一、Traffic-Management-Basics
- ms-demo
- 01-demoapp-v10
cd istio-in-practise/Traffic-Management-Basics/ms-demo/01-demoapp-v10
# 部署后端demoapp
kubectl apply -f deploy-demoapp.yaml
# 切換到istio目錄,部署客戶端pod
kubectl apply -f istio-1.13.3/samples/sleep/sleep.yaml
# 進(jìn)入客戶端sleep的pod中訪問(wèn)后端服務(wù)
kubectl exec -it sleep-698cfc4445-ldm4l -- sh
curl demoappv10:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-tv7gc, ServerIP: 192.168.104.12!
# 查看客戶端關(guān)聯(lián)demoapp的endpoint
istioctl pc endpoint sleep-698cfc4445-ldm4l | grep demoapp
192.168.104.10:8080 HEALTHY OK outbound|8080||demoappv10.default.svc.cluster.local
192.168.104.12:8080 HEALTHY OK outbound|8080||demoappv10.default.svc.cluster.local
192.168.166.143:8080 HEALTHY OK outbound|8080||demoappv10.default.svc.cluster.local
# 創(chuàng)建proxy(前端代理)的pod
kubectl apply -f deploy-proxy.yaml
# 進(jìn)入客戶端sleep的pod中訪問(wèn)proxy服務(wù)
while true; do curl proxy; sleep 0.$RANDOM; done
Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-844db, ServerIP: 192.168.104.10!
- Took 631 milliseconds.
kiali流量截圖
image.png
此時(shí)客戶端pod訪問(wèn)時(shí)充蓝,流量直接由客戶端curl命令所在pod的sidecar-envoy直接轉(zhuǎn)發(fā)給這三個(gè)demoapp的pod上來(lái)呻逆,而不再經(jīng)由service調(diào)度,從而把流量由底層的service的轉(zhuǎn)發(fā)調(diào)度棵里,提升為網(wǎng)格自己的sidecar內(nèi)部來(lái)轉(zhuǎn)發(fā)和調(diào)度义黎,底層的service于此處將不再發(fā)揮作用禾进;部署的proxy的pod可以由網(wǎng)格內(nèi)所有的sidecar所發(fā)現(xiàn),包括route廉涕、cluster泻云、endpoint(可以用istioctl pc命令查看)
- 02-demoapp-v11
cd istio-in-practise/Traffic-Management-Basics/ms-demo/02-demoapp-v11
# 部署新版本demoapp-v11的pod
kubectl apply -f deploy-demoapp-v11.yaml
# 部署demoapp的service
kubectl apply -f service-demoapp.yaml
# 重新部署proxy的pod
kubectl apply -f deploy-proxy.yaml
# 進(jìn)入客戶端sleep的pod中訪問(wèn)proxy服務(wù)
while true; do curl proxy; sleep 0.$RANDOM; done
Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-tv7gc, ServerIP: 192.168.104.12!
- Took 61 milliseconds.
Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-tv7gc, ServerIP: 192.168.104.12!
- Took 12 milliseconds.
Proxying value: iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-dzr78, ServerIP: 192.168.104.14!
- Took 16 milliseconds.
Proxying value: iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-sn9p5, ServerIP: 192.168.166.147!
- Took 12 milliseconds.
# 查看以demoapp結(jié)尾的endpoint信息,包括demoapp-v10的三個(gè)pod狐蜕,demoapp-v11的三個(gè)pod
istioctl pc endpoint sleep-698cfc4445-ldm4l | grep "demoapp\>"
192.168.104.10:8080 HEALTHY OK outbound|8080||demoapp.default.svc.cluster.local
192.168.104.12:8080 HEALTHY OK outbound|8080||demoapp.default.svc.cluster.local
192.168.104.14:8080 HEALTHY OK outbound|8080||demoapp.default.svc.cluster.local
192.168.166.143:8080 HEALTHY OK outbound|8080||demoapp.default.svc.cluster.local
192.168.166.147:8080 HEALTHY OK outbound|8080||demoapp.default.svc.cluster.local
# 部署virtualservice
kubectl apply -f virutalservice-demoapp.yaml
# 進(jìn)入客戶端sleep的pod中訪問(wèn)proxy服務(wù)
while true; do curl proxy; curl proxy/canary; sleep 0.$RANDOM; done
Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-x6889, ServerIP: 192.168.166.152!
- Took 13 milliseconds.
Proxying value: iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-dzr78, ServerIP: 192.168.104.18!
- Took 8 milliseconds.
Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-844db, ServerIP: 192.168.104.16!
- Took 8 milliseconds.
kiali部署vs之前流量截圖
image.png
kiali部署vs之后流量截圖
image.png
重新部署proxy之后宠纯,訪問(wèn)demoapp的service,既有v10版本的demoapp层释,又有v11版本的demoapp
- 03-demoapp-subset
cd istio-in-practise/Traffic-Management-Basics/ms-demo/03-demoapp-subset
# 刪除svc demoappv10和demoappv11
kubectl delete svc demoappv10 demoappv11
# 創(chuàng)建demoapp的子集
kubectl apply -f destinationrule-demoapp.yaml
# 重新定義vs
kubectl apply -f virutalservice-demoapp.yaml
# 流量驗(yàn)證v10
while true; do curl proxy; sleep 0.$RANDOM; done
Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-x6889, ServerIP: 192.168.166.152!
- Took 8 milliseconds.
Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-844db, ServerIP: 192.168.104.16!
- Took 7 milliseconds.
# 流量驗(yàn)證v11
while true; do curl proxy/canary; sleep 0.$RANDOM; done
Proxying value: iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-sn9p5, ServerIP: 192.168.166.150!
- Took 7 milliseconds.
Proxying value: iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-dzr78, ServerIP: 192.168.104.18!
- Took 7 milliseconds.
重新定義vs之后婆瓜,借助于destinationrule,把一個(gè)svc屬于多個(gè)不通版本的pod劃分為多個(gè)不同子集贡羔,從而實(shí)現(xiàn)了一個(gè)服務(wù)借助于子集的邏輯廉白,來(lái)區(qū)分不同版本,還可以作為多個(gè)不同的路由目標(biāo)使用
- 04-proxy-gateway
cd istio-in-practise/Traffic-Management-Basics/ms-demo/04-proxy-gateway
# 創(chuàng)建gw
kubectl apply -f .
# 宿主機(jī)添加域名解析乖寒,訪問(wèn)demoapp
while true; do curl proxy.test.com ; sleep 1; done
kiali網(wǎng)關(guān)內(nèi)部和外部同時(shí)訪問(wèn)
image.png
- 05-url-redirect-and-rewrite
cd istio-in-practise/Traffic-Management-Basics/ms-demo/05-url-redirect-and-rewrite
# 部署backend應(yīng)用
kubectl apply -f deploy-backend.yaml
# 創(chuàng)建vs-proxy
kubectl apply -f virtualservice-proxy.yaml
# 驗(yàn)證流量
curl proxy
Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-844db, ServerIP: 192.168.104.24!
- Took 1196 milliseconds.
# 驗(yàn)證流量backend重定向(redirect)
curl -I proxy/backend
HTTP/1.1 301 Moved Permanently
location: http://backend:8082/
date: Tue, 24 May 2022 08:42:51 GMT
server: envoy
transfer-encoding: chunked
# 創(chuàng)建vs-demoapp
kubectl apply -f virtualservice-demoapp.yaml
# 驗(yàn)證流量v10
curl demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-tv7gc, ServerIP: 192.168.104.23!
# 驗(yàn)證流量v11
curl demoapp:8080/canary
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-sn9p5, ServerIP: 192.168.166.157!
# 驗(yàn)證rewrite
curl -I demoapp:8080/backend
HTTP/1.1 301 Moved Permanently
location: http://backend:8082/
date: Tue, 24 May 2022 08:51:02 GMT
server: envoy
transfer-encoding: chunked
- 06-weight-based-routing
cd istio-in-practise/Traffic-Management-Basics/ms-demo/06-weight-based-routing
# 刪除05步驟中的兩個(gè)vs猴蹂,部署新的vs
kubectl apply -f virtualservice-demoapp.yaml
# 驗(yàn)證流量分割
while true; do curl proxy; sleep 0.$RANDOM; done
Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-tv7gc, ServerIP: 192.168.104.23!
- Took 50 milliseconds.
Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-844db, ServerIP: 192.168.104.24!
- Took 24 milliseconds.
Proxying value: iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-dzr78, ServerIP: 192.168.104.28!
- Took 53 milliseconds.
Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-x6889, ServerIP: 192.168.166.159!
- Took 14 milliseconds.
Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-tv7gc, ServerIP: 192.168.104.23!
- Took 33 milliseconds.
kiali流量驗(yàn)證
image.png
- 07-headers-operation
cd istio-in-practise/Traffic-Management-Basics/ms-demo/07-headers-operation
# 應(yīng)用vs-demoapp
kubectl apply -f virtualservice-demoapp.yaml
# 驗(yàn)證demoappv10響應(yīng)頭
curl -I demoapp:8080
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-length: 115
server: envoy
date: Tue, 24 May 2022 09:04:30 GMT
x-envoy-upstream-service-time: 115
x-envoy: test
# 驗(yàn)證demoappv11響應(yīng)頭
curl -I -H "x-canary: true" demoapp:8080
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-length: 116
server: envoy
date: Tue, 24 May 2022 09:05:00 GMT
x-envoy-upstream-service-time: 46
x-canary: true
- 08-fault-injection
cd istio-in-practise/Traffic-Management-Basics/ms-demo/08-fault-injection
# 應(yīng)用故障注入vs
kubectl apply -f virtualservice-demoapp.yaml
# 驗(yàn)證流量中斷故障
while true; do curl demoapp:8080/canary; sleep 0.$RANDOM; done
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-sn9p5, ServerIP: 192.168.166.157!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-sn9p5, ServerIP: 192.168.166.157!
fault filter abortiKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-dzr78, ServerIP: 192.168.104.28!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-sn9p5, ServerIP: 192.168.166.157!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-dzr78, ServerIP: 192.168.104.28!
# 驗(yàn)證流量延遲故障
while true; do curl demoapp:8080; sleep 0.$RANDOM; done
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-x6889, ServerIP: 192.168.166.159!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-x6889, ServerIP: 192.168.166.159!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-tv7gc, ServerIP: 192.168.104.23!
- 09-http-retry
cd istio-in-practise/Traffic-Management-Basics/ms-demo/09-http-retry
# 應(yīng)用重試vs
kubectl apply -f .
# 驗(yàn)證延遲重試
while true; do curl demoapp:8080; sleep 0.$RANDOM; done
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-x6889, ServerIP: 192.168.166.159!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-tv7gc, ServerIP: 192.168.104.23!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-844db, ServerIP: 192.168.104.24!
# 驗(yàn)證中斷重試
while true; do curl demoapp:8080/canary; sleep 0.$RANDOM; done
fault filter abortiKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-sn9p5, ServerIP: 192.168.166.157!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-dzr78, ServerIP: 192.168.104.28!
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-sn9p5, ServerIP: 192.168.166.157!
fault filter abortiKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-dzr78, ServerIP: 192.168.104.28!
- 10-traffic-mirror
cd istio-in-practise/Traffic-Management-Basics/ms-demo/10-traffic-mirror
# 應(yīng)用vs
kubectl apply -f virtualservice-demoapp.yaml
# 驗(yàn)證流量
while true; do curl demoapp:8080; sleep 0.$RANDOM; done
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-844db, ServerIP: 192.168.104.24!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-x6889, ServerIP: 192.168.166.159!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-tv7gc, ServerIP: 192.168.104.23!
# 驗(yàn)證鏡像流量
kubectl logs -f --tail 1 demoappv11-77755cdc65-dzr78
127.0.0.6 - - [24/xxx/20xx xx:17:25] "GET / HTTP/1.1" 200 -
127.0.0.6 - - [24/xxx/20xx xx:17:26] "GET / HTTP/1.1" 200 -
127.0.0.6 - - [24/xxx/20xx xx:17:26] "GET / HTTP/1.1" 200 -
- 11-cluster-loadbalancing
cd istio-in-practise/Traffic-Management-Basics/ms-demo/11-cluster-loadbalancing
# 應(yīng)用dr
kubectl apply -f destinationrule-demoapp.yaml
# 更新vs
kubectl apply -f ../03-demoapp-subset/virutalservice-demoapp.yaml
# 驗(yàn)證流量,加上頭部信息宵统,訪問(wèn)固定后端應(yīng)用
while true; do curl -H "X-User: test" demoapp:8080; sleep 0.$RANDOM; done
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-844db, ServerIP: 192.168.104.24!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-844db, ServerIP: 192.168.104.24!
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-844db, ServerIP: 192.168.104.24!
二晕讲、Bookinfo示例
- 部署bookinfo
cd istio-1.13.3
# 拆除第一章節(jié)中的所有示例覆获,sleep的pod客戶端不用拆除
kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
# 所有pod正常運(yùn)行后马澈,驗(yàn)證bookinfo,得到如下結(jié)果表示正常
kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -sS productpage:9080/productpage | grep -o "<title>.*</title>"
<title>Simple Bookstore App</title>
# 部署gateway
kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
# 檢查istio配置
istioctl analyze
? No validation issues found when analyzing namespace: default.
bookinfo示例網(wǎng)址:https://istio.io/latest/docs/setup/getting-started/
- 驗(yàn)證
瀏覽器訪問(wèn)bookinfo頁(yè)面
image.png
kiali頁(yè)面驗(yàn)證
image.png
- 修改請(qǐng)求路由規(guī)則
# 配置默認(rèn)路由規(guī)則
kubectl apply -f samples/bookinfo/networking/destination-rule-all.yaml
# 將所有的路由規(guī)則都匹配到v1上
kubectl apply -f samples/bookinfo/networking/virtual-service-all-v1.yaml
kiali流量截圖
image.png
# 基于登陸角色限制訪問(wèn)版本
kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml
不登陸顯示v1
image.png
登陸顯示v2
image.png
- 修改故障注入規(guī)則
# 注入延遲故障
kubectl apply -f samples/bookinfo/networking/virtual-service-ratings-test-delay.yaml
正常訪問(wèn)
image.png
jason登陸延遲
image.png
# 注入中斷故障
kubectl apply -f samples/bookinfo/networking/virtual-service-ratings-test-abort.yaml
正常訪問(wèn)
image.png
json登陸rating不可獲得
image.png
- 拆除規(guī)則
kubectl delete -f samples/bookinfo/networking/virtual-service-all-v1.yaml
