**
VirtualService资源详解
学习目标
什么是virtualService
VirtualService
中文名称虚拟服务,是istio中一个重要的资源, 它定义了一系列针对指定服务的流量路由规则。每个路由规则都针对特定协议的匹配规则。如果流量符合这些特征,就会根据规则发送到服务注册表中的目标服务(或者目标服务的子集或版本)。
vs和k8s service的区别
如果没有 Istio virtual service,仅仅使用 k8s service 的话,那么只能实现最基本的流量负载均衡转发,但是就不能实现类似按百分比来分配流量等更加复杂、丰富、细粒度的流量控制了。
备注:虚拟服务相当于 K8s 服务的 sidecar,在原本 K8s 服务的功能之上,提供了更加丰富的路由控制。
例子:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: test-virtual-svc
spec:
hosts:
- "web-svc"
http:
- route:
- destination:
host: web-svc
subset: nginx
weight: 25
- destination:
host: web-svc
subset: tomcat
weight: 75
配置详解
exportTo
1只在当前名称空间有效
virtaulservice/vs-bookinfo-dot.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- .
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
2所有名称空间有效
virtaulservice/vs-bookinfo-star.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
3特定名称空间有效
virtaulservice/vs-bookinfo-istio-system.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
# - "default"
# - "istio"
- "istio-system"
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
gateways
Gateway
名称列表,Sidecar 会据此使用路由。VirtualService
对象可以用于网格中的 Sidecar,也可以用于一个或多个 Gateway
。这里公开的选择条件可以在协议相关的路由过滤条件中进行覆盖。保留字 mesh
用来指代网格中的所有 Sidecar。当这一字段被省略时,就会使用缺省值(mesh
),也就是针对网格中的所有 Sidecar 生效。如果提供了 gateways
字段,这一规则就只会应用到声明的 Gateway
之中。要让规则同时对 Gateway
和网格内服务生效,需要显式的将 mesh
加入 gateways
列表。
1单个gateway
virtaulservice/vs-bookinfo-gw-single.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
2多个gateway
virtaulservice/vs-bookinfo-multi-gw.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
- bookinfo-gateway-02
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
3不同名称空间下的gateway
virtaulservice/vs-bookinfo-gw-namespace.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- default/bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
4省略gateways默认为mesh
virtaulservice/vs-review-v2.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v2
5gateways为mesh
virtaulservice/vs-review-mesh.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
gateways:
- mesh
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v3
hosts
必要字段:流量的目标主机。可以是带有通配符前缀的 DNS 名称,也可以是 IP 地址。根据所在平台情况,还可能使用短名称来代替 FQDN。这种场景下,短名称到 FQDN 的具体转换过程是要靠下层平台完成的。**一个主机名只能在一个 VirtualService 中定义。**同一个 VirtualService
中可以用于控制多个 HTTP 和 TCP 端口的流量属性。 Kubernetes 用户注意:当使用服务的短名称时(例如使用 reviews
,而不是 reviews.default.svc.cluster.local
),Istio 会根据规则所在的命名空间来处理这一名称,而非服务所在的命名空间。假设 “default” 命名空间的一条规则中包含了一个 reviews
的 host
引用,就会被视为 reviews.default.svc.cluster.local
,而不会考虑 reviews
服务所在的命名空间。为了避免可能的错误配置,建议使用 FQDN 来进行服务引用。 hosts
字段对 HTTP 和 TCP 服务都是有效的。网格中的服务也就是在服务注册表中注册的服务,必须使用他们的注册名进行引用;只有 Gateway
定义的服务才可以使用 IP 地址。
ip
virtaulservice/vs-bookinfo-hosts-ip.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "192.168.198.155"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
多个hosts
virtaulservice/vs-bookinfo-hosts-multi.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "bookinfo.com"
- "bookinfo.demo"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
匹配所有域名
virtaulservice/vs-bookinfo-hosts-star.yaml
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
短fqdn
virtaulservice/vs-bookinfo-hosts-fqdn-short.yaml
在default名称空间创建vs
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "bookinfo"
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
同时要创建一个同名service
[root@master01 virtaulservice]# cat bookinfo-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: bookinfo
labels:
app: productpage
service: productpage
spec:
ports:
- port: 9080
name: http
selector:
app: productpage
长fqdn
virtaulservice/vs-bookinfo-hosts-fqdn-long.yaml
在default名称空间创建vs
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "bookinfo.default.svc.cluster.local"
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
同时在default名称空间创建bookinfo svc
virtaulservice/bookinfo-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: bookinfo
labels:
app: productpage
service: productpage
spec:
ports:
- port: 9080
name: http
selector:
app: productpage
http
HTTP 流量规则的有序列表。这个列表对名称前缀为 http-
、http2-
、grpc-
的服务端口,或者协议为 HTTP
、HTTP2
、GRPC
以及终结的 TLS,另外还有使用 HTTP
、HTTP2
以及 GRPC
协议的 ServiceEntry
都是有效的。进入流量会使用匹配到的第一条规则。
corsPolicy
配置httpd服务
[root@master01 html]# cat index.html
<html>
<head><title></title></head>
<body>
<script type="text/javascript" src="https://code.jquery.com/jquery-3.2.1.min.js"></script>
<script>
$(function(){
$("#cors").click(
function(){
$.ajax({
type:"get",
dataType : "html",
url:"http://bookinfo.demo:27941/productpage",
success:function(data){
alert(data);
}
})
});
$("#cors2").click(
function(){
$.ajax({
type:"get",
dataType : "json",
url:"http://bookinfo.demo:27941/reviews/1",
contentType : 'application/json;charset=UTF-8',
success:function(data){
var jsonStr = JSON.stringify(data);
alert(jsonStr);
}
})
});
$("#cors3").click(
function(){
$.ajax({
type:"delete",
contentType : 'application/json;charset=UTF-8',
dataType : "json",
url:"http://bookinfo.demo:27941/reviews/1",
success:function(data){
var jsonStr = JSON.stringify(data);
alert(jsonStr);
}
})
});
$("#cors4").click(
function(){
$.ajax({
type:"get",
contentType : 'application/json;charset=UTF-8',
dataType : "json",
headers:{"X-Custom-Header":"value"},
url:"http://bookinfo.demo:27941/reviews/1",
success:function(data){
var jsonStr = JSON.stringify(data);
alert(jsonStr);
}
})
});
});
</script>
<input type="button" id="cors" value="简单请求"/>
<input type="button" id="cors2" value="非简单请求"/>
<input type="button" id="cors3" value="非简单请求delete"/>
<input type="button" id="cors4" value="非简单请求headers"/>
</body>
</html>
注意替换端口 url:“http://bookinfo.demo:27941/productpage”,
启动nginx
systemctl start httpd
简单请求,配置cors
virtaulservice/corsPolicy/vs-productpage-cors.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
corsPolicy:
allowOrigins:
- exact: "http://mytest.com:8081"
route:
- destination:
host: productpage
port:
number: 9080
访问:
简单请求allowCredentials
virtaulservice/corsPolicy/vs-productpage-cors-allowCredentials.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
corsPolicy:
allowCredentials: true
allowOrigins:
- exact: "http://mytest.com:8081"
route:
- destination:
host: productpage
port:
number: 9080
简单请求allowOrigins prefix
virtaulservice/corsPolicy/vs-productpage-cors-allowOrigins-prefix.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
corsPolicy:
allowOrigins:
- prefix: "http://mytest"
route:
- destination:
host: productpage
port:
number: 9080
简单请求allowOrigins regex
virtaulservice/corsPolicy/vs-productpage-cors-allowOrigins-regex.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
corsPolicy:
allowOrigins:
- regex: ".*"
route:
- destination:
host: productpage
port:
number: 9080
简单请求exposeHeaders
virtaulservice/corsPolicy/vs-productpage-cors-exposeHeaders.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
corsPolicy:
allowOrigins:
- exact: "http://mytest.com:8081"
exposeHeaders:
- test
- test2
route:
- destination:
host: productpage
port:
number: 9080
非简单请求
virtaulservice/corsPolicy/vs-reviews-cors.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookreviews
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
prefix: /reviews
corsPolicy:
allowOrigins:
- exact: "http://mytest.com:8081"
allowMethods:
- GET
- OPTIONS
maxAge: "1m"
route:
- destination:
host: reviews
port:
number: 9080
非简单请求allowMethods
virtaulservice/corsPolicy/vs-reviews-cors-allowMethods.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookreviews
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
prefix: /reviews
corsPolicy:
allowOrigins:
- exact: "http://mytest.com:8081"
allowMethods:
- POST
- OPTIONS
maxAge: "1m"
route:
- destination:
host: reviews
port:
number: 9080
非简单请求allowHeaders
virtaulservice/corsPolicy/vs-reviews-cors-allowHeaders.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookreviews
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
prefix: /reviews
corsPolicy:
allowOrigins:
- exact: "http://mytest.com:8081"
allowMethods:
- GET
- OPTIONS
maxAge: "1m"
allowHeaders:
- X-Custom-Header
- content-type
route:
- destination:
host: reviews
port:
number: 9080
非简单请求maxAge
virtaulservice/corsPolicy/vs-reviews-cors-maxAge.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookreviews
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
prefix: /reviews
corsPolicy:
allowOrigins:
- exact: "http://mytest.com:8081"
allowMethods:
- GET
- OPTIONS
maxAge: "10s"
#maxAge: "1m"
#maxAge: "1h"
route:
- destination:
host: reviews
port:
number: 9080
delegate
向istiod容器设置环境变量
PILOT_ENABLE_VIRTUAL_SERVICE_DELEGATE=true
kubectl set env deploy istiod -n istio-system --list
kubectl set env deploy istiod -n istio-system PILOT_ENABLE_VIRTUAL_SERVICE_DELEGATE=true
配置文件
virtaulservice/delegate/vs-delegate.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
delegate:
name: productpage
namespace: istio
测试不成功,有待研究
fault
abort
virtaulservice/fault/vs-productpage-fault-abort.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
namespace: istio
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- fault:
abort:
httpStatus: 500
percentage:
value: 100
match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
subset: v1
delay
virtaulservice/fault/vs-productpage-fault-delay.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
namespace: istio
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- fault:
delay:
percentage:
value: 100.0
fixedDelay: 7s
match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
subset: v1
headers
request
add
virtaulservice/headers/vs-headers-request-add.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
headers:
request:
add:
TEST_REQUEST_HEADER: XX
route:
- destination:
host: productpage
port:
number: 9080
remove
virtaulservice/headers/vs-headers-request-remove.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
headers:
request:
remove:
- TEST_REQUEST_HEADER
route:
- destination:
host: productpage
port:
number: 9080
set
virtaulservice/headers/vs-headers-request-set.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
headers:
request:
set:
TEST_REQUEST_HEADER: XX
route:
- destination:
host: productpage
port:
number: 9080
response
add
virtaulservice/headers/vs-headers-response-add.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
headers:
response:
add:
TEST_REQUEST_HEADER: XX
route:
- destination:
host: productpage
port:
number: 9080
remove
virtaulservice/headers/vs-headers-response-remove.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
headers:
response:
remove:
- x-envoy-upstream-service-time
route:
- destination:
host: productpage
port:
number: 9080
set
virtaulservice/headers/vs-headers-response-set.yaml
没有就添加,有就修改
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
headers:
response:
set:
content-type: "text/html"
Test: "test"
x-envoy-upstream-service-time: "1111111111"
route:
- destination:
host: productpage
port:
number: 9080
match
authority
exact
virtaulservice/match/vs-match-authority-exact.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- authority:
exact: "bookinfo.demo:27941"
route:
- destination:
host: productpage
port:
number: 9080
prefix
virtaulservice/match/vs-match-authority-prefix.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- authority:
prefix: "bookinfo"
route:
- destination:
host: productpage
port:
number: 9080
regex
virtaulservice/match/vs-match-authority-regex.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- authority:
regex: "bookinfo.de.*"
route:
- destination:
host: productpage
port:
number: 9080
gateways
virtaulservice/match/vs-match-gateways.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
- bookinfo-gateway-02
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
gateways:
- bookinfo-gateway-02
- uri:
prefix: /static
route:
- destination:
host: productpage
port:
number: 9080
headers
exact
virtaulservice/match/
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- headers:
end-user:
exact: mark
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v3
prefix
virtaulservice/match/vs-match-headers-prefix.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- headers:
end-user:
prefix: ma
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v3
regex
virtaulservice/match/vs-match-headers-regex.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- headers:
end-user:
regex: "m.*k"
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v3
ignoreUriCase
virtaulservice/match/vs-match-ignoreUriCase.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: "/PRODUCTPAGE"
ignoreUriCase: true
route:
- destination:
host: productpage
port:
number: 9080
method
exact
virtaulservice/match/vs-match-method-exact.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- method:
exact: "GET"
route:
- destination:
host: productpage
port:
number: 9080
prefix
virtaulservice/match/vs-match-method-prefix.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- method:
prefix: "G"
route:
- destination:
host: productpage
port:
number: 9080
regex
virtaulservice/match/vs-match-method-regex.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- method:
regex: "G.*T"
route:
- destination:
host: productpage
port:
number: 9080
name
virtaulservice/match/vs-match-name.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
name: book
route:
- destination:
host: productpage
port:
number: 9080
port
virtaulservice/match/vs-match-port.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- port: 80
route:
- destination:
host: productpage
port:
number: 9080
queryParams
exact
virtaulservice/match/vs-match-queryParams-exact.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- queryParams:
test:
exact: test
route:
- destination:
host: productpage
port:
number: 9080
prefix
virtaulservice/match/vs-match-queryParams-prefix.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- queryParams:
test:
prefix: test
route:
- destination:
host: productpage
port:
number: 9080
不起作用,只要有queryParams为test就能访问
regex
virtaulservice/match/vs-match-queryParams-regex.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- queryParams:
test:
regex: "\\d+$"
route:
- destination:
host: productpage
port:
number: 9080
test值必须是数字
scheme
访问404,放弃,有待研究
exact
vs-match-scheme-exact.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- scheme:
exact: "http"
route:
- destination:
host: productpage
port:
number: 9080
prefix
vs-match-scheme-prefix.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- scheme:
prefix: "http"
route:
- destination:
host: productpage
port:
number: 9080
regex
vs-match-scheme-regex.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- scheme:
regex: ".*"
route:
- destination:
host: productpage
port:
number: 9080
sourceLabels
virtaulservice/match/vs-match-sourceLabels.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- sourceLabels:
app: productpage
version: v1
route:
- destination:
host: reviews
subset: v2
sourceNamespace
virtaulservice/match/vs-match-sourceNamespace.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- sourceNamespace: istio-system
route:
- destination:
host: productpage
port:
number: 9080
uri
exact
virtaulservice/match/vs-match-uri-exact.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
route:
- destination:
host: productpage
port:
number: 9080
prefix
virtaulservice/match/vs-match-uri-prefix.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
prefix: /product
route:
- destination:
host: productpage
port:
number: 9080
regex
virtaulservice/match/vs-match-uri-regex.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
regex: "/p.*e"
route:
- destination:
host: productpage
port:
number: 9080
withoutHeaders
测试不成功,放弃,有待研究
exact
vs-match-withoutHeaders-exact.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- withoutHeaders:
end-user:
exact: mark
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v3
prefix
vs-match-withoutHeaders-prefix.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- withoutHeaders:
end-user:
prefix: ma
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v3
regex
vs-match-withoutHeaders-regex.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- withoutHeaders:
end-user:
regex: "m.*k"
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v3
mirror
virtaulservice/mirror/vs-http-mirror.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
port:
number: 9080
mirror:
host: productpage.istio-2.svc.cluster.local
port:
number: 9080
mirrorPercentage:
value: 100
1创建namespace
kubectl create ns istio-2
2打标签
kubectl label ns istio-2 istio-injection=enabled
3部署deployment
kubectl apply -f productpage-deploy.yaml -n istio-2
4打开日志
kubectl logs -f productpage-v1-64794f5db4-ng9sn -n istio-2
5创建资源
kubectl apply -f vs-http-mirror.yaml -n istio
6访问url
http://192.168.198.154:27941/productpage
subset
1创建dr
kubectl apply -f dr-productpage.yaml -n istio-2
2创建mirror资源
kubectl apply -f vs-http-mirror-subset.yaml -n istio
3访问
http://192.168.198.154:27941/productpage
4观察日志
name
virtaulservice/vs-bookinfo-name.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
name: bookinfo
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
redirect
virtaulservice/redirect/vs-productpage-redirect.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /mypage
redirect:
uri: /productpage
authority: 192.168.198.154:27941
redirectCode: 308
- match:
- uri:
prefix: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
port:
访问:
http://192.168.198.154:27941/mypage
retries
- attempts:必选字段,定义重试的次数
- perTryTimeout:每次重试超时的时间,单位可以是ms、s、m和h
- retryOn:进行重试的条件,可以是多个条件,以逗号分隔
其中重试条件retryOn的取值可以包括以下几种。
- 5xx:在上游服务返回5xx应答码,或者在没有返回时重试
- gateway-error:类似于5xx异常,只对502、503和504应答码进行重试。
- connect-failure:在链接上游服务失败时重试 retriable-4xx:在上游服务返回可重试的4xx应答码时执行重试。
- refused-stream:在上游服务使用REFUSED_STREAM错误码重置时执行重试。
- cancelled:gRPC应答的Header中状态码是cancelled时执行重试。
- deadline-exceeded:在gRPC应答的Header中状态码是deadline-exceeded时执行重试
- internal:在gRPC应答的Header中状态码是internal时执行重试
- resource-exhausted:在gRPC应答的Header中状态码是resource-exhausted时执行重试
- unavailable:在gRPC应答的Header中状态码是unavailable时执行重试。
设置延迟错误:
virtaulservice/retry/vs-reviews.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v3
fault:
delay:
percentage:
value: 100.0
fixedDelay: 7s
设置重试
virtaulservice/retry/vs-bookinfo.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
subset: v1
retries:
attempts: 5
perTryTimeout: 3s
retryOn: 5xx,connect-failure
是否重试其他机子
virtaulservice/retry/vs-bookinfo-retryRemoteLocalities.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
subset: v1
retries:
attempts: 5
perTryTimeout: 3s
retryOn: 5xx,connect-failure
retryRemoteLocalities: true
rewrite
uri
virtaulservice/rewrite/vs-http-rewrite.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
regex: "/m.*k"
rewrite:
uri: "/productpage"
route:
- destination:
host: productpage
port:
number: 9080
authority
virtaulservice/rewrite/vs-http-rewrite-authority.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
regex: "/m.*k"
rewrite:
uri: "/productpage"
authority: bookinfo.com:27941
route:
- destination:
host: productpage
port:
number: 9080
route
destination
host
virtaulservice/route/vs-reviews-host.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
port
virtaulservice/route/vs-reviews-port.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
port:
number: 9080
subset
virtaulservice/route/vs-reviews-subset.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
headers
request
add
virtaulservice/route/vs-reviews-headers-request-add.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
headers:
request:
add:
test: test
remove
virtaulservice/route/vs-reviews-headers-request-remove.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
headers:
request:
remove:
- test
set
virtaulservice/route/vs-reviews-headers-request-set.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
headers:
request:
set:
test: test
response
add
virtaulservice/route/vs-bookinfo-headers-response-add.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
headers:
response:
add:
test: test
remove
virtaulservice/route/vs-bookinfo-headers-response-remove.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
headers:
response:
remove:
- x-envoy-upstream-service-time
set
virtaulservice/route/vs-bookinfo-headers-response-set.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage.istio.svc.cluster.local
port:
number: 9080
headers:
response:
set:
content-type: "text/html"
test: test
x-envoy-upstream-service-time: "1111"
~
weight
virtaulservice/route/vs-reviews-weight.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
weight: 50
- destination:
host: reviews
subset: v3
weight: 50
timeout
virtaulservice/timeout/vs-http-timeout.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
exportTo:
- '*'
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
port:
number: 9080
timeout: 0.01s
tls
一个有序列表,对应的是透传 TLS 和 HTTPS 流量。路由过程通常利用 ClientHello
消息中的 SNI 来完成。TLS 路由通常应用在 https-
、tls-
前缀的平台服务端口,或者经 Gateway
透传的 HTTPS、TLS 协议端口,以及使用 HTTPS 或者 TLS 协议的 ServiceEntry
端口上。注意:没有关联 VirtualService 的 https- 或者 tls- 端口流量会被视为透传 TCP 流量。
1创建证书
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -subj ‘/O=example Inc./CN=example.com’ -keyout example.com.key -out example.com.crt
openssl req -out nginx.example.com.csr -newkey rsa:2048 -nodes -keyout nginx.example.com.key -subj “/CN=nginx.example.com/O=some organization”
openssl x509 -req -days 365 -CA example.com.crt -CAkey example.com.key -set_serial 0 -in nginx.example.com.csr -out nginx.example.com.crt
2创建secret
kubectl create secret tls nginx-server-certs --key nginx.example.com.key --cert nginx.example.com.crt -n istio
3创建nginx配置文件
events {
}
http {
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log;
server {
listen 443 ssl;
root /usr/share/nginx/html;
index index.html;
server_name nginx.example.com;
ssl_certificate /etc/nginx-server-certs/tls.crt;
ssl_certificate_key /etc/nginx-server-certs/tls.key;
}
}
kubectl create configmap nginx-configmap --from-file=nginx.conf=./nginx.conf -nistio
4创建deploy
apiVersion: v1
kind: Service
metadata:
name: my-nginx
labels:
run: my-nginx
spec:
ports:
- port: 443
protocol: TCP
selector:
run: my-nginx
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-nginx
spec:
selector:
matchLabels:
run: my-nginx
replicas: 1
template:
metadata:
labels:
run: my-nginx
spec:
containers:
- name: my-nginx
image: nginx
ports:
- containerPort: 443
volumeMounts:
- name: nginx-config
mountPath: /etc/nginx
readOnly: true
- name: nginx-server-certs
mountPath: /etc/nginx-server-certs
readOnly: true
volumes:
- name: nginx-config
configMap:
name: nginx-configmap
- name: nginx-server-certs
secret:
secretName: nginx-server-certs
5创建gateway
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: bookinfo-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 443
name: https-443
protocol: HTTPS
hosts:
- "nginx.example.com"
tls:
mode: PASSTHROUGH
6创建vs
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginx
spec:
hosts:
- nginx.example.com
gateways:
- bookinfo-gateway
tls:
- match:
- port: 443
sniHosts:
- nginx.example.com
route:
- destination:
host: my-nginx
port:
number: 443
7访问url
https://nginx.example.com:39329/
match
destinationSubnets
1.7.0/virtaulservice/tls/vs-nginx-destinationSubnets.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginx
spec:
hosts:
- nginx.example.com
gateways:
- bookinfo-gateway
tls:
- match:
- port: 443
sniHosts:
- nginx.example.com
destinationSubnets:
- 172.20.1.78/32
route:
- destination:
host: my-nginx
port:
number: 443
gateways
1.7.0/virtaulservice/tls/vs-nginx-gateways.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginx
spec:
hosts:
- nginx.example.com
gateways:
- bookinfo-gateway
tls:
- match:
- port: 443
sniHosts:
- nginx.example.com
gateways:
- bookinfo-gateway
route:
- destination:
host: my-nginx
port:
number: 443
sourceLabels
1.7.0/virtaulservice/tls/vs-nginx-sourceLabels.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginx
spec:
hosts:
- nginx.example.com
gateways:
- bookinfo-gateway
tls:
- match:
- port: 443
sniHosts:
- nginx.example.com
sourceLabels:
istio: ingressgateway
route:
- destination:
host: my-nginx
port:
number: 443
sourceNamespace
1.7.0/virtaulservice/tls/vs-nginx-sourceNamespace.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginx
spec:
hosts:
- nginx.example.com
gateways:
- bookinfo-gateway
tls:
- match:
- port: 443
sniHosts:
- nginx.example.com
sourceNamespace: istio-system
route:
- destination:
host: my-nginx
port:
number: 443
tcp
一个针对透传 TCP 流量的有序路由列表。TCP 路由对所有 HTTP 和 TLS 之外的端口生效。进入流量会使用匹配到的第一条规则。
match
port
1部署deploy
kubectl apply -f tcp-echo-services.yaml -n istio
tcp-echo-services.yaml
apiVersion: v1
kind: Service
metadata:
name: tcp-echo
labels:
app: tcp-echo
spec:
ports:
- name: tcp
port: 9000
- name: tcp-other
port: 9001
# Port 9002 is omitted intentionally for testing the pass through filter chain.
selector:
app: tcp-echo
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tcp-echo-v1
spec:
replicas: 1
selector:
matchLabels:
app: tcp-echo
version: v1
template:
metadata:
labels:
app: tcp-echo
version: v1
spec:
containers:
- name: tcp-echo
image: docker.io/istio/tcp-echo-server:1.2
imagePullPolicy: IfNotPresent
args: [ "9000,9001,9002", "one" ]
ports:
- containerPort: 9000
- containerPort: 9001
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tcp-echo-v2
spec:
replicas: 1
selector:
matchLabels:
app: tcp-echo
version: v2
template:
metadata:
labels:
app: tcp-echo
version: v2
spec:
containers:
- name: tcp-echo
image: docker.io/istio/tcp-echo-server:1.2
imagePullPolicy: IfNotPresent
args: [ "9000,9001,9002", "two" ]
ports:
- containerPort: 9000
- containerPort: 9001
2添加service 端口
kubectl edit svc istio-ingressgateway -n istio-system
- name: tcp
port: 31400
protocol: TCP
targetPort: 31400
3 创建资源
kubectl apply -f tcp-echo-all-v1.yaml -n istio
tcp-echo-all-v1.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: tcp-echo-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 31400
name: tcp
protocol: TCP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: tcp-echo-destination
spec:
host: tcp-echo
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- port: 31400
route:
- destination:
host: tcp-echo
port:
number: 9000
subset: v1
4访问
telnet 192.168.198.154 37048
destinationSubnets
virtaulservice/tcp/vs-destinationSubnets.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- destinationSubnets:
- 172.20.2.0/24
route:
- destination:
host: tcp-echo
port:
number: 9000
subset: v2
sourceSubnet
virtaulservice/tcp/vs-sourceSubnet.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- sourceSubnet: 172.20.1.24
route:
- destination:
host: tcp-echo
port:
number: 9000
subset: v2
sourceLabels
virtaulservice/tcp/vs-sourceLabels.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- sourceLabels:
app: istio-ingressgateway
route:
- destination:
host: tcp-echo
port:
number: 9000
subset: v2
sourceNamespace
virtaulservice/tcp/vs-sourceNamespace.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- sourceNamespace: istio-system
route:
- destination:
host: tcp-echo
port:
number: 9000
subset: v2
gateways
virtaulservice/tcp/vs-gateways.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- gateways:
- tcp-echo-gateway
route:
- destination:
host: tcp-echo
port:
number: 9000
subset: v2
route
destination
host
virtaulservice/tcp/vs-route-host.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- route:
- destination:
host: tcp-echo
port:
number: 9000
port
virtaulservice/tcp/vs-route-port.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- route:
- destination:
host: tcp-echo
port:
number: 9000
subset
virtaulservice/tcp/vs-route-subset.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- route:
- destination:
host: tcp-echo
subset: v2
port:
number: 9000
weight
virtaulservice/tcp/tcp-echo-20-v2.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- port: 31400
route:
- destination:
host: tcp-echo
port:
number: 9000
subset: v1
weight: 80
- destination:
host: tcp-echo
port:
number: 9000
subset: v2
weight: 20
三种协议路由规则对比
VirtualService 在http、tls、tcp这三个字段上分别定义了应用于HTTP、TLS和TCP三种协议的路由规则。从规则构成上都是先定义一组匹配条件,然后对满足条件的的流量执行对应的操作。因为协议的内容不同,路由匹配条件不同,所以执行的操作也不同。如下表所示对比了三种路由规则。从各个维度来看,HTTP路由规则的内容最丰富,TCP路由规则的内容最少,这也符合协议分层的设计。