流量镜像的使用场景:
- 监控和故障排除:通过将流量复制到专门的监控工具或服务,您可以实时监视服务的性能指标、请求和响应数据,并进行故障排除。这使您能够快速检测问题、分析错误和调查潜在的性能瓶颈。
- 安全分析和审计:流量镜像使您能够将流量复制到安全分析工具或服务,以进行入侵检测、恶意行为分析和安全审计。通过分析复制的流量,您可以识别潜在的安全威胁、异常行为和漏洞。
- A/B 测试和灰度发布:通过将流量复制到用于测试和评估新功能或代码的目标服务,您可以进行 A/B 测试和灰度发布。这使您能够在真实流量环境中评估新功能的性能和用户体验,而不会对主要流量产生影响。
实验目标:
设置流量镜像策略,达到如下效果:
让访问forecast-v2的请求镜像到访问forecast-v1。
准备工作:
1、将流量全部发往forecast-v2,而不发往forecast-v1
[root@master01 ~]# cd /root/cloud-native-istio/10_canary-release/10.2
[root@master01 10.2]# kaf vs-forecast-weight-based-v2.yaml
vs策略
[root@master01 10.2]# kubectl -n weather get vs forecast-route -o yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"networking.istio.io/v1alpha3","kind":"VirtualService","metadata":{"annotations":{},"name":"forecast-route","namespace":"weather"},"spec":{"hosts":["forecast"],"http":[{"route":[{"destination":{"host":"forecast","subset":"v1"},"weight":0},{"destination":{"host":"forecast","subset":"v2"},"weight":100}]}]}}
creationTimestamp: "2023-11-09T01:59:22Z"
generation: 7
name: forecast-route
namespace: weather
resourceVersion: "1225544"
uid: 37e35b32-7449-4c5f-832a-178fe1a55583
spec:
hosts:
- forecast
http:
- route:
- destination:
host: forecast
subset: v1
weight: 0
- destination:
host: forecast
subset: v2
weight: 100
2、在生效策略之前,我们先做个测试
(1)浏览器访问http://192.168.1.60:3000/dashboard,点击查询天气
(2)查询frontend示例的istio-proxy日志,观察到只有到forecast-v2的日志
[root@master01 ~]# kubectl -n weather logs `kubectl -n weather get po |grep frontend-v1|awk '{print $1}'` -c istio-proxy |grep '/weather'
[2023-11-11T02:52:51.492Z] "HEAD /weather?locate=hangzhou HTTP/1.1" 200 - via_upstream - "-" 0 0 48 48 "-" "curl/7.52.1" "ce335861-1759-9f74-a029-14b5867fa41a" "forecast:3002" "172.20.59.216:3002" outbound|3002|v2|forecast.weather.svc.cluster.local 172.21.231.181:53720 10.0.80.175:3002 172.21.231.181:52340 - -
[2023-11-11T02:54:22.275Z] "HEAD /weather?locate=hangzhou HTTP/1.1" 504 UT response_timeout - "-" 0 0 1000 - "-" "curl/7.52.1" "048762a0-f045-9d0c-8178-2675ac204600" "forecast:3002" "172.20.59.216:3002" outbound|3002|v2|forecast.weather.svc.cluster.local 172.21.231.181:53720 10.0.80.175:3002 172.21.231.181:53304 - -
[2023-11-11T02:58:39.187Z] "HEAD /weather?locate=hangzhou HTTP/1.1" 503 URX via_upstream - "-" 0 0 372 372 "-" "curl/7.52.1" "351aabaf-b56b-9ec3-b45f-3b759b044ed9" "forecast:3002" "172.20.59.216:3002" outbound|3002|v2|forecast.weather.svc.cluster.local 172.21.231.181:57404 10.0.80.175:3002 172.21.231.181:56024 - -
(3)同时也可以查看forecast-v1以及forecast-v2的istio-proxy日志,可以根据时间来判定
[root@master01 ~]# kubectl -n weather logs `kubectl -n weather get po |grep forecast-v1|awk '{print $1}'` -c istio-proxy |grep '/weather'
[root@master01 ~]# kubectl -n weather logs `kubectl -n weather get po |grep forecast-v2|awk '{print $1}'` -c istio-proxy |grep '/weather'
3、下面配置镜像策略
[root@master01 ~]# cd /root/cloud-native-istio/11_traffic-management/11.14
[root@master01 11.14]# kaf vs-forecast-mirroring.yaml
查看策略
[root@master01 11.14]# kubectl -n weather get vs forecast-route -o yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"networking.istio.io/v1alpha3","kind":"VirtualService","metadata":{"annotations":{},"name":"forecast-route","namespace":"weather"},"spec":{"hosts":["forecast"],"http":[{"route":[{"destination":{"host":"forecast","subset":"v1"},"weight":0},{"destination":{"host":"forecast","subset":"v2"},"weight":100}]}]}}
creationTimestamp: "2023-11-09T01:59:22Z"
generation: 7
name: forecast-route
namespace: weather
resourceVersion: "1225544"
uid: 37e35b32-7449-4c5f-832a-178fe1a55583
spec:
hosts:
- forecast
http:
- route:
- destination:
host: forecast
subset: v1
weight: 0
- destination:
host: forecast
subset: v2
weight: 100
说明:
该策略,会将流量都发送到v2(weight: 100),然后会镜像一份到v1。
4、测试
(1)浏览器继续访问http://192.168.1.60:3000/dashboard,点击查询天气
(2)查询frontend示例的istio-proxy日志,观察到只有v2的日志
[root@master01 11.14]# kubectl -n weather logs `kubectl -n weather get po |grep frontend-v1|awk '{print $1}'` -c istio-proxy |grep '/weather'
[2023-11-11T02:52:51.492Z] "HEAD /weather?locate=hangzhou HTTP/1.1" 200 - via_upstream - "-" 0 0 48 48 "-" "curl/7.52.1" "ce335861-1759-9f74-a029-14b5867fa41a" "forecast:3002" "172.20.59.216:3002" outbound|3002|v2|forecast.weather.svc.cluster.local 172.21.231.181:53720 10.0.80.175:3002 172.21.231.181:52340 - -
[2023-11-11T02:54:22.275Z] "HEAD /weather?locate=hangzhou HTTP/1.1" 504 UT response_timeout - "-" 0 0 1000 - "-" "curl/7.52.1" "048762a0-f045-9d0c-8178-2675ac204600" "forecast:3002" "172.20.59.216:3002" outbound|3002|v2|forecast.weather.svc.cluster.local 172.21.231.181:53720 10.0.80.175:3002 172.21.231.181:53304 - -
[2023-11-11T02:58:39.187Z] "HEAD /weather?locate=hangzhou HTTP/1.1" 503 URX via_upstream - "-" 0 0 372 372 "-" "curl/7.52.1" "351aabaf-b56b-9ec3-b45f-3b759b044ed9" "forecast:3002" "172.20.59.216:3002" outbound|3002|v2|forecast.weather.svc.cluster.local 172.21.231.181:57404 10.0.80.175:3002 172.21.231.181:56024 - -
(3)再去查看两个forecast-v1以及forecast-v2的istio-proxy日志,会发现两个版本里都有访问日志
[root@master01 11.14]# kubectl -n weather logs `kubectl -n weather get po |grep forecast-v1|awk '{print $1}'` -c istio-proxy |grep '/weather'
[root@master01 11.14]# kubectl -n weather logs `kubectl -n weather get po |grep forecast-v2|awk '{print $1}'` -c istio-proxy |grep '/weather'