备考ICA----Istio实验7—故障注入 Fault Injection 实验
Istio 的故障注入用于模拟应用程序中的故障现象,以测试应用程序的故障恢复能力。故障注入有两种:
1.delay延迟注入
2.abort中止注入
1. 环境准备
kubectl apply -f istio/samples/bookinfo/platform/kube/bookinfo.yaml
kubectl apply -f istio/samples/bookinfo/networking/bookinfo-gateway.yaml
kubectl apply -f istio/samples/bookinfo/networking/destination-rule-all.yaml
kubectl apply -f istio/samples/bookinfo/networking/virtual-service-all-v1.yaml
gateway和bookinfo.yaml详见实验1
istio/samples/bookinfo/networking/destination-rule-all.yaml
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: productpage
spec:
host: productpage
subsets:
- name: v1
labels:
version: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews
spec:
host: reviews
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
- name: v3
labels:
version: v3
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: ratings
spec:
host: ratings
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
- name: v2-mysql
labels:
version: v2-mysql
- name: v2-mysql-vm
labels:
version: v2-mysql-vm
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: details
spec:
host: details
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
istio/samples/bookinfo/networking/virtual-service-all-v1.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: productpage
spec:
hosts:
- productpage
http:
- route:
- destination:
host: productpage
subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: ratings
spec:
hosts:
- ratings
http:
- route:
- destination:
host: ratings
subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: details
spec:
hosts:
- details
http:
- route:
- destination:
host: details
subset: v1
环境确认
kubectl get dr,gw,vs,pods,svc
此时访问ingressgateway/productpage,reviews全部转给v1版本
reviews v1的版本就是没有任何☆显示
2. 部署reviews v2
当使用jason用户登录就被路由给v2版本,否则就路由给v1版本
istio/samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- headers:
end-user:
exact: jason
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v1
部署
kubectl apply -f istio/samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml
此时刷新页面任然是和刚才一样reviews任然是v1
点击右上的Sign in
此时右侧reviews就显示成v2版本
3. 注入HTTP Delay 延迟故障
当用jason用户登录,会有7秒的延迟注入
istio/samples/bookinfo/networking/virtual-service-ratings-test-delay.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: ratings
spec:
hosts:
- ratings
http:
- match:
- headers:
end-user:
exact: jason
fault:
delay:
percentage:
value: 100.0
fixedDelay: 7s
route:
- destination:
host: ratings
subset: v1
- route:
- destination:
host: ratings
subset: v1
部署更新vs
kubectl apply -f istio/samples/bookinfo/networking/virtual-service-ratings-test-delay.yaml
- 用jason登录后,Bookinfo会被注入一个7秒的延迟.
- 右侧reviews的报错:Sorry, product reviews are currently unavailable for this book.
- 在 Web 浏览器中打开开发者工具菜单。打开网络选项卡。可以看到耗时为6秒多一点
- 因为7秒会大于3s + 1 次重试,总共 6s。结果,调用过早超时,并在 6s 后抛出错误。
修复错误 - 降低注入的延迟错误到3秒以下:fixedDelay: 2s,这样1次失败加1次重试就能在6s内完成
- 调大reviews与ratings 的失重试次数或重试等待时间.
4. 注入 HTTP Abort 中止故障
istio/samples/bookinfo/networking/virtual-service-ratings-test-abort.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: ratings
spec:
hosts:
- ratings
http:
- match:
- headers:
end-user:
exact: jason
fault:
abort:
percentage:
value: 100.0
httpStatus: 500
route:
- destination:
host: ratings
subset: v1
- route:
- destination:
host: ratings
subset: v1
部署vs
kubectl apply -f istio/samples/bookinfo/networking/virtual-service-ratings-test-abort.yaml
此时继续用jason用户访问reviews就会报错:Ratings service is currently unavailable
当退出jason用户后,raviews直接路由给了v1
至此故障注入 Fault Injection 实验完成
