使用本文前,请完成前两篇文章的步骤:
完成后,当前的网络拓扑为:
本文演示的场景如下:
在cluster 1中也有一个httpbin服务。cluster 1中的sleep在本集群httpbin服务正常的情况下,优先访问本集群的httpbin,当本集群httpbin服务不正常时通过出口网关访问cluster 2中的httpbin。示例拓扑如下:
步骤一:在cluster 1中创建httpbin服务
参考文档:如何部署httpbin应用_服务网格(ASM)-阿里云帮助中心
步骤二:部署虚拟服务
本文要实现的功能是:
- 在sleep pod中访问
httpbin:8000/headers
,优先路由到本集群的httpbin服务,fallback到出口网关。 - 出口网关收到fallback流量时,此时请求的host是httpbin,需要在出口网关上配置虚拟服务,将出口网关上host为httpbin的服务转发给cluster 2的httpbin服务。
首先,配置虚拟服务,实现:优先路由到本集群的httpbin服务,fallback到出口网关。使用ASM的kubeconfig,创建如下yaml:
apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: httpbin-vs namespace: default spec: gateways: - egress-gateway - mesh hosts: - httpbin - httpbin:8000 - httpbin.default.svc.cluster.local - httpbin.default.svc.cluster.local:8000 http: - match: - gateways: - mesh route: - destination: host: httpbin port: number: 8000 fallback: target: host: istio-egressgateway.istio-system.svc.cluster.local port: number: 80 - match: - gateways: - egress-gateway port: 80 route: - destination: host: test.com port: number: 443 headers: request: set: host: test.com weight: 100
值得注意的是:需要在网关上加一段set请求header的配置,将host header设置为test.com。后面将会解释为什么出现这段配置。
步骤三:发起测试
1. 确保本集群的httpbin pod状态正常,发起测试
使用当前ACK集群的kubeconfig,执行如下命令:
kubectl exec deployment/sleep -it -- curl httpbin.default.svc.cluster.local:8000/status/200 -I HTTP/1.1 200 OK server: envoy date: Thu, 01 Aug 2024 03:16:23 GMT content-type: text/html; charset=utf-8 access-control-allow-origin: * access-control-allow-credentials: true content-length: 0 x-envoy-upstream-service-time: 4
此时查看sleep pod的日志,使用ACK的kubeconfig执行如下命令:
kubectl logs deployment/sleep -c istio-proxy | tail -1 {"authority_for":"httpbin.default.svc.cluster.local:8000","bytes_received":"0","bytes_sent":"0","downstream_local_address":"172.16.168.111:8000","downstream_remote_address":"192.168.36.29:45916","duration":"6","istio_policy_status":"-","method":"HEAD","path":"/status/200","protocol":"HTTP/1.1","request_id":"bee82ed5-a829-4387-90e3-d0e256bc79dc","requested_server_name":"-","response_code":"200","response_flags":"-","route_name":"-","start_time":"2024-08-01T03:18:45.556Z","trace_id":"-","upstream_cluster":"outbound|8000||httpbin.default.svc.cluster.local","upstream_host":"192.168.36.31:80","upstream_local_address":"192.168.36.29:60574","upstream_response_time":"6","upstream_service_time":"6","upstream_transport_failure_reason":"-","user_agent":"curl/8.1.2","x_forwarded_for":"-"}
从这段日志中的upstream_cluster是本集群的httpbin服务。
2. 将本集群httpbin deployment副本数设置为0,发起测试
使用当前ACK集群的kubeconfig,执行如下命令:
kubectl scale deployment httpbin --replicas 0
等待httpbin pod消失,再次执行测试命令:
kubectl exec deployment/sleep -it -- curl httpbin.default.svc.cluster.local:8000/status/200 -I HTTP/1.1 200 OK server: envoy date: Thu, 01 Aug 2024 03:26:20 GMT content-type: text/html; charset=utf-8 access-control-allow-origin: * access-control-allow-credentials: true content-length: 0 x-envoy-upstream-service-time: 4
可以看到访问依然成功,此时查看访问日志:
kubectl logs deployment/sleep -c istio-proxy | tail -1 {"authority_for":"httpbin.default.svc.cluster.local:8000","bytes_received":"0","bytes_sent":"0","downstream_local_address":"172.16.168.111:8000","downstream_remote_address":"192.168.36.29:44738","duration":"5","istio_policy_status":"-","method":"HEAD","path":"/status/200","protocol":"HTTP/1.1","request_id":"548b03c1-c549-4311-a695-b3787f835d29","requested_server_name":"-","response_code":"200","response_flags":"-","route_name":"-","start_time":"2024-08-01T03:26:20.956Z","trace_id":"-","upstream_cluster":"outbound|80||istio-egressgateway.istio-system.svc.cluster.local","upstream_host":"192.168.36.32:80","upstream_local_address":"192.168.36.29:40360","upstream_response_time":"4","upstream_service_time":"4","upstream_transport_failure_reason":"-","user_agent":"curl/8.1.2","x_forwarded_for":"-"}