Istio的自定义资源有五十多个，今天先对Network部分的VirtualService的学习做个记录。介绍首先献上官方文档： https://istio.io/latest/zh/docs/reference/config/networking/virtual-service/ VirtualService主要是定义了服务的路由规则，如果流量满足了我们设定的匹配规则，则会根据我们的设定将流量发送到服务注册表中的服务/版本样例 apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: reviews-route spec: # host为必要字段，表示目标主机，尽量使用FQDN来进行服务引用，同个命名空间可以使用服务的短名称 hosts: - reviews.prod.svc.cluster.local # HTTP的有序路由规则列表，对httpx，http2x，grpc，都是有效的，匹配规则从上往下 http: - name: "reviews-v2-routes" # 匹配规则，有根据uri，header，host，port，queryParams，scheme等 # 匹配规则有：exact精准匹配，prefix前缀匹配，regex正则匹配 match: - uri: exact: "/wpcatalog" - uri: prefix: "/consumercatalog" # 重写HTTP URI和Authority标头。重写将在转发之前执行。 rewrite: uri: "/newcatalog" # 重定向，重定向不能与重写一起使用 redirect: uri: /v1/bookRatings authority: newratings.default.svc.cluster.local route: - destination: host: reviews.prod.svc.cluster.local subset: v2 # 权重 weight: 80 - name: "reviews-v1-route" route: - destination: host: reviews.prod.svc.cluster.local subset: v1 # cors corsPolicy: allowOrigin: - example.com allowMethods: - POST - GET allowCredentials: false allowHeaders: - X-Foo-Bar maxAge: "24h" # 应用到路由的网关，忽略默认使用默认网关 gateways: - mygateway # 透传TLS和HTTPS的流量的路由规则列表 tls: - match: - port: 443 sniHosts: - login.bookinfo.com route: - destination: host: login.prod.svc.cluster.local # 透传tcp流量的有序路由规则列表，对所有HTTP和TLS之外的端口生效 tcp: - match: - port: 27017 route: - destination: host: mongo.backup.svc.cluster.local port: number: 5555 if(window.hljsLoader && !document.currentScript.parentNode.hasAttribute('data-s9e-livepreview-onupdate')) { window.hljsLoader.highlightBlocks(document.currentScript.parentNode); } 演示创建两个对应的http server httpd： apiVersion: apps/v1 kind: Deployment metadata: name: httpd labels: server: httpd app: web spec: replicas: 1 selector: matchLabels: server: httpd app: web template: metadata: labels: server: httpd app: web spec: containers: - name: busybox image: busybox imagePullPolicy: IfNotPresent command: ["/bin/sh", "-c", "echo 'this is httpd' > /var/www/index.html; httpd -f -p 8080 -h /var/www"] --- apiVersion: v1 kind: Service metadata: name: httpd-svc spec: selector: server: httpd ports: - name: http port: 8080 targetPort: 8080 protocol: TCP if(window.hljsLoader && !document.currentScript.parentNode.hasAttribute('data-s9e-livepreview-onupdate')) { window.hljsLoader.highlightBlocks(document.currentScript.parentNode); } tomcat apiVersion: apps/v1 kind: Deployment metadata: name: tomcat labels: server: tomcat app: web spec: replicas: 1 selector: matchLabels: server: tomcat app: web template: metadata: labels: server: tomcat app: web spec: containers: - name: tomcat image: docker.io/kubeguide/tomcat-app:v1 imagePullPolicy: IfNotPresent --- apiVersion: v1 kind: Service metadata: name: tomcat-svc spec: selector: server: tomcat ports: - name: http port: 8080 targetPort: 8080 protocol: TCP if(window.hljsLoader && !document.currentScript.parentNode.hasAttribute('data-s9e-livepreview-onupdate')) { window.hljsLoader.highlightBlocks(document.currentScript.parentNode); } Busy box进入容器中测试 apiVersion: apps/v1 kind: Deployment metadata: name: hexiaohong-client spec: replicas: 1 selector: matchLabels: app: hexiaohong-client template: metadata: labels: app: hexiaohong-client spec: containers: - name: busybox image: busybox imagePullPolicy: IfNotPresent command: ["/bin/sh", "-c", "sleep 3600"] --- apiVersion: v1 kind: Service metadata: name: web-svc spec: selector: app: hexiaohong-client ports: - name: http port: 8080 targetPort: 8080 protocol: TCP if(window.hljsLoader && !document.currentScript.parentNode.hasAttribute('data-s9e-livepreview-onupdate')) { window.hljsLoader.highlightBlocks(document.currentScript.parentNode); } 进入busybox测试 httpd <img src="https://static-img.0xffff.one/Xa_HnW4ce2cgjAdHDmCrAE4ZQ_vQ9fikR4MEXSm1qgg/q:90/w:800/rt:fit/aHR0cHM6Ly9pbWct/YmxvZy5jc2RuaW1n/LmNuLzIwMjEwMzI1/MjM0MDU1MTc3LnBu/Zz94LW9zcy1wcm9j/ZXNzPWltYWdlL3dh/dGVybWFyayx0eXBl/X1ptRnVaM3BvWlc1/bmFHVnBkR2ssc2hh/ZG93XzEwLHRleHRf/YUhSMGNITTZMeTlp/Ykc5bkxtTnpaRzR1/Ym1WMEwzTm9kWGh1/YUhNPSxzaXplXzE2/LGNvbG9yX0ZGRkZG/Rix0XzcwI3BpY19j/ZW50ZXI.jpg?.jpg" data-orig-src="https://img-blog.csdnimg.cn/20210325234055177.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3NodXhuaHM=,size_16,color_FFFFFF,t_70#pic_center" title="" alt="在这里插入图片描述"> tomcat <img src="https://static-img.0xffff.one/eAiK3p-TqyfnWMUOeljL7jzHBPGZLkbLa6wTMEmqjlE/q:90/w:800/rt:fit/aHR0cHM6Ly9pbWct/YmxvZy5jc2RuaW1n/LmNuLzIwMjEwMzI1/MjM0MTA4MzMwLnBu/Zz94LW9zcy1wcm9j/ZXNzPWltYWdlL3dh/dGVybWFyayx0eXBl/X1ptRnVaM3BvWlc1/bmFHVnBkR2ssc2hh/ZG93XzEwLHRleHRf/YUhSMGNITTZMeTlp/Ykc5bkxtTnpaRzR1/Ym1WMEwzTm9kWGh1/YUhNPSxzaXplXzE2/LGNvbG9yX0ZGRkZG/Rix0XzcwI3BpY19j/ZW50ZXI.jpg?.jpg" data-orig-src="https://img-blog.csdnimg.cn/20210325234108330.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3NodXhuaHM=,size_16,color_FFFFFF,t_70#pic_center" title="" alt="在这里插入图片描述"> 创建VirtualService实现流控创建VirtualService apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: web-svc-vs spec: hosts: - web-svc.default.svc.cluster.local http: - route: - destination: host: httpd-svc weight: 80 - destination: host: tomcat-svc weight: 20 if(window.hljsLoader && !document.currentScript.parentNode.hasAttribute('data-s9e-livepreview-onupdate')) { window.hljsLoader.highlightBlocks(document.currentScript.parentNode); } 查看VirtualService： # kubectl get virtualservices.networking.istio.io NAME GATEWAYS HOSTS AGE bookinfo ["bookinfo-gateway"] ["*"] 31h web-svc-vs ["web-svc.default.svc.cluster.local"] 43s if(window.hljsLoader && !document.currentScript.parentNode.hasAttribute('data-s9e-livepreview-onupdate')) { window.hljsLoader.highlightBlocks(document.currentScript.parentNode); } 80%流量到httpd，20%到tomcat <img src="https://static-img.0xffff.one/ays8OE-I7AibMedpYuDCo68Qb5mYQeHvR32xkTCwstI/q:90/w:800/rt:fit/aHR0cHM6Ly9pbWct/YmxvZy5jc2RuaW1n/LmNuLzIwMjEwMzI1/MjM0MTU0NDkzLnBu/Zz94LW9zcy1wcm9j/ZXNzPWltYWdlL3dh/dGVybWFyayx0eXBl/X1ptRnVaM3BvWlc1/bmFHVnBkR2ssc2hh/ZG93XzEwLHRleHRf/YUhSMGNITTZMeTlp/Ykc5bkxtTnpaRzR1/Ym1WMEwzTm9kWGh1/YUhNPSxzaXplXzE2/LGNvbG9yX0ZGRkZG/Rix0XzcwI3BpY19j/ZW50ZXI.jpg?.jpg" data-orig-src="https://img-blog.csdnimg.cn/20210325234154493.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3NodXhuaHM=,size_16,color_FFFFFF,t_70#pic_center" title="" alt="在这里插入图片描述"> 创建VirtualService实现路由创建带匹配条件的VirtualService apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: web-svc-vs spec: hosts: - web-svc.default.svc.cluster.local http: - match: - headers: to: exact: httpd route: - destination: host: httpd-svc - route: - destination: host: tomcat-svc if(window.hljsLoader && !document.currentScript.parentNode.hasAttribute('data-s9e-livepreview-onupdate')) { window.hljsLoader.highlightBlocks(document.currentScript.parentNode); } 携带header:'to: httpd'将流量导入httpd，否则则到tomcat <img src="https://static-img.0xffff.one/mkcR_nzHg_PEU9wz3ZeEHC7tSelU3mvARMHr5YAYrZA/q:90/w:800/rt:fit/aHR0cHM6Ly9pbWct/YmxvZy5jc2RuaW1n/LmNuLzIwMjEwMzI1/MjM0MjMwMTkxLnBu/Zz94LW9zcy1wcm9j/ZXNzPWltYWdlL3dh/dGVybWFyayx0eXBl/X1ptRnVaM3BvWlc1/bmFHVnBkR2ssc2hh/ZG93XzEwLHRleHRf/YUhSMGNITTZMeTlp/Ykc5bkxtTnpaRzR1/Ym1WMEwzTm9kWGh1/YUhNPSxzaXplXzE2/LGNvbG9yX0ZGRkZG/Rix0XzcwI3BpY19j/ZW50ZXI.jpg?.jpg" data-orig-src="https://img-blog.csdnimg.cn/20210325234230191.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3NodXhuaHM=,size_16,color_FFFFFF,t_70#pic_center" title="" alt="在这里插入图片描述"> 样例来自学习九析大佬的教程

Istio学习之CRD：VirtualService

sHuXnHs

Istio的自定义资源有五十多个，今天先对Network部分的VirtualService的学习做个记录。

介绍

首先献上官方文档：https://istio.io/latest/zh/docs/reference/config/networking/virtual-service/
VirtualService主要是定义了服务的路由规则，如果流量满足了我们设定的匹配规则，则会根据我们的设定将流量发送到服务注册表中的服务/版本

样例

   apiVersion: networking.istio.io/v1alpha3
   kind: VirtualService
   metadata:
     name: reviews-route
   spec:
   	# host为必要字段，表示目标主机，尽量使用FQDN来进行服务引用，同个命名空间可以使用服务的短名称
     hosts:
     - reviews.prod.svc.cluster.local
     # HTTP的有序路由规则列表，对httpx，http2x，grpc，都是有效的，匹配规则从上往下
     http:
     - name: "reviews-v2-routes"
     	# 匹配规则，有根据uri，header，host，port，queryParams，scheme等
     	# 匹配规则有：exact精准匹配，prefix前缀匹配，regex正则匹配
       match:
       - uri:
           exact: "/wpcatalog"
       - uri:
           prefix: "/consumercatalog"
       # 重写HTTP URI和Authority标头。重写将在转发之前执行。
       rewrite:
         uri: "/newcatalog"
       # 重定向，重定向不能与重写一起使用
       redirect:
         uri: /v1/bookRatings
         authority: newratings.default.svc.cluster.local
       route:
       - destination:
           host: reviews.prod.svc.cluster.local
           subset: v2
         # 权重
         weight: 80
     - name: "reviews-v1-route"
       route:
       - destination:
           host: reviews.prod.svc.cluster.local
           subset: v1
       # cors
       corsPolicy:
         allowOrigin:
         - example.com
         allowMethods:
         - POST
         - GET
         allowCredentials: false
         allowHeaders:
         - X-Foo-Bar
         maxAge: "24h"
           
     # 应用到路由的网关，忽略默认使用默认网关
     gateways:
     - mygateway
     
     # 透传TLS和HTTPS的流量的路由规则列表
     tls:
     - match:
       - port: 443
         sniHosts:
         - login.bookinfo.com
       route:
       - destination:
           host: login.prod.svc.cluster.local  
           
     # 透传tcp流量的有序路由规则列表，对所有HTTP和TLS之外的端口生效      
     tcp:
     - match:
       - port: 27017
       route:
       - destination:
           host: mongo.backup.svc.cluster.local
           port:
             number: 5555

演示

创建两个对应的http server

httpd：

   apiVersion: apps/v1
   kind: Deployment
   metadata:
     name: httpd
     labels:
       server: httpd
       app: web
   spec:
     replicas: 1
     selector:
       matchLabels:
         server: httpd
         app: web
     template:
       metadata:
         labels:
           server: httpd
           app: web
       spec:
         containers:
         - name: busybox
           image: busybox
           imagePullPolicy: IfNotPresent
           command: ["/bin/sh", "-c", "echo 'this is httpd' > /var/www/index.html; httpd -f -p 8080 -h /var/www"]
   
   ---
   apiVersion: v1
   kind: Service
   metadata:
     name: httpd-svc
   spec:
     selector:
       server: httpd
     ports:
     - name: http
       port: 8080
       targetPort: 8080
       protocol: TCP

tomcat

   apiVersion: apps/v1
   kind: Deployment
   metadata:
     name: tomcat
     labels:
       server: tomcat
       app: web
   spec:
     replicas: 1
     selector:
       matchLabels:
         server: tomcat
         app: web
     template:
       metadata:
         labels:
           server: tomcat
           app: web
       spec:
         containers:
         - name: tomcat
           image: docker.io/kubeguide/tomcat-app:v1
           imagePullPolicy: IfNotPresent
           
   --- 
   apiVersion: v1
   kind: Service
   metadata:
     name: tomcat-svc
   spec:
     selector:
       server: tomcat
     ports:
     - name: http
       port: 8080
       targetPort: 8080
       protocol: TCP

Busy box进入容器中测试

   apiVersion: apps/v1
   kind: Deployment
   metadata:
     name: hexiaohong-client
   spec:
     replicas: 1
     selector:
       matchLabels:
         app: hexiaohong-client
     template:
       metadata:
         labels:
           app: hexiaohong-client
       spec:
         containers:
         - name: busybox
           image: busybox
           imagePullPolicy: IfNotPresent
           command: ["/bin/sh", "-c", "sleep 3600"]    
--- 
   apiVersion: v1
   kind: Service
   metadata:
     name: web-svc
   spec:
     selector:
       app: hexiaohong-client
     ports:
     - name: http
       port: 8080
       targetPort: 8080
       protocol: TCP

进入busybox测试

httpd

tomcat

创建VirtualService实现流控

创建VirtualService

   apiVersion: networking.istio.io/v1alpha3
   kind: VirtualService
   metadata:
     name: web-svc-vs
   spec:
     hosts:
     - web-svc.default.svc.cluster.local
     http:
     - route:
       - destination:
           host: httpd-svc
         weight: 80
       - destination:
           host: tomcat-svc
         weight: 20

查看VirtualService：

   # kubectl get virtualservices.networking.istio.io
   
   NAME         GATEWAYS               HOSTS                                   AGE
   bookinfo     ["bookinfo-gateway"]   ["*"]                                   31h
   web-svc-vs                          ["web-svc.default.svc.cluster.local"]   43s

80%流量到httpd，20%到tomcat

创建VirtualService实现路由

创建带匹配条件的VirtualService

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: web-svc-vs
spec:
  hosts:
  - web-svc.default.svc.cluster.local
  http:
  - match:
  	- headers:
  		  to:
  			  exact: httpd
  	route:
    - destination:
        host: httpd-svc
  - route:
    - destination:
        host: tomcat-svc

携带header:'to: httpd'将流量导入httpd，否则则到tomcat

样例来自学习九析大佬的教程