备考ICA----Istio实验7---故障注入 Fault Injection 实验

备考ICA----Istio实验7---故障注入 Fault Injection 实验

Istio 的故障注入用于模拟应用程序中的故障现象，以测试应用程序的故障恢复能力。故障注入有两种:

1.delay延迟注入

2.abort中止注入

1. 环境准备

kubectl apply -f istio/samples/bookinfo/platform/kube/bookinfo.yaml
kubectl apply -f istio/samples/bookinfo/networking/bookinfo-gateway.yaml
kubectl apply -f istio/samples/bookinfo/networking/destination-rule-all.yaml
kubectl apply -f istio/samples/bookinfo/networking/virtual-service-all-v1.yaml

gateway和bookinfo.yaml详见实验1

istio/samples/bookinfo/networking/destination-rule-all.yaml

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: productpage
spec:
  host: productpage
  subsets:
  - name: v1
    labels:
      version: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: reviews
spec:
  host: reviews
  subsets:
  - name: v1
    labels:
      version: v1
  - name: v2
    labels:
      version: v2
  - name: v3
    labels:
      version: v3
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: ratings
spec:
  host: ratings
  subsets:
  - name: v1
    labels:
      version: v1
  - name: v2
    labels:
      version: v2
  - name: v2-mysql
    labels:
      version: v2-mysql
  - name: v2-mysql-vm
    labels:
      version: v2-mysql-vm
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: details
spec:
  host: details
  subsets:
  - name: v1
    labels:
      version: v1
  - name: v2
    labels:
      version: v2

istio/samples/bookinfo/networking/virtual-service-all-v1.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: productpage
spec:
  hosts:
  - productpage
  http:
  - route:
    - destination:
        host: productpage
        subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: reviews
spec:
  hosts:
  - reviews
  http:
  - route:
    - destination:
        host: reviews
        subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: ratings
spec:
  hosts:
  - ratings
  http:
  - route:
    - destination:
        host: ratings
        subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: details
spec:
  hosts:
  - details
  http:
  - route:
    - destination:
        host: details
        subset: v1

环境确认

kubectl get dr,gw,vs,pods,svc

此时访问ingressgateway/productpage,reviews全部转给v1版本

reviews v1的版本就是没有任何☆显示

2. 部署reviews v2

当使用jason用户登录就被路由给v2版本,否则就路由给v1版本

istio/samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: reviews
spec:
  hosts:
    - reviews
  http:
  - match:
    - headers:
        end-user:
          exact: jason
    route:
    - destination:
        host: reviews
        subset: v2
  - route:
    - destination:
        host: reviews
        subset: v1

部署

kubectl apply -f istio/samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml

此时刷新页面任然是和刚才一样reviews任然是v1

点击右上的Sign in

此时右侧reviews就显示成v2版本

3. 注入HTTP Delay 延迟故障

当用jason用户登录,会有7秒的延迟注入

istio/samples/bookinfo/networking/virtual-service-ratings-test-delay.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: ratings
spec:
  hosts:
  - ratings
  http:
  - match:
    - headers:
        end-user:
          exact: jason
    fault:
      delay:
        percentage:
          value: 100.0
        fixedDelay: 7s
    route:
    - destination:
        host: ratings
        subset: v1
  - route:
    - destination:
        host: ratings
        subset: v1

部署更新vs

kubectl apply -f istio/samples/bookinfo/networking/virtual-service-ratings-test-delay.yaml

1. 用jason登录后,Bookinfo会被注入一个7秒的延迟.
2. 右侧reviews的报错:Sorry, product reviews are currently unavailable for this book.
3. 在 Web 浏览器中打开开发者工具菜单。打开网络选项卡。可以看到耗时为6秒多一点
4. 因为7秒会大于3s + 1 次重试，总共 6s。结果，调用过早超时，并在 6s 后抛出错误。
   
   修复错误
5. 降低注入的延迟错误到3秒以下:fixedDelay: 2s,这样1次失败加1次重试就能在6s内完成
6. 调大reviews与ratings 的失重试次数或重试等待时间.
   

4. 注入 HTTP Abort 中止故障

istio/samples/bookinfo/networking/virtual-service-ratings-test-abort.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: ratings
spec:
  hosts:
  - ratings
  http:
  - match:
    - headers:
        end-user:
          exact: jason
    fault:
      abort:
        percentage:
          value: 100.0
        httpStatus: 500
    route:
    - destination:
        host: ratings
        subset: v1
  - route:
    - destination:
        host: ratings
        subset: v1

部署vs

kubectl apply -f istio/samples/bookinfo/networking/virtual-service-ratings-test-abort.yaml

此时继续用jason用户访问reviews就会报错:Ratings service is currently unavailable

当退出jason用户后,raviews直接路由给了v1

至此故障注入 Fault Injection 实验完成