问题描述
我正在尝试学习如何使用 istio 进行金丝雀部署。
我们的想法是在 Istio 和 Traefik 入口之间使用混合。
不幸的是,我在使用 VirtualService 时遇到了问题,特别是当我使用 Traefik LoadBalancer 的 IP 时,出现此错误:
我正在用一个通用的 helloworld 应用程序测试它。下面我复制各种设置:
部署 helloworld-v1:
apiVersion: apps/v1
kind: Deployment
Metadata:
annotations:
env: prod
labels:
app: helloworld
version: v1
name: helloworld-v1
namespace: university
spec:
replicas: 1
selector:
matchLabels:
app: helloworld
version: v1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
Metadata:
creationTimestamp: null
labels:
app: helloworld
version: v1
spec:
containers:
- args:
- -text=banana
image: hashicorp/http-echo
imagePullPolicy: IfNotPresent
name: helloworld
ports:
- containerPort: 80
protocol: TCP
resources:
limits:
cpu: 50m
memory: 128Mi
部署 helloworld-v2:与 helloworld-v1 相同,但 text=apple 和不同的标签版本
服务
apiVersion: v1
kind: Service
Metadata:
labels:
app: helloworld
name: helloworld
namespace: university
spec:
ports:
- name: http-helloworld
port: 80
protocol: TCP
targetPort: 80
selector:
app: helloworld
sessionAffinity: None
type: ClusterIP
虚拟服务
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
Metadata:
name: helloworld
namespace: university
spec:
hosts:
- helloworld
http:
- route:
- destination:
host: helloworld
subset: v1
weight: 90
- destination:
host: helloworld
subset: v2
weight: 10
目的地规则
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
name: helloworld
namespace: university
spec:
host: helloworld
subsets:
- labels:
version: v1
name: v1
- labels:
version: v2
name: v2
入口
apiVersion: extensions/v1beta1
kind: Ingress
Metadata:
annotations:
kubernetes.io/ingress.class: traefik
name: helloworld
namespace: university
spec:
rules:
- http:
paths:
- backend:
serviceName: helloworld
servicePort: http-helloworld
path: /
我从 pod 中获取了一些日志并获得了这个:
2021-01-04T15:33:48.733757Z warning envoy runtime Unable to use runtime singleton for feature envoy.http.headermap.lazy_map_min_size
2021-01-04T15:33:48.771547Z info xdsproxy Envoy ADS stream established
2021-01-04T15:33:48.771879Z info xdsproxy connecting to upstream XDS server: istiod.istio-system.svc:15012
2021-01-04T15:33:48.772087Z warning envoy main there is no configured limit to the number of allowed active connections. Set a limit via the runtime key overload.global_downstream_max_connections
2021-01-04T15:33:48.867949Z info sds resource:ROOTCA new connection
2021-01-04T15:33:48.868040Z info sds Skipping waiting for gateway secret
2021-01-04T15:33:48.868347Z info sds resource:default new connection
2021-01-04T15:33:48.868394Z info sds Skipping waiting for gateway secret
2021-01-04T15:33:49.123541Z info cache Root cert has changed,start rotating root cert for SDS clients
2021-01-04T15:33:49.123574Z info cache GenerateSecret default
2021-01-04T15:33:49.123987Z info sds resource:default pushed key/cert pair to proxy
2021-01-04T15:33:49.468337Z info cache Loaded root cert from certificate ROOTCA
2021-01-04T15:33:49.468588Z info sds resource:ROOTCA pushed root cert to proxy
2021-01-04T15:33:49.724483Z warning envoy filter mTLS PERMISSIVE mode is used,connection can be either plaintext or TLS,and client cert can be omitted. Please consider to upgrade to mTLS STRICT mode for more secure configuration that only allows TLS connection with client cert. See https://istio.io/docs/tasks/security/mtls-migration/
2021-01-04T15:33:49.726036Z warning envoy filter mTLS PERMISSIVE mode is used,and client cert can be omitted. Please consider to upgrade to mTLS STRICT mode for more secure configuration that only allows TLS connection with client cert. See https://istio.io/docs/tasks/security/mtls-migration/
2021-01-04T15:33:51.398713Z info Envoy proxy is ready
[2021-01-04T15:34:41.103Z] "GET /favicon.ico HTTP/1.1" 503 UF "-" 0 91 0 - "127.0.0.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/87.0.4280.88 Safari/537.36" "7bcaf3da-8fc3-958f-8907-a83d2dedf274" "10.128.252.134" "127.0.0.1:80" inbound|80|| - 10.28.252.77:80 127.0.0.1:0
- default
**[2021-01-04T15:34:46.232Z] "GET /favicon.ico HTTP/1.1" 503 UF "-" 0 91 0 - "127.0.0.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/87.0.4280.88 Safari/537.36" "0e7f0815-d3d1-9b6c-82b3-ae171aafd8fd" "10.128.252.134" "127.0.0.1:80" inbound|80|| - 10.28.252.77:80 127.0.0.1:0 **
- default
[2021-01-04T15:38:04.023Z] "GET / HTTP/1.1" 503 UF "-" 0 91 0 - "127.0.0.1" "curl/7.65.1" "210c09e2-20e2-9a0e-9241-ec662fb260d0" "10.128.252.134" "127.0.0.1:80" inbound|80|| - 10.28.252.77:80 127.0.0.1:0 - default
[2021-01-04T15:38:10.014Z] "GET /favicon.ico HTTP/1.1" 503 UF "-" 0 91 0 - "127.0.0.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/87.0.4280.88 Safari/537.36" "b571e684-c15c-90b1-8d7d-d0dc52f9e71d" "10.128.252.134" "127.0.0.1:80" inbound|80|| - 10.28.252.77:80 127.0.0.1:0
- default
你有什么想法吗?
感谢帮助
注意:命名空间已正确注入
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)