一,istio部署
istioctl install --set profile=demo -ykubectl label namespace default istio-injection=enabled
root@master001:~/istio/istio-1.12.0# kubectl apply -f samples/addons/
root@master001:~/istio/istio-1.12.0# kubectl get po -nistio-system NAME READY STATUS RESTARTS AGE grafana-6ccd56f4b6-fmnzw 1/1 Running 1 169m istio-egressgateway-7f4864f59c-nz69w 1/1 Running 4 32d istio-ingressgateway-55d9fb9f-trmkq 1/1 Running 4 32d istiod-555d47cb65-dlfs4 1/1 Running 4 32d jaeger-5d44bc5c5d-bncxw 1/1 Running 1 169m kiali-79b86ff5bc-mzsxk 1/1 Running 0 158m prometheus-64fd8ccd65-gx5cg 2/2 Running 1 158m
root@slave002:~# kubectl run demoapp --image=gexuchuan123/demoapp:v1.0 --restart=Never
root@slave002:~# kubectl exec -it demoapp -- curl localhost:15000/listeners
root@slave002:~# istioctl proxy-status
root@slave002:~# kubectl exec -it demoapp -- curl localhost:15000/clusters
root@slave002:~# kubectl create svc clusterip demoapp --tcp=80:80 service/demoapp created root@slave002:~# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE demoapp ClusterIP 10.100.169.192 <none> 80/TCP 2s kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 67d
root@slave002:~# istioctl proxy-config listener demoapp
root@slave002:~# istioctl proxy-config routes demoapp NAME DOMAINS MATCH VIRTUAL SERVICE
Available Commands: all Retrieves all configuration for the Envoy in the specified pod bootstrap Retrieves bootstrap configuration for the Envoy in the specified pod cluster Retrieves cluster configuration for the Envoy in the specified pod endpoint Retrieves endpoint configuration for the Envoy in the specified pod listener Retrieves listener configuration for the Envoy in the specified pod log (experimental) Retrieves logging levels of the Envoy in the specified pod rootca-compare Compare ROOTCA values for the two given pods route Retrieves route configuration for the Envoy in the specified pod secret Retrieves secret configuration for the Envoy in the specified pod
kubectl describe svc -n istio-system istio-ingressgateway
二,kiali开放端口57328
root@slave002:~/istio-in-practise/Basics/kiali# cat kiali-gateway.yaml
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: kiali-gateway
namespace: istio-system
spec:
selector:
app: istio-ingressgateway #挑选pod
servers:
- port:
number: 80
name: http-kiali #http表示7层过滤
protocol: HTTP
hosts:
- "kiali.chuan.com"
---
root@slave002:~/istio-in-practise/Basics/kiali# cat kiali-virtualservice.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: kiali-virtualservice
namespace: istio-system
spec:
hosts:
- "kiali.chuan.com" #域名
gateways:
- kiali-gateway
http:
- match:
- port: 80
route:
- destination:
host: kiali #svc简称
port:
number: 20001 #kiali端口
---
root@slave002:~/istio-in-practise/Basics/kiali# cat kiali-destinationrule.yaml
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: kiali
namespace: istio-system
spec:
host: kiali
trafficPolicy:
tls:
mode: DISABLE
---
root@slave001:~# netstat -nutpl|grep 57328 tcp 0 0 0.0.0.0:57328 0.0.0.0:* LISTEN 880/kube-proxy
57328--80--8080 --20001
kiali.chuan.com:57328
三,配置查看
root@slave002:~/istio-in-practise/Basics/kiali# kubectl api-resources --api-group=networking.istio.io NAME SHORTNAMES APIVERSION NAMESPACED KIND destinationrules dr networking.istio.io/v1beta1 true DestinationRule envoyfilters networking.istio.io/v1alpha3 true EnvoyFilter gateways gw networking.istio.io/v1beta1 true Gateway serviceentries se networking.istio.io/v1beta1 true ServiceEntry sidecars networking.istio.io/v1beta1 true Sidecar virtualservices vs networking.istio.io/v1beta1 true VirtualService workloadentries we networking.istio.io/v1beta1 true WorkloadEntry workloadgroups wg networking.istio.io/v1alpha3 true WorkloadGroup
root@slave002:~/istio-in-practise/Basics/kiali# kubectl explain gw
root@slave002:~/istio-in-practise/Basics/kiali# kubectl get po -l app=istio-ingressgateway -nistio-system NAME READY STATUS RESTARTS AGE istio-ingressgateway-55d9fb9f-trmkq 1/1 Running 4 33d
root@slave002:~/istio-in-practise/Basics/kiali# kubectl get po -A --show-labels
InGW=$(kubectl get po -l app=istio-ingressgateway -nistio-system -o jsonpath={.items[0].metadata.name})
root@slave001:~# kubectl describe svc istio-ingressgateway -nistio-system Port: http2 80/TCP TargetPort: 8080/TCP NodePort: http2 57328/TCP Endpoints: 10.200.122.231:8080
root@slave002:~/istio-in-practise/Basics/kiali# istioctl proxy-config listener $InGW -n istio-system
ADDRESS PORT MATCH DESTINATION
0.0.0.0 8080 ALL Route: http.8080 #ingress gateway pod监听端口
0.0.0.0 15021 ALL Inline Route: /healthz/ready*
0.0.0.0 15090 ALL Inline Route: /stats/prometheus*
root@slave002:~/istio-in-practise/Basics/kiali# istioctl proxy-config routes $InGW -n istio-system
NAME DOMAINS MATCH VIRTUAL SERVICE
http.8080 kiali.chuan.com /* kiali-virtualservice.istio-system #
* /stats/prometheus*
* /healthz/ready*
四,简单示例
root@slave002:~/istio-in-practise/demo# kubectl create deploy demoappv10 --image=gexuchuan123/demoapp:v1.0 --replicas=3 --dry-run=client -o yaml > demoappv10.yaml
root@slave002:~/istio-in-practise/demo# kubectl create svc clusterip demoappv10 --tcp=8080:8080 --dry-run=client -o yaml > server-demoappv10.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: demoappv10
name: demoappv10
spec:
replicas: 3
selector:
matchLabels:
app: demoapp
version: v1.0
strategy: {}
template:
metadata:
labels:
app: demoapp
version: v1.0
spec:
containers:
- image: gexuchuan123/demoapp:v1.0
name: demoapp
env:
- name: PORT
value: "8080"
resources: {}
apiVersion: v1
kind: Service
metadata:
labels:
app: demoappv10
name: demoappv10
spec:
ports:
- name: http-8080
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: demoapp
version: v1.0
type: ClusterIP
Demoapp=$(kubectl get po -l app=demoapp -o jsonpath={.items[0].metadata.name})
root@slave002:~# kubectl run client7 --image=gexuchuan123/admin-box -it --rm --restart=Never --command -- /bin/sh If you don't see a command prompt, try pressing enter. root@client7 # curl demoappv10:8080 iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-5db4f99f74-z8f9x, ServerIP: 10.200.111.8!
while true;do curl demoappv10:8080;sleep 1;done
五,istio-in-practise
01-demoapp-v10
root@slave002:~/istio-in-practise/Basics/ms-demo/01-demoapp-v10# cat deploy-proxy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: proxy
spec:
progressDeadlineSeconds: 600
replicas: 1
selector:
matchLabels:
app: proxy
template:
metadata:
labels:
app: proxy
spec:
containers:
- env:
- name: PROXYURL
value: http://demoappv10:8080
image: ikubernetes/proxy:v0.1.1
imagePullPolicy: IfNotPresent
name: proxy
ports:
- containerPort: 8080
name: web
protocol: TCP
resources:
limits:
cpu: 50m
---
apiVersion: v1
kind: Service
metadata:
name: proxy
spec:
ports:
- name: http-80
port: 80
protocol: TCP
targetPort: 8080
selector:
app: proxy
---
root@slave002:~/istio-in-practise/Basics/ms-demo/01-demoapp-v10# cat deploy-demoapp.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: demoappv10
version: v1.0
name: demoappv10
spec:
progressDeadlineSeconds: 600
replicas: 3
selector:
matchLabels:
app: demoapp
version: v1.0
template:
metadata:
labels:
app: demoapp
version: v1.0
spec:
containers:
- image: ikubernetes/demoapp:v1.0
imagePullPolicy: IfNotPresent
name: demoapp
env:
- name: "PORT"
value: "8080"
ports:
- containerPort: 8080
name: web
protocol: TCP
resources:
limits:
cpu: 50m
---
apiVersion: v1
kind: Service
metadata:
name: demoappv10
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: demoapp
version: v1.0
type: ClusterIP
---
root@slave002:~/istio-in-practise/Basics/ms-demo/01-demoapp-v10# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE demoappv10 ClusterIP 10.100.4.197 <none> 8080/TCP 5m51s kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 76d proxy ClusterIP 10.100.239.94 <none> 80/TCP 5m51s
kubectl run client11 --image=gexuchuan123/admin-box -it --rm --restart=Never --command -- /bin/sh while true;do curl proxy;sleep 1;done
流量调度逻辑
client pod >> sidecar envoy(Egress listener:proxy:80) >> (Ingress Listener) proxy pod >> (Egress Listener: demoappv10:8080)proxy pod >> (Ingress Listener) demoappv10 pod
02-demoapp-v11
root@slave002:~/istio-in-practise/Basics/ms-demo/02-demoapp-v11# cat deploy-demoapp-v11.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: demoappv11
version: v1.1
name: demoappv11
spec:
progressDeadlineSeconds: 600
replicas: 2
selector:
matchLabels:
app: demoapp
version: v1.1
template:
metadata:
labels:
app: demoapp
version: v1.1
spec:
containers:
- image: ikubernetes/demoapp:v1.1
imagePullPolicy: IfNotPresent
name: demoapp
env:
- name: "PORT"
value: "8080"
ports:
- containerPort: 8080
name: web
protocol: TCP
resources:
limits:
cpu: 50m
---
apiVersion: v1
kind: Service
metadata:
name: demoappv11
spec:
ports:
- name: http-8080
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: demoapp
version: v1.1
type: ClusterIP
---
root@slave002:~/istio-in-practise/Basics/ms-demo/02-demoapp-v11# cat service-demoapp.yaml
---
apiVersion: v1
kind: Service
metadata:
name: demoapp
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: demoapp
type: ClusterIP
---
root@slave002:~/istio-in-practise/Basics/ms-demo/02-demoapp-v11# cat deploy-proxy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: proxy
spec:
progressDeadlineSeconds: 600
replicas: 1
selector:
matchLabels:
app: proxy
template:
metadata:
labels:
app: proxy
spec:
containers:
- env:
- name: PROXYURL
value: http://demoapp:8080
image: ikubernetes/proxy:v0.1.1
imagePullPolicy: IfNotPresent
name: proxy
ports:
- containerPort: 8080
name: web
protocol: TCP
resources:
limits:
cpu: 50m
---
apiVersion: v1
kind: Service
metadata:
name: proxy
spec:
ports:
- name: http-80
port: 80
protocol: TCP
targetPort: 8080
selector:
app: proxy
---
root@slave002:~/istio-in-practise/Basics/ms-demo/02-demoapp-v11# cat virutalservice-demoapp.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: demoapp
spec:
hosts:
- demoapp
http:
- name: canary
match:
- uri:
prefix: /canary
rewrite:
uri: /
route:
- destination:
host: demoappv11
- name: default
route:
- destination:
host: demoappv10
root@client11 # while true;do curl proxy/hostname;sleep 1;done
while true;do curl proxy/canary;sleep 1;done
03-demoapp-subset
root@slave002:~/istio-in-practise/Basics/ms-demo/03-demoapp-subset# kubectl delete vs demoapp
root@slave002:~/istio-in-practise/Basics/ms-demo/03-demoapp-subset# cat destinationrule-demoapp.yaml
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: demoapp
spec:
host: demoapp
subsets:
- name: v10
labels:
version: v1.0
- name: v11
labels:
version: v1.1
root@slave002:~/istio-in-practise/Basics/ms-demo/03-demoapp-subset# cat virutalservice-demoapp.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: demoapp
spec:
hosts:
- demoapp
http:
- name: canary
match:
- uri:
prefix: /canary
rewrite:
uri: /
route:
- destination:
host: demoapp
subset: v11
- name: default
route:
- destination:
host: demoapp
subset: v10
root@client11 # while true;do curl proxy/canary;sleep 1;done
root@client11 # while true;do curl proxy/hostname;sleep 1;done
root@master001:~# Demoapp=$(kubectl get po -l app=demoapp -o jsonpath={.items[0].metadata.name})
root@master001:~# istioctl proxy-config clusters $Demoapp
SERVICE FQDN PORT SUBSET DIRECTION TYPE DESTINATION RULE
8080 - inbound ORIGINAL_DST
BlackHoleCluster - - - STATIC
InboundPassthroughClusterIpv4 - - - ORIGINAL_DST
PassthroughCluster - - - ORIGINAL_DST
agent - - - STATIC
demoapp.default.svc.cluster.local 8080 - outbound EDS demoapp.default
demoapp.default.svc.cluster.local 8080 v10 outbound EDS demoapp.default
demoapp.default.svc.cluster.local 8080 v11 outbound EDS demoapp.default
04-proxy-gateway
root@slave002:~/istio-in-practise/Basics/ms-demo/04-proxy-gateway# cat gateway-proxy.yaml
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: proxy-gateway
namespace: istio-system # 要指定为ingress gateway pod所在名称空间
spec:
selector:
app: istio-ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "fe.chuan.com"
root@slave002:~/istio-in-practise/Basics/ms-demo/04-proxy-gateway# cat virtualservice-proxy.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: proxy
spec:
hosts:
- "fe.chuan.com" # 对应于gateways/proxy-gateway
gateways:
- istio-system/proxy-gateway # 相关定义仅应用于Ingress Gateway上
#- mesh
http:
- name: default
route:
- destination:
host: proxy
fe.chuan.com 192.168.192.152
05-url-redirect-and-rewrite
root@slave002:~/istio-in-practise/Basics/ms-demo/05-url-redirect-and-rewrite# cat deploy-backend.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: backend
version: v3.6
name: backendv36
spec:
progressDeadlineSeconds: 600
replicas: 2
selector:
matchLabels:
app: backend
version: v3.6
template:
metadata:
creationTimestamp: null
labels:
app: backend
version: v3.6
spec:
containers:
- image: ikubernetes/gowebserver:v0.1.0
imagePullPolicy: IfNotPresent
name: gowebserver
env:
- name: "SERVICE_NAME"
value: "backend"
- name: "SERVICE_PORT"
value: "8082"
- name: "SERVICE_VERSION"
value: "v3.6"
ports:
- containerPort: 8082
name: web
protocol: TCP
resources:
limits:
cpu: 50m
---
apiVersion: v1
kind: Service
metadata:
name: backend
spec:
ports:
- name: http-web
port: 8082
protocol: TCP
targetPort: 8082
selector:
app: backend
version: v3.6
---
root@slave002:~/istio-in-practise/Basics/ms-demo/05-url-redirect-and-rewrite# cat virtualservice-demoapp.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: demoapp
spec:
hosts:
- demoapp
http:
- name: rewrite
match:
- uri:
prefix: /canary
rewrite:
uri: /
route:
- destination:
host: demoapp
subset: v11
- name: redirect
match:
- uri:
prefix: "/backend"
redirect:
uri: /
authority: backend
port: 8082
- name: default
route:
- destination:
host: demoapp
subset: v10
root@slave002:~/aaa# cat virtualservice-proxy.yaml #内外部访问
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: proxy
spec:
hosts:
- "fe.chuan.com" # 对应于gateways/proxy-gateway
- "proxy"
gateways:
- istio-system/proxy-gateway # 相关定义仅应用于Ingress Gateway上
- mesh
http:
- name: redirect
match:
- uri:
prefix: "/backend"
redirect:
uri: /
authority: backend
port: 8082
- name: default
route:
- destination:
host: proxy
root@client7 ~# while true;do curl -I proxy/backend;sleep 0.3;done HTTP/1.1 301 Moved Permanently location: http://backend:8082/ date: Tue, 04 Jan 2022 17:09:08 GMT server: envoy transfer-encoding: chunked root@client7 ~# while true;do curl proxy;sleep 0.3;done Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-7bctv, ServerIP: 10.200.111.24! - Took 4 milliseconds. Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-256gc, ServerIP: 10.200.163.101! - Took 4 milliseconds. Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-ktlp6, ServerIP: 10.200.163.98! - Took 4 milliseconds. Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-7bctv, ServerIP: 10.200.111.24! - Took 4 milliseconds. ^C root@client7 ~# while true;do curl proxy/canary;sleep 0.3;done Proxying value: iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-m2njk, ServerIP: 10.200.122.210! - Took 5 milliseconds. Proxying value: iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-m2njk, ServerIP: 10.200.122.210! - Took 4 milliseconds. Proxying value: iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-44pqn, ServerIP: 10.200.111.23! - Took 3 milliseconds. Proxying value: iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-44pqn, ServerIP: 10.200.111.23!
06-weight-based-routing
root@slave002:~/istio-in-practise/Basics/ms-demo/05-url-redirect-and-rewrite# kubectl delete -f virtualservice-proxy.yaml root@slave002:~/istio-in-practise/Basics/ms-demo/05-url-redirect-and-rewrite# kubectl apply -f ../04-proxy-gateway/virtualservice-proxy.yaml
root@slave002:~/istio-in-practise/Basics/ms-demo/06-weight-based-routing# cat virtualservice-demoapp.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: demoapp
spec:
hosts:
- demoapp
http:
- name: weight-based-routing
route:
- destination:
host: demoapp
subset: v10
weight: 90
- destination:
host: demoapp
subset: v11
weight: 10
root@slave002:~/istio-in-practise/Basics/ms-demo/06-weight-based-routing# kubectl apply -f .
root@client7 # while true;do curl proxy;sleep 1;done
07-headers-operation
root@slave002:~/istio-in-practise/Basics/ms-demo/07-headers-operation# cat virtualservice-demoapp.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: demoapp
spec:
hosts:
- demoapp
http:
- name: canary
match:
- headers:
x-canary:
exact: "true"
route:
- destination:
host: demoapp
subset: v11
headers:
request:
set:
User-Agent: Chrome
response:
add:
x-canary: "true"
- name: default
headers:
response:
add:
X-Envoy: test
route:
- destination:
host: demoapp
subset: v10
root@client7 # while true;do curl -H "x-canary: true" demoapp:8080;sleep 0.5;done iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-5pt6n, ServerIP: 10.200.122.220! iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-dngqd, ServerIP: 10.200.111.31!
root@client7 # while true;do curl -H "x-canary: true" demoapp:8080/user-agent;sleep 0.5;done User-Agent: Chrome User-Agent: Chrome
root@client7 # while true;do curl -I -H "x-canary: true" demoapp:8080;sleep 0.5;done HTTP/1.1 200 OK content-type: text/html; charset=utf-8 content-length: 116 server: envoy date: Wed, 05 Jan 2022 13:53:24 GMT x-envoy-upstream-service-time: 3 x-canary: true
root@client7 # while true;do curl -I demoapp:8080;sleep 0.5;done HTTP/1.1 200 OK content-type: text/html; charset=utf-8 content-length: 115 server: envoy date: Wed, 05 Jan 2022 13:58:07 GMT x-envoy-upstream-service-time: 2 x-envoy: test
08-fault-injection
root@slave002:~/istio-in-practise/Basics/ms-demo/08-fault-injection# cat virtualservice-demoapp.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: demoapp
spec:
hosts:
- demoapp
http:
- name: canary
match:
- uri:
prefix: /canary
rewrite:
uri: /
route:
- destination:
host: demoapp
subset: v11
fault:
abort:
percentage:
value: 20
httpStatus: 555
- name: default
route:
- destination:
host: demoapp
subset: v10
fault:
delay:
percentage:
value: 20
fixedDelay: 3s
root@client7 # while true;do curl proxy;sleep 0.4;done Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-c6vx5, ServerIP: 10.200.111.29! - Took 5 milliseconds. Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-c6vx5, ServerIP: 10.200.111.29! - Took 3 milliseconds. Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-jzkls, ServerIP: 10.200.111.30!
root@client7 # while true;do curl proxy/canary;sleep 0.4;done Proxying value: fault filter abort - Took 10 milliseconds. Proxying value: iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-dngqd, ServerIP: 10.200.111.31! - Took 4 milliseconds. Proxying value: iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-5pt6n, ServerIP: 10.200.122.220! - Took 4 milliseconds. Proxying value: iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-dngqd, ServerIP: 10.200.111.31! - Took 3 milliseconds. Proxying value: iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-5pt6n, ServerIP: 10.200.122.220! - Took 3 milliseconds. Proxying value: iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-dngqd, ServerIP: 10.200.111.31! - Took 3 milliseconds. Proxying value: iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-5pt6n, ServerIP: 10.200.122.220! - Took 3 milliseconds. Proxying value: iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-dngqd, ServerIP: 10.200.111.31! - Took 4 milliseconds. Proxying value: iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-5pt6n, ServerIP: 10.200.122.220! - Took 4 milliseconds. Proxying value: iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-5pt6n, ServerIP: 10.200.122.220! - Took 3 milliseconds. Proxying value: iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-dngqd, ServerIP: 10.200.111.31! - Took 3 milliseconds. Proxying value: fault filter abort - Took 11 milliseconds.
09-http-retry
root@slave002:~/istio-in-practise/Basics/ms-demo/09-http-retry# cat virtualservice-proxy.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: proxy
spec:
hosts:
- "fe.magedu.com" # 对应于gateways/proxy-gateway
gateways:
- istio-system/proxy-gateway # 相关定义仅应用于Ingress Gateway上
#- mesh
http:
- name: default
route:
- destination:
host: proxy
timeout: 1s #1s不响应返回超时
retries:
attempts: 5 #重试次数
perTryTimeout: 1s #重试超过一秒超时
retryOn: 5xx,connect-failure,refused-stream
root@slave002:~/istio-in-practise/Basics/ms-demo/09-http-retry# cat virtualservice-demoapp.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: demoapp
spec:
hosts:
- demoapp
http:
- name: canary
match:
- uri:
prefix: /canary
rewrite:
uri: /
route:
- destination:
host: demoapp
subset: v11
fault:
abort:
percentage:
value: 50
httpStatus: 555
- name: default
route:
- destination:
host: demoapp
subset: v10
fault:
delay:
percentage:
value: 50
fixedDelay: 3s
root@client7 # while true;do curl proxy/canary;sleep 0.4;done Proxying value: iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-dngqd, ServerIP: 10.200.111.31! - Took 5 milliseconds. Proxying value: iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-5pt6n, ServerIP: 10.200.122.220! - Took 8 milliseconds. Proxying value: fault filter abort - Took 2 milliseconds. Proxying value: fault filter abort - Took 1 milliseconds. Proxying value: fault filter abort - Took 1 milliseconds. Proxying value: iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-dngqd, ServerIP: 10.200.111.31! - Took 4 milliseconds. Proxying value: fault filter abort - Took 1 milliseconds. Proxying value: fault filter abort - Took 1 milliseconds. Proxying value: fault filter abort - Took 1 milliseconds. Proxying value: fault filter abort - Took 1 milliseconds.
延迟
root@client7 # while true;do curl proxy;sleep 0.4;done Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-jzkls, ServerIP: 10.200.111.30! - Took 3003 milliseconds. Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-zc258, ServerIP: 10.200.122.219! - Took 4 milliseconds. Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-c6vx5, ServerIP: 10.200.111.29! - Took 3003 milliseconds. Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-jzkls, ServerIP: 10.200.111.30!
10-traffic-mirror
root@slave002:~/istio-in-practise/Basics/ms-demo/10-traffic-mirror# cat virtualservice-demoapp.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: demoapp
spec:
hosts:
- demoapp
http:
- name: traffic-mirror
route:
- destination:
host: demoapp
subset: v10
mirror:
host: demoapp
subset: v11
11-cluster-loadbalancing
root@slave002:~/istio-in-practise/Basics/ms-demo/11-cluster-loadbalancing# cat destinationrule-demoapp.yaml
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: demoapp
spec:
host: demoapp
trafficPolicy:
loadBalancer:
simple: LEAST_CONN
subsets:
- name: v10
labels:
version: v1.0
trafficPolicy:
loadBalancer:
consistentHash:
httpHeaderName: X-User
- name: v11
labels:
version: v1.1
root@slave002:~/istio-in-practise/Basics/ms-demo/03-demoapp-subset# cat virutalservice-demoapp.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: demoapp
spec:
hosts:
- demoapp
http:
- name: canary
match:
- uri:
prefix: /canary
rewrite:
uri: /
route:
- destination:
host: demoapp
subset: v11
- name: default
route:
- destination:
host: demoapp
subset: v10
root@slave002:~/istio-in-practise/Basics/ms-demo/03-demoapp-subset# kubectl apply -f .
root@client7 # while true;do curl demoapp:8080/canary;sleep 0.4;done iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-5pt6n, ServerIP: 10.200.122.220! iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-dngqd, ServerIP: 10.200.111.31! iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-5pt6n, ServerIP: 10.200.122.220! iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-dngqd, ServerIP: 10.200.111.31! iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-5pt6n, ServerIP: 10.200.122.220! iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-dngqd, ServerIP: 10.200.111.31! iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-7984f579f5-dngqd, ServerIP: 10.200.111.31! ^C root@client7 # while true;do curl demoapp:8080;sleep 0.4;done iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-jzkls, ServerIP: 10.200.111.30! iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-zc258, ServerIP: 10.200.122.219! iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-c6vx5, ServerIP: 10.200.111.29! iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-zc258, ServerIP: 10.200.122.219! iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-c6vx5, ServerIP: 10.200.111.29! iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-jzkls, ServerIP: 10.200.111.30! iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-jzkls, ServerIP: 10.200.111.30!
v10 基于标头转发后端3个pod /canary转发到v11后端2个pod
root@client7 # while true;do curl -H "x-user: user1" demoapp:8080;sleep 0.5;done iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-jzkls, ServerIP: 10.200.111.30! iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-jzkls, ServerIP: 10.200.111.30! iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-jzkls, ServerIP: 10.200.111.30! iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-jzkls, ServerIP: 10.200.111.30! iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-jzkls, ServerIP: 10.200.111.30! iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-jzkls, ServerIP: 10.200.111.30! ^C root@client7 # while true;do curl -H "x-user: user2" demoapp:8080;sleep 0.5;done iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-c6vx5, ServerIP: 10.200.111.29! iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-c6vx5, ServerIP: 10.200.111.29! iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-c6vx5, ServerIP: 10.200.111.29! iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-c6vx5, ServerIP: 10.200.111.29! root@client7 # while true;do curl -H "x-user: user3" demoapp:8080;sleep 0.5;done iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-zc258, ServerIP: 10.200.122.219! iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-zc258, ServerIP: 10.200.122.219! iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-zc258, ServerIP: 10.200.122.219!
12-connection-pool
root@slave002:~/istio-in-practise/Basics/ms-demo/12-connection-pool# cat virutalservice-demoapp.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: demoapp
spec:
hosts:
- demoapp
http:
- name: canary
match:
- uri:
prefix: /canary
rewrite:
uri: /
route:
- destination:
host: demoapp
subset: v11
- name: default
route:
- destination:
host: demoapp
subset: v10
root@slave002:~/istio-in-practise/Basics/ms-demo/12-connection-pool# cat destinationrule-demoapp.yaml
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: demoapp
spec:
host: demoapp
trafficPolicy:
loadBalancer:
simple: LEAST_CONN
connectionPool:
tcp:
maxConnections: 100
connectTimeout: 30ms
tcpKeepalive:
time: 7200s
interval: 75s
http:
http2MaxRequests: 1000
maxRequestsPerConnection: 10
subsets:
- name: v10
labels:
version: v1.0
trafficPolicy:
loadBalancer:
consistentHash:
httpHeaderName: X-User
- name: v11
labels:
version: v1.1
root@client7 # while true;do curl demoapp:8080;sleep 0.000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005;done iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-jzkls, ServerIP: 10.200.111.30! iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-jzkls, ServerIP: 10.200.111.30! iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-c6vx5, ServerIP: 10.200.111.29! iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-zc258, ServerIP: 10.200.122.219! iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-c6vx5, ServerIP: 10.200.111.29! iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-c6vx5, ServerIP: 10.200.111.29! iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-c6vx5, ServerIP: 10.200.111.29! iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-6ff964cbff-zc258, ServerIP: 10.200.122.219
13-outlier-detection
root@slave002:~/istio-in-practise/Basics/ms-demo/13-outlier-detection# cat destinationrule-demoapp.yaml
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: demoapp
spec:
host: demoapp
trafficPolicy:
loadBalancer:
simple: RANDOM
connectionPool:
tcp:
maxConnections: 100
connectTimeout: 30ms
tcpKeepalive:
time: 7200s
interval: 75s
http:
http2MaxRequests: 1000
maxRequestsPerConnection: 10
outlierDetection:
maxEjectionPercent: 50 #移除阈值
consecutive5xxErrors: 5 #连续5次5XX弹出主机
interval: 10s #检测时长
baseEjectionTime: 1m #弹出时长1分钟加回来
minHealthPercent: 40
subsets:
- name: v10
labels:
version: v1.0
- name: v11
labels:
version: v1.1
OKroot@master001:~# curl -XPOST -d 'livez=FAIL' 10.200.111.29:8080/livez
root@master001:~# curl 10.200.111.29:8080/livez FAILroot@master001:~# curl -I 10.200.111.29:8080/livez HTTP/1.1 506 Variant Also Negotiates content-type: text/html; charset=utf-8 content-length: 4 server: istio-envoy date: Wed, 05 Jan 2022 15:19:21 GMT x-envoy-upstream-service-time: 1 x-envoy-decorator-operation: demoappv10.default.svc.cluster.local:8080/*
demoappv10-6ff964cbff-c6vx5 2/2 Running 0 151m 10.200.111.29 192.168.192.153 <none> <none> demoappv10-6ff964cbff-jzkls 2/2 Running 0 151m 10.200.111.30 192.168.192.153 <none> <none> demoappv10-6ff964cbff-zc258 2/2 Running 0 151m 10.200.122.219 192.168.192.152 <none> <none>
while true;do curl proxy/livez;sleep 0.5;done Proxying value: FAIL - Took 4 milliseconds. Proxying value: FAIL - Took 12 milliseconds. Proxying value: OK - Took 4 milliseconds. Proxying value: OK - Took 4 milliseconds. Proxying value: OK - Took 6 milliseconds. Proxying value: OK - Took 3 milliseconds. Proxying value: FAIL - Took 4 milliseconds. Proxying value: OK - Took 4 milliseconds. Proxying value: OK - Took 4 milliseconds. Proxying value: OK - Took 4 milliseconds. Proxying value: FAIL - Took 4 milliseconds.
root@client7 # while true;do curl proxy/livez;sleep 0.5;done Proxying value: OK - Took 4 milliseconds. Proxying value: OK - Took 3 milliseconds. Proxying value: OK - Took 4 milliseconds. Proxying value: OK - Took 3 milliseconds. Proxying value: OK - Took 5 milliseconds. Proxying value: FAIL - Took 4 milliseconds. Proxying value: OK - Took 3 milliseconds. Proxying value: OK - Took 3 milliseconds. Proxying value: OK - Took 3 milliseconds. Proxying value: FAIL - Took 4 milliseconds. Proxying value: FAIL - Took 5 milliseconds. Proxying value: FAIL - Took 3 milliseconds. Proxying value: FAIL - Took 3 milliseconds.
每一分钟连续5个5XX