Istio ServiceEntry se WorkloadEntry we
来源:原创
时间:2022-03-28
作者:脚本小站
分类:云原生
ServiceEntry:将外部服务引入到网格内,但是外部服务并没有注入sidecar不能实现retry、timeout、ttl等功能。还有本集群的未能发现和注册的服务也可以使用ServiceEntry来注册服务。
WorkloadEntry:将外部服务引入到本地k8s,像本地Pod一样可以通过标签来管理。然后在其他资源的workloadSelector字段就可以用标签来管理这些服务了。
ServiceEntry的基本使用:
示例:把之前实验的client的sidecar删掉,让client能够访问外部服务。
apiVersion: networking.istio.io/v1beta1 kind: ServiceEntry metadata: name: nginx-external spec: hosts: - nginx.ops.net addresses: - "192.168.199.15" - "192.168.199.8" ports: - number: 8000 name: http protocol: HTTP location: MESH_EXTERNAL resolution: STATIC # 解析为静态指定,需要在下面指定endpoints endpoints: - address: "192.168.199.15" ports: http: 80 # 如果这个端口和spec.ports.number是一样的话此处可以省略 - address: "192.168.199.8" ports: http: 80 # 这里的http是spec.ports.name的值,ports处可以定义多个端口,每个端口都有自己的名称 # http2: 81 # 如果有多个端口这里就定义多个端口
测试请求:如下请求会在两个服务之间轮询。
while true; do curl -I nginx.ops.net:8000; sleep 0.$RANDOM; done # 如果没有配置hosts解析使用如下方式也会在两个服务之间轮询 while true; do curl -H 'host: nginx.ops.net' -I 192.168.199.8:8000; sleep 0.$RANDOM; done
查看生成的listener、cluster、endpoints、route:
]# istioctl pc listener client 0.0.0.0 8000 Trans: raw_buffer; App: HTTP Route: 8000 ]# istioctl pc cluster client nginx.ops.net 8000 - outbound EDS ]# istioctl pc endpoints client 192.168.199.15:80 HEALTHY OK outbound|8000||nginx.ops.net 192.168.199.8:80 HEALTHY OK outbound|8000||nginx.ops.net ]# istioctl pc route client 8000 nginx.ops.net, 192.168.199.8 /*
可以继续使用vs,dr等资源来丰富功能:
vs:
apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: nginx-external spec: hosts: - nginx.magedu.com http: - name: falut-injection match: - headers: X-Testing: exact: "true" route: - destination: host: nginx.magedu.com fault: delay: percentage: value: 5 fixedDelay: 2s abort: percentage: value: 5 httpStatus: 555 - name: nginx-external route: - destination: host: nginx.magedu.com
dr:
apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: nginx-external spec: host: nginx.magedu.com trafficPolicy: loadBalancer: consistentHash: httpHeaderName: X-User connectionPool: tcp: maxConnections: 10000 connectTimeout: 10ms tcpKeepalive: time: 7200s interval: 75s http: http2MaxRequests: 1000 maxRequestsPerConnection: 10 outlierDetection: maxEjectionPercent: 50 consecutive5xxErrors: 5 interval: 2m baseEjectionTime: 1m minHealthPercent: 40
WorkloadEntry的使用:
apiVersion: networking.istio.io/v1beta1 kind: WorkloadEntry metadata: name: workload-nginx-1 spec: address: "192.168.199.8" # 外部服务的IP ports: http: 80 labels: app: nginx # 用于workloadSelector来选择的标签 version: "v1.20" # 版本号,用于灰度发布流量分配 instance-id: nginx01 --- apiVersion: networking.istio.io/v1beta1 kind: WorkloadEntry metadata: name: workload-nginx-2 spec: address: "192.168.199.15" ports: http: 80 labels: app: nginx version: "v1.21" instance-id: nginx02
对应的ServiceEntry:
apiVersion: networking.istio.io/v1beta1 kind: ServiceEntry metadata: name: nginx-external spec: hosts: - nginx.ops.net # 服务内访问的域名 ports: - number: 80 # 端口 name: http protocol: HTTP location: MESH_EXTERNAL # 外部服务 resolution: STATIC workloadSelector: labels: app: nginx # 选择具有此标签的workloadEntry
dr:
apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: nginx-external spec: host: nginx.ops.net trafficPolicy: loadBalancer: simple: RANDOM connectionPool: tcp: maxConnections: 10000 connectTimeout: 10ms tcpKeepalive: time: 7200s interval: 75s http: http2MaxRequests: 1000 maxRequestsPerConnection: 10 outlierDetection: maxEjectionPercent: 50 consecutive5xxErrors: 5 interval: 2m baseEjectionTime: 1m minHealthPercent: 40 subsets: - name: v20 labels: version: "v1.20" - name: v21 labels: version: "v1.21"
vs:
apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: nginx-external spec: hosts: - nginx.ops.net http: - name: falut-injection route: - destination: host: nginx.ops.net subset: v21 weight: 5 # 基于权重的流量分配 - destination: host: nginx.ops.net subset: v20 weight: 95 # fault: # 故障注入 # delay: # percentage: # value: 50 # fixedDelay: 2s # abort: # percentage: # value: 50 # httpStatus: 555
