Istio workloadEntry实例
服务说明
-
在网格外部运行有nginx服务,有两个实例
-
Nginx2001:监听地址为 172.29.1.201:8091,Nginx版本为1.20
-
Nginx2002:监听地址为 172.29.1.202:8091,Nginx版本为1.20
- Nginx2101:监听地址为 172.29.1.203:8091,Nginx版本为1.21
-
-
网格内部default名称空间中的pods/client作为客户端访问该服务
主机设置
添加IP地址
~# ip addr add 192.168.174.130/16 dev ens33
~# ip addr add 192.168.174.131/16 dev ens33
~# ip addr add 192.168.174.132/16 dev ens33查看IP地址
~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq state UP group default qlen 1000
link/ether 00:0c:29:35:d9:64 brd ff:ff:ff:ff:ff:ff
inet 192.168.174.121/24 brd 192.168.174.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.174.130/16 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.174.131/16 scope global secondary ens33
valid_lft forever preferred_lft forever
inet 192.168.174.132/16 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe35:d964/64 scope link
valid_lft forever preferred_lft forever部署nginx
docker-compose.yml
version: '3.3'
services:
nginx2001:
image: nginx:1.20-alpine
volumes:
- ./html/nginx2001:/usr/share/nginx/html/
networks:
envoymesh:
ipv4_address: 172.31.201.11
aliases:
- nginx
expose:
- "80"
ports:
- "192.168.174.130:8091:80"
nginx2002:
image: nginx:1.20-alpine
volumes:
- ./html/nginx2002:/usr/share/nginx/html/
networks:
envoymesh:
ipv4_address: 172.31.201.12
aliases:
- nginx
expose:
- "80"
ports:
- "192.168.174.131:8091:80"
nginx2101:
image: nginx:1.21-alpine
volumes:
- ./html/nginx2101:/usr/share/nginx/html/
networks:
envoymesh:
ipv4_address: 172.31.201.13
aliases:
- nginx
- canary
expose:
- "80"
ports:
- "192.168.174.132:8091:80"
networks:
envoymesh:
driver: bridge
ipam:
config:
- subnet: 172.31.201.0/24运行nginx
# docker-compose up -d
[+] Running 4/4
⠿ Network wgs_envoymesh Created 0.1s
⠿ Container wgs-nginx2101-1 Started 1.5s
⠿ Container wgs-nginx2001-1 Started 1.6s
⠿ Container wgs-nginx2002-1 Started 访问nginx
~# curl 192.168.174.130:8091
nginx 2001
~# curl 192.168.174.131:8091
nginx 2002
~# curl 192.168.174.132:8091
nginx 2101部署client
创建client
~# kubectl run client --image=ikubernetes/admin-box -it --rm --restart=Never --command -- /bin/sh
If you don't see a command prompt, try pressing enter.
root@client # 添加域名解析
root@client # echo "192.168.174.130 nginx.wgs.com" >> /etc/hosts访问nginx
root@client # while true;do curl nginx.wgs.com:8091; sleep 0.$RANDOM;done
nginx 2001
nginx 2001
nginx 2001workloadentry
workloadentry-nginx.yaml
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
name: workload-nginx2001
spec:
address: "192.168.174.130"
ports:
http: 8091
labels:
app: nginx
version: "v1.20"
instance-id: Nginx2001
---
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
name: workload-nginx2002
spec:
address: "192.168.174.131"
ports:
http: 8091
labels:
app: nginx
version: "v1.20"
instance-id: Nginx2002
---
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
name: workload-nginx2101
spec:
address: "172.29.1.132"
ports:
http: 8091
labels:
app: nginx
version: "v1.21"
instance-id: Nginx2101
---创建workloadentry资源
# kubectl apply -f workloadentry-nginx.yaml
workloadentry.networking.istio.io/workload-nginx2001 created
workloadentry.networking.istio.io/workload-nginx2002 created
workloadentry.networking.istio.io/workload-nginx2101 created查看workloadentry资源
# kubectl get we
NAME AGE ADDRESS
workload-nginx2001 47s 192.168.174.130
workload-nginx2002 47s 192.168.174.131
workload-nginx2101 47s 192.168.174.132serviceentry
serviceentry-nginx.yaml
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
name: nginx-external
spec:
hosts:
- nginx.wgs.com
ports:
- number: 80
name: http
protocol: HTTP
targetPort: 8091
location: MESH_EXTERNAL
resolution: STATIC
workloadSelector:
labels:
app: nginx创建ServiceEntry资源
# kubectl apply -f serviceentry-nginx.yaml
serviceentry.networking.istio.io/nginx-external created查看ServiceEntry资源
# kubectl get se
NAME HOSTS LOCATION RESOLUTION AGE
nginx-external ["nginx.wgs.com"] MESH_EXTERNAL STATIC 34s访问nginx
root@client # while true;do curl nginx.wgs.com; sleep 0.$RANDOM;done
nginx 2001
nginx 2101
nginx 2101
nginx 2001
nginx 2001
nginx 2101
nginx 2002
nginx 2002
nginx 2101
nginx 2002
高级流量治理-子集
destinationrule-nginx.yaml
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: nginx-external
spec:
host: nginx.wgs.com
trafficPolicy:
loadBalancer:
simple: RANDOM
connectionPool:
tcp:
maxConnections: 10000
connectTimeout: 10ms
tcpKeepalive:
time: 7200s
interval: 75s
http:
http2MaxRequests: 1000
maxRequestsPerConnection: 10
outlierDetection:
maxEjectionPercent: 50
consecutive5xxErrors: 5
interval: 2m
baseEjectionTime: 1m
minHealthPercent: 40
subsets:
- name: v20
labels:
version: "v1.20"
- name: v21
labels:
version: "v1.21"
---virtualservice-nginx.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: nginx-external
spec:
hosts:
- nginx.wgs.com
http:
- name: default
route:
- destination:
host: nginx.wgs.com
subset: v21
weight: 5
- destination:
host: nginx.wgs.com
subset: v20
weight: 95virtualservice-headers-based-routing.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: nginx-external
spec:
hosts:
- nginx.wgs.com
http:
- name: falut-injection
match:
- headers:
X-Canary:
exact: "true"
route:
- destination:
host: nginx.wgs.com
subset: v21
fault:
delay:
percentage:
value: 5
fixedDelay: 2s
- name: default
route:
- destination:
host: nginx.wgs.com
subset: v20
fault:
abort:
percentage:
value: 5
httpStatus: 555创建资源
# kubectl apply -f virtualservice-wegit-based-routing.yaml destinationrule-subsets.yaml
destinationrule.networking.istio.io/nginx-external created
virtualservice.networking.istio.io/nginx-external created访问nginx
root@client # while true;do curl nginx.wgs.com;done
nginx 2001
nginx 2101
nginx 2101
nginx 2001
nginx 2001
nginx 2101
nginx 2002查看kiali
