Ambassador系列-06-金丝雀发布、断路器、CORS和流量镜像

最新推荐文章于 2020-07-26 23:30:12 发布
最新推荐文章于 2020-07-26 23:30:12 发布
阅读量710 收藏 1
点赞数
分类专栏: Ambassador 文章标签: Ambassador 网关 金丝雀 断路器 CORS
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/twingao/article/details/103791816
版权

金丝雀发布

通过weight权重属性将流量导到不同的上游服务。实现金丝雀发布。weight权重的值介于1-100之间,总的权重为100。

vi echo-server-v1-service.yaml
apiVersion: v1
kind: Service
metadata:
  labels:
    app: echo-v1
  name: echo-v1
spec:
  ports:
  - port: 8080
    name: high
    protocol: TCP
    targetPort: 8080
  - port: 80
    name: low
    protocol: TCP
    targetPort: 8080
  selector:
    app: echo-v1
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  labels:
    app: echo-v1
  name: echo-v1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: echo-v1
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: echo-v1
    spec:
      containers:
      - image: gcr.io/kubernetes-e2e-test-images/echoserver:2.2
        name: echo
        ports:
        - containerPort: 8080
        env:
          - name: NODE_NAME
            valueFrom:
              fieldRef:
                fieldPath: spec.nodeName
          - name: POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          - name: POD_IP
            valueFrom:
              fieldRef:
                fieldPath: status.podIP
        resources: {}

vi echo-server-v2-service.yaml
apiVersion: v1
kind: Service
metadata:
  labels:
    app: echo-v2
  name: echo-v2
spec:
  ports:
  - port: 8080
    name: high
    protocol: TCP
    targetPort: 8080
  - port: 80
    name: low
    protocol: TCP
    targetPort: 8080
  selector:
    app: echo-v2
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  labels:
    app: echo-v2
  name: echo-v2
spec:
  replicas: 1
  selector:
    matchLabels:
      app: echo-v2
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: echo-v2
    spec:
      containers:
      - image: gcr.io/kubernetes-e2e-test-images/echoserver:2.2
        name: echo
        ports:
        - containerPort: 8080
        env:
          - name: NODE_NAME
            valueFrom:
              fieldRef:
                fieldPath: spec.nodeName
          - name: POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          - name: POD_IP
            valueFrom:
              fieldRef:
                fieldPath: status.podIP
        resources: {}

kubectl apply -f echo-server-v1-service.yaml
kubectl apply -f echo-server-v2-service.yaml

kubectl get pod,svc
NAME                             READY   STATUS    RESTARTS   AGE
pod/ambassador-877b57b69-cvzbl   1/1     Running   2          9d
pod/ambassador-877b57b69-rtgcq   1/1     Running   2          9d
pod/echo-v1-77cdb8f7d5-vsj6x     1/1     Running   0          32s
pod/echo-v2-6659867756-fr8qh     1/1     Running   0          27s

NAME                       TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)           AGE
service/ambassador-admin   NodePort    10.106.34.114    <none>        8877:31207/TCP    9d
service/ambssador          NodePort    10.98.129.0      <none>        8080:38080/TCP    9d
service/echo-v1            ClusterIP   10.100.78.40     <none>        8080/TCP,80/TCP   33s
service/echo-v2            ClusterIP   10.97.72.27      <none>        8080/TCP,80/TCP   27s
service/kubernetes         ClusterIP   10.96.0.1        <none>        443/TCP           31d

echo-v1的权重为90,echo-v2的权重为10,测试可以发现基本符合。

vi echo-server-v1v2-mapping.yaml
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
  name: echo-server-v1-mapping
spec:
  prefix: /v1v2
  service: echo-v1:8080
  weight: 90
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
  name: echo-server-v2-mapping
spec:
  prefix: /v1v2
  service: echo-v2:8080
  weight: 10

curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.1.11
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.1.11
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.1.11
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.8

断路器

circuit_breakers:
- priority: <string>
  max_connections: <integer>
  max_pending_requests: <integer>
  max_requests: <integer>
  max_retries: <integer>

CORS跨源资源共享Cross-Origin Resource Sharing

上游服务如果要支持CORS需要进行配置修改,Ambassador支持对CORS请求的拦截和响应,这样上游服务不用再做修改。

Client              Ambassador      Upstream
  |      OPTIONS       |               |
  | —————————————————> |               |
  |     CORS_RESP      |               |
  | <————————————————— |               | 
  |      GET /foo/     |               |
  | —————————————————> | ————————————> |
  |                    |      RESP     |
  | <————————————————————————————————— |

---
apiVersion: getambassador.io/v1
kind:  Mapping
metadata:
  name:  cors
spec:
  prefix: /cors/
  service: cors-example
  cors:
    origins: http://foo.example,http://bar.example
    methods: POST, GET, OPTIONS
    headers: Content-Type
    credentials: true
    exposed_headers: X-Custom-Header
    max_age: "86400"

流量镜像

在测试或者监控场景下,除了部署正常的服务外,再部署一个影子(镜像)服务,对该服务的请求会全部转发到正常服务外,会转发部分镜像流量到影子服务,已达到测试或者监控的目的。

Traffic Shadowing

以下会有10%的流量被镜像到影子服务echo-v2:8080上。

#重新部署service
kubectl delete -f echo-server-v1-service.yaml
kubectl delete -f echo-server-v2-service.yaml

kubectl apply -f echo-server-v1-service.yaml
kubectl apply -f echo-server-v2-service.yaml

vi echo-server-v1v2-mapping.yaml
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
  name: echo-server-v1-mapping
spec:
  prefix: /v1v2
  service: echo-v1:8080
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
  name: echo-server-v2-mapping
spec:
  prefix: /v1v2
  service: echo-v2:8080
  shadow: true
  weight: 10

kubectl get pod
NAME                         READY   STATUS    RESTARTS   AGE
ambassador-877b57b69-cvzbl   1/1     Running   2          9d
ambassador-877b57b69-rtgcq   1/1     Running   2          9d
echo-v1-77cdb8f7d5-hgfvl     1/1     Running   0          67s
echo-v2-6659867756-6n5jg     1/1     Running   0          56s

#查看日志,都没有请求。
kubectl logs echo-v1-77cdb8f7d5-hgfvl
kubectl logs echo-v2-6659867756-6n5jg

#多次请求
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9
curl -i http://192.168.1.50:38080/v1v2 -s | grep "pod IP:"
        pod IP: 10.244.2.9

#查看echo-v1的日志,条数对应。
kubectl logs echo-v1-77cdb8f7d5-hgfvl
10.244.2.7 - - [07/Dec/2019:14:41:43 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:44 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:44 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:45 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:45 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:46 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:46 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:47 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:47 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:47 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:48 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:48 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:49 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:49 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:49 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:50 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:50 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:51 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:51 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:52 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:52 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:54 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:56 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:56 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:56 +0000] "GET / HTTP/1.1" 200 718 "-" "curl/7.29.0"

#服务echo-v2的请求条数为3,和10%的比例基本上一致。
kubectl logs echo-v2-6659867756-6n5jg
10.244.2.7 - - [07/Dec/2019:14:41:46 +0000] "GET / HTTP/1.1" 200 744 "-" "curl/7.29.0"
10.244.1.9 - - [07/Dec/2019:14:41:54 +0000] "GET / HTTP/1.1" 200 744 "-" "curl/7.29.0"
10.244.2.7 - - [07/Dec/2019:14:41:56 +0000] "GET / HTTP/1.1" 200 744 "-" "curl/7.29.0"

Ambassador系列文章

Ambassador系列-01-介绍、安装和使用

Ambassador系列-02-Module模块

Ambassador系列-03-服务配置和服务发现

Ambassador系列-04-服务配置Mapping

Ambassador系列-05-负载均衡

Ambassador系列-06-金丝雀发布、断路器、CORS和流量镜像

Ambassador系列-07-TCP映射TCPMapping

Ambassador系列-08-TLS配置-HTTPS重定向和TLS终结

Ambassador系列-09-AuthService认证服务

Ambassador系列-10-RateLimitService限速服务

Ambassador系列-11-Helm安装Ambassador Edge Stack 1.1.0

twingao
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Ambassador系列-01-介绍、安装和使用
twingao的专栏
01-01 3523
介绍 Ambassador是由Datawire公司开源的一个API网关项目,在Github上有2.3K star。 Ambassador当前(2019-12-11)的最新的版本是0.86.0,马上准备发布1.0.0版本,更新很频繁,而且主要在y版本更新,已经趋于成熟。 从0.50.0版本开始从apiVersion: getambassador.io/v0升级为apiVersion: getamba...
k8s 中的更新策略,版本回滚,金丝雀发布操作
a13568hki的博客
05-12 3430
查看历史记录 kubectl rollout history deployment nginx 回滚到上一个版本 kubectl rollout undo deployment nginx 也可以使用 --revision参数指定某个历史版本: kubectl rollout undo deployment nginx --to-revision=3
无法访问gcr.io的几种解决办法
weixin_30505043的博客
06-04 3146
系列目录 由于一些原因,在国内无法访问gcr.io上的镜像,在安装kubernetes时,很多官方镜像又是都存在gcr.io上,在国内的一些教程中大都使用阿里云的镜像,但是由于阿里云镜像地址更换等原因,当按照文档使用阿里云镜像时可能已经变得不可用.下面结合实际经验,列举出几种常用的办法来解决这个问题 使用阿里云镜像地址 地址1registry.aliyuncs.com/google_cont...
使用Ambassador容器构建docker容器集群
安心Smile的博客
12-30 751
当两个Docker容器在同一主机(或虚拟机)时,可以通过 --link 命令让两者直接互相访问。如果要跨主机实现容器互联,则往往需要容器知道物理主机的ip地址。利用Ambassador 容器机制,可以让互联的容器无需知道所在物理主机的IP地址即可互联。 基本场景 Ambassador 容器也是一种 docker 容器,她在内部提供了转发服务。 如下图。当客户端容器要访问服务器时,直接访问客户...
互联网项目的部署、发布测试
suyang001的专栏
07-26 2425
本文中部分内容引用自以下文章列表: https://www.jianshu.com/p/5862d7573bf2 https://www.jianshu.com/p/f7b63a4d1488 https://www.cnblogs.com/duanxz/p/5403980.html 极客时间:朱赟的技术管理课 *说明:本文是对已有概念的讲解,非原创,目的是为了将搜集到的资料更好的呈现给大家。 概念:发布vs部署 部署和发布的概念经常听到,但并不一定都能说得清楚,因此,先在开头澄清一下,方便大家理解: 部
Ambassador系列-08-TLS配置-HTTPS重定向和TLS终结
twingao的专栏
01-01 1032
HTTPS重定向 当前大多数网站都会自动将http请求重定向为https请求。上游服务如果需要支持重定向https需要配置变动或者编码。Ambassador支持在网关直接拦截http请求并重定向为https请求功能,上游服务不用做任何变动。 Client Ambassador | | | http://&...
ambassador-docs:官方大使 API 网关文档库
07-24
aes-pages.yml文件标识哪些页面应标记为“Ambassador Edge Stack”页面。 文档基础设施说明 可以使用git subtree将这个存储库中的文档“出售”到其他存储库中。 鼓励这样做的存储库包含某种方便的工具,以使同步...
ampub-gcppubsub:用于发布的Google Cloud PubSub大使容器
02-05
用于Google Cloud Pub / Sub发布。 设想用作容器。 讯息格式 AmPub API提供主题字符串,请求正文字节以及可选的密钥字符串。 主题字符串=发布/订阅主题 请求正文字节=消息数据 密钥字符串=消息属性,其中key={key ...
Python-Ambassador基于EnvoyProxy构建用于微服务的开源Kubernetes原生API网关
08-10
标题中的“Python-Ambassador基于EnvoyProxy构建用于微服务的开源Kubernetes原生API网关”提到了两个关键组件:Python-Ambassador和Envoy Proxy,以及它们在Kubernetes微服务架构中的应用。 1. **Envoy Proxy**: ...
ambassador-webinar:RStudio大使网络研讨会的文件和幻灯片
05-21
【标题】"ambassador-webinar: RStudio大使网络研讨会的文件和幻灯片"涉及到的主要内容是RStudio公司举办的一次在线研讨会,这次活动聚焦于RStudio大使分享的专业知识和经验。RStudio是一家专注于R语言工具开发的...
linux-haproxycontainerimage构建自HAProxy负载均衡器的源容器映像
08-13
haproxy (container image):构建自HAProxy负载均衡器的源容器映像
Ambassador系列-11-Helm安装Ambassador Edge Stack 1.1.0
twingao的专栏
02-08 3179
Ambassador已经发布1.1.0版本,其中最大的变化就是将原来的版本Ambassador和Ambassador Pro版本拆为三个版本:Ambassador API Gateway、Ambassador Edge Stack Community和Ambassador Edge Stack Enterprise。其中Ambassador API Gateway对应0.x版本的Ambassado...
Ambassador系列-09-AuthService认证服务
twingao的专栏
01-01 2322
Authservice使用外部服务来实现身份验证和授权。简单来说,Client向Ambassador网关发送的请求,都会被Ambassador拦截,Ambassador会将拦截的请求报文体去除,只将报文头转发给外部认证服务,外部认证服务会进行身份验证或者校验token,如果合法将返回http状态码200,否则返回非200状态码。详细流程如下: [外链图片转存失败,源站可能有防盗链机制,建议将图片保...
Ambassador系列-04-服务配置Mapping
twingao的专栏
01-01 1527
Ambassador设计旨在让Kubernetes服务的开发者可以轻松灵活地配置流量如何路由到该服务,其核心是Mapping资源,支持7层的HTTP,GRPC和Websocket,也可以通过TCPMapping支持4层的TCP连接。Ambassador必须定义一个或多个Mapping才能访问上游服务。 Mapping通过不同的配置选项实现不同的路由规则,下面进行说明。 增加Request Head...
Ambassador系列-07-TCP映射TCPMapping
twingao的专栏
01-01 1269
Ambassador除了支持7层的HTTP,GRPC和Websocket,也可以通过TCPMapping支持4层的TCP连接。 我们先部署一MySQL上游服务,MySQL不对外暴露NodePort,让Ambassador代理对MySQL的访问。 先修改Ambassador的Deployment,将3306 容器端口放开。 vi ambassador-rbac.yaml kind: Deployme...
Ambassador系列-03-服务配置和服务发现
twingao的专栏
01-01 1014
Ambassador 服务配置 Ambassador提供了三种服务配置方法。 CRDs方式:Customer Resource Definitions 注解方式:Kubernetes Service Annotations Ingress方式:Kubernetes Ingress CRDs方式 Ambassador系列-01-介绍、安装和使用一节中使用的就是CRDs方式,路由规则都定义在Map...
Ambassador系列-10-RateLimitService限速服务
twingao的专栏
01-01 614
限速服务RateLimitService和AuthService一样也是一个外部服务,处理流程也和AuthService一样。 限速服务RateLimitService是通过在Mapping中添加label进行声明的。在请求时label会通过gRPC接口传递到限速服务,声明的方式封为v1和v0。具体的含义没有看的很懂,v1方式声明始终没有测试通过,v0方式的声明测试通过了,下面以v0为例进行说明。...
Ambassador系列-02-Module模块
twingao的专栏
01-01 612
Ambassador的全局配置,可以通过Module模块配置Ambassador的一些全局的配置参数。当前只有两种Module模块: ambassador:配置全局的系统参数。 tls:配置tls参数 Module可以以CRDs方式定义。 --- apiVersion: getambassador.io/v1 kind: Module metadata: name: ambassa...
1_CET-6 words for ten weeks.pdf
最新发布
04-21
8. **社会与文化**:"embassy"和"ambassador"的关系,强调外交代表的地位;"municipal"涉及城市或地方管理。 9. **地理与自然**:"global"不仅用于全球性概念,还涉及到"mountainous"山地的描述;"cosmic"与"comic...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值