1
name: v1
- labels:
version: v2
name: v2
- labels:
version: v3
name: v3
User identity based routing
The goal is : From a company named OneMore All traffic from users of are routed to v2 edition , Other traffic is routed to v1 edition .
Istio There is no special built-in mechanism for user identity . In the application example ,productpage Service in all to reviews Service HTTP A custom... Is added to the request end-user Request header , Its value is user name .
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- headers:
end-user:
exact: OneMore
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews
spec:
host: reviews
subsets:
- labels:
version: v1
name: v1
- labels:
version: v2
name: v2
- labels:
version: v3
name: v3
Inject HTTP Delay fault
The goal is : user OneMore During the interview ,
ratingsThe service injects a 2 Second delay ,productpageThe page is about 2 Seconds load complete with no errors .
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: ratings
spec:
hosts:
- ratings
http:
- match:
- headers:
end-user:
exact: OneMore
fault:
delay:
percentage:
value: 100.0
fixedDelay: 2s
route:
- destination:
host: ratings
subset: v1
- route:
- destination:
host: ratings
subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: ratings
spec:
host: ratings
subsets:
- labels:
version: v1
name: v1
Inject HTTP Abort fault
The goal is : user OneMore During the interview ,
ratingsThe service injects a 503 Abort failure of ,productpagePages can be loaded immediately , Show at the same time “Ratings service is currently unavailable” Such news .
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: ratings
spec:
hosts:
- ratings
http:
- fault:
abort:
httpStatus: 503
percentage:
value: 100
match:
- headers:
end-user:
exact: OneMore
route:
- destination:
host: ratings
subset: v1
- route:
- destination:
host: ratings
subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: ratings
spec:
host: ratings
subsets:
- labels:
version: v1
name: v1
Set request timeout
First , user OneMore During the interview , ratings The service injects a 2 Second delay ,productpage The page is about 2 Seconds load complete with no errors .
As above Inject HTTP Delay fault To operate , I won't repeat .
The goal is : user OneMore During the interview ,
reviewsThe request timeout for the service is set to 1 second , Show at the same time “Sorry, product reviews are currently unavailable for this book.” Such news .
kind: VirtualService
apiVersion: networking.istio.io/v1alpha3
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- headers:
end-user:
exact: OneMore
route:
- destination:
host: reviews
subset: v2
timeout: 1s
- route:
- destination:
host: reviews
subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews
spec:
host: reviews
subsets:
- labels:
version: v1
name: v1
- labels:
version: v2
name: v2
- labels:
version: v3
name: v3
stay Jaeger You can see the specific call chain as follows :
Set request retry
First , user OneMore During the interview , ratings The service injects a 2 Second delay ,productpage The page is about 2 Seconds load complete with no errors .
As above Inject HTTP Delay fault To operate , I won't repeat .
The goal is : user OneMore During the interview ,
reviewsThe number of request retries for the service is 2 Time , Retry timeout is 0.5 second , Show at the same time “Sorry, product reviews are currently unavailable for this book.” Such an error message .
kind: VirtualService
apiVersion: networking.istio.io/v1alpha3
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- headers:
end-user:
exact: OneMore
route:
- destination:
host: reviews
subset: v2
retries:
attempts: 2
perTryTimeout: 0.5s
- route:
- destination:
host: reviews
subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews
spec:
host: reviews
subsets:
- labels:
version: v1
name: v1
- labels:
version: v2
name: v2
- labels:
version: v3
name: v3
Reject target IP Request
The goal is : except IP by
10.201.240.131Your client can access/api/v1/products/1, Other clients reject the request .
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: deny-by-ip
spec:
selector:
matchLabels:
app: productpage
action: DENY
rules:
- to:
- operation:
paths: ["/api/v1/products/1"]
when:
- key: remote.ip
notValues: ["10.201.240.131"]
Fuse
The goal is : Set up
detailsThe upper limit of service concurrency is 1.
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: details
spec:
host: details
trafficPolicy:
connectionPool:
tcp:
maxConnections: 1
http:
http1MaxPendingRequests: 1
maxRequestsPerConnection: 1
have access to Fortio Load test , The number of concurrent messages sent is 2 The connection of (-c 2), request 20 Time (-n 20):
kubectl exec fortio-deploy-684b6b47f8-tzsg8 -c fortio -- /usr/bin/fortio load -c 3 -qps 0 -n 20 -loglevel Warning http://details:9080/details/0
among ,fortio-deploy-684b6b47f8-tzsg8 yes Fortio Of Pod name , The effect is as follows :
Traffic image
The goal is : Route all traffic to reviews Service v2 edition , Then mirror all the traffic to v3 edition .
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v2
mirror:
host: reviews
subset: v3
mirrorPercentage:
value: 100.0
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews
spec:
host: reviews
subsets:
- labels:
version: v1
name: v1
- labels:
version: v2
name: v2
- labels:
version: v3
name: v3
Execute the following command to view reviews service v3 Version of Envoy Access log :
kubectl logs -l app=reviews,version=v3 -c istio-proxy
You can see reviews service v3 Log of version being called :
{
"authority": "reviews-shadow:9080",
"bytes_received": 0,
"bytes_sent": 375,
"connection_termination_details": null,
"downstream_local_address": "10.1.1.64:9080",
"downstream_remote_address": "10.1.1.59:0",
"duration": 1914,
"method": "GET",
"path": "/reviews/0",
"protocol": "HTTP/1.1",
"request_id": "b79cefe6-1277-9c39-b398-f94a704840cc",
"requested_server_name": "outbound_.9080_.v3_.reviews.default.svc.cluster.local",
"response_code": 200,
"response_code_details": "via_upstream",
"response_flags": "-",
"route_name": "default",
"start_time": "2022-06-27T07:34:19.129Z",
"upstream_cluster": "inbound|9080||",
"upstream_host": "10.1.1.64:9080",
"upstream_local_address": "127.0.0.6:59837",
"upstream_service_time": "1913",
"upstream_transport_failure_reason": null,
"user_agent": "curl/7.79.1",
"x_forwarded_for": "10.1.1.59"
}
Ingress The routing
The goal is : Request header
app-idbydetailsAll traffic is routed todetailsIn service .
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- '*'
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
port:
number: 9080
- match:
- headers:
app-id:
exact: details
route:
- destination:
host: details
port:
number: 9080
Use curl Command to verify :
curl -H "app-id: details" -v http://127.0.0.1/details/2
The results are as follows :
* Trying 127.0.0.1:80...
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> GET /details/2 HTTP/1.1
> Host: 127.0.0.1
> User-Agent: curl/7.79.1
> Accept: */*
> app-id: details
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< content-type: application/json
< server: istio-envoy
< date: Tue, 28 Jun 2022 07:14:40 GMT
< content-length: 178
< x-envoy-upstream-service-time: 4
<
{"id":2,"author":"William Shakespeare","year":1595,"type":"paperback","pages":200,"publisher":"PublisherA","language":"English","ISBN-10":"1234567890","ISBN-13":"123-1234567890"}
* Connection #0 to host 127.0.0.1 left intact
The return result shows , What I visited was details service .
Last , Thank you for being so handsome , Give it back to me. give the thumbs-up .
边栏推荐
- Do you know cookies, sessions, tokens?
- [matlab] - draw a five-star red flag
- C form application of C (27)
- 【FPGA教程案例11】基于vivado核的除法器设计与实现
- KS008基于SSM的新闻发布系统
- Introduction to data types in MySQL
- Cf603e pastoral oddities [CDQ divide and conquer, revocable and search set]
- mysql关于自增长增长问题
- 【可调延时网络】基于FPGA的可调延时网络系统verilog开发
- TCP/IP协议里面的网关地址和ip地址有什么区别?
猜你喜欢
随机推荐
简易博客系统
Use js to complete an LRU cache
DM8 backup set deletion
C language -- structs, unions, enumerations, and custom types
About some basic DP -- those things about coins (the basic introduction of DP)
[meisai] meisai thesis reference template
【FPGA教程案例11】基于vivado核的除法器设计与实现
[American competition] mathematical terms
[practical exercise] face location model based on skin color
2/10 parallel search set +bfs+dfs+ shortest path +spfa queue optimization
C (thirty) C combobox listview TreeView
Failure causes and optimization methods of LTE CSFB
ESP32(基于Arduino)连接EMQX的Mqtt服务器上传信息与命令控制
[disassembly] a visual air fryer. By the way, analyze the internal circuit
How does technology have the ability to solve problems perfectly
Exchange bottles (graph theory + thinking)
Benefits of automated testing
Codeforces Round #770 (Div. 2) B. Fortune Telling
绑定在游戏对象上的脚本的执行顺序
MySQL about self growth