1. 基本使用

1.1 创建网关

1
2
3
4
5
6
7
8
9
10
11
12
13
14
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: mygw
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "aa.rhce.cc"

1.2 创建vs

1
2
3
4
5
6
7
8
9
10
11
12
13
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: myvs
spec:
  hosts:
  - "aa.rhce.cc"
  gateways:
  - mygw
  http:
  - route:
    - destination:
        host: svc1

2. svc走网格流量

1
2
3
4
5
6
7
8
9
10
11
12
13
14
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: myvs
spec:
  hosts:
  - "aa.rhce.cc"
  - svc1
  gateways:
  - mygw
  http:
  - route:
    - destination:
        host: svc1

3. 特定端口访问

3.1 修改ingress控制器svc

暴露指定的端口

kubectl -n istio-system edit service istio-ingressgateway

1
2
3
4
5
- name: http3
  nodePort: 30138
  port: 8888
  protocol: TCP
  targetPort: 8080

3.2 修改网关

网关添加端口拦截流量

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: mygw
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "aa.rhce.cc"
  - port:
      number: 8888
      name: http2
      protocol: HTTP
    hosts:
    - "aa.rhce.cc"

3.3 vs添加8888流量转发

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: myvs
spec:
  hosts:
  - "aa.rhce.cc"
  - svc1
  gateways:
  - mygw
  http:
  - name: default
    route:
    - destination:
        host: svc1
  - name: custom
    match:
    - port: 8888
    route:
    - destination:
        host: svc1
        port:
          number: 80

4. uri拦截

规则从上向下匹配

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: myvs
spec:
  hosts:
  - "aa.rhce.cc"
  - svc1
  gateways:
  - mygw
  http:
  - match:
    - uri:
        prefix: /demo1
    - uri:
        prefix: /demo2
    route:
    - destination:
        host: svc1
  - route:
    - destination:
        host: svc2

5. 带权重的vs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: myvs
spec:
  hosts:
  - "aa.rhce.cc"
  - svc1
  gateways:
  - mygw
  http:
  - route:
    - destination:
        host: svc1
      weight: 10
    - destination:
        host: svc2
      weight: 90

5.1 查看流量图

通过kiali查看流量分布图

6. http重写

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: myvs
spec:
  hosts:
  - "aa.rhce.cc"
  - svc1
  gateways:
  - mygw
  http:
  - name: aaa
    match:
    - uri:
        prefix: /demo1
    rewrite:
      uri: /demo2
    route:
    - destination:
        host: svc1

7. 转发到其他命名空间

7.1 ns2创建pod

1
istioctl kube-inject -f pod1.yaml | kubectl apply -f - -n ns2

7.2 创建svc

1
kubectl -n ns2 expose --name svc1 pod pod1 --port 80

7.3 创建vs

1
2
3
4
5
6
7
8
9
10
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: myvs
  namespace: ns2
spec:
  http:
  - route:
    - destination:
        host: svc1

7.4 转发到ns2空间vs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: myvs
spec:
  hosts:
  - "aa.rhce.cc"
  - svc1
  gateways:
  - mygw
  http:
  - name: aaa
    match:
    - uri:
        prefix: /demo1
    delegate:
      name: myvs
      namespace: ns2
  - route:
    - destination:
        host: svc1

8. 基于头部转发

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: myvs
spec:
  hosts:
  - "aa.rhce.cc"
  - svc1
  gateways:
  - mygw
  http:
  - match:
    - headers:
        User-Agent:
          regex: .*(Chrome/([\d.]+)).*
    route:
    - destination:
        host: svc1
  - route:
    - destination:
        host: svc2

9. 故障注入

故障注入是在vs的fault字段定义,fault下主要有两个字段
abort:终止的意思 — 用于中断故障注入
percentage: 故障百分比–在value里指定具体数值,用于指定故障百分比,比如写100的话,则是所有访问都是故障
httpStatus:模拟错误,返回的错误代码
delay:延期的意思 — 用于延迟故障注入
percentage: 故障百分比–在value里指定具体数值,用于指定故障百分比,比如写100的话,则是所有访问都是故障
fixedDelay:用于设置延迟多久回应

9.1 延迟响应

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: myvs
spec:
  hosts:
  - "aa.rhce.cc"
  - svc1
  gateways:
  - mygw
  http:
  - route:
    - destination:
        host: svc2
    fault:
      delay:
        percent: 100
        fixedDelay: 1s

9.2 中断故障

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: myvs
spec:
  hosts:
  - "aa.rhce.cc"
  - svc1
  gateways:
  - mygw
  http:
  - route:
    - destination:
        host: svc2
    fault:
      abort:
        percentage:
          value: 100
        httpStatus: 503

10. 超时重连

10.1 创建vs-proxy

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: vs-proxy
spec:
  hosts:
  - "bb.rhce.cc"
  gateways:
  - mygw
  http:
  - route:
    - destination:
        host: proxy
    timeout: 10s
    retries: 
      attempts: 3 
      perTryTimeout: 3s 
      retryOn: 5xx

10.2 创建vs2

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
kind: VirtualService
metadata:
  name: vs2
spec:
  hosts:
  - svc2
  http:
  - route:
    - destination:
        host: svc2
    fault:
      abort:
        percentage:
          value: 50
        httpStatus: 503

10.3 请求

1
curl bb.rhce.cc

查看proxy日志,当上游服务报错会自动重试

11. 流量镜像

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: myvs
spec:
  hosts:
  - "aa.rhce.cc"
  - svc1
  gateways:
  - mygw
  http:
  - route:
    - destination:
        host: svc1
    mirror:
      host: svc3