ServiceEntry和workloadentry
部署client
[root@master ServiceEntry-and-WorkloadEntry]# kubectl apply -f 00-Deploy-Client/
deployment.apps/client created
service/client created
[root@master ServiceEntry-and-WorkloadEntry]# cat 00-Deploy-Client/01-deployment-client.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: client
name: client
spec:
replicas: 1
selector:
matchLabels:
app: client
version: v1.2
template:
metadata:
labels:
app: client
version: v1.2
spec:
containers:
- image: ikubernetes/admin-box:v1.2
name: admin-box
command: ["bin/sh","-c","sleep 99999"]
[root@master ServiceEntry-and-WorkloadEntry]# cat 00-Deploy-Client/02-service-client.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: client
name: client
spec:
ports:
- name: http-80
appProtocol: http
port: 80
protocol: TCP
targetPort: 80
selector:
app: client
version: v1.2
type: ClusterIP
[root@master ServiceEntry-and-WorkloadEntry]# kubectl get pods
NAME READY STATUS RESTARTS AGE
client-74cf5679fd-vrqjj 2/2 Running 0 50s
sleep-78ff5975c6-75q5z 2/2 Running 8 (43h ago) 3d3h部署3个nginx
[root@VM-0-8-centos Deploy-Nginx]# cat docker-compose.yml
version: '3.3'
services:
nginx2001:
image: nginx:1.20-alpine
volumes:
- ./html/nginx2001:/usr/share/nginx/html/
networks:
envoymesh:
ipv4_address: 172.31.201.11
aliases:
- nginx
expose:
- "80"
ports:
- "10.0.0.8:8091:80"
networks:
envoymesh:
driver: bridge
ipam:
config:
- subnet: 172.31.201.0/24
[root@VM-0-8-centos Deploy-Nginx]# cat html/nginx2001/index.html
<title>nginx.yang.com</title>
Nginx 2001 ~~[root@VM-0-7-centos Deploy-Nginx]# cat docker-compose.yml
version: '3.3'
services:
nginx2002:
image: nginx:1.20-alpine
volumes:
- ./html/nginx2002:/usr/share/nginx/html/
networks:
envoymesh:
ipv4_address: 172.31.201.12
aliases:
- nginx
expose:
- "80"
ports:
- "10.0.0.7:8091:80"
networks:
envoymesh:
driver: bridge
ipam:
config:
- subnet: 172.31.201.0/24
[root@VM-0-7-centos Deploy-Nginx]# cat html/nginx2002/index.html
<title>nginx.yang.com</title>
Nginx 2002 ~~[root@VM-0-14-centos Deploy-Nginx]# cat docker-compose.yml
version: '3.3'
services:
nginx2101:
image: nginx:1.21-alpine
volumes:
- ./html/nginx2101:/usr/share/nginx/html/
networks:
envoymesh:
ipv4_address: 172.31.201.13
aliases:
- nginx
- canary
expose:
- "80"
ports:
- "10.0.0.14:8091:80"
networks:
envoymesh:
driver: bridge
ipam:
config:
- subnet: 172.31.201.0/24
[root@VM-0-14-centos Deploy-Nginx]# cat html/nginx2101/index.html
<title>nginx.yang.com</title>
Nginx 2101 ~~三台都执行
docker-compose up -d在client中做一个解析 做持续访问
[root@master ServiceEntry-and-WorkloadEntry]# kubectl exec -it client-74cf5679fd-vrqjj -- /bin/sh
root@client-74cf5679fd-vrqjj # cat /etc/hosts
# Kubernetes-managed hosts file.
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
fe00::0 ip6-mcastprefix
fe00::1 ip6-allnodes
fe00::2 ip6-allrouters
10.244.104.12 client-74cf5679fd-vrqjj
1.13.248.55 nginx.yang.com
root@client-74cf5679fd-vrqjj # while true; do curl nginx.yang.com:8091; sleep .5; done查看kiali显示PassthroughCluster,说明流量被透传了
创建serviceentry
[root@master ServiceEntry-and-WorkloadEntry]# kubectl apply -f 01-Service-Entry/01-serviceentry-nginx.yaml
serviceentry.networking.istio.io/nginx-external created
[root@master ServiceEntry-and-WorkloadEntry]# cat 01-Service-Entry/01-serviceentry-nginx.yaml
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
name: nginx-external
spec:
hosts:
- nginx.yang.com
addresses:
- "1.13.18.220"
- "1.13.248.55"
- "1.13.183.102"
ports:
- number: 8091
name: http
protocol: HTTP
targetPort: 8091
location: MESH_EXTERNAL
resolution: STATIC
endpoints:
- address: "1.13.18.220"
ports:
http: 8091
- address: "1.13.248.55"
ports:
http: 8091
- address: "1.13.183.102"
ports:
http: 8091继续用client循环访问,就可以访问到三个nginx
root@client-74cf5679fd-vrqjj # while true; do curl nginx.yang.com:8091; sleep .5; done
<title>nginx.yang.com</title>
Nginx 2001 ~~
<title>nginx.yang.com</title>
Nginx 2002 ~~
<title>nginx.yang.com</title>
Nginx 2101 ~~
<title>nginx.yang.com</title>
Nginx 2101 ~~
<title>nginx.yang.com</title>
Nginx 2002 ~~
<title>nginx.yang.com</title>
Nginx 2002 ~~
<title>nginx.yang.com</title>
Nginx 2002 ~~
<title>nginx.yang.com</title>
Nginx 2101 ~~
<title>nginx.yang.com</title>
Nginx 2001 ~~
<title>nginx.yang.com</title>
Nginx 2001 ~~
把serviceentry删除
[root@master ServiceEntry-and-WorkloadEntry]# kubectl delete -f 01-Service-Entry/01-serviceentry-nginx.yaml
serviceentry.networking.istio.io "nginx-external" deleted部署workloadentry
[root@master ServiceEntry-and-WorkloadEntry]# kubectl apply -f 02-Workload-Entry/01-workloadentry-nginx.yaml
workloadentry.networking.istio.io/workload-nginx2001 created
workloadentry.networking.istio.io/workload-nginx2002 created
[root@master ServiceEntry-and-WorkloadEntry]# cat 02-Workload-Entry/01-workloadentry-nginx.yaml
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
name: workload-nginx2001
labels:
version: v1.20
spec:
address: "1.13.18.220"
ports:
http: 8091
labels:
app: nginx
version: v1.20
instance-id: Nginx2001
---
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
name: workload-nginx2002
labels:
version: v1.20
spec:
address: "1.13.248.55"
ports:
http: 8091
labels:
app: nginx
version: v1.20
instance-id: Nginx2002
---
[root@master ServiceEntry-and-WorkloadEntry]# kubectl get workloadentry
NAME AGE ADDRESS
workload-nginx2001 12s 1.13.18.220
workload-nginx2002 12s 1.13.248.55部署serviceentry
[root@master ServiceEntry-and-WorkloadEntry]# kubectl apply -f 02-Workload-Entry/02-serviceentry-nginx.yaml
serviceentry.networking.istio.io/nginx-external created
[root@master ServiceEntry-and-WorkloadEntry]# cat 02-Workload-Entry/02-serviceentry-nginx.yaml
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
name: nginx-external
spec:
hosts:
- nginx.yang.com
ports:
- number: 80
name: http
protocol: HTTP
targetPort: 8091
location: MESH_EXTERNAL
resolution: STATIC
workloadSelector:
labels:
app: nginx在client中继续持续访问这次访问80端口
root@client-74cf5679fd-vrqjj # while true; do curl nginx.yang.com:80; sleep 0.$RANDOM; done
把第三个nginx也加入到workload中
[root@master ServiceEntry-and-WorkloadEntry]# kubectl apply -f 03-WorkloadEntry-Subsets/01-workloadentry-nginx.yaml
workloadentry.networking.istio.io/workload-nginx2001 configured
workloadentry.networking.istio.io/workload-nginx2002 configured
workloadentry.networking.istio.io/workload-nginx2101 created
[root@master ServiceEntry-and-WorkloadEntry]# cat 03-WorkloadEntry-Subsets/01-workloadentry-nginx.yaml
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
name: workload-nginx2001
spec:
address: "1.13.18.220"
ports:
http: 8091
labels:
app: nginx
version: "v1.20"
instance-id: Nginx2001
---
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
name: workload-nginx2002
spec:
address: "1.13.248.55"
ports:
http: 8091
labels:
app: nginx
version: "v1.20"
instance-id: Nginx2002
---
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
name: workload-nginx2101
spec:
address: "1.13.183.102"
ports:
http: 8091
labels:
app: nginx
version: "v1.21"
instance-id: Nginx2101
---就可以看到流量已经到三个nginx上了 
划分子集
[root@master 03-WorkloadEntry-Subsets]# kubectl apply -f 03-destinationrule-subsets.yaml
destinationrule.networking.istio.io/nginx-external created
[root@master 03-WorkloadEntry-Subsets]# cat 03-destinationrule-subsets.yaml
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: nginx-external
spec:
host: nginx.magedu.com
subsets:
- name: v20
labels:
version: "v1.20"
- name: v21
labels:
version: "v1.21"
---对子集进行流量治理,v21版本5%流量v20版本95%流量
[root@master 03-WorkloadEntry-Subsets]# kubectl apply -f 04-virtualservice-wegit-based-routing.yaml
virtualservice.networking.istio.io/nginx-external created
[root@master 03-WorkloadEntry-Subsets]# cat 04-virtualservice-wegit-based-routing.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: nginx-external
spec:
hosts:
- nginx.yang.com
http:
- name: default
route:
- destination:
host: nginx.yang.com
subset: v21
weight: 5
- destination:
host: nginx.yang.com
subset: v20
weight: 95
百分之5左右的流量2101
对标头X-Canary:exact: "true"的路由到v21并对5%的流量进行2s延迟
其他流量路由到v20并对5%的流量555的中断故障
[root@master 03-WorkloadEntry-Subsets]# kubectl apply -f 05-virtualservice-headers-based-routing.yaml
virtualservice.networking.istio.io/nginx-external configured
[root@master 03-WorkloadEntry-Subsets]# cat 05-virtualservice-headers-based-routing.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: nginx-external
spec:
hosts:
- nginx.yang.com
http:
- name: falut-injection
match:
- headers:
X-Canary:
exact: "true"
route:
- destination:
host: nginx.yang.com
subset: v21
fault:
delay:
percentage:
value: 5
fixedDelay: 2s
- name: default
route:
- destination:
host: nginx.yang.com
subset: v20
fault:
abort:
percentage:
value: 5
httpStatus: 555root@client-74cf5679fd-vrqjj # while true; do curl -H "X-Canary: true" nginx.yang.com:80; sleep 0.$RANDOM; done
<title>nginx.yang.com</title>
Nginx 2101 ~~
<title>nginx.yang.com</title>
Nginx 2101 ~~
<title>nginx.yang.com</title>
Nginx 2101 ~~
<title>nginx.yang.com</title>
Nginx 2101 ~~
<title>nginx.yang.com</title>
Nginx 2101 ~~
<title>nginx.yang.com</title>
Nginx 2101 ~~加上标头匹配就可以看到全部到达nginx2101上了
使用Engress统一收入外发流量
[root@master 04-Egress-Gateway]# kubectl apply -f ./
workloadentry.networking.istio.io/workload-nginx2001 unchanged
workloadentry.networking.istio.io/workload-nginx2002 unchanged
workloadentry.networking.istio.io/workload-nginx2101 unchanged
serviceentry.networking.istio.io/nginx unchanged
destinationrule.networking.istio.io/nginx-external unchanged
gateway.networking.istio.io/egress unchanged
virtualservice.networking.istio.io/nginx-external unchanged
[root@master 04-Egress-Gateway]# cat 01-workloadentry-nginx.yaml
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
name: workload-nginx2001
spec:
address: "1.13.18.220"
ports:
http: 8091
labels:
app: nginx
version: "v1.20"
instance-id: Nginx2001
---
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
name: workload-nginx2002
spec:
address: "1.13.248.55"
ports:
http: 8091
labels:
app: nginx
version: "v1.20"
instance-id: Nginx2002
---
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
name: workload-nginx2101
spec:
address: "1.13.183.102"
ports:
http: 8091
labels:
app: nginx
version: "v1.21"
instance-id: Nginx2101
---
[root@master 04-Egress-Gateway]# cat 02-serviceentry-nginx.yaml
---
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
name: nginx
spec:
hosts:
- nginx.magedu.com
ports:
- number: 80
name: http
protocol: HTTP
location: MESH_EXTERNAL
resolution: STATIC
workloadSelector:
labels:
app: nginx
---
[root@master 04-Egress-Gateway]# cat 03-destinationrule-subsets.yaml
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: nginx-external
spec:
host: nginx.magedu.com
subsets:
- name: v20
labels:
version: "v1.20"
- name: v21
labels:
version: "v1.21"
---
[root@master 04-Egress-Gateway]# cat 04-gateway-egress.yaml
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: egress
namespace: istio-system
spec:
selector:
app: istio-egressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
[root@master 04-Egress-Gateway]# cat 05-virtualservice-wegit-based-routing.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: nginx-external
spec:
hosts:
- nginx.magedu.com
gateways:
- istio-system/egress
- mesh
http:
- match:
- gateways:
- mesh
route:
- destination:
host: istio-egressgateway.istio-system.svc.cluster.local
- match:
- gateways:
- istio-system/egress
route:
- destination:
host: nginx.magedu.com
subset: v21
weight: 5
- destination:
host: nginx.magedu.com
subset: v20
weight: 95
