Istio DestinationRule 如何与 Kubernetes Service 相关联?
How Istio DestinationRule related to Kubernetes Service?
我想了解如何在 Istio 中进行负载均衡。
Istio DestinationRule 定义 pods 之间的流量平衡规则。
K8s服务类似管理pods.
之间的流量负载均衡
DestinationRule 定义主机,k8s 服务定义主机。
但是没有k8s服务,请求失败,http代码为503。
k8s Service 与 DestinationRule 有何关系?
Kubernetes 服务
Kubernetes 服务类型 ClusterIP 使用 kube-proxy 的 iptables 规则 来分发请求。
文档说:
By default, kube-proxy in userspace mode chooses a backend via a round-robin algorithm.
更多信息here。
目标规则
如前所述here
You can think of virtual services as how you route your traffic to a given destination, and then you use destination rules to configure what happens to traffic for that destination. Destination rules are applied after virtual service routing rules are evaluated, so they apply to the traffic’s “real” destination.
Every HTTP route must have a target: a route, or a redirect. A route is a forwarding target, and it can point to one of several versions of a service described in DestinationRules. Weights associated with the service version determine the proportion of traffic it receives.
DestinationRule defines policies that apply to traffic intended for a service after routing has occurred.
和here
While a virtual service matches on a rule and evaluates a destination to route the traffic to, destination rules define available subsets of the service to send the traffic.
For example, if you have a service that has multiple versions running at a time, you can create destination rules to define routes to those versions. Then use virtual services to map to a specific subset defined by the destination rules or split a percentage of the traffic to particular versions.
503 没有 kubernetes 服务
But without k8s service, request failed with http code 503.
失败是因为没有在虚拟服务和目标规则中指定的主机。
例如,看看这个virtual service and destination rule。
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews-route
spec:
hosts:
- reviews.prod.svc.cluster.local
http:
- name: "reviews-v2-routes"
match:
- uri:
prefix: "/wpcatalog"
route:
- destination:
host: reviews.prod.svc.cluster.local <---
subset: v2
- name: "reviews-v1-route"
route:
- destination:
host: reviews.prod.svc.cluster.local <---
subset: v1
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews-destination
spec:
host: reviews.prod.svc.cluster.local <---
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
如果您检查 host 然后您会看到指定了您的 kubernetes 服务,没有它它将无法工作。
此外,在设置路由规则以将流量定向到服务的特定版本(子集)时,必须注意确保子集在路由中使用之前可用。否则,在重新配置期间调用该服务可能 return 503 错误。
更多信息here。
DestinationRule 定义主机,k8s 服务定义主机。
目标规则主机是您的 kubernetes 服务。 Kubernetes 服务主机是您的 pods,
您可能想知道,但为什么我需要服务?
如前所述here.
A Kubernetes Service is an abstraction which defines a logical set of Pods running somewhere in your cluster, that all provide the same functionality. When created, each Service is assigned a unique IP address (also called clusterIP). This address is tied to the lifespan of the Service, and will not change while the Service is alive. Pods can be configured to talk to the Service, and know that communication to the Service will be automatically load-balanced out to some pod that is a member of the Service.
Kubernetes 服务与 DestinationRule 相关
我找不到确切的信息,所以我将解释我的理解。
您需要 kubernetes 服务,这样虚拟服务和目标规则才能真正起作用。
由于 kubernetes 服务使用 kube-proxy 的 iptables 规则来分发请求,我假设 istio destination rule 可以用他自己的规则覆盖它,并通过 envoy sidecar 应用它们,因为你的网格的所有流量服务发送和接收(数据平面流量)通过 Envoy 代理,使您可以轻松地引导和控制网格周围的流量,而无需对您的服务进行任何更改。
更多信息here。
其他资源:
- https://istio.io/latest/docs/reference/config/networking/destination-rule/#Subset
- https://istio.io/latest/docs/examples/bookinfo/#apply-default-destination-rules
- https://istio.io/latest/docs/concepts/traffic-management/#load-balancing-options
如果您还有其他问题,请告诉我。
我想了解如何在 Istio 中进行负载均衡。
Istio DestinationRule 定义 pods 之间的流量平衡规则。 K8s服务类似管理pods.
之间的流量负载均衡DestinationRule 定义主机,k8s 服务定义主机。
但是没有k8s服务,请求失败,http代码为503。
k8s Service 与 DestinationRule 有何关系?
Kubernetes 服务
Kubernetes 服务类型 ClusterIP 使用 kube-proxy 的 iptables 规则 来分发请求。
文档说:
By default, kube-proxy in userspace mode chooses a backend via a round-robin algorithm.
更多信息here。
目标规则
如前所述here
You can think of virtual services as how you route your traffic to a given destination, and then you use destination rules to configure what happens to traffic for that destination. Destination rules are applied after virtual service routing rules are evaluated, so they apply to the traffic’s “real” destination.
Every HTTP route must have a target: a route, or a redirect. A route is a forwarding target, and it can point to one of several versions of a service described in DestinationRules. Weights associated with the service version determine the proportion of traffic it receives.
DestinationRule defines policies that apply to traffic intended for a service after routing has occurred.
和here
While a virtual service matches on a rule and evaluates a destination to route the traffic to, destination rules define available subsets of the service to send the traffic.
For example, if you have a service that has multiple versions running at a time, you can create destination rules to define routes to those versions. Then use virtual services to map to a specific subset defined by the destination rules or split a percentage of the traffic to particular versions.
503 没有 kubernetes 服务
But without k8s service, request failed with http code 503.
失败是因为没有在虚拟服务和目标规则中指定的主机。
例如,看看这个virtual service and destination rule。
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews-route
spec:
hosts:
- reviews.prod.svc.cluster.local
http:
- name: "reviews-v2-routes"
match:
- uri:
prefix: "/wpcatalog"
route:
- destination:
host: reviews.prod.svc.cluster.local <---
subset: v2
- name: "reviews-v1-route"
route:
- destination:
host: reviews.prod.svc.cluster.local <---
subset: v1
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews-destination
spec:
host: reviews.prod.svc.cluster.local <---
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
如果您检查 host 然后您会看到指定了您的 kubernetes 服务,没有它它将无法工作。
此外,在设置路由规则以将流量定向到服务的特定版本(子集)时,必须注意确保子集在路由中使用之前可用。否则,在重新配置期间调用该服务可能 return 503 错误。
更多信息here。
DestinationRule 定义主机,k8s 服务定义主机。
目标规则主机是您的 kubernetes 服务。 Kubernetes 服务主机是您的 pods, 您可能想知道,但为什么我需要服务?
如前所述here.
A Kubernetes Service is an abstraction which defines a logical set of Pods running somewhere in your cluster, that all provide the same functionality. When created, each Service is assigned a unique IP address (also called clusterIP). This address is tied to the lifespan of the Service, and will not change while the Service is alive. Pods can be configured to talk to the Service, and know that communication to the Service will be automatically load-balanced out to some pod that is a member of the Service.
Kubernetes 服务与 DestinationRule 相关
我找不到确切的信息,所以我将解释我的理解。
您需要 kubernetes 服务,这样虚拟服务和目标规则才能真正起作用。
由于 kubernetes 服务使用 kube-proxy 的 iptables 规则来分发请求,我假设 istio destination rule 可以用他自己的规则覆盖它,并通过 envoy sidecar 应用它们,因为你的网格的所有流量服务发送和接收(数据平面流量)通过 Envoy 代理,使您可以轻松地引导和控制网格周围的流量,而无需对您的服务进行任何更改。
更多信息here。
其他资源:
- https://istio.io/latest/docs/reference/config/networking/destination-rule/#Subset
- https://istio.io/latest/docs/examples/bookinfo/#apply-default-destination-rules
- https://istio.io/latest/docs/concepts/traffic-management/#load-balancing-options
如果您还有其他问题,请告诉我。