金絲雀發佈
通過weight權重屬性將流量導到不同的上游服務。實現金絲雀發佈。weight權重的值介於1-100之間,總的權重爲100。
vi echo-server-v1-service.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: echo-v1
name: echo-v1
spec:
ports:
- port: 8080
name: high
protocol: TCP
targetPort: 8080
- port: 80
name: low
protocol: TCP
targetPort: 8080
selector:
app: echo-v1
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
labels:
app: echo-v1
name: echo-v1
spec:
replicas: 1
selector:
matchLabels:
app: echo-v1
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: echo-v1
spec:
containers:
- image: gcr.io/kubernetes-e2e-test-images/echoserver:2.2
name: echo
ports:
- containerPort: 8080
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
resources: {}
vi echo-server-v2-service.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: echo-v2
name: echo-v2
spec:
ports:
- port: 8080
name: high
protocol: TCP
targetPort: 8080
- port: 80
name: low
protocol: TCP
targetPort: 8080
selector:
app: echo-v2
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
labels:
app: echo-v2
name: echo-v2
spec:
replicas: 1
selector:
matchLabels:
app: echo-v2
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: echo-v2
spec:
containers:
- image: gcr.io/kubernetes-e2e-test-images/echoserver:2.2
name: echo
ports:
- containerPort: 8080
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
resources: {}
kubectl apply -f echo-server-v1-service.yaml
kubectl apply -f echo-server-v2-service.yaml
kubectl get pod,svc
NAME READY STATUS RESTARTS AGE
pod/ambassador-877b57b69-cvzbl 1/1 Running 2 9d
pod/ambassador-877b57b69-rtgcq 1/1 Running 2 9d
pod/echo-v1-77cdb8f7d5-vsj6x 1/1 Running 0 32s
pod/echo-v2-6659867756-fr8qh 1/1 Running 0 27s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/ambassador-admin NodePort 10.106.34.114 <none> 8877:31207/TCP 9d
service/ambssador NodePort 10.98.129.0 <none> 8080:38080/TCP 9d
service/echo-v1 ClusterIP 10.100.78.40 <none> 8080/TCP,80/TCP 33s
service/echo-v2 ClusterIP 10.97.72.27 <none> 8080/TCP,80/TCP 27s
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 31d
echo-v1的權重爲90,echo-v2的權重爲10,測試可以發現基本符合。
vi echo-server-v1v2-mapping.yaml
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
name: echo-server-v1-mapping
spec:
prefix: /v1v2
service: echo-v1:8080
weight: 90
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
name: echo-server-v2-mapping
spec:
prefix: /v1v2
service: echo-v2:8080
weight: 10
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.1.11
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.1.11
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.1.11
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.8
斷路器
circuit_breakers:
- priority: <string>
max_connections: <integer>
max_pending_requests: <integer>
max_requests: <integer>
max_retries: <integer>
CORS跨源資源共享Cross-Origin Resource Sharing
上游服務如果要支持CORS需要進行配置修改,Ambassador支持對CORS請求的攔截和響應,這樣上游服務不用再做修改。
Client Ambassador Upstream
| OPTIONS | |
| —————————————————> | |
| CORS_RESP | |
| <————————————————— | |
| GET /foo/ | |
| —————————————————> | ————————————> |
| | RESP |
| <————————————————————————————————— |
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
name: cors
spec:
prefix: /cors/
service: cors-example
cors:
origins: http://foo.example,http://bar.example
methods: POST, GET, OPTIONS
headers: Content-Type
credentials: true
exposed_headers: X-Custom-Header
max_age: "86400"
流量鏡像
在測試或者監控場景下,除了部署正常的服務外,再部署一個影子(鏡像)服務,對該服務的請求會全部轉發到正常服務外,會轉發部分鏡像流量到影子服務,已達到測試或者監控的目的。
以下會有10%的流量被鏡像到影子服務echo-v2:8080上。
#重新部署service
kubectl delete -f echo-server-v1-service.yaml
kubectl delete -f echo-server-v2-service.yaml
kubectl apply -f echo-server-v1-service.yaml
kubectl apply -f echo-server-v2-service.yaml
vi echo-server-v1v2-mapping.yaml
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
name: echo-server-v1-mapping
spec:
prefix: /v1v2
service: echo-v1:8080
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
name: echo-server-v2-mapping
spec:
prefix: /v1v2
service: echo-v2:8080
shadow: true
weight: 10
kubectl get pod
NAME READY STATUS RESTARTS AGE
ambassador-877b57b69-cvzbl 1/1 Running 2 9d
ambassador-877b57b69-rtgcq 1/1 Running 2 9d
echo-v1-77cdb8f7d5-hgfvl 1/1 Running 0 67s
echo-v2-6659867756-6n5jg 1/1 Running 0 56s
#查看日誌,都沒有請求。
kubectl logs echo-v1-77cdb8f7d5-hgfvl
kubectl logs echo-v2-6659867756-6n5jg
#多次請求
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
pod IP: 10.244.2.9
#查看echo-v1的日誌,條數對應。
kubectl logs echo-v1-77cdb8f7d5-hgfvl
10.244.2.7 - - [07/Dec/2019:14:41:43 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:44 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:44 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:45 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:45 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:46 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:46 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:47 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:47 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:47 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:48 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:48 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:49 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:49 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:49 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:50 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:50 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:51 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:51 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:52 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:52 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:54 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:56 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:56 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:56 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
#服務echo-v2的請求條數爲3,和10%的比例基本上一致。
kubectl logs echo-v2-6659867756-6n5jg
10.244.2.7 - - [07/Dec/2019:14:41:46 +0000] "GET / HTTP/1.1" 200 744 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:54 +0000] "GET / HTTP/1.1" 200 744 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:56 +0000] "GET / HTTP/1.1" 200 744 "-" "curl/7.29.0"
Ambassador系列文章
Ambassador系列-06-金絲雀發佈、斷路器、CORS和流量鏡像
Ambassador系列-07-TCP映射TCPMapping
Ambassador系列-08-TLS配置-HTTPS重定向和TLS終結
Ambassador系列-09-AuthService認證服務