首页 > 其他分享 >每天一点基础K8S--使用基础ingress进行灰度发布

每天一点基础K8S--使用基础ingress进行灰度发布

时间:2023-01-16 23:00:40浏览次数:49  
标签:web ingress v1 -- nginx version 灰度 my

利用ingress实现灰度发布

1、背景

ingress可以实现七层负载,可以根据请求header不同将流量代理到后端不同的service服务。

比如:后端网站进行了更新,为了不全网更换,可以利用ingress进行流量切分,先将部分流量切到新service,其余流量先不变动,等验证完成后再全网切换。

2、基于header的流量切分

# 先创建两个版本的service,version-1理解为老版本,version-2理解为新版本。
[root@master-worker-node-1 ingress]# cat my-web-version-v1.yaml 
---
apiVersion: v1
kind: Service
metadata:
  name: web-version-v1 # web-version-2
spec:
  type: ClusterIP
  selector:
    version: v1   # v2
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
    name: nginx-v1  # nginx-v2
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-web-version-1  # my-web-version-2
  labels:
    func: for-web-version-1 # for-web-version-2
spec:
  replicas: 2
  selector:
    matchLabels:
      version: v1       # v2
  template:
    metadata:
      labels:
        version: v1    # v2
    spec:
      containers:
      - name: my-web-version-1  # my-web-version-2
        image: nginx
        imagePullPolicy: IfNotPresent
        lifecycle:
          postStart:
            exec:
              command: ["/bin/sh","-c","echo this is my web server, and the version is v1. > /usr/share/nginx/html/index.html" ]  # v2


[root@master-worker-node-1 ingress]# kubectl get all 
NAME                                    READY   STATUS    RESTARTS   AGE
pod/my-web-version-1-5786885c4c-7p5h4   1/1     Running   0          87m
pod/my-web-version-1-5786885c4c-pdsml   1/1     Running   0          87m
pod/my-web-version-2-9fdbd45cf-9m5b2    1/1     Running   0          136m
pod/my-web-version-2-9fdbd45cf-stkww    1/1     Running   0          136m
pod/tomcat-deploy-64d6489dd9-gn88s      1/1     Running   0          39h
pod/tomcat-deploy-64d6489dd9-nqf98      1/1     Running   0          39h

NAME                     TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)             AGE
service/kubernetes       ClusterIP   10.96.0.1        <none>        443/TCP             4d12h
service/tomcat           ClusterIP   10.110.26.143    <none>        8080/TCP,8009/TCP   39h
service/web-version-v1   ClusterIP   10.98.172.137    <none>        80/TCP              168m
service/web-version-v2   ClusterIP   10.102.145.135   <none>        80/TCP              136m

NAME                               READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/my-web-version-1   2/2     2            2           162m
deployment.apps/my-web-version-2   2/2     2            2           136m
deployment.apps/tomcat-deploy      2/2     2            2           39h

NAME                                          DESIRED   CURRENT   READY   AGE
replicaset.apps/my-web-version-1-5786885c4c   2         2         2       87m
replicaset.apps/my-web-version-1-5fb7bbc67b   0         0         0       140m
replicaset.apps/my-web-version-2-9fdbd45cf    2         2         2       136m
replicaset.apps/tomcat-deploy-64d6489dd9      2         2         2       39h

# 测试集群内访问正常。
[root@master-worker-node-1 ingress]# curl 10.98.172.137
this is my web server, and the version is v1.
[root@master-worker-node-1 ingress]# curl 10.102.145.135 
this is my web server, and the version is v2.
# 创建version-1的ingress规则
[root@master-worker-node-1 ingress]# cat my-web-version-v1-ingress.yaml 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: version-1-ingress
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:   #定义后端转发的规则
  - host: nginx.test.com #通过域名进行转发
    http:
      paths:
      - path: /   #配置访问路径,如果通过url进行转发,需要修改;空默认为访问的路径为"/"
        pathType:  Prefix
        backend:  #配置后端服务
         service:
           name: web-version-v1
           port:
            number: 80

# 在集群外访问域名,被代理到version-1的后端服务器
[root@master-worker-node-1 ingress]# curl nginx.test.com:1080   # 1080端口是因为nginx-ingress-controller进行了高可用配置。
this is my web server, and the version is v1.

# 创建version-2的ingress规则
[root@master-worker-node-1 ingress]# cat my-web-version-v2-ingress.yaml 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/canary: "true"
    nginx.ingress.kubernetes.io/canary-by-header: "Region"
    nginx.ingress.kubernetes.io/canary-by-header-pattern: "CD|BJ"
  name: version-2-ingress
spec:
  rules:
  - host: nginx.test.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend: 
          service:
            name: web-version-v2
            port:
              number: 80

# 创建ingress
[root@master-worker-node-1 ingress]# kubectl get ingress |  grep -E "NAME|nginx.test.com"
NAME                CLASS    HOSTS             ADDRESS                           PORTS   AGE
version-1-ingress   <none>   nginx.test.com    192.168.122.132,192.168.122.182   80      13m
version-2-ingress   <none>   nginx.test.com    192.168.122.132,192.168.122.182   80      54s

# 测试在集群外携带相应的header访问
[root@master-worker-node-1 ingress]# curl -H "Region: CD" nginx.test.com:1080
this is my web server, and the version is v2.
[root@master-worker-node-1 ingress]# curl -H "Region: BJ" nginx.test.com:1080
this is my web server, and the version is v2.
[root@master-worker-node-1 ingress]# curl -H "Region: CQ" nginx.test.com:1080
this is my web server, and the version is v1.

# 只有当Region与ingress规则匹配时,才能访问version-2。

3、基于cookie的流量切分

# 基于header的流量切分和基于header的流量切分基本一致,
# 创建version-v3的service
[root@master-worker-node-1 ingress]# kubectl get service web-version-v3
NAME             TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
web-version-v3   ClusterIP   10.110.51.93   <none>        80/TCP    104s

[root@master-worker-node-1 ingress]# kubectl describe svc web-version-v3
Name:              web-version-v3
Namespace:         default
Labels:            <none>
Annotations:       <none>
Selector:          version=v3
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                10.110.51.93
IPs:               10.110.51.93
Port:              nginx-v3  80/TCP
TargetPort:        80/TCP
Endpoints:         10.244.31.25:80,10.244.54.16:80
Session Affinity:  None
Events:            <none>

# 使用ingress代理web-version-v3 服务
[root@master-worker-node-1 ingress]# cat my-web-version-v3-ingress.yaml 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/canary: "true"
    nginx.ingress.kubernetes.io/canary-by-cookie: "user_from_cq"    # 只代理请求cookie中携带user_from_CQ的流量。
  name: version-2-ingress
spec:
  rules:
  - host: nginx.test.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend: 
          service:
            name: web-version-v3
            port:
              number: 80
# 此时的ingress服务关联ingress-controller-nginx成功
[root@master-worker-node-1 ingress]# kubectl get ingress 
NAME                CLASS    HOSTS             ADDRESS                           PORTS   AGE
ingress-myapp       <none>   tomcat.test.com   192.168.122.132,192.168.122.182   80      6d
nginx-canary        <none>   myweb.com         192.168.122.132,192.168.122.182   80      4d9h
version-1-ingress   <none>   nginx.test.com    192.168.122.132,192.168.122.182   80      4d9h
version-2-ingress   <none>   nginx.test.com    192.168.122.132,192.168.122.182   80      4d8h
version-3-ingress   <none>   nginx.test.com    192.168.122.132,192.168.122.182   80      41s

# 测试之前需要先删除version-2-ingress这个ingress 
[root@master-worker-node-1 ingress]# kubectl delete -f my-web-version-v2-ingress.yaml 
ingress.networking.k8s.io "version-2-ingress" deleted

# 测试发现,只有写在user_from_cq=always的流量会被调度到service-version-v3中。
[root@master-worker-node-1 ingress]# curl  nginx.test.com:1080
this is my web server, and the version is v1.
[root@master-worker-node-1 ingress]# curl --cookie 'user_from_cq=always' nginx.test.com:1080
this is my web server, and the version is v3.

4、基于权重进行流量切分

# 基于流量比例切分与其他类似。
[root@master-worker-node-1 ingress]# cat my-web-version-v3-ingress-2.yaml 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/canary: "true"
    nginx.ingress.kubernetes.io/canary-weight: "20" # 理论上,将20%的流量分担掉web-version-3中
  name: version-3-ingress-2
spec:
  rules:
  - host: nginx.test.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend: 
          service:
            name: web-version-v3
            port:
              number: 80
              
[root@master-worker-node-1 ingress]# kubectl apply -f my-web-version-v3-ingress-2.yaml 
ingress.networking.k8s.io/version-3-ingress-2 created

[root@master-worker-node-1 ingress]# 
[root@master-worker-node-1 ingress]# kubectl get ingress 
NAME                  CLASS    HOSTS             ADDRESS                           PORTS   AGE
ingress-myapp         <none>   tomcat.test.com   192.168.122.132,192.168.122.182   80      6d1h
nginx-canary          <none>   myweb.com         192.168.122.132,192.168.122.182   80      4d9h
version-1-ingress     <none>   nginx.test.com    192.168.122.132,192.168.122.182   80      4d9h
version-3-ingress-2   <none>   nginx.test.com    192.168.122.132,192.168.122.182   80      66s

# 测试发现流量基本满足20%
[root@master-worker-node-1 ingress]# while true; do  curl nginx.test.com:1080; sleep 2 ; done
this is my web server, and the version is v3.
this is my web server, and the version is v1.
this is my web server, and the version is v3.
this is my web server, and the version is v1.
this is my web server, and the version is v3.
this is my web server, and the version is v1.
this is my web server, and the version is v1.
this is my web server, and the version is v1.
this is my web server, and the version is v1.
this is my web server, and the version is v1.
this is my web server, and the version is v1.
this is my web server, and the version is v1.
this is my web server, and the version is v1.
this is my web server, and the version is v1.
this is my web server, and the version is v1.
this is my web server, and the version is v1.

5、小结

1、通过配置灰度发布版本不同的header或者cookie或者权重等,可以将流量负载到新版本中。

2、测试的时候发现,使用灰度发布进行测试的时候,只能有两个ingress规则存在,否则将代理失败。

标签:web,ingress,v1,--,nginx,version,灰度,my
From: https://www.cnblogs.com/woshinidaye123/p/17056519.html

相关文章

  • 以太坊签名从数学原理到安全应用
    前言最近审计的时候有涉及到签名与验签的内容,所以想着补一下这方面的知识。但是因为签名涉及到密码学的内容,以及对自己的实力有着清楚的认识,所以本篇文章第一部分提供一个......
  • 某聊天软件防撤回尝试
    来点我最喜欢的实战环节,然后再去学ctf。某绿色软件版本:需要用到的是x32dbg,一步一步分析吧。先打开微信,然后直接附加进程然后微信会卡死,我们在dbg里面跑到最后,会发现......
  • 请求量突增一下,系统有效QPS为何下降很多?
    原创:扣钉日记(微信公众号ID:codelogs),欢迎分享,转载请保留出处。简介最近我观察到一个现象,当服务的请求量突发的增长一下时,服务的有效QPS会下降很多,有时甚至会降到0,这种现......
  • C/C++ 顺序表的初始化、添加、插入、删除(删除顺序表中指定的所有元素)
    #include<iostream>#include<stdlib.h>#defineMAX_SIZE100usingnamespacestd;typedefstruct_SqList{int*elems;//顺序表的基地址intsize;//......
  • VUEX 的使用学习一
    转载请注明出处:一、Vuex是什么?介绍:Vuex是一个专为[Vue](https://so.csdn.net/so/search?q=Vue&spm=1001.2101.3001.7020).js应用程序开发的状态管理模式。它采用......
  • Spring 示例
    在这里,我们将学习创建第一个spring应用程序的简单步骤。要运行此应用程序,我们不使用任何IDE。我们只是在使用命令提示符。让我们看看创建spring应用程序的简单步骤创建J......
  • Vulnhub之Deathnote 靶机详细测试过程
    Deathnotes作者:jason_huawen靶机基本信息名称:Deathnote:1地址:https://www.vulnhub.com/entry/deathnote-1,739/识别目标主机IP地址─(kali㉿kali)-[~/Vulnhub/Dea......
  • Min25筛
    博客两年没更了,其实博主有在打ACM,但是因为平时用Latex而不是Markdown所以就算写了点东西也懒得搬,最近准备搬点知识点总结过来用途求积性函数\(f\)的前缀和\(F(......
  • OpenCASCADE Visualization Performance
    [email protected] 1IntroductionOpenCASCADE的显示模块的功能性能如何,很多人都很关心。开源社区的FreeCAD目前的显示功能都没有......
  • Powerful Number筛
    用途求积性函数\(f\)的前缀和\(F(n)=\sum_n^{i=1}f(i)\).复杂度\(O(\sqrt{n})\)或\(O(\sqrt{n}\logn)\)或\(O(n^{\frac{2}{3}})\).使用条件存在一个函数\(g......