istio(4):istio-流量管理-基于请求内容的访问规则控制

istio(4):istio-流量管理-基于请求内容的访问规则控制

将创建的 VirtualService 对象删除

 

[root@k8s-master istio-1.3.1]# kubectl get virtualservices.networking.istio.io
NAME       GATEWAYS             HOSTS       AGE
bookinfo   [bookinfo-gateway]   [*]         2d23h
reviews                         [reviews]   3s
[root@k8s-master istio-1.3.1]# istioctl delete virtualservice reviews
Command "delete" is deprecated, Use `kubectl delete` instead (see https://kubernetes.io/docs/tasks/tools/install-kubectl)
Deleted config: virtualservice reviews
[root@k8s-master istio-1.3.1]# kubectl get virtualservices.networking.istio.io
NAME       GATEWAYS             HOSTS   AGE
bookinfo   [bookinfo-gateway]   [*]     2d23h
[root@k8s-master istio-1.3.1]#

 

查看文件 samples/bookinfo/networking/virtual-service-reviews-jason-v2-v3.yaml 的定义:

# cat  samples/bookinfo/networking/virtual-service-reviews-jason-v2-v3.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: reviews
spec:
  hosts:
  - reviews
  http:
  - match:
    - headers:
        end-user:
          exact: jason
    route:
    - destination:
        host: reviews
        subset: v2
  - route:
    - destination:
        host: reviews
        subset: v3

 

 

这个 VirtualService 对象定义了对 reviews 服务访问的 match 规则。意思是如果当前请求的 header 中包含 jason 这个用户信息,则只会访问到 v2 的 reviews 这个服务版本,即都带星的样式,如果不包含该用户信息,则都直接将流量转发给 v3 这个 reviews 的服务。

 

我们先不启用这个 VirtualService,现在我们去访问下 Bookinfo 这个应用:

 

 

 

右上角有登录按钮,在没有登录的情况下刷新页面,reviews 服务是被随机访问的,可以看到有带星不带星的样式,点击登录,在弹窗中 User Name 输入 jason,Password为空,登录:

 

 

 

再刷新页面,可以看到跟未登录前的访问规则一样,也是随机的。

现在我们来创建上面的 VirtualService 这个对象:

[root@k8s-master istio-1.3.1]# kubectl create -f samples/bookinfo/networking/virtual-service-reviews-jason-v2-v3.yaml
The VirtualService "reviews" is invalid: []: Invalid value: map[string]interface {}{"apiVersion":"networking.istio.io/v1alpha3", "kind":"VirtualService", "metadata":map[string]interface {}{"creationTimestamp":"2019-11-11T03:13:57Z", "generation":1, "name":"reviews", "namespace":"default", "uid":"a221c753-d9b3-481c-8dff-a8810d0f2d45"}, "spec":map[string]interface {}{"hosts":[]interface {}{"reviews"}, "http":[]interface {}{map[string]interface {}{"match":[]interface {}{map[string]interface {}{"headers":map[string]interface {}{"end-user":map[string]interface {}{"exact":"jason"}}}}, "route":[]interface {}{map[string]interface {}{"destination":map[string]interface {}{"host":"reviews", "subset":"v2"}}}}, map[string]interface {}{"route":[]interface {}{map[string]interface {}{"destination":map[string]interface {}{"host":"reviews", "subset":"v3"}}}}}}}: validation failure list:
spec.http.route.weight in body is required
[root@k8s-master istio-1.3.1]# vim samples/bookinfo/networking/virtual-service-reviews-jason-v2-v3.yaml
[root@k8s-master istio-1.3.1]# vim samples/bookinfo/networking/virtual-service-reviews-jason-v2-v3.yaml
[root@k8s-master istio-1.3.1]# kubectl create -f samples/bookinfo/networking/virtual-service-reviews-jason-v2-v3.yaml
virtualservice.networking.istio.io/reviews created

 

 

修改一下

[root@k8s-master istio-1.3.1]# cat  samples/bookinfo/networking/virtual-service-reviews-jason-v2-v3.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: reviews
spec:
  hosts:
  - reviews
  http:
  - match:
    - headers:
        end-user:
          exact: jason
    route:
    - destination:
        host: reviews
        subset: v2
      weight: 1
  - route:
    - destination:
        host: reviews
        subset: v3
      weight: 1

 

# istioctl get virtualservice
Command "get" is deprecated, Use `kubectl get` instead (see https://kubernetes.io/docs/tasks/tools/install-kubectl)
VIRTUAL-SERVICE NAME   GATEWAYS           HOSTS     #HTTP     #TCP      NAMESPACE   AGE
bookinfo               bookinfo-gateway   *             1        0      default     2d
reviews                                   reviews       2        0      default     42s

 

 

 

此时再回去刷新页面,发现一直都是黑星的 Reviews 版本(v2)被访问到了。 注销退出后再访问,此时又一直是红色星的版本(v3)被访问了。

说明我们基于 headers->end-user->exact:jason 的控制规则生效了。在 productpage 服务调用 reviews 服务时,登录的情况下会在 header 中带上用户信息,通过 exact 规则匹配到相关信息后,流量被引向了上面配置的v2版本中。

 

这里要说明一下match的匹配规则:

All conditions inside a single match block have AND semantics, while the list of match blocks have OR semantics. The rule is matched if any one of the match blocks succeed.

 

- match:
    - uri:
        prefix: "/wpcatalog"
      port: 444

 

多个 match 块之间是只要有一个 match 匹配成功了,就会走向它指定的服务版本去,而忽略其他的。我们的示例中在登录的条件下,满足第一个 match,所以服务一直会访问到 v2 版本。退出登录后,没有 match 规则满足匹配,会走向最后一个 route 规则,即 v3 版本。

 

posted on 2019-11-12 10:36  光阴8023  阅读(797)  评论(0编辑  收藏  举报