Istio 虚拟服务 (Vistrual Service)
虚拟服务(Vistrual Service)是 Istio 重要的资源对象之一,作用是将流量路由到网格中的服务。支持基于权重、http header条件等优先级的路由,比Kuberentes service对于流量的管控更加的丰富,颗粒度更加精细。
有了 Kubernetes Service,为什么还需要 Istio Vistrual Service
简单来说,基于 Kubernetes Service,只可以实现简单的流量负载均衡,如果想实现基于HTTP Header,负载百分比等等复杂的流量控制就无从下手了,Istio Vistrual Service在原本 Kubernetes Service 的功能之上,提供了更加丰富的路由控制。
通过例子来理解
有两个Deployment(nginx 及 httpd),通过Service关联到一起,通过访问Service只能做到简单的负载均衡,通过实验发现 nginx 和 httpd 流量各自在 50% 左右。
Deployment & Service
apiVersion: apps/v1
kind: Deployment
metadata:
labels: app: nginx
name: nginx-deployment
spec:
replicas: 1
selector: matchLabels: app: nginx
strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate
template: metadata: labels: app: nginx server: web spec: containers: - image: 'nginx:latest' name: nginx-deployment
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels: app: httpd
name: httpd-deployment
spec:
replicas: 1
selector: matchLabels: app: httpd
strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate
template: metadata: labels: app: httpd server: web spec: containers: - image: 'httpd:latest' name: httpd-deployment
---
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
ports:
- port: 80 protocol: TCP targetPort: 80
selector: app: nginx
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: httpd-service
spec:
ports:
- port: 80 protocol: TCP targetPort: 80
selector: app: httpd
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: web-service
spec:
ports:
- port: 80 protocol: TCP targetPort: 80
selector: server: web
type: ClusterIP
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
如果想实现更加细颗粒度的流量管控,通过引入Istio Vistrual Service 非常简单的就实现复杂的流量管理。
VirtualService 根据 Destination 进行调度,并且设置相关的负载百分比实现精准的控制。
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: web-vs
spec:
hosts:
- web-service
http:
- route: - destination: host: nginx-service weight: 80 - destination: host: httpd-service weight: 20
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
通过客户端测试以上的实验,请留意客户端也必须经过 Istio 注入,因为只有客户端被 Istio 注入才可以接收到来自 Pilot 有关 Virtual Service 和 Destination Rule 的配置信息,才可以保证流量接管生效。
apiVersion: apps/v1
kind: Deployment
metadata:
labels: app: client-deployment
name: client-deployment
spec:
replicas: 1
selector: matchLabels: app: client-deployment
strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate
template: metadata: labels: app: client-deployment spec: containers: - image: 'busybox:latest' name: client-deployment command: [ "/bin/sh", "-c", "sleep 3600"]
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
进入客户端容器执行 wget -q -O - web-service 观察执行结果
Vistrual Service 除了权重之外,还有条件匹配
很多场景下,需要针对不同的用户已提供个性化的服务等(提前内测新版本),例如针对地理位置、是否为VIP等等,那就需要对 httpd 流量进行识别匹配。
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: web-vs
spec:
hosts:
- web-service
http:
- match: - headers: end-user: exact: carryyip uri: prefix: "/health" ignoreUriCase: true route: - destination: host: httpd-service
- route: - destination: host: nginx-service
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
基于 HttpMatchRequest,路由规则从上到下进行优先级排序,在生产环境中建议使用一个无条件的规则作为最后规则,确保流量始终会匹配到最少一条规则,防止意外情况的方式。
路由规则从 match 关键字开始匹配,可以使用精确 exact 和 前缀 prefix 或者 正则表达式进行不同场景下的匹配。
文章来源: blog.csdn.net,作者:叶康铭,版权归原作者所有,如需转载,请联系作者。
原文链接:blog.csdn.net/m0_38030719/article/details/108723954
- 点赞
- 收藏
- 关注作者
评论(0)