社区首页 >专栏 >mac 上学习k8s系列（42）virtualService

mac 上学习k8s系列（42）virtualService

golangLeetcode

发布于 2022-08-02 11:42:31

39000

代码可运行

文章被收录于专栏：golang算法架构leetcode技术phpgolang算法架构leetcode技术php

运行总次数：0

代码可运行

在学习完istio注入后mac 上学习k8s系列（41）istio 注入，我们如何用istio来进行流量管理呢，用到了istio的crd VirtualService，首先我们来搭建学习环境：

apiVersion: apps/v1
kind: Deployment
metadata:
  name: client
spec:
  replicas: 1
  selector:
    matchLabels:
      app: client
  template:
    metadata:
      labels:
        app: client
    spec:
      containers:
        - name: busybox
          image: busybox
          imagePullPolicy: IfNotPresent
          command: ["/bin/sh", "-ce", "sleep 3600;tail -f /dev/null"]

apiVersion: apps/v1
kind: Deployment
metadata:
  name: httpd
  labels:
     server: httpd
     app: web
spec:
  replicas: 2
  selector:
     matchLabels:
       server: httpd
       app: web
  template:
    metadata:
      name: httpd
      labels:
          server: httpd
          app: web
    spec:
      containers:
      - name: busybox
        image: busybox
        imagePullPolicy: IfNotPresent
        command: ["/bin/sh","-ce","touch index.html;echo 'hello httpd' >index.html;httpd -p 8080;tail -f /dev/null"]
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: tomcat
  labels:
     server: tomcat
     app: web
spec:
  replicas: 2
  selector:
     matchLabels:
       server: tomcat
       app: web
  template:
    metadata:
      name: tomcat
      labels:
          server: tomcat
          app: web
    spec:
      containers:
      - name: tomcat
        image: docker.io/library/tomcat:latest
        imagePullPolicy: IfNotPresent

apiVersion: v1
kind: Service
metadata:
  name: tomcat-svc
spec:
  selector:
    server: tomcat
  ports:
    - name: http
      port: 8080
      targetPort: 8080
      protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
  name: httpd-svc
spec:
  selector:
    server: httpd
  ports:
    - name: http
      port: 8080
      targetPort: 8080
      protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
  name: web-svc
spec:
  selector:
    app: web
  ports:
    - name: http
      port: 8080
      targetPort: 8080
      protocol: TCP

启动服务

 % kubectl create ns vc   
namespace/vc created
%  kubectl apply -f ./vitural-service/client.yaml -n vc 
deployment.apps/client created
% kubectl apply -f ./vitural-service/deploy.yaml -n vc
deployment.apps/httpd created
deployment.apps/tomcat created
%  kubectl apply -f ./vitural-service/service.yaml -n  vc
service/tomcat-svc created
service/httpd-svc created

启动服务的时候如果出现下面的错误，原因是kubelet会检测是否有前台的服务，没有的话会重启

 Warning  BackOff    37s (x10 over 2m15s)  kubelet            Back-off restarting failed container

所以需要在command上加一个前台服务

command: [ "/bin/bash", "-ce", "tail -f /dev/null" ]

查看服务

% kubectl -n vc get endpoints
NAME         ENDPOINTS                                                     AGE
httpd-svc    10.1.4.164:8080,10.1.4.165:8080                               9h
tomcat-svc   10.1.4.162:8080,10.1.4.163:8080                               9h
web-svc      10.1.4.162:8080,10.1.4.163:8080,10.1.4.164:8080 + 1 more...   2m3s

检测下服务，分别看下svc-httpd和svc-tomcat

% kubectl -n vc exec -it client-5469d56b7f-9kdz8 -- wget -q -O - http://httpd-svc:8080    
hello httpd

 % kubectl -n vc exec -it client-5469d56b7f-9kdz8 -- wget -q -O - http://tomcat-svc:8080 
wget: server returned error: HTTP/1.1 404 
command terminated with exit code 1

看下web-svc，发现它访问两个下游服务的概率都是50%

% kubectl -n vc exec -it client-5469d56b7f-9kdz8 -- wget -q -O - http://web-svc:8080
hello httpd
% kubectl -n vc exec -it client-5469d56b7f-9kdz8 -- wget -q -O - http://web-svc:8080
wget: server returned error: HTTP/1.1 404 
command terminated with exit code 1

那么，我们应该如何控制流量不均匀分布呢？一个服务20% 一个80%？通过label的方式就解决不了了，需要vitural service

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: web-svc-vs
spec:
  hosts:
    - web-svc
  http:
    - route:
        - destination:
            host: tomcat-svc
          weight: 20
        - destination:
            host: httpd-svc
          weight: 80

配置文件和nginx的location 的配置很像，它包括两个部分host fields，匹配存在的一个服务名，routing rules可以定义规则实现流量的分发。同时需要注意的是，vitural service必须在istio注入后才能生效。

%  kubectl -n vc apply -f vitural-service/vs.yaml 
virtualservice.networking.istio.io/web-svc-vs created

 % kubectl -n vc get VirtualService 
NAME         GATEWAYS   HOSTS         AGE
web-svc-vs              ["web-svc"]   45s

开始注入

 % istioctl kube-inject -f  vitural-service/client.yaml |kubectl -n vc apply -f -
deployment.apps/client configured

% istioctl kube-inject -f  vitural-service/deploy.yaml |kubectl -n vc apply -f -
deployment.apps/httpd configured
deployment.apps/tomcat configured

可以看到我们的服务注入成功

% kubectl get pods -n vc 
NAME                      READY   STATUS    RESTARTS   AGE
client-78b5c977-xb27z     2/2     Running   0          3m48s
httpd-6cbf88b69c-l4dwn    2/2     Running   0          2m43s
httpd-6cbf88b69c-sm5xn    2/2     Running   0          3m28s
tomcat-7d754cc9b4-49sd2   2/2     Running   0          3m28s
tomcat-7d754cc9b4-rqz5t   2/2     Running   0          2m28s

试下，可以看到流量的分配比例是8:2

% kubectl -n vc exec -it client-78b5c977-xb27z -- wget -q -O - http://web-svc:8080
hello httpd
xiazemin@xiazemindeMBP 实战 % kubectl -n vc exec -it client-78b5c977-xb27z -- wget -q -O - http://web-svc:8080
hello httpd
xiazemin@xiazemindeMBP 实战 % kubectl -n vc exec -it client-78b5c977-xb27z -- wget -q -O - http://web-svc:8080
hello httpd
xiazemin@xiazemindeMBP 实战 % kubectl -n vc exec -it client-78b5c977-xb27z -- wget -q -O - http://web-svc:8080
hello httpd
xiazemin@xiazemindeMBP 实战 % kubectl -n vc exec -it client-78b5c977-xb27z -- wget -q -O - http://web-svc:8080
hello httpd
xiazemin@xiazemindeMBP 实战 % kubectl -n vc exec -it client-78b5c977-xb27z -- wget -q -O - http://web-svc:8080
hello httpd
xiazemin@xiazemindeMBP 实战 % kubectl -n vc exec -it client-78b5c977-xb27z -- wget -q -O - http://web-svc:8080
hello httpd
xiazemin@xiazemindeMBP 实战 % kubectl -n vc exec -it client-78b5c977-xb27z -- wget -q -O - http://web-svc:8080
wget: server returned error: HTTP/1.1 404 Not Found
command terminated with exit code 1
xiazemin@xiazemindeMBP 实战 % kubectl -n vc exec -it client-78b5c977-xb27z -- wget -q -O - http://web-svc:8080
wget: server returned error: HTTP/1.1 404 Not Found
command terminated with exit code 1
xiazemin@xiazemindeMBP 实战 % kubectl -n vc exec -it client-78b5c977-xb27z -- wget -q -O - http://web-svc:8080
hello httpd

除了可以按照比例分配流量外，还可以按照条件来分配流量

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: web-svc-vs-header
spec:
  hosts:
    - web-svc
  http:
  - match:
    - headers:
        end-user:
          exact: xiazemin
    route:
      - destination:
          host: httpd-svc
  - route:
      - destination:
          host: tomcat-svc

上面的例子，就是通过header来做流量的分配。

 % kubectl -n vc exec -it client-78b5c977-xb27z -- wget -q -O - http://web-svc:8080
wget: server returned error: HTTP/1.1 404 Not Found
command terminated with exit code 1

 % kubectl -n vc exec -it client-78b5c977-xb27z -- wget -q -O - http://web-svc:8080 --header 'end-user:xiazemin'
hello httpd