首页 > 其他分享 >VirtualService资源详解

VirtualService资源详解

时间:2022-12-16 19:03:02浏览次数:60  
标签:VirtualService name uri istio 详解 资源 productpage exact match


**

VirtualService资源详解

学习目标

VirtualService资源详解_json

什么是virtualService

​VirtualService​​中文名称虚拟服务,是istio中一个重要的资源, 它定义了一系列针对指定服务的流量路由规则。每个路由规则都针对特定协议的匹配规则。如果流量符合这些特征,就会根据规则发送到服务注册表中的目标服务(或者目标服务的子集或版本)。

vs和k8s service的区别

如果没有 Istio virtual service,仅仅使用 k8s service 的话,那么只能实现最基本的流量负载均衡转发,但是就不能实现类似按百分比来分配流量等更加复杂、丰富、细粒度的流量控制了。

备注:虚拟服务相当于 K8s 服务的 sidecar,在原本 K8s 服务的功能之上,提供了更加丰富的路由控制。

例子:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: test-virtual-svc
spec:
hosts:
- "web-svc"
http:
- route:
- destination:
host: web-svc
subset: nginx
weight: 25
- destination:
host: web-svc
subset: tomcat
weight: 75

配置详解

exportTo

1只在当前名称空间有效

virtaulservice/vs-bookinfo-dot.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- .
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080

2所有名称空间有效

virtaulservice/vs-bookinfo-star.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080

3特定名称空间有效

virtaulservice/vs-bookinfo-istio-system.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
# - "default"
# - "istio"
- "istio-system"
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080

gateways

​Gateway​​​ 名称列表,Sidecar 会据此使用路由。​​VirtualService​​​ 对象可以用于网格中的 Sidecar,也可以用于一个或多个 ​​Gateway​​​。这里公开的选择条件可以在协议相关的路由过滤条件中进行覆盖。保留字 ​​mesh​​​ 用来指代网格中的所有 Sidecar。当这一字段被省略时,就会使用缺省值(​​mesh​​​),也就是针对网格中的所有 Sidecar 生效。如果提供了 ​​gateways​​​ 字段,这一规则就只会应用到声明的 ​​Gateway​​​ 之中。要让规则同时对 ​​Gateway​​​ 和网格内服务生效,需要显式的将 ​​mesh​​​ 加入 ​​gateways​​ 列表。

1单个gateway

virtaulservice/vs-bookinfo-gw-single.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080

2多个gateway

virtaulservice/vs-bookinfo-multi-gw.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
- bookinfo-gateway-02
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080

3不同名称空间下的gateway

virtaulservice/vs-bookinfo-gw-namespace.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- default/bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080

4省略gateways默认为mesh

virtaulservice/vs-review-v2.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v2

5gateways为mesh

virtaulservice/vs-review-mesh.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
gateways:
- mesh
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v3

hosts

必要字段:流量的目标主机。可以是带有通配符前缀的 DNS 名称,也可以是 IP 地址。根据所在平台情况,还可能使用短名称来代替 FQDN。这种场景下,短名称到 FQDN 的具体转换过程是要靠下层平台完成的。**一个主机名只能在一个 VirtualService 中定义。**同一个 ​​VirtualService​​​ 中可以用于控制多个 HTTP 和 TCP 端口的流量属性。 Kubernetes 用户注意:当使用服务的短名称时(例如使用 ​​reviews​​​,而不是 ​​reviews.default.svc.cluster.local​​​),Istio 会根据规则所在的命名空间来处理这一名称,而非服务所在的命名空间。假设 “default” 命名空间的一条规则中包含了一个 ​​reviews​​​ 的 ​​host​​​引用,就会被视为 ​​reviews.default.svc.cluster.local​​​,而不会考虑 ​​reviews​​ 服务所在的命名空间。为了避免可能的错误配置,建议使用 FQDN 来进行服务引用。​hosts​​​ 字段对 HTTP 和 TCP 服务都是有效的。网格中的服务也就是在服务注册表中注册的服务,必须使用他们的注册名进行引用;只有 ​​Gateway​​ 定义的服务才可以使用 IP 地址。

ip

virtaulservice/vs-bookinfo-hosts-ip.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "192.168.198.155"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080

多个hosts

virtaulservice/vs-bookinfo-hosts-multi.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "bookinfo.com"
- "bookinfo.demo"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080

匹配所有域名

virtaulservice/vs-bookinfo-hosts-star.yaml

kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080

短fqdn

virtaulservice/vs-bookinfo-hosts-fqdn-short.yaml

在default名称空间创建vs

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "bookinfo"
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080

同时要创建一个同名service

[root@master01 virtaulservice]# cat bookinfo-svc.yaml 
apiVersion: v1
kind: Service
metadata:
name: bookinfo
labels:
app: productpage
service: productpage
spec:
ports:
- port: 9080
name: http
selector:
app: productpage

长fqdn

virtaulservice/vs-bookinfo-hosts-fqdn-long.yaml

在default名称空间创建vs

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "bookinfo.default.svc.cluster.local"
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080

同时在default名称空间创建bookinfo svc

virtaulservice/bookinfo-svc.yaml

apiVersion: v1
kind: Service
metadata:
name: bookinfo
labels:
app: productpage
service: productpage
spec:
ports:
- port: 9080
name: http
selector:
app: productpage

http

HTTP 流量规则的有序列表。这个列表对名称前缀为 ​​http-​​​、​​http2-​​​、​​grpc-​​​ 的服务端口,或者协议为 ​​HTTP​​​、​​HTTP2​​​、​​GRPC​​​ 以及终结的 TLS,另外还有使用 ​​HTTP​​​、​​HTTP2​​​ 以及 ​​GRPC​​​ 协议的 ​​ServiceEntry​​ 都是有效的。进入流量会使用匹配到的第一条规则。

corsPolicy


配置httpd服务
[root@master01 html]# cat index.html 
<html>
<head><title></title></head>
<body>
<script type="text/javascript" src="https://code.jquery.com/jquery-3.2.1.min.js"></script>
<script>
$(function(){
$("#cors").click(
function(){
$.ajax({
type:"get",
dataType : "html",
url:"http://bookinfo.demo:27941/productpage",
success:function(data){
alert(data);
}
})
});

$("#cors2").click(
function(){
$.ajax({
type:"get",
dataType : "json",
url:"http://bookinfo.demo:27941/reviews/1",
contentType : 'application/json;charset=UTF-8',
success:function(data){
var jsonStr = JSON.stringify(data);
alert(jsonStr);
}
})
});
$("#cors3").click(
function(){
$.ajax({
type:"delete",
contentType : 'application/json;charset=UTF-8',
dataType : "json",
url:"http://bookinfo.demo:27941/reviews/1",
success:function(data){
var jsonStr = JSON.stringify(data);
alert(jsonStr);
}
})
});
$("#cors4").click(
function(){
$.ajax({
type:"get",
contentType : 'application/json;charset=UTF-8',
dataType : "json",
headers:{"X-Custom-Header":"value"},
url:"http://bookinfo.demo:27941/reviews/1",
success:function(data){
var jsonStr = JSON.stringify(data);
alert(jsonStr);
}
})
});

});

</script>
<input type="button" id="cors" value="简单请求"/>
<input type="button" id="cors2" value="非简单请求"/>
<input type="button" id="cors3" value="非简单请求delete"/>
<input type="button" id="cors4" value="非简单请求headers"/>
</body>
</html>

注意替换端口 url:“http://bookinfo.demo:27941/productpage”,

启动nginx

systemctl start httpd

简单请求,配置cors

virtaulservice/corsPolicy/vs-productpage-cors.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
corsPolicy:
allowOrigins:
- exact: "http://mytest.com:8081"
route:
- destination:
host: productpage
port:
number: 9080
访问:

​http://mytest.com:8081/​

简单请求allowCredentials

virtaulservice/corsPolicy/vs-productpage-cors-allowCredentials.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
corsPolicy:
allowCredentials: true
allowOrigins:
- exact: "http://mytest.com:8081"
route:
- destination:
host: productpage
port:
number: 9080
简单请求allowOrigins prefix

virtaulservice/corsPolicy/vs-productpage-cors-allowOrigins-prefix.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
corsPolicy:
allowOrigins:
- prefix: "http://mytest"
route:
- destination:
host: productpage
port:
number: 9080
简单请求allowOrigins regex

virtaulservice/corsPolicy/vs-productpage-cors-allowOrigins-regex.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
corsPolicy:
allowOrigins:
- regex: ".*"
route:
- destination:
host: productpage
port:
number: 9080
简单请求exposeHeaders

virtaulservice/corsPolicy/vs-productpage-cors-exposeHeaders.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
corsPolicy:
allowOrigins:
- exact: "http://mytest.com:8081"
exposeHeaders:
- test
- test2
route:
- destination:
host: productpage
port:
number: 9080
非简单请求

virtaulservice/corsPolicy/vs-reviews-cors.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookreviews
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
prefix: /reviews
corsPolicy:
allowOrigins:
- exact: "http://mytest.com:8081"
allowMethods:
- GET
- OPTIONS
maxAge: "1m"
route:
- destination:
host: reviews
port:
number: 9080
非简单请求allowMethods

virtaulservice/corsPolicy/vs-reviews-cors-allowMethods.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookreviews
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
prefix: /reviews
corsPolicy:
allowOrigins:
- exact: "http://mytest.com:8081"
allowMethods:
- POST
- OPTIONS
maxAge: "1m"
route:
- destination:
host: reviews
port:
number: 9080
非简单请求allowHeaders

virtaulservice/corsPolicy/vs-reviews-cors-allowHeaders.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookreviews
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
prefix: /reviews
corsPolicy:
allowOrigins:
- exact: "http://mytest.com:8081"
allowMethods:
- GET
- OPTIONS
maxAge: "1m"
allowHeaders:
- X-Custom-Header
- content-type
route:
- destination:
host: reviews
port:
number: 9080
非简单请求maxAge

virtaulservice/corsPolicy/vs-reviews-cors-maxAge.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookreviews
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
prefix: /reviews
corsPolicy:
allowOrigins:
- exact: "http://mytest.com:8081"
allowMethods:
- GET
- OPTIONS
maxAge: "10s"
#maxAge: "1m"
#maxAge: "1h"
route:
- destination:
host: reviews
port:
number: 9080

delegate

向istiod容器设置环境变量

PILOT_ENABLE_VIRTUAL_SERVICE_DELEGATE=true

kubectl set env deploy istiod -n istio-system --list

kubectl set env deploy istiod -n istio-system PILOT_ENABLE_VIRTUAL_SERVICE_DELEGATE=true

配置文件

virtaulservice/delegate/vs-delegate.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
delegate:
name: productpage
namespace: istio

测试不成功,有待研究

fault

abort

virtaulservice/fault/vs-productpage-fault-abort.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
namespace: istio
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- fault:
abort:
httpStatus: 500
percentage:
value: 100
match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
subset: v1
delay

virtaulservice/fault/vs-productpage-fault-delay.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
namespace: istio
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- fault:
delay:
percentage:
value: 100.0
fixedDelay: 7s
match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
subset: v1

headers

request
add

virtaulservice/headers/vs-headers-request-add.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
headers:
request:
add:
TEST_REQUEST_HEADER: XX
route:
- destination:
host: productpage
port:
number: 9080
remove

virtaulservice/headers/vs-headers-request-remove.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
headers:
request:
remove:
- TEST_REQUEST_HEADER
route:
- destination:
host: productpage
port:
number: 9080
set

virtaulservice/headers/vs-headers-request-set.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
headers:
request:
set:
TEST_REQUEST_HEADER: XX
route:
- destination:
host: productpage
port:
number: 9080
response
add

virtaulservice/headers/vs-headers-response-add.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
headers:
response:
add:
TEST_REQUEST_HEADER: XX
route:
- destination:
host: productpage
port:
number: 9080
remove

virtaulservice/headers/vs-headers-response-remove.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
headers:
response:
remove:
- x-envoy-upstream-service-time
route:
- destination:
host: productpage
port:
number: 9080
set

virtaulservice/headers/vs-headers-response-set.yaml

没有就添加,有就修改

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
headers:
response:
set:
content-type: "text/html"
Test: "test"
x-envoy-upstream-service-time: "1111111111"
route:
- destination:
host: productpage
port:
number: 9080

match

authority
exact

virtaulservice/match/vs-match-authority-exact.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- authority:
exact: "bookinfo.demo:27941"
route:
- destination:
host: productpage
port:
number: 9080
prefix

virtaulservice/match/vs-match-authority-prefix.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- authority:
prefix: "bookinfo"
route:
- destination:
host: productpage
port:
number: 9080
regex

virtaulservice/match/vs-match-authority-regex.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- authority:
regex: "bookinfo.de.*"
route:
- destination:
host: productpage
port:
number: 9080
gateways

virtaulservice/match/vs-match-gateways.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
- bookinfo-gateway-02
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
gateways:
- bookinfo-gateway-02
- uri:
prefix: /static
route:
- destination:
host: productpage
port:
number: 9080

headers

exact

virtaulservice/match/

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- headers:
end-user:
exact: mark
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v3
prefix

virtaulservice/match/vs-match-headers-prefix.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- headers:
end-user:
prefix: ma
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v3
regex

virtaulservice/match/vs-match-headers-regex.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- headers:
end-user:
regex: "m.*k"
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v3
ignoreUriCase

virtaulservice/match/vs-match-ignoreUriCase.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: "/PRODUCTPAGE"
ignoreUriCase: true
route:
- destination:
host: productpage
port:
number: 9080
method
exact

virtaulservice/match/vs-match-method-exact.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- method:
exact: "GET"
route:
- destination:
host: productpage
port:
number: 9080
prefix

virtaulservice/match/vs-match-method-prefix.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- method:
prefix: "G"
route:
- destination:
host: productpage
port:
number: 9080
regex

virtaulservice/match/vs-match-method-regex.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- method:
regex: "G.*T"
route:
- destination:
host: productpage
port:
number: 9080
name

virtaulservice/match/vs-match-name.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
name: book
route:
- destination:
host: productpage
port:
number: 9080
port

virtaulservice/match/vs-match-port.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- port: 80
route:
- destination:
host: productpage
port:
number: 9080
queryParams
exact

virtaulservice/match/vs-match-queryParams-exact.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- queryParams:
test:
exact: test
route:
- destination:
host: productpage
port:
number: 9080
prefix

virtaulservice/match/vs-match-queryParams-prefix.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- queryParams:
test:
prefix: test
route:
- destination:
host: productpage
port:
number: 9080

不起作用,只要有queryParams为test就能访问

regex

virtaulservice/match/vs-match-queryParams-regex.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- queryParams:
test:
regex: "\\d+$"
route:
- destination:
host: productpage
port:
number: 9080

test值必须是数字

scheme

访问404,放弃,有待研究

exact

vs-match-scheme-exact.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- scheme:
exact: "http"
route:
- destination:
host: productpage
port:
number: 9080

prefix

vs-match-scheme-prefix.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- scheme:
prefix: "http"
route:
- destination:
host: productpage
port:
number: 9080

regex

vs-match-scheme-regex.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- scheme:
regex: ".*"
route:
- destination:
host: productpage
port:
number: 9080
sourceLabels

virtaulservice/match/vs-match-sourceLabels.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- sourceLabels:
app: productpage
version: v1
route:
- destination:
host: reviews
subset: v2
sourceNamespace

virtaulservice/match/vs-match-sourceNamespace.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- sourceNamespace: istio-system
route:
- destination:
host: productpage
port:
number: 9080
uri
exact

virtaulservice/match/vs-match-uri-exact.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
route:
- destination:
host: productpage
port:
number: 9080
prefix

virtaulservice/match/vs-match-uri-prefix.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
prefix: /product
route:
- destination:
host: productpage
port:
number: 9080
regex

virtaulservice/match/vs-match-uri-regex.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
regex: "/p.*e"
route:
- destination:
host: productpage
port:
number: 9080
withoutHeaders

测试不成功,放弃,有待研究

exact

vs-match-withoutHeaders-exact.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- withoutHeaders:
end-user:
exact: mark
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v3
prefix

vs-match-withoutHeaders-prefix.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- withoutHeaders:
end-user:
prefix: ma
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v3
regex

vs-match-withoutHeaders-regex.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- withoutHeaders:
end-user:
regex: "m.*k"
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v3

mirror

virtaulservice/mirror/vs-http-mirror.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
port:
number: 9080
mirror:
host: productpage.istio-2.svc.cluster.local
port:
number: 9080
mirrorPercentage:
value: 100

1创建namespace

kubectl create ns istio-2

2打标签

kubectl label ns istio-2 istio-injection=enabled

3部署deployment

kubectl apply -f productpage-deploy.yaml -n istio-2

4打开日志

kubectl logs -f productpage-v1-64794f5db4-ng9sn -n istio-2

5创建资源

kubectl apply -f vs-http-mirror.yaml -n istio

6访问url

​http://192.168.198.154:27941/productpage​

subset

1创建dr

kubectl apply -f dr-productpage.yaml -n istio-2

2创建mirror资源

kubectl apply -f vs-http-mirror-subset.yaml -n istio

3访问

​http://192.168.198.154:27941/productpage​

4观察日志

name

virtaulservice/vs-bookinfo-name.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
name: bookinfo
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080

redirect

virtaulservice/redirect/vs-productpage-redirect.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /mypage
redirect:
uri: /productpage
authority: 192.168.198.154:27941
redirectCode: 308
- match:
- uri:
prefix: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
port:

访问:

​http://192.168.198.154:27941/mypage​

retries

  • attempts:必选字段,定义重试的次数
  • perTryTimeout:每次重试超时的时间,单位可以是ms、s、m和h
  • retryOn:进行重试的条件,可以是多个条件,以逗号分隔

其中重试条件retryOn的取值可以包括以下几种。

  • 5xx:在上游服务返回5xx应答码,或者在没有返回时重试
  • gateway-error:类似于5xx异常,只对502、503和504应答码进行重试。
  • connect-failure:在链接上游服务失败时重试 retriable-4xx:在上游服务返回可重试的4xx应答码时执行重试。
  • refused-stream:在上游服务使用REFUSED_STREAM错误码重置时执行重试。
  • cancelled:gRPC应答的Header中状态码是cancelled时执行重试。
  • deadline-exceeded:在gRPC应答的Header中状态码是deadline-exceeded时执行重试
  • internal:在gRPC应答的Header中状态码是internal时执行重试
  • resource-exhausted:在gRPC应答的Header中状态码是resource-exhausted时执行重试
  • unavailable:在gRPC应答的Header中状态码是unavailable时执行重试。

设置延迟错误:

virtaulservice/retry/vs-reviews.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v3
fault:
delay:
percentage:
value: 100.0
fixedDelay: 7s

设置重试

virtaulservice/retry/vs-bookinfo.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
subset: v1
retries:
attempts: 5
perTryTimeout: 3s
retryOn: 5xx,connect-failure

是否重试其他机子

virtaulservice/retry/vs-bookinfo-retryRemoteLocalities.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
subset: v1
retries:
attempts: 5
perTryTimeout: 3s
retryOn: 5xx,connect-failure
retryRemoteLocalities: true

rewrite

uri

virtaulservice/rewrite/vs-http-rewrite.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
regex: "/m.*k"
rewrite:
uri: "/productpage"
route:
- destination:
host: productpage
port:
number: 9080
authority

virtaulservice/rewrite/vs-http-rewrite-authority.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
regex: "/m.*k"
rewrite:
uri: "/productpage"
authority: bookinfo.com:27941
route:
- destination:
host: productpage
port:
number: 9080

route

destination
host

virtaulservice/route/vs-reviews-host.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
port

virtaulservice/route/vs-reviews-port.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
port:
number: 9080
subset

virtaulservice/route/vs-reviews-subset.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
headers
request

add

virtaulservice/route/vs-reviews-headers-request-add.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
headers:
request:
add:
test: test

remove

virtaulservice/route/vs-reviews-headers-request-remove.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
headers:
request:
remove:
- test

set

virtaulservice/route/vs-reviews-headers-request-set.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
headers:
request:
set:
test: test
response

add

virtaulservice/route/vs-bookinfo-headers-response-add.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
headers:
response:
add:
test: test

remove

virtaulservice/route/vs-bookinfo-headers-response-remove.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
headers:
response:
remove:
- x-envoy-upstream-service-time

set

virtaulservice/route/vs-bookinfo-headers-response-set.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
headers:
response:
set:
content-type: "text/html"
test: test
x-envoy-upstream-service-time: "1111"
~
weight

virtaulservice/route/vs-reviews-weight.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
weight: 50
- destination:
host: reviews
subset: v3
weight: 50

timeout

virtaulservice/timeout/vs-http-timeout.yaml

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
port:
number: 9080
timeout: 0.01s

tls

一个有序列表,对应的是透传 TLS 和 HTTPS 流量。路由过程通常利用 ​​ClientHello​​​ 消息中的 SNI 来完成。TLS 路由通常应用在 ​​https-​​​、​​tls-​​​ 前缀的平台服务端口,或者经 ​​Gateway​​​ 透传的 HTTPS、TLS 协议端口,以及使用 HTTPS 或者 TLS 协议的 ​​ServiceEntry​​ 端口上。注意:没有关联 VirtualService 的 https- 或者 tls- 端口流量会被视为透传 TCP 流量。

1创建证书

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -subj ‘/O=example Inc./CN=example.com’ -keyout example.com.key -out example.com.crt

openssl req -out nginx.example.com.csr -newkey rsa:2048 -nodes -keyout nginx.example.com.key -subj “/CN=nginx.example.com/O=some organization”

openssl x509 -req -days 365 -CA example.com.crt -CAkey example.com.key -set_serial 0 -in nginx.example.com.csr -out nginx.example.com.crt

2创建secret

kubectl create secret tls nginx-server-certs --key nginx.example.com.key --cert nginx.example.com.crt -n istio

3创建nginx配置文件

events {
}

http {
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log;

server {
listen 443 ssl;

root /usr/share/nginx/html;
index index.html;

server_name nginx.example.com;
ssl_certificate /etc/nginx-server-certs/tls.crt;
ssl_certificate_key /etc/nginx-server-certs/tls.key;
}
}

kubectl create configmap nginx-configmap --from-file=nginx.conf=./nginx.conf -nistio

4创建deploy

apiVersion: v1
kind: Service
metadata:
name: my-nginx
labels:
run: my-nginx
spec:
ports:
- port: 443
protocol: TCP
selector:
run: my-nginx
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-nginx
spec:
selector:
matchLabels:
run: my-nginx
replicas: 1
template:
metadata:
labels:
run: my-nginx
spec:
containers:
- name: my-nginx
image: nginx
ports:
- containerPort: 443
volumeMounts:
- name: nginx-config
mountPath: /etc/nginx
readOnly: true
- name: nginx-server-certs
mountPath: /etc/nginx-server-certs
readOnly: true
volumes:
- name: nginx-config
configMap:
name: nginx-configmap
- name: nginx-server-certs
secret:
secretName: nginx-server-certs

5创建gateway

apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: bookinfo-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 443
name: https-443
protocol: HTTPS
hosts:
- "nginx.example.com"
tls:
mode: PASSTHROUGH

6创建vs

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginx
spec:
hosts:
- nginx.example.com
gateways:
- bookinfo-gateway
tls:
- match:
- port: 443
sniHosts:
- nginx.example.com
route:
- destination:
host: my-nginx
port:
number: 443

7访问url

​https://nginx.example.com:39329/​

match

destinationSubnets

1.7.0/virtaulservice/tls/vs-nginx-destinationSubnets.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginx
spec:
hosts:
- nginx.example.com
gateways:
- bookinfo-gateway
tls:
- match:
- port: 443
sniHosts:
- nginx.example.com
destinationSubnets:
- 172.20.1.78/32
route:
- destination:
host: my-nginx
port:
number: 443
gateways

1.7.0/virtaulservice/tls/vs-nginx-gateways.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginx
spec:
hosts:
- nginx.example.com
gateways:
- bookinfo-gateway
tls:
- match:
- port: 443
sniHosts:
- nginx.example.com
gateways:
- bookinfo-gateway
route:
- destination:
host: my-nginx
port:
number: 443
sourceLabels

1.7.0/virtaulservice/tls/vs-nginx-sourceLabels.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginx
spec:
hosts:
- nginx.example.com
gateways:
- bookinfo-gateway
tls:
- match:
- port: 443
sniHosts:
- nginx.example.com
sourceLabels:
istio: ingressgateway
route:
- destination:
host: my-nginx
port:
number: 443
sourceNamespace

1.7.0/virtaulservice/tls/vs-nginx-sourceNamespace.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginx
spec:
hosts:
- nginx.example.com
gateways:
- bookinfo-gateway
tls:
- match:
- port: 443
sniHosts:
- nginx.example.com
sourceNamespace: istio-system
route:
- destination:
host: my-nginx
port:
number: 443

tcp

一个针对透传 TCP 流量的有序路由列表。TCP 路由对所有 HTTP 和 TLS 之外的端口生效。进入流量会使用匹配到的第一条规则。

match

port

1部署deploy

kubectl apply -f tcp-echo-services.yaml -n istio

tcp-echo-services.yaml

apiVersion: v1
kind: Service
metadata:
name: tcp-echo
labels:
app: tcp-echo
spec:
ports:
- name: tcp
port: 9000
- name: tcp-other
port: 9001
# Port 9002 is omitted intentionally for testing the pass through filter chain.
selector:
app: tcp-echo
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tcp-echo-v1
spec:
replicas: 1
selector:
matchLabels:
app: tcp-echo
version: v1
template:
metadata:
labels:
app: tcp-echo
version: v1
spec:
containers:
- name: tcp-echo
image: docker.io/istio/tcp-echo-server:1.2
imagePullPolicy: IfNotPresent
args: [ "9000,9001,9002", "one" ]
ports:
- containerPort: 9000
- containerPort: 9001
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tcp-echo-v2
spec:
replicas: 1
selector:
matchLabels:
app: tcp-echo
version: v2
template:
metadata:
labels:
app: tcp-echo
version: v2
spec:
containers:
- name: tcp-echo
image: docker.io/istio/tcp-echo-server:1.2
imagePullPolicy: IfNotPresent
args: [ "9000,9001,9002", "two" ]
ports:
- containerPort: 9000
- containerPort: 9001

2添加service 端口

kubectl edit svc istio-ingressgateway -n istio-system

- name: tcp
port: 31400
protocol: TCP
targetPort: 31400

3 创建资源

kubectl apply -f tcp-echo-all-v1.yaml -n istio

tcp-echo-all-v1.yaml

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: tcp-echo-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 31400
name: tcp
protocol: TCP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: tcp-echo-destination
spec:
host: tcp-echo
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- port: 31400
route:
- destination:
host: tcp-echo
port:
number: 9000
subset: v1

4访问

telnet 192.168.198.154 37048

destinationSubnets

virtaulservice/tcp/vs-destinationSubnets.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- destinationSubnets:
- 172.20.2.0/24
route:
- destination:
host: tcp-echo
port:
number: 9000
subset: v2
sourceSubnet

virtaulservice/tcp/vs-sourceSubnet.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- sourceSubnet: 172.20.1.24
route:
- destination:
host: tcp-echo
port:
number: 9000
subset: v2
sourceLabels

virtaulservice/tcp/vs-sourceLabels.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- sourceLabels:
app: istio-ingressgateway
route:
- destination:
host: tcp-echo
port:
number: 9000
subset: v2
sourceNamespace

virtaulservice/tcp/vs-sourceNamespace.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- sourceNamespace: istio-system
route:
- destination:
host: tcp-echo
port:
number: 9000
subset: v2
gateways

virtaulservice/tcp/vs-gateways.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- gateways:
- tcp-echo-gateway
route:
- destination:
host: tcp-echo
port:
number: 9000
subset: v2

route

destination
host

virtaulservice/tcp/vs-route-host.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- route:
- destination:
host: tcp-echo
port:
number: 9000
port

virtaulservice/tcp/vs-route-port.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- route:
- destination:
host: tcp-echo
port:
number: 9000
subset

virtaulservice/tcp/vs-route-subset.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- route:
- destination:
host: tcp-echo
subset: v2
port:
number: 9000
weight

virtaulservice/tcp/tcp-echo-20-v2.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- port: 31400
route:
- destination:
host: tcp-echo
port:
number: 9000
subset: v1
weight: 80
- destination:
host: tcp-echo
port:
number: 9000
subset: v2
weight: 20

三种协议路由规则对比

VirtualService 在http、tls、tcp这三个字段上分别定义了应用于HTTP、TLS和TCP三种协议的路由规则。从规则构成上都是先定义一组匹配条件,然后对满足条件的的流量执行对应的操作。因为协议的内容不同,路由匹配条件不同,所以执行的操作也不同。如下表所示对比了三种路由规则。从各个维度来看,HTTP路由规则的内容最丰富,TCP路由规则的内容最少,这也符合协议分层的设计。

VirtualService资源详解_json_02


标签:VirtualService,name,uri,istio,详解,资源,productpage,exact,match
From: https://blog.51cto.com/u_11979904/5948165

相关文章

  • ServiceEntry详解
     欢迎关注我的公众号: 目前刚开始写一个月,一共写了18篇原创文章,文章目录如下:​​istio多集群探秘,部署了50次多集群后我得出的结论​​​​istio多集群链路追踪,附实操视频​......
  • authorizationPolicy详解
     欢迎关注我的公众号: 目前刚开始写一个月,一共写了18篇原创文章,文章目录如下:​​istio多集群探秘,部署了50次多集群后我得出的结论​​​​istio多集群链路追踪,附实操视频​......
  • tekton task资源
     欢迎关注我的公众号: 目前刚开始写一个月,一共写了18篇原创文章,文章目录如下:​​istio多集群探秘,部署了50次多集群后我得出的结论​​​​istio多集群链路追踪,附实操视频​......
  • workloadentry详解
    欢迎关注我的公众号: 目前刚开始写一个月,一共写了18篇原创文章,文章目录如下:​​istio多集群探秘,部署了50次多集群后我得出的结论​​​​istio多集群链路追踪,附实操视频​​......
  • PeerAuthentication详解
     欢迎关注我的公众号: 目前刚开始写一个月,一共写了18篇原创文章,文章目录如下:​​istio多集群探秘,部署了50次多集群后我得出的结论​​​​istio多集群链路追踪,附实操视频​......
  • requestAuthentication详解
     欢迎关注我的公众号: 目前刚开始写一个月,一共写了18篇原创文章,文章目录如下:​​istio多集群探秘,部署了50次多集群后我得出的结论​​​​istio多集群链路追踪,附实操视频​......
  • sidecar详解
     欢迎关注我的公众号: 目前刚开始写一个月,一共写了18篇原创文章,文章目录如下:​​istio多集群探秘,部署了50次多集群后我得出的结论​​​​istio多集群链路追踪,附实操视频​......
  • springMVC10(放行静态资源访问)
    一、放行静态资源访问的目的:为了让静态资源不被"springMVC"访问,而被拦截。我们需要让它被"放行"二、目录结构是什么样?2.1.1-在main包下2.1.2-和java包同"级别"2......
  • C#高级--Expression详解
    C#高级–Expression详解零、文章目录一、Expression是什么1、如何定义Expression<Func<TSource,bool>>就是表达式目录树Expression不能带有大括号,只能有一行代码2、和委托......
  • Hubbell EDI 855 采购订单确认报文详解
    Hubbell于纽约证券交易所上市,全球员工近12000名,在欧美地区以其高品质获得人们的青睐,成为家喻户晓的品牌,同类产品占有份额达95%以上。在数字化的今天,HUBBELL延续了在一个......