k8s之istio实现金丝雀发布(1)

Istio金丝雀

• 灰度发布也叫金丝雀部署，是指通过控制流量的比例，实现新老版本的逐步更替。比如对于服务 A 有 version1 、 version2 两个版本 当前两个版本同时部署，但是 version1 比例90% version2 比例 10% ，看运行效果，如果效果好逐步调整流量占比 80 20 7030 ·····10 90 0 100 ，最终 version1 版本下线。

测试yaml

[root@k8s-master-1 example1]# cat deployment.yaml apiVersion: v1kind: Namespacemetadata:  name: canary---apiVersion: apps/v1kind: Deploymentmetadata:  name: busybox-httpd-v1  namespace: canaryspec:  replicas: 1  selector:    matchLabels:      app: v1      apply: canary  template:    metadata:      labels: app: v1 apply: canary    spec:      containers:      - name: busybox image: busybox:1.28 imagePullPolicy: IfNotPresent command: ["/bin/sh","-c","echo 'this is busybox-httpd-v1' > /var/www/index.html;httpd -f -h /var/www"] ports: - containerPort: 80---apiVersion: apps/v1kind: Deploymentmetadata:  name: busybox-httpd-v2  namespace: canaryspec:  replicas: 1  selector:    matchLabels:      app: v2      apply: canary  template:    metadata:      labels: app: v2 apply: canary    spec:      containers:      - name: busybox image: busybox:1.28 imagePullPolicy: IfNotPresent command: ["/bin/sh","-c","echo 'this is busybox-httpd-v2' > /var/www/index.html;httpd -f -h /var/www"] ports: - containerPort: 80---apiVersion: v1kind: Servicemetadata:  name: busybox-canary  namespace: canary spec:  type: ClusterIP  selector:    apply: canary  ports:  - name: httpd    port: 80    targetPort: 80

istio yaml

[root@k8s-master-1 example1]# cat istio.yaml apiVersion: networking.istio.io/v1beta1kind: Gatewaymetadata:  name: canary-gateway  namespace: canaryspec:  selector:    istio: ingressgateway  servers:  - port:name: http      number: 80  # ingress-gateway port num      protocol: HTTP    hosts:    - "*"---apiVersion: networking.istio.io/v1beta1kind: VirtualServicemetadata:  name: canary  namespace: canaryspec:  gateways:  - canary-gateway  hosts:  - "*"  http:  - route:    - destination: host: busybox-canary.canary.svc.cluster.local subset: v1 weight: 70    - destination: host: busybox-canary.canary.svc.cluster.local subset: v2      weight: 30---apiVersion: networking.istio.io/v1beta1kind: DestinationRulemetadata:  name: canary  namespace: canaryspec:  host: busybox-canary.canary.svc.cluster.local  subsets:  - name: v1 #对进入名为canary的子集的所有流量使用权重负载均衡策略，该子集由带有标签app:v1 的endpoints(如Pod)组成    labels:      app: v1  - name: v2    labels:      app: v2 #对进入名为canary的子集的所有流量使用权重负载均衡策略，该子集由带有标签app:v2 的endpoints(如Pod)组成

部署

# istio注入并部署测试deployment[root@k8s-master-1 example1]# istioctl kube-inject -f deployment.yaml | kubectl apply -f -namespace/canary createddeployment.apps/busybox-httpd-v1 createddeployment.apps/busybox-httpd-v2 createdservice/busybox-canary created# istio相关部署[root@k8s-master-1 example1]# kubectl apply -f istio.yaml gateway.networking.istio.io/canary-gateway createdvirtualservice.networking.istio.io/canary createddestinationrule.networking.istio.io/canary created# 查看gateway访问地址[root@k8s-master-1 example1]# kubectl get svc -n istio-systemNAME     TYPE    CLUSTER-IP     EXTERNAL-IP    PORT(S)   istio-egressgateway    ClusterIP      10.0.253.161   <none>  80/TCP,443/TCP    istio-ingressgateway   LoadBalancer   10.0.83.120    192.168.0.15   15021:38405/TCP,80:49967/TCP,443:49290/TCP,31400:38905/TCP,15443:36855/TCP istiod   ClusterIP      10.0.99.239    <none>  15010/TCP,15012/TCP,443/TCP,15014/TCP kiali    NodePort10.0.234.37    <none>  20001:40640/TCP,9090:36639/TCP  prometheus      NodePort10.0.132.174   <none>  9090:30086/TCP    # 访问192.168.0.10:49967即可将流量传递给后端POD，通过下面可见大致实现了流量3-7分布，即金丝雀发布[root@k8s-master-1 example1]# for i in `seq 1 10`; do curl 192.168.0.10:49967 ; donethis is busybox-httpd-v1this is busybox-httpd-v1this is busybox-httpd-v2this is busybox-httpd-v1this is busybox-httpd-v2this is busybox-httpd-v1this is busybox-httpd-v2this is busybox-httpd-v1this is busybox-httpd-v1this is busybox-httpd-v1

• istio-kiali显示(后端进行一万次curl访问)，通过下面可见流量大致按照3-7分布了