Istio 基本概念

Virtual Services

Istio根据virtual services中定义的rule将外部请求分发到内部mesh的service subsets. 比如同样的请求可以被分发到不同版本的subset.

 1 apiVersion: networking.istio.io/v1alpha3
 2 kind: VirtualService
 3 metadata:
 4   name: reviews
 5 spec:
 6   hosts:
 7   - reviews
 8   http:
 9   - match:
10     - headers:
11         end-user:
12           exact: jason
13     route:
14     - destination:
15         host: reviews
16         subset: v2
17   - route:
18     - destination:
19         host: reviews
20         subset: v3

hosts

用户指定的目标地址,可以是IP地址,DNS,或者K8s中的短名称,可以包含通配符.

routing rules

http 节点包含了route的信息. 第一个match 就表示将http头中end-user 是jason的请求全部导向v2. routes 按照先出现的优先级为高处理.

routes的match condition可以是端口号,headers,URIs甚至其他,具体可以参考HTTPMatchRequest reference.

destination的host必须是service(k8s)名称,可以将用户请求的一个hosts根据不同的match condition(如URI)分发到不同的service.

 1 apiVersion: networking.istio.io/v1alpha3
 2 kind: VirtualService
 3 metadata:
 4   name: bookinfo
 5 spec:
 6   hosts:
 7     - bookinfo.com
 8   http:
 9   - match:
10     - uri:
11         prefix: /reviews
12     route:
13     - destination:
14         host: reviews
15   - match:
16     - uri:
17         prefix: /ratings
18     route:
19     - destination:
20         host: ratings

还可以通过weight来将请求按照百分比来分发到不同service

 1 spec:
 2   hosts:
 3   - reviews
 4   http:
 5   - route:
 6     - destination:
 7         host: reviews
 8         subset: v1
 9       weight: 75
10     - destination:
11         host: reviews
12         subset: v2
13       weight: 25

route 还可以被用来操作headers,rewrite或者设置retry policy,具体参考HTTPRoute reference.

Destination rules

 Destination rules 和 Virtual Services 一起使用. Virtual Services 定义了路由的规则,Destination rules则描述了具体如何执行这些规则. 具体参考Destination Rule reference.

 1 apiVersion: networking.istio.io/v1alpha3
 2 kind: DestinationRule
 3 metadata:
 4   name: my-destination-rule
 5 spec:
 6   host: my-svc #一般是关联的service名称
 7   trafficPolicy:
 8     loadBalancer:
 9       simple: RANDOM
10   subsets:
11   - name: v1
12     labels:
13       version: v1
14   - name: v2
15     labels:
16       version: v2
17     trafficPolicy:
18       loadBalancer:
19         simple: ROUND_ROBIN
20   - name: v3
21     labels:
22       version: v3

上面这个Destination rule演示了 为 service my-svc 定义了默认的loadBalancer: Random. 所以V1和V3都使用这个loadBalancer 而v2使用了Round_Robin.只有在virtual service中定义了指向v2的路由,Round_Robin才会起作用.

Gateway

用于处理mesh的输入和输出,类似ingress.

 1 apiVersion: networking.istio.io/v1alpha3
 2 kind: Gateway
 3 metadata:
 4   name: ext-host-gwy
 5 spec:
 6   selector:
 7     app: my-gateway-controller
 8   servers:
 9   - port:
10       number: 443
11       name: https
12       protocol: HTTPS
13     hosts:
14     - ext-host.example.com
15     tls:
16       mode: SIMPLE
17       serverCertificate: /tmp/tls.crt
18       privateKey: /tmp/tls.key

gateway 必须绑定到virtual service 上

1 apiVersion: networking.istio.io/v1alpha3
2 kind: VirtualService
3 metadata:
4   name: virtual-svc
5 spec:
6   hosts:
7   - ext-host.example.com
8   gateways:
9     - ext-host-gwy

Service entries

用于定义mesh的外部资源,使mesh内部可以访问外部的service.

 1 apiVersion: networking.istio.io/v1alpha3
 2 kind: ServiceEntry
 3 metadata:
 4   name: svc-entry
 5 spec:
 6   hosts:
 7   - ext-svc.example.com
 8   ports:
 9   - number: 443
10     name: https
11     protocol: HTTPS
12   location: MESH_EXTERNAL
13   resolution: DNS

这个ServiceEntry就是告诉mesh ext-svc.example.com这个外部service通过HTTPS协议的443端口访问.

搭配Destnation Rule 告诉mesh 更详细的访问细节

 1 apiVersion: networking.istio.io/v1alpha3
 2 kind: DestinationRule
 3 metadata:
 4   name: ext-res-dr
 5 spec:
 6   host: ext-svc.example.com
 7   trafficPolicy:
 8     tls:
 9       mode: MUTUAL
10       clientCertificate: /etc/certs/myclientcert.pem
11       privateKey: /etc/certs/client_private_key.pem
12       caCertificates: /etc/certs/rootcacerts.pem

 

posted on 2020-02-18 09:41  leonworld2011  阅读(447)  评论(0编辑  收藏  举报

导航