【08】DestinationRule 高级配置功能

news2024/11/20 14:21:30

6.2 loadbalancer

定义demoapp v1.0和demoapp v1.1版本和subset的dr规则。参考weight中定义；

定义loadbalance在DestinationRule上定义规则

apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
  name: demoapp
spec:
  host: demoapp
  trafficPolicy:
    loadBalancer:
      simple: LEAST_CONN
  subsets:
  - name: v10
    labels:
      version: v1.0
    trafficPolicy:
      loadBalancer:
        consistentHash:
          httpHeaderName: X-User
  - name: v11
    labels:
      version: v1.1

测试
- curl demoapp:8080 到达v10版本，负载均衡策略为LEAST_CONN
- curl -H "X-Use: wanglei" demoapp:8080到达v11版本的负载均衡策略是一致性哈希

6.3 connectionPool

定义demoapp v1.0和demoapp v1.1版本和subset的dr规则。参考weight中定义；

定义连接池的相关参数的DestinationRule

apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
  name: demoapp
spec:
  host: demoapp
  trafficPolicy:
    loadBalancer:
      simple: LEAST_CONN
    connectionPool:
      tcp:
        maxConnections: 100
        connectTimeout: 30ms
        tcpKeepalive:
          time: 7200s
          interval: 75s
      http:
        http2MaxRequests: 1000
        maxRequestsPerConnection: 10
  subsets:
  - name: v10
    labels:
      version: v1.0
    trafficPolicy:
      loadBalancer:
        consistentHash:
          httpHeaderName: X-User
  - name: v11
    labels:
      version: v1.1

6.4 异常点检测

场景：符合一般意义的熔断模型。健康检查分为主动检查和被动检查。异常点检测是被动的健康检查。

常用的错误标识:

consecutiveLocalOriginFailures
consecutiveGatewayErrors: 只包含502，503，504的网关错误；0表示禁用；
consecutive5xxErrors： 5xx错误连续出现的次数

定义demoapp v1.0和demoapp v1.1版本和subset的dr规则。参考weight中定义；

定义异常值检测的DestinationRule规则

apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
  name: demoapp
spec:
  host: demoapp
  trafficPolicy:
    loadBalancer:
      simple: RANDOM
    connectionPool:
      tcp:
        maxConnections: 100
        connectTimeout: 30ms
        tcpKeepalive:
          time: 7200s
          interval: 75s
      http:
        http2MaxRequests: 1000
        maxRequestsPerConnection: 10
    outlierDetection:                # 异常值检测配置
      maxEjectionPercent: 50         # 可被驱逐的最大比例，默认为10%
      consecutive5xxErrors: 5        # 被驱逐前5**连续错误的和
      interval: 10s                  # 驱逐的时间间隔，默认值为10s
      baseEjectionTime: 1m           # 基准驱逐时长，具体时长取决于退避算法
      minHealthPercent: 10           # 低于该比例时，Outlier Detection将被禁用
  subsets:
  - name: v10
    labels:
      version: v1.0
  - name: v11
    labels:
      version: v1.1

定义demoapp访问的路由规则

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: demoapp
spec:
  hosts:
  - demoapp
  http:
  - name: canary
    match:
    - uri:
        prefix: /canary
    rewrite:
      uri: /
    route:
    - destination:
        host: demoapp
        subset: v11
  - name: default
    route:
    - destination:
        host: demoapp
        subset: v10

测试

访问demoapp，流量到达v10版本，curl demoapp:8080/livez,
查看demoapp的pod

给其中一个pod注入故障，使的请求这个pod的时候，返回5**错误

curl -X POST -d 'livez=FAIL' 172.16.196.169:8080/livez

# curl -vv 172.16.196.169:8080/livez
*   Trying 172.16.196.169:8080...
* TCP_NODELAY set
* Connected to 172.16.196.169 (172.16.196.169) port 8080 (#0)
> GET /livez HTTP/1.1
> Host: 172.16.196.169:8080
> User-Agent: curl/7.68.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 506 Variant Also Negotiates
< content-type: text/html; charset=utf-8
< content-length: 4
< server: istio-envoy
< date: Thu, 24 Aug 2023 08:02:19 GMT
< x-envoy-upstream-service-time: 0
< x-envoy-decorator-operation: demoapp.default.svc.cluster.local:8080/*
< 
* Connection #0 to host 172.16.196.169 left intact