VirtualService資源詳解
學習目標
什麼是virtualService
VirtualService中文名稱虛擬服務,是istio中一個重要的資源, 它定義了一系列針對指定服務的流量路由規則。每一個路由規則都針對特定協議的匹配規則。若是流量符合這些特徵,就會根據規則發送到服務註冊表中的目標服務(或者目標服務的子集或版本)。javascript
vs和k8s service的區別
若是沒有 Istio virtual service,僅僅使用 k8s service 的話,那麼只能實現最基本的流量負載均衡轉發,可是就不能實現相似按百分比來分配流量等更加複雜、豐富、細粒度的流量控制了。html
備註:虛擬服務至關於 K8s 服務的 sidecar,在本來 K8s 服務的功能之上,提供了更加豐富的路由控制。java
例子:
apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: test-virtual-svc spec: hosts: - "web-svc" http: - route: - destination: host: web-svc subset: nginx weight: 25 - destination: host: web-svc subset: tomcat weight: 75
配置詳解
exportTo
1只在當前名稱空間有效
virtaulservice/vs-bookinfo-dot.yamlnode
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- .
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
2全部名稱空間有效
virtaulservice/vs-bookinfo-star.yamljquery
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
3特定名稱空間有效
virtaulservice/vs-bookinfo-istio-system.yamlnginx
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
# - "default"
# - "istio"
- "istio-system"
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
gateways
Gateway 名稱列表,Sidecar 會據此使用路由。VirtualService 對象能夠用於網格中的 Sidecar,也能夠用於一個或多個 Gateway。這裏公開的選擇條件能夠在協議相關的路由過濾條件中進行覆蓋。保留字 mesh 用來指代網格中的全部 Sidecar。當這一字段被省略時,就會使用缺省值(mesh),也就是針對網格中的全部 Sidecar 生效。若是提供了 gateways 字段,這一規則就只會應用到聲明的 Gateway 之中。要讓規則同時對 Gateway 和網格內服務生效,須要顯式的將 mesh 加入 gateways 列表。web
1單個gateway
virtaulservice/vs-bookinfo-gw-single.yamlajax
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
2多個gateway
virtaulservice/vs-bookinfo-multi-gw.yamldocker
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
- bookinfo-gateway-02
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
3不一樣名稱空間下的gateway
virtaulservice/vs-bookinfo-gw-namespace.yamljson
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- default/bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
4省略gateways默認爲mesh
virtaulservice/vs-review-v2.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v2
5gateways爲mesh
virtaulservice/vs-review-mesh.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
gateways:
- mesh
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v3
hosts
必要字段:流量的目標主機。能夠是帶有通配符前綴的 DNS 名稱,也能夠是 IP 地址。根據所在平臺狀況,還可能使用短名稱來代替 FQDN。這種場景下,短名稱到 FQDN 的具體轉換過程是要靠下層平臺完成的。**一個主機名只能在一個 VirtualService 中定義。**同一個 VirtualService 中能夠用於控制多個 HTTP 和 TCP 端口的流量屬性。 Kubernetes 用戶注意:當使用服務的短名稱時(例如使用 reviews,而不是 reviews.default.svc.cluster.local),Istio 會根據規則所在的命名空間來處理這一名稱,而非服務所在的命名空間。假設 「default」 命名空間的一條規則中包含了一個 reviews 的 host引用,就會被視爲 reviews.default.svc.cluster.local,而不會考慮 reviews 服務所在的命名空間。爲了不可能的錯誤配置,建議使用 FQDN 來進行服務引用。 hosts 字段對 HTTP 和 TCP 服務都是有效的。網格中的服務也就是在服務註冊表中註冊的服務,必須使用他們的註冊名進行引用;只有 Gateway 定義的服務才能夠使用 IP 地址。
ip
virtaulservice/vs-bookinfo-hosts-ip.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "192.168.198.155"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
多個hosts
virtaulservice/vs-bookinfo-hosts-multi.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "bookinfo.com"
- "bookinfo.demo"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
匹配全部域名
virtaulservice/vs-bookinfo-hosts-star.yaml
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
短fqdn
virtaulservice/vs-bookinfo-hosts-fqdn-short.yaml
在default名稱空間建立vs
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "bookinfo"
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
同時要建立一個同名service
[root@master01 virtaulservice]# cat bookinfo-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: bookinfo
labels:
app: productpage
service: productpage
spec:
ports:
- port: 9080
name: http
selector:
app: productpage
長fqdn
virtaulservice/vs-bookinfo-hosts-fqdn-long.yaml
在default名稱空間建立vs
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "bookinfo.default.svc.cluster.local"
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
同時在default名稱空間建立bookinfo svc
virtaulservice/bookinfo-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: bookinfo
labels:
app: productpage
service: productpage
spec:
ports:
- port: 9080
name: http
selector:
app: productpage
http
HTTP 流量規則的有序列表。這個列表對名稱前綴爲 http-、http2-、grpc- 的服務端口,或者協議爲 HTTP、HTTP2、GRPC 以及終結的 TLS,另外還有使用 HTTP、HTTP2 以及 GRPC 協議的 ServiceEntry 都是有效的。進入流量會使用匹配到的第一條規則。
corsPolicy
cors介紹 https://blog.csdn.net/java_green_hand0909/article/details/78740765
配置httpd服務
[root@master01 html]# cat index.html
<html>
<head><title></title></head>
<body>
<script type="text/javascript" src="https://code.jquery.com/jquery-3.2.1.min.js"></script>
<script>
$(function(){
$("#cors").click(
function(){
$.ajax({
type:"get",
dataType : "html",
url:"http://bookinfo.demo:27941/productpage",
success:function(data){
alert(data);
}
})
});
$("#cors2").click(
function(){
$.ajax({
type:"get",
dataType : "json",
url:"http://bookinfo.demo:27941/reviews/1",
contentType : 'application/json;charset=UTF-8',
success:function(data){
var jsonStr = JSON.stringify(data);
alert(jsonStr);
}
})
});
$("#cors3").click(
function(){
$.ajax({
type:"delete",
contentType : 'application/json;charset=UTF-8',
dataType : "json",
url:"http://bookinfo.demo:27941/reviews/1",
success:function(data){
var jsonStr = JSON.stringify(data);
alert(jsonStr);
}
})
});
$("#cors4").click(
function(){
$.ajax({
type:"get",
contentType : 'application/json;charset=UTF-8',
dataType : "json",
headers:{"X-Custom-Header":"value"},
url:"http://bookinfo.demo:27941/reviews/1",
success:function(data){
var jsonStr = JSON.stringify(data);
alert(jsonStr);
}
})
});
});
</script>
<input type="button" id="cors" value="簡單請求"/>
<input type="button" id="cors2" value="非簡單請求"/>
<input type="button" id="cors3" value="非簡單請求delete"/>
<input type="button" id="cors4" value="非簡單請求headers"/>
</body>
</html>
注意替換端口 url:「http://bookinfo.demo:27941/productpage」,
啓動nginx
systemctl start httpd
簡單請求,配置cors
virtaulservice/corsPolicy/vs-productpage-cors.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
corsPolicy:
allowOrigins:
- exact: "http://mytest.com:8081"
route:
- destination:
host: productpage
port:
number: 9080
訪問:
http://mytest.com:8081/
簡單請求allowCredentials
virtaulservice/corsPolicy/vs-productpage-cors-allowCredentials.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
corsPolicy:
allowCredentials: true
allowOrigins:
- exact: "http://mytest.com:8081"
route:
- destination:
host: productpage
port:
number: 9080
簡單請求allowOrigins prefix
virtaulservice/corsPolicy/vs-productpage-cors-allowOrigins-prefix.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
corsPolicy:
allowOrigins:
- prefix: "http://mytest"
route:
- destination:
host: productpage
port:
number: 9080
簡單請求allowOrigins regex
virtaulservice/corsPolicy/vs-productpage-cors-allowOrigins-regex.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
corsPolicy:
allowOrigins:
- regex: ".*"
route:
- destination:
host: productpage
port:
number: 9080
簡單請求exposeHeaders
virtaulservice/corsPolicy/vs-productpage-cors-exposeHeaders.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
corsPolicy:
allowOrigins:
- exact: "http://mytest.com:8081"
exposeHeaders:
- test
- test2
route:
- destination:
host: productpage
port:
number: 9080
非簡單請求
virtaulservice/corsPolicy/vs-reviews-cors.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookreviews
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
prefix: /reviews
corsPolicy:
allowOrigins:
- exact: "http://mytest.com:8081"
allowMethods:
- GET
- OPTIONS
maxAge: "1m"
route:
- destination:
host: reviews
port:
number: 9080
非簡單請求allowMethods
virtaulservice/corsPolicy/vs-reviews-cors-allowMethods.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookreviews
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
prefix: /reviews
corsPolicy:
allowOrigins:
- exact: "http://mytest.com:8081"
allowMethods:
- POST
- OPTIONS
maxAge: "1m"
route:
- destination:
host: reviews
port:
number: 9080
非簡單請求allowHeaders
virtaulservice/corsPolicy/vs-reviews-cors-allowHeaders.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookreviews
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
prefix: /reviews
corsPolicy:
allowOrigins:
- exact: "http://mytest.com:8081"
allowMethods:
- GET
- OPTIONS
maxAge: "1m"
allowHeaders:
- X-Custom-Header
- content-type
route:
- destination:
host: reviews
port:
number: 9080
非簡單請求maxAge
virtaulservice/corsPolicy/vs-reviews-cors-maxAge.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookreviews
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
prefix: /reviews
corsPolicy:
allowOrigins:
- exact: "http://mytest.com:8081"
allowMethods:
- GET
- OPTIONS
maxAge: "10s"
#maxAge: "1m"
#maxAge: "1h"
route:
- destination:
host: reviews
port:
number: 9080
delegate
向istiod容器設置環境變量
PILOT_ENABLE_VIRTUAL_SERVICE_DELEGATE=true
kubectl set env deploy istiod -n istio-system --list
kubectl set env deploy istiod -n istio-system PILOT_ENABLE_VIRTUAL_SERVICE_DELEGATE=true
配置文件
virtaulservice/delegate/vs-delegate.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
delegate:
name: productpage
namespace: istio
測試不成功,有待研究
fault
abort
virtaulservice/fault/vs-productpage-fault-abort.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
namespace: istio
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- fault:
abort:
httpStatus: 500
percentage:
value: 100
match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
subset: v1
delay
virtaulservice/fault/vs-productpage-fault-delay.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
namespace: istio
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- fault:
delay:
percentage:
value: 100.0
fixedDelay: 7s
match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
subset: v1
headers
request
add
virtaulservice/headers/vs-headers-request-add.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
headers:
request:
add:
TEST_REQUEST_HEADER: XX
route:
- destination:
host: productpage
port:
number: 9080
remove
virtaulservice/headers/vs-headers-request-remove.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
headers:
request:
remove:
- TEST_REQUEST_HEADER
route:
- destination:
host: productpage
port:
number: 9080
set
virtaulservice/headers/vs-headers-request-set.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
headers:
request:
set:
TEST_REQUEST_HEADER: XX
route:
- destination:
host: productpage
port:
number: 9080
response
add
virtaulservice/headers/vs-headers-response-add.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
headers:
response:
add:
TEST_REQUEST_HEADER: XX
route:
- destination:
host: productpage
port:
number: 9080
remove
virtaulservice/headers/vs-headers-response-remove.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
headers:
response:
remove:
- x-envoy-upstream-service-time
route:
- destination:
host: productpage
port:
number: 9080
set
virtaulservice/headers/vs-headers-response-set.yaml
沒有就添加,有就修改
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
headers:
response:
set:
content-type: "text/html"
Test: "test"
x-envoy-upstream-service-time: "1111111111"
route:
- destination:
host: productpage
port:
number: 9080
match
authority
exact
virtaulservice/match/vs-match-authority-exact.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- authority:
exact: "bookinfo.demo:27941"
route:
- destination:
host: productpage
port:
number: 9080
prefix
virtaulservice/match/vs-match-authority-prefix.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- authority:
prefix: "bookinfo"
route:
- destination:
host: productpage
port:
number: 9080
regex
virtaulservice/match/vs-match-authority-regex.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- authority:
regex: "bookinfo.de.*"
route:
- destination:
host: productpage
port:
number: 9080
gateways
virtaulservice/match/vs-match-gateways.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
- bookinfo-gateway-02
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
gateways:
- bookinfo-gateway-02
- uri:
prefix: /static
route:
- destination:
host: productpage
port:
number: 9080
headers
exact
virtaulservice/match/
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- headers:
end-user:
exact: mark
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v3
prefix
virtaulservice/match/vs-match-headers-prefix.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- headers:
end-user:
prefix: ma
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v3
regex
virtaulservice/match/vs-match-headers-regex.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- headers:
end-user:
regex: "m.*k"
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v3
ignoreUriCase
virtaulservice/match/vs-match-ignoreUriCase.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: "/PRODUCTPAGE"
ignoreUriCase: true
route:
- destination:
host: productpage
port:
number: 9080
method
exact
virtaulservice/match/vs-match-method-exact.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- method:
exact: "GET"
route:
- destination:
host: productpage
port:
number: 9080
prefix
virtaulservice/match/vs-match-method-prefix.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- method:
prefix: "G"
route:
- destination:
host: productpage
port:
number: 9080
regex
virtaulservice/match/vs-match-method-regex.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- method:
regex: "G.*T"
route:
- destination:
host: productpage
port:
number: 9080
name
virtaulservice/match/vs-match-name.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
name: book
route:
- destination:
host: productpage
port:
number: 9080
port
virtaulservice/match/vs-match-port.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- port: 80
route:
- destination:
host: productpage
port:
number: 9080
queryParams
exact
virtaulservice/match/vs-match-queryParams-exact.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- queryParams:
test:
exact: test
route:
- destination:
host: productpage
port:
number: 9080
prefix
virtaulservice/match/vs-match-queryParams-prefix.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- queryParams:
test:
prefix: test
route:
- destination:
host: productpage
port:
number: 9080
不起做用,只要有queryParams爲test就能訪問
regex
virtaulservice/match/vs-match-queryParams-regex.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- queryParams:
test:
regex: "\\d+$"
route:
- destination:
host: productpage
port:
number: 9080
test值必須是數字
scheme
訪問404,放棄,有待研究
exact
vs-match-scheme-exact.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- scheme:
exact: "http"
route:
- destination:
host: productpage
port:
number: 9080
prefix
vs-match-scheme-prefix.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- scheme:
prefix: "http"
route:
- destination:
host: productpage
port:
number: 9080
regex
vs-match-scheme-regex.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- scheme:
regex: ".*"
route:
- destination:
host: productpage
port:
number: 9080
sourceLabels
virtaulservice/match/vs-match-sourceLabels.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- sourceLabels:
app: productpage
version: v1
route:
- destination:
host: reviews
subset: v2
sourceNamespace
virtaulservice/match/vs-match-sourceNamespace.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- sourceNamespace: istio-system
route:
- destination:
host: productpage
port:
number: 9080
uri
exact
virtaulservice/match/vs-match-uri-exact.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
route:
- destination:
host: productpage
port:
number: 9080
prefix
virtaulservice/match/vs-match-uri-prefix.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
prefix: /product
route:
- destination:
host: productpage
port:
number: 9080
regex
virtaulservice/match/vs-match-uri-regex.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
regex: "/p.*e"
route:
- destination:
host: productpage
port:
number: 9080
withoutHeaders
測試不成功,放棄,有待研究
exact
vs-match-withoutHeaders-exact.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- withoutHeaders:
end-user:
exact: mark
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v3
prefix
vs-match-withoutHeaders-prefix.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- withoutHeaders:
end-user:
prefix: ma
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v3
regex
vs-match-withoutHeaders-regex.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- withoutHeaders:
end-user:
regex: "m.*k"
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v3
mirror
virtaulservice/mirror/vs-http-mirror.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
port:
number: 9080
mirror:
host: productpage.istio-2.svc.cluster.local
port:
number: 9080
mirrorPercentage:
value: 100
1建立namespace
kubectl create ns istio-2
2打標籤
kubectl label ns istio-2 istio-injection=enabled
3部署deployment
kubectl apply -f productpage-deploy.yaml -n istio-2
4打開日誌
kubectl logs -f productpage-v1-64794f5db4-ng9sn -n istio-2
5建立資源
kubectl apply -f vs-http-mirror.yaml -n istio
6訪問url
http://192.168.198.154:27941/productpage
subset
1建立dr
kubectl apply -f dr-productpage.yaml -n istio-2
2建立mirror資源
kubectl apply -f vs-http-mirror-subset.yaml -n istio
3訪問
http://192.168.198.154:27941/productpage
4觀察日誌
name
virtaulservice/vs-bookinfo-name.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
name: bookinfo
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
redirect
virtaulservice/redirect/vs-productpage-redirect.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /mypage
redirect:
uri: /productpage
authority: 192.168.198.154:27941
redirectCode: 308
- match:
- uri:
prefix: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
port:
訪問:
http://192.168.198.154:27941/mypage
retries
- attempts:必選字段,定義重試的次數
- perTryTimeout:每次重試超時的時間,單位能夠是ms、s、m和h
- retryOn:進行重試的條件,能夠是多個條件,以逗號分隔
其中重試條件retryOn的取值能夠包括如下幾種。
- 5xx:在上游服務返回5xx應答碼,或者在沒有返回時重試
- gateway-error:相似於5xx異常,只對50二、503和504應答碼進行重試。
- connect-failure:在連接上游服務失敗時重試 retriable-4xx:在上游服務返回可重試的4xx應答碼時執行重試。
- refused-stream:在上游服務使用REFUSED_STREAM錯誤碼重置時執行重試。
- cancelled:gRPC應答的Header中狀態碼是cancelled時執行重試。
- deadline-exceeded:在gRPC應答的Header中狀態碼是deadline-exceeded時執行重試
- internal:在gRPC應答的Header中狀態碼是internal時執行重試
- resource-exhausted:在gRPC應答的Header中狀態碼是resource-exhausted時執行重試
- unavailable:在gRPC應答的Header中狀態碼是unavailable時執行重試。
設置延遲錯誤:
virtaulservice/retry/vs-reviews.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v3
fault:
delay:
percentage:
value: 100.0
fixedDelay: 7s
設置重試
virtaulservice/retry/vs-bookinfo.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
subset: v1
retries:
attempts: 5
perTryTimeout: 3s
retryOn: 5xx,connect-failure
是否重試其餘機子
virtaulservice/retry/vs-bookinfo-retryRemoteLocalities.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
subset: v1
retries:
attempts: 5
perTryTimeout: 3s
retryOn: 5xx,connect-failure
retryRemoteLocalities: true
rewrite
uri
virtaulservice/rewrite/vs-http-rewrite.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
regex: "/m.*k"
rewrite:
uri: "/productpage"
route:
- destination:
host: productpage
port:
number: 9080
authority
virtaulservice/rewrite/vs-http-rewrite-authority.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
regex: "/m.*k"
rewrite:
uri: "/productpage"
authority: bookinfo.com:27941
route:
- destination:
host: productpage
port:
number: 9080
route
destination
host
virtaulservice/route/vs-reviews-host.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
port
virtaulservice/route/vs-reviews-port.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
port:
number: 9080
subset
virtaulservice/route/vs-reviews-subset.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
headers
request
add
virtaulservice/route/vs-reviews-headers-request-add.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
headers:
request:
add:
test: test
remove
virtaulservice/route/vs-reviews-headers-request-remove.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
headers:
request:
remove:
- test
set
virtaulservice/route/vs-reviews-headers-request-set.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
headers:
request:
set:
test: test
response
add
virtaulservice/route/vs-bookinfo-headers-response-add.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
headers:
response:
add:
test: test
remove
virtaulservice/route/vs-bookinfo-headers-response-remove.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
headers:
response:
remove:
- x-envoy-upstream-service-time
set
virtaulservice/route/vs-bookinfo-headers-response-set.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
headers:
response:
set:
content-type: "text/html"
test: test
x-envoy-upstream-service-time: "1111"
~
weight
virtaulservice/route/vs-reviews-weight.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
weight: 50
- destination:
host: reviews
subset: v3
weight: 50
timeout
virtaulservice/timeout/vs-http-timeout.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
port:
number: 9080
timeout: 0.01s
tls
一個有序列表,對應的是透傳 TLS 和 HTTPS 流量。路由過程一般利用 ClientHello 消息中的 SNI 來完成。TLS 路由一般應用在 https-、tls- 前綴的平臺服務端口,或者經 Gateway 透傳的 HTTPS、TLS 協議端口,以及使用 HTTPS 或者 TLS 協議的 ServiceEntry 端口上。注意:沒有關聯 VirtualService 的 https- 或者 tls- 端口流量會被視爲透傳 TCP 流量。
1建立證書
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -subj ‘/O=example Inc./CN=example.com’ -keyout example.com.key -out example.com.crt
openssl req -out nginx.example.com.csr -newkey rsa:2048 -nodes -keyout nginx.example.com.key -subj 「/CN=nginx.example.com/O=some organization」
openssl x509 -req -days 365 -CA example.com.crt -CAkey example.com.key -set_serial 0 -in nginx.example.com.csr -out nginx.example.com.crt
2建立secret
kubectl create secret tls nginx-server-certs --key nginx.example.com.key --cert nginx.example.com.crt -n istio
3建立nginx配置文件
events {
}
http {
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log;
server {
listen 443 ssl;
root /usr/share/nginx/html;
index index.html;
server_name nginx.example.com;
ssl_certificate /etc/nginx-server-certs/tls.crt;
ssl_certificate_key /etc/nginx-server-certs/tls.key;
}
}
kubectl create configmap nginx-configmap --from-file=nginx.conf=./nginx.conf -nistio
4建立deploy
apiVersion: v1
kind: Service
metadata:
name: my-nginx
labels:
run: my-nginx
spec:
ports:
- port: 443
protocol: TCP
selector:
run: my-nginx
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-nginx
spec:
selector:
matchLabels:
run: my-nginx
replicas: 1
template:
metadata:
labels:
run: my-nginx
spec:
containers:
- name: my-nginx
image: nginx
ports:
- containerPort: 443
volumeMounts:
- name: nginx-config
mountPath: /etc/nginx
readOnly: true
- name: nginx-server-certs
mountPath: /etc/nginx-server-certs
readOnly: true
volumes:
- name: nginx-config
configMap:
name: nginx-configmap
- name: nginx-server-certs
secret:
secretName: nginx-server-certs
5建立gateway
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: bookinfo-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 443
name: https-443
protocol: HTTPS
hosts:
- "nginx.example.com"
tls:
mode: PASSTHROUGH
6建立vs
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginx
spec:
hosts:
- nginx.example.com
gateways:
- bookinfo-gateway
tls:
- match:
- port: 443
sniHosts:
- nginx.example.com
route:
- destination:
host: my-nginx
port:
number: 443
7訪問url
https://nginx.example.com:39329/
match
destinationSubnets
1.7.0/virtaulservice/tls/vs-nginx-destinationSubnets.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginx
spec:
hosts:
- nginx.example.com
gateways:
- bookinfo-gateway
tls:
- match:
- port: 443
sniHosts:
- nginx.example.com
destinationSubnets:
- 172.20.1.78/32
route:
- destination:
host: my-nginx
port:
number: 443
gateways
1.7.0/virtaulservice/tls/vs-nginx-gateways.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginx
spec:
hosts:
- nginx.example.com
gateways:
- bookinfo-gateway
tls:
- match:
- port: 443
sniHosts:
- nginx.example.com
gateways:
- bookinfo-gateway
route:
- destination:
host: my-nginx
port:
number: 443
sourceLabels
1.7.0/virtaulservice/tls/vs-nginx-sourceLabels.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginx
spec:
hosts:
- nginx.example.com
gateways:
- bookinfo-gateway
tls:
- match:
- port: 443
sniHosts:
- nginx.example.com
sourceLabels:
istio: ingressgateway
route:
- destination:
host: my-nginx
port:
number: 443
sourceNamespace
1.7.0/virtaulservice/tls/vs-nginx-sourceNamespace.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginx
spec:
hosts:
- nginx.example.com
gateways:
- bookinfo-gateway
tls:
- match:
- port: 443
sniHosts:
- nginx.example.com
sourceNamespace: istio-system
route:
- destination:
host: my-nginx
port:
number: 443
tcp
一個針對透傳 TCP 流量的有序路由列表。TCP 路由對全部 HTTP 和 TLS 以外的端口生效。進入流量會使用匹配到的第一條規則。
match
port
1部署deploy
kubectl apply -f tcp-echo-services.yaml -n istio
tcp-echo-services.yaml
apiVersion: v1
kind: Service
metadata:
name: tcp-echo
labels:
app: tcp-echo
spec:
ports:
- name: tcp
port: 9000
- name: tcp-other
port: 9001
# Port 9002 is omitted intentionally for testing the pass through filter chain.
selector:
app: tcp-echo
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tcp-echo-v1
spec:
replicas: 1
selector:
matchLabels:
app: tcp-echo
version: v1
template:
metadata:
labels:
app: tcp-echo
version: v1
spec:
containers:
- name: tcp-echo
image: docker.io/istio/tcp-echo-server:1.2
imagePullPolicy: IfNotPresent
args: [ "9000,9001,9002", "one" ]
ports:
- containerPort: 9000
- containerPort: 9001
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tcp-echo-v2
spec:
replicas: 1
selector:
matchLabels:
app: tcp-echo
version: v2
template:
metadata:
labels:
app: tcp-echo
version: v2
spec:
containers:
- name: tcp-echo
image: docker.io/istio/tcp-echo-server:1.2
imagePullPolicy: IfNotPresent
args: [ "9000,9001,9002", "two" ]
ports:
- containerPort: 9000
- containerPort: 9001
2添加service 端口
kubectl edit svc istio-ingressgateway -n istio-system
- name: tcp
port: 31400
protocol: TCP
targetPort: 31400
3 建立資源
kubectl apply -f tcp-echo-all-v1.yaml -n istio
tcp-echo-all-v1.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: tcp-echo-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 31400
name: tcp
protocol: TCP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: tcp-echo-destination
spec:
host: tcp-echo
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- port: 31400
route:
- destination:
host: tcp-echo
port:
number: 9000
subset: v1
4訪問
telnet 192.168.198.154 37048
destinationSubnets
virtaulservice/tcp/vs-destinationSubnets.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- destinationSubnets:
- 172.20.2.0/24
route:
- destination:
host: tcp-echo
port:
number: 9000
subset: v2
sourceSubnet
virtaulservice/tcp/vs-sourceSubnet.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- sourceSubnet: 172.20.1.24
route:
- destination:
host: tcp-echo
port:
number: 9000
subset: v2
sourceLabels
virtaulservice/tcp/vs-sourceLabels.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- sourceLabels:
app: istio-ingressgateway
route:
- destination:
host: tcp-echo
port:
number: 9000
subset: v2
sourceNamespace
virtaulservice/tcp/vs-sourceNamespace.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- sourceNamespace: istio-system
route:
- destination:
host: tcp-echo
port:
number: 9000
subset: v2
gateways
virtaulservice/tcp/vs-gateways.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- gateways:
- tcp-echo-gateway
route:
- destination:
host: tcp-echo
port:
number: 9000
subset: v2
route
destination
host
virtaulservice/tcp/vs-route-host.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- route:
- destination:
host: tcp-echo
port:
number: 9000
port
virtaulservice/tcp/vs-route-port.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- route:
- destination:
host: tcp-echo
port:
number: 9000
subset
virtaulservice/tcp/vs-route-subset.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- route:
- destination:
host: tcp-echo
subset: v2
port:
number: 9000
weight
virtaulservice/tcp/tcp-echo-20-v2.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- port: 31400
route:
- destination:
host: tcp-echo
port:
number: 9000
subset: v1
weight: 80
- destination:
host: tcp-echo
port:
number: 9000
subset: v2
weight: 20
三種協議路由規則對比
VirtualService 在http、tls、tcp這三個字段上分別定義了應用於HTTP、TLS和TCP三種協議的路由規則。從規則構成上都是先定義一組匹配條件,而後對知足條件的的流量執行對應的操做。由於協議的內容不一樣,路由匹配條件不一樣,因此執行的操做也不一樣。以下表所示對比了三種路由規則。從各個維度來看,HTTP路由規則的內容最豐富,TCP路由規則的內容最少,這也符合協議分層的設計。