Istio ServiceEntry实例

服务说明

  • 在网格外部运行有nginx服务,有两个实例

    • Nginx2001:监听地址为 172.29.1.201:8091,Nginx版本为1.20

    • Nginx2002:监听地址为 172.29.1.202:8091,Nginx版本为1.20

    • Nginx2101:监听地址为 172.29.1.203:8091,Nginx版本为1.21
  • 网格内部default名称空间中的pods/client作为客户端访问该服务

主机设置

添加IP地址

~# ip addr add 192.168.174.130/16 dev ens33
~# ip addr add 192.168.174.131/16 dev ens33
~# ip addr add 192.168.174.132/16 dev ens33

查看IP地址

~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq state UP group default qlen 1000
    link/ether 00:0c:29:35:d9:64 brd ff:ff:ff:ff:ff:ff
    inet 192.168.174.121/24 brd 192.168.174.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet 192.168.174.130/16 scope global ens33
       valid_lft forever preferred_lft forever
    inet 192.168.174.131/16 scope global secondary ens33
       valid_lft forever preferred_lft forever
    inet 192.168.174.132/16 scope global secondary ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe35:d964/64 scope link 
       valid_lft forever preferred_lft forever

部署nginx

docker-compose.yml

version: '3.3'

services:
  nginx2001:
    image: nginx:1.20-alpine
    volumes:
      - ./html/nginx2001:/usr/share/nginx/html/
    networks:
      envoymesh:
        ipv4_address: 172.31.201.11
        aliases:
        - nginx
    expose:
      - "80"
    ports:
      - "192.168.174.130:8091:80"

  nginx2002:
    image: nginx:1.20-alpine
    volumes:
      - ./html/nginx2002:/usr/share/nginx/html/
    networks:
      envoymesh:
        ipv4_address: 172.31.201.12
        aliases:
        - nginx
    expose:
      - "80"
    ports:
      - "192.168.174.131:8091:80"

  nginx2101:
    image: nginx:1.21-alpine
    volumes:
      - ./html/nginx2101:/usr/share/nginx/html/
    networks:
      envoymesh:
        ipv4_address: 172.31.201.13
        aliases:
        - nginx
        - canary
    expose:
      - "80"
    ports:
      - "192.168.174.132:8091:80"

networks:
  envoymesh:
    driver: bridge
    ipam:
      config:
        - subnet: 172.31.201.0/24

运行nginx

# docker-compose up -d
[+] Running 4/4
 ⠿ Network wgs_envoymesh      Created                                                                                                                 0.1s
 ⠿ Container wgs-nginx2101-1  Started                                                                                                                 1.5s
 ⠿ Container wgs-nginx2001-1  Started                                                                                                                 1.6s
 ⠿ Container wgs-nginx2002-1  Started   

访问nginx

~# curl 192.168.174.130:8091
nginx 2001
~# curl 192.168.174.131:8091
nginx 2002
~# curl 192.168.174.132:8091
nginx 2101

部署client

创建client

~# kubectl run client --image=ikubernetes/admin-box -it --rm --restart=Never --command -- /bin/sh
If you don't see a command prompt, try pressing enter.
root@client # 

添加域名解析

root@client # echo "192.168.174.130 nginx.wgs.com" >> /etc/hosts

访问nginx

root@client # while true;do curl nginx.wgs.com:8091; sleep 0.$RANDOM;done
nginx 2001
nginx 2001
nginx 2001

查看kiali

ServiceEntry

serviceentry-nginx.yaml

apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
  name: nginx-external
spec:
  hosts:
  - nginx.wgs.com
  addresses:
  - "192.168.174.130"
  - "192.168.174.131"
  - "192.168.174.132"
  ports:
  - number: 8091
    name: http
    protocol: HTTP
  location: MESH_EXTERNAL
  resolution: STATIC
  endpoints:
  - address: "192.168.174.130"
    ports:
      http: 8091
  - address: "192.168.174.131"
    ports:
      http: 8091
  - address: "192.168.174.132"
    ports:
      http: 8091

destinationrule-nginx.yaml

apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
  name: nginx-external
spec:
  host: nginx.wgs.com
  trafficPolicy:
    loadBalancer:
      consistentHash:
        httpHeaderName: X-User
    connectionPool:
      tcp:
        maxConnections: 10000
        connectTimeout: 10ms
        tcpKeepalive:
          time: 7200s
          interval: 75s
      http:
        http2MaxRequests: 1000
        maxRequestsPerConnection: 10
    outlierDetection:
      maxEjectionPercent: 50
      consecutive5xxErrors: 5
      interval: 2m
      baseEjectionTime: 1m
      minHealthPercent: 40

virtualservice-nginx.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: nginx-external
spec:
  hosts:
  - nginx.wgs.com
  http:
  - name: falut-injection
    match:
    - headers:
        X-Testing:
          exact: "true"
    route:
    - destination:
        host: nginx.wgs.com
    fault:
      delay:
        percentage:
          value: 5
        fixedDelay: 2s
      abort:
        percentage:
          value: 5
        httpStatus: 555
  - name: nginx-external
    route:
    - destination:
        host: nginx.wgs.com

创建资源

# kubectl apply -f .
serviceentry.networking.istio.io/nginx-external created
destinationrule.networking.istio.io/nginx-external created
virtualservice.networking.istio.io/nginx-external created

查看ServiceEntry

# kubectl get se
NAME             HOSTS               LOCATION        RESOLUTION   AGE
nginx-external   ["nginx.wgs.com"]   MESH_EXTERNAL   STATIC       31s

查看listeners

~# istioctl pc listener client --port 8091
ADDRESS PORT MATCH                                DESTINATION
0.0.0.0 8091 Trans: raw_buffer; App: http/1.1,h2c Route: 8091
0.0.0.0 8091 ALL                                  PassthroughCluster

查看cluster

~# istioctl pc  cluster client --port 8091
SERVICE FQDN      PORT     SUBSET     DIRECTION     TYPE     DESTINATION RULE
nginx.wgs.com     8091     -          outbound      EDS      nginx-external.default

查看endpoint

~# istioctl pc  endpoint client --port 8091
ENDPOINT                 STATUS      OUTLIER CHECK     CLUSTER
192.168.174.130:8091     HEALTHY     OK                outbound|8091||nginx.wgs.com
192.168.174.131:8091     HEALTHY     OK                outbound|8091||nginx.wgs.com
192.168.174.132:8091     HEALTHY     OK                outbound|8091||nginx.wgs.com

查看route

~# istioctl pc routes client --name 8091
NAME     DOMAINS                            MATCH     VIRTUAL SERVICE
8091     nginx.wgs.com, 192.168.174.132     /*        nginx-external.default
8091     nginx.wgs.com, 192.168.174.132     /*        nginx-external.default

访问nginx

访问nginx

root@client # while true;do curl  nginx.wgs.com:8091; sleep 0.$RANDOM;done
nginx 2002
nginx 2002
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2101
nginx 2002
nginx 2002
nginx 2001
nginx 2001
nginx 2101
nginx 2101
nginx 2002
nginx 2101

测试一致性hash

root@client # while true;do curl -H "X-user: user1"  nginx.wgs.com:8091; sleep 0.$RANDOM;done
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001

 测试故障注入

root@client # while true;do curl -H "X-Testing: true"  nginx.wgs.com:8091; sleep 0.$RANDOM;done
nginx 2002
nginx 2002
nginx 2002
nginx 2002
nginx 2101
nginx 2002
nginx 2001
nginx 2101
nginx 2101
nginx 2001
nginx 2001
nginx 2001
nginx 2101
nginx 2101
nginx 2002
nginx 2001
nginx 2002
nginx 2001
fault filter abortnginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
fault filter abortnginx 2001
nginx 2101
nginx 2101
fault filter abortnginx 2001

posted @ 2022-11-01 14:45  小吉猫  阅读(74)  评论(0编辑  收藏  举报