【06】VirtualService高级流量功能

5.3 weight

1. 部署demoapp v10和v11版本

   ---
   apiVersion: apps/v1
   kind: Deployment
   metadata:
     labels:
       app: demoappv10
       version: v1.0
     name: demoappv10
   spec:
     progressDeadlineSeconds: 600
     replicas: 3
     selector:
       matchLabels:
         app: demoapp
         version: v1.0
     template:
       metadata:
         labels:
           app: demoapp
           version: v1.0
       spec:
         containers:
         - image: ikubernetes/demoapp:v1.0
           imagePullPolicy: IfNotPresent
           name: demoapp
           env:
           - name: "PORT"
             value: "8080"
           ports:
           - containerPort: 8080
             name: web
             protocol: TCP
           resources:
             limits:
               cpu: 50m
   ---
   apiVersion: apps/v1
   kind: Deployment
   metadata:
     labels:
       app: demoappv11
       version: v1.1
     name: demoappv11
   spec:
     progressDeadlineSeconds: 600
     replicas: 2
     selector:
       matchLabels:
         app: demoapp
         version: v1.1
     template:
       metadata:
         labels:
           app: demoapp
           version: v1.1
       spec:
         containers:
         - image: ikubernetes/demoapp:v1.1
           imagePullPolicy: IfNotPresent
           name: demoapp
           env:
           - name: "PORT"
             value: "8080"
           ports:
           - containerPort: 8080
             name: web
             protocol: TCP
           resources:
             limits:
               cpu: 50m
   ---
   apiVersion: v1
   kind: Service
   metadata:
     name: demoapp
   spec:
     ports:
       - name: http
         port: 8080
         protocol: TCP
         targetPort: 8080
     selector:
       app: demoapp
     type: ClusterIP
   ---

2. 定义subset

   apiVersion: networking.istio.io/v1beta1
   kind: DestinationRule
   metadata:
     name: demoapp
   spec:
     host: demoapp
     subsets:
     - name: v10
       labels:
         version: v1.0
     - name: v11
       labels:
         version: v1.1

3. 定义基于weight的virtualservice

   apiVersion: networking.istio.io/v1beta1
   kind: VirtualService
   metadata:
     name: demoapp
   spec:
     hosts:
     - demoapp
     http:
     - name: weight-based-routing
       route:
       - destination:
           host: demoapp
           subset: v10
         weight: 90
       - destination:
           host: demoapp
           subset: v11
         weight: 10

4. 测试

   访问http://demoapp:8080

   

   kiali查看拓扑
   

5.4 rewrite

1. 定义demoapp v1.0和demoapp v1.1版本和subset的dr规则。参考weight中定义

2. 定义rewrite的virtualservice

   apiVersion: networking.istio.io/v1beta1
   kind: VirtualService
   metadata:
     name: demoapp
   spec:
     hosts:
     - demoapp
     http:
     - name: rewrite
       match:
       - uri:
           prefix: /canary
       rewrite:
         uri: /
       route:
       - destination:
           host: demoapp
           subset: v11
     - name: default
       route:
       - destination:
           host: demoapp
           subset: v10

3. 测试

   访问：http://demoapp:8080/canary

   

   访问：http://demoapp:8080

   

5.5 header

1. 定义demoapp v1.0和demoapp v1.1版本和subset的dr规则。参考weight中定义

2. 定义header规则

   apiVersion: networking.istio.io/v1beta1
   kind: VirtualService
   metadata:
     name: demoapp
   spec:
     hosts:
     - demoapp
     http:
     - name: canary
       match:
       - headers:
           x-canary:
             exact: "true"
       route:
       - destination:
           host: demoapp
           subset: v11
         headers:
           request:
             set: 
               User-Agent: Chrome   #set字段修改request的value的值
           response:
             add:
               x-canary: "true"  # 在reponse中利用add字段进行添加
     - name: default
       headers:
         response:
           add:
             X-Envoy: test
       route:
       - destination:
           host: demoapp
           subset: v10

3. 测试功能

   按照定义的header的vs规则：

   • 当请求demoapp:8080会匹配上default规则，并且在response的header加上x-Envoy: test的标头

     / $ curl -I demoapp:8080
     HTTP/1.1 200 OK
     content-type: text/html; charset=utf-8
     content-length: 114
     server: envoy
     date: Tue, 22 Aug 2023 09:14:02 GMT
     x-envoy-upstream-service-time: 2
     x-envoy: test

   • 当请求demoapp:8080加上x-canary: true 的标头，会在reponse中增加标头，以及会将request的User-Agent: Chrome修改

     / $ curl -I -H "x-canary: true" demoapp:8080
     HTTP/1.1 200 OK
     content-type: text/html; charset=utf-8
     content-length: 116
     server: envoy
     date: Tue, 22 Aug 2023 09:18:06 GMT
     x-envoy-upstream-service-time: 2
     x-canary: true

     / $ curl -H "x-canary: true" demoapp:8080/user-agent
     User-Agent: Chrome
     / $ 

5.6 fault injection

1. 定义demoapp v1.0和demoapp v1.1版本和subset的dr规则。参考weight中定义

2. 定义fault injection的规则

   apiVersion: networking.istio.io/v1beta1
   kind: VirtualService
   metadata:
     name: demoapp
   spec:
     hosts:
     - demoapp
     http:
     - name: canary
       match:
       - uri:
           prefix: /canary
       rewrite:
         uri: /
       route:
       - destination:
           host: demoapp
           subset: v11
       fault:         # 故障注入的一种方式abort,会在发往v11版本的20%的流量上注入abort故障，返回的http code为555
         abort:
           percentage:
             value: 20
           httpStatus: 555
     - name: default
       route:
       - destination:
           host: demoapp
           subset: v10
       fault:
         delay:              # 故障注入的另外一种方式延迟，会在发往v10的版本上20%的流量上注入delay故障，延迟时间为3秒
           percentage:
             value: 20
           fixedDelay: 3s

3. 测试

   • 当访问demoapp:8080/canary的时候，按照上诉定义的规则，会有20%的比例注入abort故障：

     / $ curl demoapp:8080/canary
     iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-vxmgv, ServerIP: 172.16.140.87!
     / $ curl demoapp:8080/canary
     iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-k2xzl, ServerIP: 172.16.196.145!
     / $ curl demoapp:8080/canary
     iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-k2xzl, ServerIP: 172.16.196.145!
     / $ curl demoapp:8080/canary
     iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-k2xzl, ServerIP: 172.16.196.145!
     / $ curl demoapp:8080/canary
     iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-vxmgv, ServerIP: 172.16.140.87!
     / $ curl demoapp:8080/canary
     iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-vxmgv, ServerIP: 172.16.140.87!
     / $ curl demoapp:8080/canary
     iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-k2xzl, ServerIP: 172.16.196.145!
     / $ curl demoapp:8080/canary
     iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-k2xzl, ServerIP: 172.16.196.145!
     / $ curl demoapp:8080/canary
     iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-k2xzl, ServerIP: 172.16.196.145!
     / $ curl demoapp:8080/canary
     iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-k2xzl, ServerIP: 172.16.196.145!
     / $ curl demoapp:8080/canary
     fault filter abort/ $ 

   • 当访问demoapp:8080的时候，按照规则，会有20%的流量注入延迟3秒的故障

     / $ curl demoapp:8080
     iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-f9vfv, ServerIP: 172.16.140.88!
     / $ curl demoapp:8080
     iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-fglcx, ServerIP: 172.16.140.86!
     / $ curl demoapp:8080
     iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-qfnw5, ServerIP: 172.16.196.146!
     / $ curl demoapp:8080
     iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-fglcx, ServerIP: 172.16.140.86!
     / $ curl demoapp:8080
     iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-f9vfv, ServerIP: 172.16.140.88!
     / $ curl demoapp:8080
     iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-f9vfv, ServerIP: 172.16.140.88!
     / $ curl demoapp:8080
     ^C

5.7 retry

1. 定义demoapp v1.0和demoapp v1.1版本和subset的dr规则。参考weight中定义

2. 定义proxy的deployment和gateway 以及virtualservice

   apiVersion: apps/v1
   kind: Deployment
   metadata:
     name: proxy
   spec:
     progressDeadlineSeconds: 600
     replicas: 1
     selector:
       matchLabels:
         app: proxy
     template:
       metadata:
         labels:
           app: proxy
       spec:
         containers:
           - env:
             - name: PROXYURL
               value: http://demoapp:8080
             image: ikubernetes/proxy:v0.1.1
             imagePullPolicy: IfNotPresent
             name: proxy
             ports:
               - containerPort: 8080
                 name: web
                 protocol: TCP
             resources:
               limits:
                 cpu: 50m
   ---
   apiVersion: v1
   kind: Service
   metadata:
     name: proxy
   spec:
     ports:
       - name: http-80
         port: 80
         protocol: TCP
         targetPort: 8080
     selector:
       app: proxy
   ---
   apiVersion: networking.istio.io/v1beta1
   kind: Gateway
   metadata:
     name: proxy-gateway
     namespace: istio-system        # 要指定为ingress gateway pod所在名称空间
   spec:
     selector:
       app: istio-ingressgateway
     servers:
     - port:
         number: 80
         name: http
         protocol: HTTP
       hosts:
       - "fe.icloud2native.com"
   ---

3. 在demoapp中定义fault

   apiVersion: networking.istio.io/v1beta1
   kind: VirtualService
   metadata:
     name: demoapp
   spec:
     hosts:
     - demoapp
     http:
     - name: canary
       match:
       - uri:
           prefix: /canary
       rewrite:
         uri: /
       route:
       - destination:
           host: demoapp
           subset: v11
       fault:         # 故障注入的一种方式abort,会在发往v11版本的20%的流量上注入abort故障，返回的http code为555
         abort:
           percentage:
             value: 50
           httpStatus: 555
     - name: default
       route:
       - destination:
           host: demoapp
           subset: v10
       fault:
         delay:              # 故障注入的另外一种方式延迟，会在发往v10的版本上20%的流量上注入delay故障，延迟时间为3秒
           percentage:
             value: 50
           fixedDelay: 3s

4. 定义retry机制

   apiVersion: networking.istio.io/v1beta1
   kind: VirtualService
   metadata:
     name: proxy
   spec:
     hosts:
     - "fe.icloud2native.com"                     # 对应于gateways/proxy-gateway
     gateways:
     - istio-system/proxy-gateway       # 相关定义仅应用于Ingress Gateway上
     - mesh                             # 应用在网格内所有的sidercar上
     http:
     - name: default
       route:
       - destination:
           host: proxy
       timeout: 1s
       retries:
         attempts: 5   # 加上第一次请求，在log里面看到的应该是请求了6次。
         perTryTimeout: 1s # 每次重试超过1s，就会发起第二次重试
         retryOn: 5xx,connect-failure,refused-stream

5. 测试

   上述定义的规则是：后端demoapp注入了abort和delay的故障，前端服务proxy请求demoapp的时候，在proxy中定义了retry，当请求后端出现5xx,connect-failure,refused-stream的时候，会进行retry机制。在前端的log里面看到的应该是请求了6次。

5.8 Traffic mirror

场景：有时候想要用线上真实流量来测试将要上线的服务，这样更能模拟出真实的线上测试效果。所以会将线上真实流量mirror到测试环境。

1. 定义demoapp v1.0和demoapp v1.1版本和subset的dr规则。参考weight中定义

2. 定义traffic mirror的virtualservice规则

   apiVersion: networking.istio.io/v1beta1
   kind: VirtualService
   metadata:
     name: demoapp
   spec:
     hosts:
     - demoapp
     http:
     - name: traffic-mirror
       route:
       - destination:
           host: demoapp
           subset: v10
       mirror:
         host: demoapp
         subset: v11

3. 测试

   我们在客户端请求curl demoapp:8080,虽然请求到了v10 版本，但是我们在v11版本的pod里面看到了有流量进入。