istio-http traffic management (1)

reference

• same
• Istio Chinese
• Istio 1.1 official Chinese document
• Istio traffic management mechanisms to achieve the depth of analysis

1. Define objectives and rules

• istio service grid to service a further abstraction:
  • Pod can be used to label specific service process group;
  • You can define load balancing strategy services;
  • TLS can be specified requirements for the service;
  • You can set the size of the connection pool for the service.
• istio, the different groups of the same back-end service is called 子集(Subset), is also often referred to 服务版本.
• In istio, the recommendations set clear goals for each grid access rules, after the adoption of istio flow control, choose a clear subset to be accessed according to the rules specified in sub or centralized traffic policy, such rules are It referred to DestinationRule, the following examples:

  cat flaskapp-destinationrule.yaml
  apiVersion: networking.istio.io/v1alpha3
  kind: DestinationRule
  metadata:
    name: flaskapp
  spec:
    host: flaskapp.default.svc.cluster.local
    trafficPolicy:
      loadBalancer:
        simple: LEAST_CONN
    subsets:
    - name: v1
      labels:
        version: v1
      trafficPolicy:
        loadBalancer: ROUND_ROBIN
    - name: v2
      labels:
        version: v2
  

  Note that local rules are as follows:
  • host: the necessary fields, representing a Serviceresource, or an ServiceEntryexternal service definition.
    • Recommendation: To prevent the same name in different namespaces service, you can use the fully qualified name.
  • trafficPolicy: traffic strategy, DestinationRuleand Subsetcan be defined, Subsetthe higher the level.
  • subsets: The tag field is used to select subsets define different.

2. Define a default route

2.1 Definitions default route

• Each service is recommended to create a default route, in the absence of a specific routing rules, use the default routing rules for access to the specified subset, a service in order to ensure the stability of behavior By default, the sample is as follows:

  cat flaskapp-default-vs.yaml 
  apiVersion: networking.istio.io/v1alpha3
  kind: VirtualService
  metadata:
    name: flaskapp
  spec:
    hosts:
    - flaskapp.default.svc.cluster.local
    http:
    - route:
      - destination:
          host: flaskapp.default.svc.cluster.local
          subset: v1
  

• VirtualService: hub during istio flow control, is responsible for screening and forwarding traffic.
  • For the host name work, but hoststhe field is an array of content, it can work for multiple host names.
  • It can serve a variety of traffic protocols, such as http, tcp, tlsand so on.
• In httpthe next stage, i.e., the specific routing rules.
  • It supports multiple routes.

2.2 verification

# 应用目标规则与默认路由
kubectl apply -f flaskapp-destinationrule.yaml
kubectl apply -f flaskapp-default-vs.yaml

# 验证，可同步观察 kiali & Jaeger 等
kubectl exec -it -c sleep $(kubectl get pod -l app=sleep,version=v1 -o jsonpath='{.items..metadata.name}') /bin/bash
bash-4.4# for i in `seq 100` ; do http --body http://flaskapp.default/env/version ; done

2.3 summary

In istio when deploying a business application, it is recommended:

• Use appthe label indicates that the application identity;
• Use versionthe label indicates that the application version;
• Creating goals rule;
• Create a default routing rules, default route was configured list should become necessary to deploy content services under the grid environment.

3. Traffic splitting and migration

3.1 Weight

cat flaskapp-default-vs.yaml 
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: flaskapp
spec:
  hosts:
  - flaskapp.default.svc.cluster.local
  http:
  - route:
    - destination:
        host: flaskapp.default.svc.cluster.local
        subset: v1
      weight: 70
    - destination:
        host: flaskapp.default.svc.cluster.local
        subset: v2
      weight: 30
      
# 应用
kubectl apply -f flaskapp-default-vs.yaml

# 验证，可同步观察 kiali & Jaeger 等
# 因是权重的原因，验证时样本量需要大一些
kubectl exec -it -c sleep $(kubectl get pod -l app=sleep,version=v1 -o jsonpath='{.items..metadata.name}') /bin/bash
bash-4.4# for i in `seq 100` ; do http --body http://flaskapp.default/env/version ; done | awk -F "v1" '{print NF-1}'

important point:

• The right flow distribution is heavy, and the sum of the weights must be 100;
• If you do not explicitly declared weights, the default value is 100.

3.2 Object get istio

• kubectl get, kubectl api-resourcesLists the current cluster support all object types
• Tag -> IST config