这个架构相对比较简单,主要为验证istio对流量的分配能力
注释:此架构包含一个nginx-proxy做反向代理,两台nginx做web服务,其中一台nginx访问根返回v1,一台返回v2
目标:
A)header中user=xforce则只转发至v2
B)返回v1和v2的次数和配置的流量权重吻合
部署步骤
1) 先启动两台nginx-web服务及其svc
apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
app: nginx
service: nginx
spec:
ports:
- port: 80
name: http
selector:
app: nginx
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: nginx-svc
---
apiVersion: v1
kind: ReplicationController
metadata:
name: nginx-v1
labels:
app: nginx
version: v1
spec:
replicas: 1
template:
metadata:
labels:
app: nginx
version: v1
spec:
serviceAccountName: nginx-svc
containers:
- name: nginx
image: docker.io/nginx
ports:
- containerPort: 80
---
apiVersion: v1
kind: ReplicationController
metadata:
name: nginx-v2
labels:
app: nginx
version: v2
spec:
replicas: 1
template:
metadata:
labels:
app: nginx
version: v2
spec:
serviceAccountName: nginx-svc
containers:
- name: nginx
image: docker.io/nginx
ports:
- containerPort: 80
2)添加虚拟服务及目标规则
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginx-vs
spec:
hosts:
- nginx
- '*.k8s-l.xforcecloud.com'
http:
- route:
- destination:
host: nginx
subset: v1
weight: 100
- destination:
host: nginx
subset: v2
weight: 0
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: nginx-dr
spec:
host: nginx
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
3) 启动nginx-proxy及其svc
apiVersion: v1
kind: Service
metadata:
name: nginx-proxy
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx-proxy
type: ClusterIP
---
apiVersion: v1
kind: ReplicationController
metadata:
name: nginx-proxy
labels:
app: nginx-proxy
spec:
replicas: 1
template:
metadata:
labels:
app: nginx-proxy
version: v1
spec:
containers:
- name: nginx
image: docker.io/nginx
volumeMounts:
- mountPath: /etc/nginx
name: nginx-etc
ports:
- containerPort: 80
volumes:
- name: nginx-etc
persistentVolumeClaim:
claimName: nfs-nginx-etc
4)创建ingress规则将外部流量引入nginx-proxy
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: n.k8s-l.xforcecloud.com
spec:
rules:
- host: n.k8s-l.xforcecloud.com
http:
paths:
- backend:
serviceName: nginx-proxy
servicePort: 80
验证
1) 按目前的规则v1权重100,v2权重0,调用n.k8s-l.xforcecloud.com 100次,应返回100次v1
[[email protected] ~]# for i in `seq 100`; do result=` curl -s n.k8s-l.xforcecloud.com`; if [ $result == "v1" ]; then let j+=1; else let k+=1; fi; done;echo v1-$j v2-$k
v1-100 v2-0
2) 修改v1/v2权重各50%,调用n.k8s-l.xforcecloud.com 100次,应各返回50次
3) 修改规则中当user=xforce时只转发至v2,匹配不到此header时只转发至v1