首页 > 其他分享 >ServiceEntry和workloadentry

ServiceEntry和workloadentry

时间:2022-11-27 18:11:28浏览次数:58  
标签:ServiceEntry networking root istio nginx io workloadentry com

部署client

[root@master ServiceEntry-and-WorkloadEntry]# kubectl apply -f 00-Deploy-Client/
deployment.apps/client created
service/client created
[root@master ServiceEntry-and-WorkloadEntry]# cat 00-Deploy-Client/01-deployment-client.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: client
  name: client
spec:
  replicas: 1
  selector:
    matchLabels:
      app: client
      version: v1.2
  template:
    metadata:
      labels:
        app: client
        version: v1.2
    spec:
      containers:
      - image: ikubernetes/admin-box:v1.2
        name: admin-box
        command: ["bin/sh","-c","sleep 99999"]
[root@master ServiceEntry-and-WorkloadEntry]# cat 00-Deploy-Client/02-service-client.yaml 
apiVersion: v1
kind: Service
metadata:
  labels:
    app: client
  name: client
spec:
  ports:
  - name: http-80
    appProtocol: http
    port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: client
    version: v1.2
  type: ClusterIP
[root@master ServiceEntry-and-WorkloadEntry]# kubectl get pods
NAME                      READY   STATUS    RESTARTS      AGE
client-74cf5679fd-vrqjj   2/2     Running   0             50s
sleep-78ff5975c6-75q5z    2/2     Running   8 (43h ago)   3d3h

 部署3个nginx

[root@VM-0-8-centos Deploy-Nginx]# cat docker-compose.yml 
version: '3.3'

services:
  nginx2001:
    image: nginx:1.20-alpine
    volumes:
      - ./html/nginx2001:/usr/share/nginx/html/
    networks:
      envoymesh:
        ipv4_address: 172.31.201.11
        aliases:
        - nginx
    expose:
      - "80"
    ports:
      - "10.0.0.8:8091:80"

networks:
  envoymesh:
    driver: bridge
    ipam:
      config:
        - subnet: 172.31.201.0/24
[root@VM-0-8-centos Deploy-Nginx]# cat html/nginx2001/index.html 
<title>nginx.yang.com</title>
Nginx 2001 ~~
[root@VM-0-7-centos Deploy-Nginx]# cat docker-compose.yml 
version: '3.3'

services:
  nginx2002:
    image: nginx:1.20-alpine
    volumes:
      - ./html/nginx2002:/usr/share/nginx/html/
    networks:
      envoymesh:
        ipv4_address: 172.31.201.12
        aliases:
        - nginx
    expose:
      - "80"
    ports:
      - "10.0.0.7:8091:80"

networks:
  envoymesh:
    driver: bridge
    ipam:
      config:
        - subnet: 172.31.201.0/24
[root@VM-0-7-centos Deploy-Nginx]# cat html/nginx2002/index.html 
<title>nginx.yang.com</title>
Nginx 2002 ~~
[root@VM-0-14-centos Deploy-Nginx]# cat docker-compose.yml 
version: '3.3'

services:
  nginx2101:
    image: nginx:1.21-alpine
    volumes:
      - ./html/nginx2101:/usr/share/nginx/html/
    networks:
      envoymesh:
        ipv4_address: 172.31.201.13
        aliases:
        - nginx
        - canary
    expose:
      - "80"
    ports:
      - "10.0.0.14:8091:80"

networks:
  envoymesh:
    driver: bridge
    ipam:
      config:
        - subnet: 172.31.201.0/24
[root@VM-0-14-centos Deploy-Nginx]# cat html/nginx2101/index.html 
<title>nginx.yang.com</title>
Nginx 2101 ~~

三台都执行

docker-compose up -d

在client中做一个解析 做持续访问

[root@master ServiceEntry-and-WorkloadEntry]# kubectl exec -it client-74cf5679fd-vrqjj -- /bin/sh
root@client-74cf5679fd-vrqjj # cat /etc/hosts
# Kubernetes-managed hosts file.
127.0.0.1	localhost
::1	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
fe00::0	ip6-mcastprefix
fe00::1	ip6-allnodes
fe00::2	ip6-allrouters
10.244.104.12	client-74cf5679fd-vrqjj
1.13.248.55 nginx.yang.com
root@client-74cf5679fd-vrqjj # while true; do curl nginx.yang.com:8091; sleep .5; done

查看kiali显示PassthroughCluster,说明流量被透传了

创建serviceentry

[root@master ServiceEntry-and-WorkloadEntry]# kubectl apply -f 01-Service-Entry/01-serviceentry-nginx.yaml 
serviceentry.networking.istio.io/nginx-external created
[root@master ServiceEntry-and-WorkloadEntry]# cat 01-Service-Entry/01-serviceentry-nginx.yaml 
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
  name: nginx-external
spec:
  hosts:
  - nginx.yang.com
  addresses:
  - "1.13.18.220"
  - "1.13.248.55"
  - "1.13.183.102"
  ports:
  - number: 8091
    name: http
    protocol: HTTP
    targetPort: 8091
  location: MESH_EXTERNAL
  resolution: STATIC
  endpoints:
  - address: "1.13.18.220"
    ports:
      http: 8091
  - address: "1.13.248.55"
    ports:
      http: 8091
  - address: "1.13.183.102"
    ports:
      http: 8091

 继续用client循环访问,就可以访问到三个nginx

root@client-74cf5679fd-vrqjj # while true; do curl nginx.yang.com:8091; sleep .5; done
<title>nginx.yang.com</title>
Nginx 2001 ~~
<title>nginx.yang.com</title>
Nginx 2002 ~~
<title>nginx.yang.com</title>
Nginx 2101 ~~
<title>nginx.yang.com</title>
Nginx 2101 ~~
<title>nginx.yang.com</title>
Nginx 2002 ~~
<title>nginx.yang.com</title>
Nginx 2002 ~~
<title>nginx.yang.com</title>
Nginx 2002 ~~
<title>nginx.yang.com</title>
Nginx 2101 ~~
<title>nginx.yang.com</title>
Nginx 2001 ~~
<title>nginx.yang.com</title>
Nginx 2001 ~~

把serviceentry删除

[root@master ServiceEntry-and-WorkloadEntry]# kubectl delete -f 01-Service-Entry/01-serviceentry-nginx.yaml 
serviceentry.networking.istio.io "nginx-external" deleted

部署workloadentry

[root@master ServiceEntry-and-WorkloadEntry]# kubectl apply -f 02-Workload-Entry/01-workloadentry-nginx.yaml 
workloadentry.networking.istio.io/workload-nginx2001 created
workloadentry.networking.istio.io/workload-nginx2002 created
[root@master ServiceEntry-and-WorkloadEntry]# cat 02-Workload-Entry/01-workloadentry-nginx.yaml 
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
  name: workload-nginx2001
  labels:
    version: v1.20
spec:
  address: "1.13.18.220"
  ports:
    http: 8091
  labels:
    app: nginx
    version: v1.20
    instance-id: Nginx2001
---
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
  name: workload-nginx2002
  labels:
    version: v1.20
spec:
  address: "1.13.248.55"
  ports:
    http: 8091
  labels:
    app: nginx
    version: v1.20
    instance-id: Nginx2002
---
[root@master ServiceEntry-and-WorkloadEntry]# kubectl get workloadentry
NAME                 AGE   ADDRESS
workload-nginx2001   12s   1.13.18.220
workload-nginx2002   12s   1.13.248.55

部署serviceentry

[root@master ServiceEntry-and-WorkloadEntry]# kubectl apply -f 02-Workload-Entry/02-serviceentry-nginx.yaml 
serviceentry.networking.istio.io/nginx-external created
[root@master ServiceEntry-and-WorkloadEntry]# cat 02-Workload-Entry/02-serviceentry-nginx.yaml 
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
  name: nginx-external
spec:
  hosts:
  - nginx.yang.com
  ports:
  - number: 80
    name: http
    protocol: HTTP
    targetPort: 8091
  location: MESH_EXTERNAL
  resolution: STATIC
  workloadSelector:
    labels:
      app: nginx

在client中继续持续访问这次访问80端口

root@client-74cf5679fd-vrqjj # while true; do curl nginx.yang.com:80; sleep 0.$RANDOM; done

把第三个nginx也加入到workload中

[root@master ServiceEntry-and-WorkloadEntry]# kubectl apply -f 03-WorkloadEntry-Subsets/01-workloadentry-nginx.yaml 
workloadentry.networking.istio.io/workload-nginx2001 configured
workloadentry.networking.istio.io/workload-nginx2002 configured
workloadentry.networking.istio.io/workload-nginx2101 created
[root@master ServiceEntry-and-WorkloadEntry]# cat 03-WorkloadEntry-Subsets/01-workloadentry-nginx.yaml 
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
  name: workload-nginx2001
spec:
  address: "1.13.18.220"
  ports:
    http: 8091
  labels:
    app: nginx
    version: "v1.20"
    instance-id: Nginx2001
---
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
  name: workload-nginx2002
spec:
  address: "1.13.248.55"
  ports:
    http: 8091
  labels:
    app: nginx
    version: "v1.20"
    instance-id: Nginx2002
---
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
  name: workload-nginx2101
spec:
  address: "1.13.183.102"
  ports:
    http: 8091
  labels:
    app: nginx
    version: "v1.21"
    instance-id: Nginx2101
---

就可以看到流量已经到三个nginx上了 

划分子集

[root@master 03-WorkloadEntry-Subsets]# kubectl apply -f 03-destinationrule-subsets.yaml 
destinationrule.networking.istio.io/nginx-external created
[root@master 03-WorkloadEntry-Subsets]# cat 03-destinationrule-subsets.yaml 
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
  name: nginx-external
spec:
  host: nginx.magedu.com
  subsets:
  - name: v20
    labels:
      version: "v1.20"
  - name: v21
    labels:
      version: "v1.21"
---

对子集进行流量治理,v21版本5%流量v20版本95%流量

[root@master 03-WorkloadEntry-Subsets]# kubectl apply -f 04-virtualservice-wegit-based-routing.yaml 
virtualservice.networking.istio.io/nginx-external created
[root@master 03-WorkloadEntry-Subsets]# cat 04-virtualservice-wegit-based-routing.yaml 
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: nginx-external
spec:
  hosts:
  - nginx.yang.com
  http:
  - name: default
    route:
    - destination:
        host: nginx.yang.com
        subset: v21
      weight: 5
    - destination:
        host: nginx.yang.com
        subset: v20
      weight: 95

百分之5左右的流量2101

 对标头X-Canary:exact: "true"的路由到v21并对5%的流量进行2s延迟

其他流量路由到v20并对5%的流量555的中断故障

[root@master 03-WorkloadEntry-Subsets]# kubectl apply -f 05-virtualservice-headers-based-routing.yaml 
virtualservice.networking.istio.io/nginx-external configured
[root@master 03-WorkloadEntry-Subsets]# cat 05-virtualservice-headers-based-routing.yaml 
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: nginx-external
spec:
  hosts:
  - nginx.yang.com
  http:
  - name: falut-injection
    match:
    - headers:
        X-Canary:
          exact: "true"
    route:
    - destination:
        host: nginx.yang.com
        subset: v21
    fault:
      delay:
        percentage:
          value: 5
        fixedDelay: 2s
  - name: default
    route:
    - destination:
        host: nginx.yang.com
        subset: v20
    fault:
      abort:
        percentage:
          value: 5
        httpStatus: 555
root@client-74cf5679fd-vrqjj # while true; do curl -H "X-Canary: true" nginx.yang.com:80; sleep 0.$RANDOM; done
<title>nginx.yang.com</title>
Nginx 2101 ~~
<title>nginx.yang.com</title>
Nginx 2101 ~~
<title>nginx.yang.com</title>
Nginx 2101 ~~
<title>nginx.yang.com</title>
Nginx 2101 ~~
<title>nginx.yang.com</title>
Nginx 2101 ~~
<title>nginx.yang.com</title>
Nginx 2101 ~~

加上标头匹配就可以看到全部到达nginx2101上了

 

使用Engress统一收入外发流量

[root@master 04-Egress-Gateway]# kubectl apply -f ./
workloadentry.networking.istio.io/workload-nginx2001 unchanged
workloadentry.networking.istio.io/workload-nginx2002 unchanged
workloadentry.networking.istio.io/workload-nginx2101 unchanged
serviceentry.networking.istio.io/nginx unchanged
destinationrule.networking.istio.io/nginx-external unchanged
gateway.networking.istio.io/egress unchanged
virtualservice.networking.istio.io/nginx-external unchanged
[root@master 04-Egress-Gateway]# cat 01-workloadentry-nginx.yaml 
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
  name: workload-nginx2001
spec:
  address: "1.13.18.220"
  ports:
    http: 8091
  labels:
    app: nginx
    version: "v1.20"
    instance-id: Nginx2001
---
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
  name: workload-nginx2002
spec:
  address: "1.13.248.55"
  ports:
    http: 8091
  labels:
    app: nginx
    version: "v1.20"
    instance-id: Nginx2002
---
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
  name: workload-nginx2101
spec:
  address: "1.13.183.102"
  ports:
    http: 8091
  labels:
    app: nginx
    version: "v1.21"
    instance-id: Nginx2101
---
[root@master 04-Egress-Gateway]# cat 02-serviceentry-nginx.yaml 
---
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
  name: nginx
spec:
  hosts:
  - nginx.magedu.com
  ports:
  - number: 80
    name: http
    protocol: HTTP
  location: MESH_EXTERNAL
  resolution: STATIC
  workloadSelector:
    labels:
      app: nginx
---
[root@master 04-Egress-Gateway]# cat 03-destinationrule-subsets.yaml 
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
  name: nginx-external
spec:
  host: nginx.magedu.com
  subsets:
  - name: v20
    labels:
      version: "v1.20"
  - name: v21
    labels:
      version: "v1.21"
---
[root@master 04-Egress-Gateway]# cat 04-gateway-egress.yaml 
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: egress
  namespace: istio-system
spec:
  selector:
    app: istio-egressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "*"
[root@master 04-Egress-Gateway]# cat 05-virtualservice-wegit-based-routing.yaml 
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: nginx-external
spec:
  hosts:
  - nginx.magedu.com
  gateways:
  - istio-system/egress
  - mesh
  http:
  - match:
    - gateways:
      - mesh
    route:
    - destination:
        host: istio-egressgateway.istio-system.svc.cluster.local
  - match:
    - gateways:
      - istio-system/egress
    route:
    - destination:
        host: nginx.magedu.com
        subset: v21
      weight: 5
    - destination:
        host: nginx.magedu.com
        subset: v20
      weight: 95

标签:ServiceEntry,networking,root,istio,nginx,io,workloadentry,com
From: https://www.cnblogs.com/zyyang1993/p/16929960.html

相关文章

  • Istio workloadEntry实例
    服务说明在网格外部运行有nginx服务,有两个实例Nginx2001:监听地址为172.29.1.201:8091,Nginx版本为1.20Nginx2002:监听地址为172.29.1.202:8091,Nginx版本为1.20N......
  • Istio ServiceEntry实例
    服务说明在网格外部运行有nginx服务,有两个实例Nginx2001:监听地址为172.29.1.201:8091,Nginx版本为1.20Nginx2002:监听地址为172.29.1.202:8091,Nginx版本为1.20N......
  • Istio(七):ServiceEntry,sidecar,Envoy Filter
    目录一.模块概览二.系统环境三.ServiceEntry四.sidecar4.1Sidecar4.2工作负载选择器4.3入口和出口监听器五.EnvoyFilter5.1EnvoyFilter一.模块概览使用ServiceEntr......
  • Istio ServiceEntry
    ServiceEntry介绍ServiceEntry用于将未能自动添加至网格中的服务,以手动形式添加至网格中,以使得网格内的自动发现机制能够访问或路由到这些服务未能自动添加至网格中的......
  • 为Nginx服务添加ServiceEntry和workloadEntry对象,治理目标为网格外部服务的出向流量
    测试在网格内部访问网格外部服务我是开了三台云主机每台都安装下docker和docker-compose第一台[root@VM-0-12-centos~]#catDeploy-Nginx/docker-compose.ymlversio......

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99