这个架构相对比较简单，主要为验证istio对流量的分配能力

注释：此架构包含一个nginx-proxy做反向代理，两台nginx做web服务，其中一台nginx访问根返回v1，一台返回v2

目标：

A）header中user=xforce则只转发至v2

B）返回v1和v2的次数和配置的流量权重吻合

 

部署步骤

1）  先启动两台nginx-web服务及其svc

apiVersion: v1

kind: Service

metadata:

  name: nginx

  labels:

    app: nginx

    service: nginx

spec:

  ports:

  - port: 80

    name: http

  selector:

    app: nginx

---

apiVersion: v1

kind: ServiceAccount

metadata:

  name: nginx-svc

---

apiVersion: v1

kind: ReplicationController

metadata:

  name: nginx-v1

  labels:

    app: nginx

    version: v1

 

spec:

  replicas: 1

  template:

    metadata:

      labels:

        app: nginx

        version: v1

    spec:

      serviceAccountName: nginx-svc

      containers:

      - name: nginx

        image: docker.io/nginx

        ports:

        - containerPort: 80

---

apiVersion: v1

kind: ReplicationController

metadata:

  name: nginx-v2

  labels:

    app: nginx

    version: v2

 

spec:

  replicas: 1

  template:

    metadata:

      labels:

        app: nginx

        version: v2

    spec:

      serviceAccountName: nginx-svc

      containers:

      - name: nginx

        image: docker.io/nginx

        ports:

        - containerPort: 80

2）添加虚拟服务及目标规则

apiVersion: networking.istio.io/v1alpha3

kind: VirtualService

metadata:

  name: nginx-vs

spec:

  hosts:

  - nginx

  - '*.k8s-l.xforcecloud.com'

  http:

  - route:

    - destination:

        host: nginx

        subset: v1

      weight: 100

    - destination:

        host: nginx

        subset: v2

      weight: 0

---

apiVersion: networking.istio.io/v1alpha3

kind: DestinationRule

metadata:

  name: nginx-dr

spec:

  host: nginx

  subsets:

  - name: v1

    labels:

      version: v1

  - name: v2

    labels:

      version: v2

3） 启动nginx-proxy及其svc

apiVersion: v1

kind: Service

metadata:

  name: nginx-proxy

spec:

  ports:

  - name: http

    port: 80

    protocol: TCP

    targetPort: 80

  selector:

    app: nginx-proxy

  type: ClusterIP

---

apiVersion: v1

kind: ReplicationController

metadata:

  name: nginx-proxy

  labels:

    app: nginx-proxy

 

spec:

  replicas: 1

  template:

    metadata:

      labels:

        app: nginx-proxy

        version: v1

    spec:

      containers:

      - name: nginx

        image: docker.io/nginx

        volumeMounts:

        - mountPath: /etc/nginx

          name: nginx-etc

        ports:

        - containerPort: 80

      volumes:

      - name: nginx-etc

        persistentVolumeClaim:

         claimName: nfs-nginx-etc

4）创建ingress规则将外部流量引入nginx-proxy

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

  name: n.k8s-l.xforcecloud.com

spec:

  rules:

  - host: n.k8s-l.xforcecloud.com

    http:

      paths:

      - backend:

          serviceName: nginx-proxy

          servicePort: 80

 

验证

1）  按目前的规则v1权重100，v2权重0，调用n.k8s-l.xforcecloud.com 100次，应返回100次v1

[[email protected] ~]# for i in `seq 100`; do result=` curl -s n.k8s-l.xforcecloud.com`; if [ $result == "v1" ]; then let j+=1; else let k+=1; fi; done;echo v1-$j v2-$k

v1-100 v2-0

2）  修改v1/v2权重各50%，调用n.k8s-l.xforcecloud.com 100次，应各返回50次

3）  修改规则中当user=xforce时只转发至v2，匹配不到此header时只转发至v1