istio(4):istio-流量管理-基于请求内容的访问规则控制
istio(4):istio-流量管理-基于请求内容的访问规则控制
将创建的 VirtualService 对象删除
[root@k8s-master istio-1.3.1]# kubectl get virtualservices.networking.istio.io NAME GATEWAYS HOSTS AGE bookinfo [bookinfo-gateway] [*] 2d23h reviews [reviews] 3s [root@k8s-master istio-1.3.1]# istioctl delete virtualservice reviews Command "delete" is deprecated, Use `kubectl delete` instead (see https://kubernetes.io/docs/tasks/tools/install-kubectl) Deleted config: virtualservice reviews [root@k8s-master istio-1.3.1]# kubectl get virtualservices.networking.istio.io NAME GATEWAYS HOSTS AGE bookinfo [bookinfo-gateway] [*] 2d23h [root@k8s-master istio-1.3.1]#
查看文件 samples/bookinfo/networking/virtual-service-reviews-jason-v2-v3.yaml 的定义:
# cat samples/bookinfo/networking/virtual-service-reviews-jason-v2-v3.yaml apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: reviews spec: hosts: - reviews http: - match: - headers: end-user: exact: jason route: - destination: host: reviews subset: v2 - route: - destination: host: reviews subset: v3
这个 VirtualService 对象定义了对 reviews 服务访问的 match 规则。意思是如果当前请求的 header 中包含 jason 这个用户信息,则只会访问到 v2 的 reviews 这个服务版本,即都带星的样式,如果不包含该用户信息,则都直接将流量转发给 v3 这个 reviews 的服务。
我们先不启用这个 VirtualService,现在我们去访问下 Bookinfo 这个应用:
右上角有登录按钮,在没有登录的情况下刷新页面,reviews 服务是被随机访问的,可以看到有带星不带星的样式,点击登录,在弹窗中 User Name 输入 jason,Password为空,登录:
再刷新页面,可以看到跟未登录前的访问规则一样,也是随机的。
现在我们来创建上面的 VirtualService 这个对象:
[root@k8s-master istio-1.3.1]# kubectl create -f samples/bookinfo/networking/virtual-service-reviews-jason-v2-v3.yaml The VirtualService "reviews" is invalid: []: Invalid value: map[string]interface {}{"apiVersion":"networking.istio.io/v1alpha3", "kind":"VirtualService", "metadata":map[string]interface {}{"creationTimestamp":"2019-11-11T03:13:57Z", "generation":1, "name":"reviews", "namespace":"default", "uid":"a221c753-d9b3-481c-8dff-a8810d0f2d45"}, "spec":map[string]interface {}{"hosts":[]interface {}{"reviews"}, "http":[]interface {}{map[string]interface {}{"match":[]interface {}{map[string]interface {}{"headers":map[string]interface {}{"end-user":map[string]interface {}{"exact":"jason"}}}}, "route":[]interface {}{map[string]interface {}{"destination":map[string]interface {}{"host":"reviews", "subset":"v2"}}}}, map[string]interface {}{"route":[]interface {}{map[string]interface {}{"destination":map[string]interface {}{"host":"reviews", "subset":"v3"}}}}}}}: validation failure list: spec.http.route.weight in body is required [root@k8s-master istio-1.3.1]# vim samples/bookinfo/networking/virtual-service-reviews-jason-v2-v3.yaml [root@k8s-master istio-1.3.1]# vim samples/bookinfo/networking/virtual-service-reviews-jason-v2-v3.yaml [root@k8s-master istio-1.3.1]# kubectl create -f samples/bookinfo/networking/virtual-service-reviews-jason-v2-v3.yaml virtualservice.networking.istio.io/reviews created
修改一下
[root@k8s-master istio-1.3.1]# cat samples/bookinfo/networking/virtual-service-reviews-jason-v2-v3.yaml apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: reviews spec: hosts: - reviews http: - match: - headers: end-user: exact: jason route: - destination: host: reviews subset: v2 weight: 1 - route: - destination: host: reviews subset: v3 weight: 1
# istioctl get virtualservice Command "get" is deprecated, Use `kubectl get` instead (see https://kubernetes.io/docs/tasks/tools/install-kubectl) VIRTUAL-SERVICE NAME GATEWAYS HOSTS #HTTP #TCP NAMESPACE AGE bookinfo bookinfo-gateway * 1 0 default 2d reviews reviews 2 0 default 42s
此时再回去刷新页面,发现一直都是黑星的 Reviews 版本(v2)被访问到了。 注销退出后再访问,此时又一直是红色星的版本(v3)被访问了。
说明我们基于 headers->end-user->exact:jason 的控制规则生效了。在 productpage 服务调用 reviews 服务时,登录的情况下会在 header 中带上用户信息,通过 exact 规则匹配到相关信息后,流量被引向了上面配置的v2版本中。
这里要说明一下match的匹配规则:
All conditions inside a single match block have AND semantics, while the list of match blocks have OR semantics. The rule is matched if any one of the match blocks succeed.
- match: - uri: prefix: "/wpcatalog" port: 444
多个 match 块之间是只要有一个 match 匹配成功了,就会走向它指定的服务版本去,而忽略其他的。我们的示例中在登录的条件下,满足第一个 match,所以服务一直会访问到 v2 版本。退出登录后,没有 match 规则满足匹配,会走向最后一个 route 规则,即 v3 版本。