k8s之Istio实现镜像流量
流量镜像,也称为影子流量,是一个以尽可能低的风险为生产带来变化的强大的功能。镜像会将实时流量的副本发送到镜像服务。镜像流量发生在主服务的关键请求路径之外
·
Istio镜像流量
- 流量镜像,也称为影子流量,是一个以尽可能低的风险为生产带来变化的强大的功能。镜像会将实时流量的副本发送到镜像服务。镜像流量发生在主服务的关键请求路径之外
- 首先把流量全部路由到测试服务的
v1版本。然后,执行规则将所有流量镜像到v2版本。
测试yaml
[root@k8s-master-1 mirroring]# cat deployment.yaml
apiVersion: v1
kind: Namespace
metadata:
name: mirror
---
apiVersion: v1
kind: Service
metadata:
name: nginx
namespace: mirror
spec:
selector:
app: nginx
ports:
- name: httpd
port: 80
protocol: TCP
targetPort: 80
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-html
namespace: mirror
data:
nginx-v1: "this is nginx v1"
nginx-v2: "this is nginx v2"
---
apiVersion: v1
kind: Pod
metadata:
name: nginx-v1
namespace: mirror
labels:
app: nginx
version: v1
spec:
containers:
- name: nginx-v1
image: nginx
imagePullPolicy: IfNotPresent
volumeMounts:
- name: nginx-html
mountPath: /usr/share/nginx/html/index.html
subPath: nginx-v1
volumes:
- name: nginx-html
configMap:
name: nginx-html
---
apiVersion: v1
kind: Pod
metadata:
name: nginx-v2
namespace: mirror
labels:
app: nginx
version: v2
spec:
containers:
- name: nginx-v2
image: nginx
imagePullPolicy: IfNotPresent
volumeMounts:
- name: nginx-html
mountPath: /usr/share/nginx/html/index.html
subPath: nginx-v2
volumes:
- name: nginx-html
configMap:
name: nginx-html
---
apiVersion: v1
kind: Pod
metadata:
name: busybox
spec:
containers:
- name: busybox
image: busybox:1.28
imagePullPolicy: IfNotPresent
command: ["/bin/sh","-c","sleep 360000"]
[root@k8s-master-1 mirroring]# cat istio.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: httpd
namespace: mirror
spec:
hosts:
- nginx.mirror.svc.cluster.local
http:
- route:
- destination:
host: nginx.mirror.svc.cluster.local
subset: v1
weight: 100
---
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: httpd
namespace: mirror
spec:
host: nginx.mirror.svc.cluster.local
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
测试
# 部署测试POD
[root@k8s-master-1 mirroring]# istioctl kube-inject -f deployment.yaml | kubectl apply -f -
namespace/mirror created
service/nginx created
configmap/nginx-html created
pod/nginx-v1 created
pod/nginx-v2 created
pod/busybox created
# 部署istio
[root@k8s-master-1 mirroring]# kubectl apply -f istio.yaml
virtualservice.networking.istio.io/httpd created
destinationrule.networking.istio.io/httpd created
# 测试流量,可以发现目前流量全部到nginx-v1了
[root@k8s-master-1 mirroring]# for i in `seq 1 5`; do kubectl exec busybox -c busybox -- wget -q -O - http://nginx.mirror.svc.cluster.local && echo ; done
this is nginx v1
this is nginx v1
this is nginx v1
this is nginx v1
this is nginx v1
# 查看nginx-v1流量
[root@k8s-master-1 mirroring]# kubectl logs nginx-v1 -c nginx-v1 -n mirror | grep "^127"
127.0.0.6 - - [25/Apr/2022:13:06:42 +0000] "GET / HTTP/1.1" 200 16 "-" "Wget" "-"
127.0.0.6 - - [25/Apr/2022:13:06:43 +0000] "GET / HTTP/1.1" 200 16 "-" "Wget" "-"
127.0.0.6 - - [25/Apr/2022:13:06:43 +0000] "GET / HTTP/1.1" 200 16 "-" "Wget" "-"
................................
# 查看nginx-v2流量,未见访问流量
[root@k8s-master-1 mirroring]# kubectl logs nginx-v2 -c nginx-v2 -n mirror | grep "^127"
You have new mail in /var/spool/mail/root
部署镜像流量
[root@k8s-master-1 mirroring]# cat istio-mirror.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: httpd
namespace: mirror
spec:
hosts:
- nginx.mirror.svc.cluster.local
http:
- route:
- destination:
host: nginx.mirror.svc.cluster.local
subset: v1
weight: 100
mirror:
host: nginx.mirror.svc.cluster.local
subset: v2
mirrorPercent: 100 # 将流量全部镜像一份到nginx-v2
---
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: httpd
namespace: mirror
spec:
host: nginx.mirror.svc.cluster.local
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
[root@k8s-master-1 mirroring]# kubectl apply -f istio-mirror.yaml
Warning: using deprecated setting "mirrorPercent", use "mirrorPercentage" instead
virtualservice.networking.istio.io/httpd configured
destinationrule.networking.istio.io/httpd unchanged
# 模拟请求
[root@k8s-master-1 mirroring]# for i in `seq 1 5`; do kubectl exec busybox -c busybox -- wget -q -O - http://nginx.mirror.svc.cluster.local && echo ; donethis is nginx v1
this is nginx v1
this is nginx v1
this is nginx v1
this is nginx v1
# 查看nginx-v2日志
[root@k8s-master-1 mirroring]# kubectl logs nginx-v2 -c nginx-v2 -n mirror | grep "^127"
127.0.0.6 - - [25/Apr/2022:13:19:14 +0000] "GET / HTTP/1.1" 200 16 "-" "Wget" "10.70.2.10"
127.0.0.6 - - [25/Apr/2022:13:19:14 +0000] "GET / HTTP/1.1" 200 16 "-" "Wget" "10.70.2.10"
127.0.0.6 - - [25/Apr/2022:13:19:14 +0000] "GET / HTTP/1.1" 200 16 "-" "Wget" "10.70.2.10"
127.0.0.6 - - [25/Apr/2022:13:19:15 +0000] "GET / HTTP/1.1" 200 16 "-" "Wget" "10.70.2.10"
127.0.0.6 - - [25/Apr/2022:13:19:15 +0000] "GET / HTTP/1.1" 200 16 "-" "Wget" "10.70.2.10"
# 可以发现busybox访问nginx-v1的流量被镜像到nginx-v2了
[root@k8s-master-1 mirroring]# kubectl get pods -A -o wide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE
default busybox 2/2 Running 0 17m 10.70.2.10 k8s-node-1
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献43条内容
所有评论(0)