服务说明

  • 在网格外部运行有nginx服务,有两个实例

    • Nginx2001:监听地址为 172.29.1.201:8091,Nginx版本为1.20

    • Nginx2002:监听地址为 172.29.1.202:8091,Nginx版本为1.20

    • Nginx2101:监听地址为 172.29.1.203:8091,Nginx版本为1.21

  • 网格内部default名称空间中的pods/client作为客户端访问该服务

主机设置

添加IP地址

~# ip addr add 192.168.174.130/16 dev ens33
~# ip addr add 192.168.174.131/16 dev ens33
~# ip addr add 192.168.174.132/16 dev ens33

查看IP地址

~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq state UP group default qlen 1000
    link/ether 00:0c:29:35:d9:64 brd ff:ff:ff:ff:ff:ff
    inet 192.168.174.121/24 brd 192.168.174.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet 192.168.174.130/16 scope global ens33
       valid_lft forever preferred_lft forever
    inet 192.168.174.131/16 scope global secondary ens33
       valid_lft forever preferred_lft forever
    inet 192.168.174.132/16 scope global secondary ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe35:d964/64 scope link 
       valid_lft forever preferred_lft forever

部署nginx

docker-compose.yml

version: '3.3'

services:
  nginx2001:
    image: nginx:1.20-alpine
    volumes:
      - ./html/nginx2001:/usr/share/nginx/html/
    networks:
      envoymesh:
        ipv4_address: 172.31.201.11
        aliases:
        - nginx
    expose:
      - "80"
    ports:
      - "192.168.174.130:8091:80"

  nginx2002:
    image: nginx:1.20-alpine
    volumes:
      - ./html/nginx2002:/usr/share/nginx/html/
    networks:
      envoymesh:
        ipv4_address: 172.31.201.12
        aliases:
        - nginx
    expose:
      - "80"
    ports:
      - "192.168.174.131:8091:80"

  nginx2101:
    image: nginx:1.21-alpine
    volumes:
      - ./html/nginx2101:/usr/share/nginx/html/
    networks:
      envoymesh:
        ipv4_address: 172.31.201.13
        aliases:
        - nginx
        - canary
    expose:
      - "80"
    ports:
      - "192.168.174.132:8091:80"

networks:
  envoymesh:
    driver: bridge
    ipam:
      config:
        - subnet: 172.31.201.0/24

运行nginx

# docker-compose up -d
[+] Running 4/4
 ⠿ Network wgs_envoymesh      Created                                                                                                                 0.1s
 ⠿ Container wgs-nginx2101-1  Started                                                                                                                 1.5s
 ⠿ Container wgs-nginx2001-1  Started                                                                                                                 1.6s
 ⠿ Container wgs-nginx2002-1  Started

访问nginx

~# curl 192.168.174.130:8091
nginx 2001
~# curl 192.168.174.131:8091
nginx 2002
~# curl 192.168.174.132:8091
nginx 2101

部署client

创建client

~# kubectl run client --image=ikubernetes/admin-box -it --rm --restart=Never --command -- /bin/sh
If you don't see a command prompt, try pressing enter.
root@client #

添加域名解析

root@client # echo "192.168.174.130 nginx.wgs.com" >> /etc/hosts

访问nginx

root@client # while true;do curl nginx.wgs.com:8091; sleep 0.$RANDOM;done
nginx 2001
nginx 2001
nginx 2001

查看kiali

ServiceEntry

serviceentry-nginx.yaml

apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
  name: nginx-external
spec:
  hosts:
  - nginx.wgs.com
  addresses:
  - "192.168.174.130"
  - "192.168.174.131"
  - "192.168.174.132"
  ports:
  - number: 8091
    name: http
    protocol: HTTP
  location: MESH_EXTERNAL
  resolution: STATIC
  endpoints:
  - address: "192.168.174.130"
    ports:
      http: 8091
  - address: "192.168.174.131"
    ports:
      http: 8091
  - address: "192.168.174.132"
    ports:
      http: 8091

destinationrule-nginx.yaml

apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
  name: nginx-external
spec:
  host: nginx.wgs.com
  trafficPolicy:
    loadBalancer:
      consistentHash:
        httpHeaderName: X-User
    connectionPool:
      tcp:
        maxConnections: 10000
        connectTimeout: 10ms
        tcpKeepalive:
          time: 7200s
          interval: 75s
      http:
        http2MaxRequests: 1000
        maxRequestsPerConnection: 10
    outlierDetection:
      maxEjectionPercent: 50
      consecutive5xxErrors: 5
      interval: 2m
      baseEjectionTime: 1m
      minHealthPercent: 40

virtualservice-nginx.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: nginx-external
spec:
  hosts:
  - nginx.wgs.com
  http:
  - name: falut-injection
    match:
    - headers:
        X-Testing:
          exact: "true"
    route:
    - destination:
        host: nginx.wgs.com
    fault:
      delay:
        percentage:
          value: 5
        fixedDelay: 2s
      abort:
        percentage:
          value: 5
        httpStatus: 555
  - name: nginx-external
    route:
    - destination:
        host: nginx.wgs.com

创建资源

# kubectl apply -f .
serviceentry.networking.istio.io/nginx-external created
destinationrule.networking.istio.io/nginx-external created
virtualservice.networking.istio.io/nginx-external created

查看ServiceEntry

# kubectl get se
NAME             HOSTS               LOCATION        RESOLUTION   AGE
nginx-external   ["nginx.wgs.com"]   MESH_EXTERNAL   STATIC       31s

查看listeners

~# istioctl pc listener client --port 8091
ADDRESS PORT MATCH                                DESTINATION
0.0.0.0 8091 Trans: raw_buffer; App: http/1.1,h2c Route: 8091
0.0.0.0 8091 ALL                                  PassthroughCluster

查看cluster

~# istioctl pc  cluster client --port 8091
SERVICE FQDN      PORT     SUBSET     DIRECTION     TYPE     DESTINATION RULE
nginx.wgs.com     8091     -          outbound      EDS      nginx-external.default

查看endpoint

~# istioctl pc  endpoint client --port 8091
ENDPOINT                 STATUS      OUTLIER CHECK     CLUSTER
192.168.174.130:8091     HEALTHY     OK                outbound|8091||nginx.wgs.com
192.168.174.131:8091     HEALTHY     OK                outbound|8091||nginx.wgs.com
192.168.174.132:8091     HEALTHY     OK                outbound|8091||nginx.wgs.com

查看route

~# istioctl pc routes client --name 8091
NAME     DOMAINS                            MATCH     VIRTUAL SERVICE
8091     nginx.wgs.com, 192.168.174.132     /*        nginx-external.default
8091     nginx.wgs.com, 192.168.174.132     /*        nginx-external.default

访问nginx

访问nginx

root@client # while true;do curl  nginx.wgs.com:8091; sleep 0.$RANDOM;done
nginx 2002
nginx 2002
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2101
nginx 2002
nginx 2002
nginx 2001
nginx 2001
nginx 2101
nginx 2101
nginx 2002
nginx 2101

测试一致性hash

root@client # while true;do curl -H "X-user: user1"  nginx.wgs.com:8091; sleep 0.$RANDOM;done
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001

 测试故障注入

root@client # while true;do curl -H "X-Testing: true"  nginx.wgs.com:8091; sleep 0.$RANDOM;done
nginx 2002
nginx 2002
nginx 2002
nginx 2002
nginx 2101
nginx 2002
nginx 2001
nginx 2101
nginx 2101
nginx 2001
nginx 2001
nginx 2001
nginx 2101
nginx 2101
nginx 2002
nginx 2001
nginx 2002
nginx 2001
fault filter abortnginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
nginx 2001
fault filter abortnginx 2001
nginx 2101
nginx 2101
fault filter abortnginx 2001

原文地址:http://www.cnblogs.com/wangguishe/p/16845228.html

1. 本站所有资源来源于用户上传和网络,如有侵权请邮件联系站长! 2. 分享目的仅供大家学习和交流,请务用于商业用途! 3. 如果你也有好源码或者教程,可以到用户中心发布,分享有积分奖励和额外收入! 4. 本站提供的源码、模板、插件等等其他资源,都不包含技术服务请大家谅解! 5. 如有链接无法下载、失效或广告,请联系管理员处理! 6. 本站资源售价只是赞助,收取费用仅维持本站的日常运营所需! 7. 如遇到加密压缩包,默认解压密码为"gltf",如遇到无法解压的请联系管理员! 8. 因为资源和程序源码均为可复制品,所以不支持任何理由的退款兑现,请斟酌后支付下载 声明:如果标题没有注明"已测试"或者"测试可用"等字样的资源源码均未经过站长测试.特别注意没有标注的源码不保证任何可用性