Istio DestinationRule dr

集群流量策略：

apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
  name: demoapp
spec:
  host: demoapp
  trafficPolicy: # 全局流量策略
    loadBalancer:
      simple: LEAST_CONN # 调度算法
  subsets:
  - name: v10
    labels:
      version: v1.0
    trafficPolicy: # 子集流量策略
      loadBalancer:
        consistentHash:
          httpHeaderName: X-User # 根据标头值调度给同一个Pod
  - name: v11
    labels:
      version: v1.1
---
# 用到的vs
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: demoapp
spec:
  hosts:
  - demoapp
  http:
  - name: canary
    match:
    - uri:
        prefix: /canary
    rewrite:
      uri: /
    route:
    - destination:
        host: demoapp
        subset: v11
  - name: default
    route:
    - destination:
        host: demoapp
        subset: v10

测试：相同的x-user的值会调度给相同的Pod，是Pod不是dm。

root@client # curl -H "X-User: user19" demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-5c497c6f7c-k6vpw, ServerIP: 10.244.5.206!
root@client # curl -H "X-User: user19" demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-5c497c6f7c-k6vpw, ServerIP: 10.244.5.206!
root@client # 
root@client # 
root@client # curl -H "X-User: user20" demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-5c497c6f7c-76gs7, ServerIP: 10.244.3.207!
root@client # curl -H "X-User: user20" demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-5c497c6f7c-76gs7, ServerIP: 10.244.3.207!

断路器：将不健康的服务弹出去

apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
  name: demoapp
spec:
  host: demoapp
  trafficPolicy: # 这里定义在了全局
    loadBalancer:
      simple: RANDOM
    connectionPool: # 连接池
      tcp:
        maxConnections: 100
        connectTimeout: 30ms
        tcpKeepalive:
          time: 7200s
          interval: 75s
      http:
        http2MaxRequests: 1000
        maxRequestsPerConnection: 10
    outlierDetection:
      maxEjectionPercent: 50 # 最大弹出比例
      consecutive5xxErrors: 5 # 连续5次出现5xx错误就弹出主机
      interval: 10s # 每多长时间检测一次
      baseEjectionTime: 1m # 服务被弹出的时长
      minHealthPercent: 40 # 健康主机小于40%禁用弹出
  subsets:
  - name: v10
    labels:
      version: v1.0
  - name: v11
    labels:
      version: v1.1

服务故障测试：通过下面方法将服务的返回码改成5xx，模拟某个Pod或服务出现了故障。

curl -XPOST -d 'livez=FAIT' PodIP:port/livez

外部请求测试：连续请求5次失败之后就会将该Pod提出，一分钟后再加进来，在检测出5次错误再提出，两分钟后再加进来，再检测到5次错误再提出，三分钟后再加进来......。

~]# while true; do curl demoapp.ops.net/livez; sleep 0.$RANDOM; done
Proxying value: FAIT - Took 27 milliseconds.
Proxying value: OK - Took 22 milliseconds.
Proxying value: OK - Took 12 milliseconds.
Proxying value: OK - Took 30 milliseconds.
Proxying value: FAIT - Took 13 milliseconds.
Proxying value: FAIT - Took 25 milliseconds.

服务恢复正常测试：服务正常后就会加入到正常服务列表中。

curl -XPOST -d 'livez=OK' PodIP:port/livez