10-3 ingress --- 四层代理、session保持、定制配置、流量控制(下)
kubectl get pods -n dev -o wide
测试url 发现经过上一节的修改 页面已经发生了变化
https://web-dev.pdabc.com/hello?name=jiaminxu
保持session 创建ingress-session.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/affinity: cookie
nginx.ingress.kubernetes.io/session-cookie-hash: sha1
nginx.ingress.kubernetes.io/session-cookie-name: route
name: web-demo
namespace: dev
spec:
rules:
- host: web-dev.pdabc.com
http:
paths:
- backend:
serviceName: web-demo
servicePort: 80
path: /
kubectl apply -f ingress-session.yaml
因为没有配tls https访问会有问题,暂时先访问http
通过cookie访问到同一个后端.
小流量 ab测试
修改nginx-ingress-controller.yaml
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
name: nginx-ingress-controller
namespace: ingress-nginx
spec:
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
annotations:
prometheus.io/port: "10254"
prometheus.io/scrape: "true"
creationTimestamp: null
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
containers:
- args:
- /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
- --default-ssl-certificate=default/pdabc-tls
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.23.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: nginx-ingress-controller
ports:
- containerPort: 80
hostPort: 80
name: http
protocol: TCP
- containerPort: 443
hostPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
runAsUser: 33
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
hostNetwork: true
nodeSelector:
app: ingress
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: nginx-ingress-serviceaccount
serviceAccountName: nginx-ingress-serviceaccount
terminationGracePeriodSeconds: 30
这里如果出现下面情况 建议使用azk8spull quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.23.0 先下载镜像 然后kubectl delete nginx-ingress-controller.yaml 再 kubectl apply nginx-ingress-controller.yaml
创建命名空间
kubectl create ns canary
创建web-canary-a.yaml
#deploy
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-canary-a
namespace: canary
spec:
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
selector:
matchLabels:
app: web-canary-a
replicas: 1
template:
metadata:
labels:
app: web-canary-a
spec:
containers:
- name: web-canary-a
image: harbor.pdabc.com/kubernetes/web:v3
ports:
- containerPort: 8080
livenessProbe:
tcpSocket:
port: 8080
initialDelaySeconds: 20
periodSeconds: 10
failureThreshold: 3
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /hello?name=test
port: 8080
scheme: HTTP
initialDelaySeconds: 20
periodSeconds: 10
failureThreshold: 1
successThreshold: 1
timeoutSeconds: 5
---
#service
apiVersion: v1
kind: Service
metadata:
name: web-canary-a
namespace: canary
spec:
ports:
- port: 80
protocol: TCP
targetPort: 8080
selector:
app: web-canary-a
type: ClusterIP
kubectl apply -f web-canary-a.yaml
创建web-canary-b.yaml
#deploy
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-canary-b
namespace: canary
spec:
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
selector:
matchLabels:
app: web-canary-b
replicas: 1
template:
metadata:
labels:
app: web-canary-b
spec:
containers:
- name: web-canary-b
image: harbor.pdabc.com/kubernetes/springboot-web:v1
ports:
- containerPort: 8080
livenessProbe:
tcpSocket:
port: 8080
initialDelaySeconds: 20
periodSeconds: 10
failureThreshold: 3
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /hello?name=test
port: 8080
scheme: HTTP
initialDelaySeconds: 20
periodSeconds: 10
failureThreshold: 1
successThreshold: 1
timeoutSeconds: 5
---
#service
apiVersion: v1
kind: Service
metadata:
name: web-canary-b
namespace: canary
spec:
ports:
- port: 80
protocol: TCP
targetPort: 8080
selector:
app: web-canary-b
type: ClusterIP
kubectl apply -f web-canary-b.yaml
在创建一个ingress
创建ingress-common.yaml
#ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: web-canary-a
namespace: canary
spec:
rules:
- host: canary.pdabc.com
http:
paths:
- path: /
backend:
serviceName: web-canary-a
servicePort: 80
kubectl apply -f ingress-common.yaml
这样已经说明ingress可以了
把canary b当做a的升级版 上线
创建ingress-weight.yaml
#ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: web-canary-b
namespace: canary
annotations:
nginx.ingress.kubernetes.io/canary: "true"
# 权重 转发90%流量
nginx.ingress.kubernetes.io/canary-weight: "90"
spec:
rules:
- host: canary.pdabc.com
http:
paths:
- path: /
backend:
serviceName: web-canary-b
servicePort: 80
kubectl apply -f ingress-weight.yaml
访问基本上是新的了
可以用脚本while sleep 0.2;do curl http://canary.pdabc.com/hello?name=jiaminxu && echo ""; done
在测试通过cookie的方式做一个定向的流量控制
#ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: web-canary-b
namespace: canary
annotations:
nginx.ingress.kubernetes.io/canary: "true"
nginx.ingress.kubernetes.io/canary-by-cookie: "web-canary"
spec:
rules:
- host: canary.pdabc.com
http:
paths:
- path: /
backend:
serviceName: web-canary-b
servicePort: 80
kubectl apply -f ingress-cookie.yaml
访问发现都是a版本
通过修改值为always 实现定向访问(这里没有找到怎么调试 就拿老师的图了)
或者用下面的方式
while sleep 0.2;do curl -b "web-canary=always" http://canary.pdabc.com/hello?name=jiaminxu && echo ""; done
测试hearder
创建ingress-header.yaml
#ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: web-canary-b
namespace: canary
annotations:
nginx.ingress.kubernetes.io/canary: "true"
nginx.ingress.kubernetes.io/canary-by-header: "web-canary"
spec:
rules:
- host: canary.pdabc.com
http:
paths:
- path: /
backend:
serviceName: web-canary-b
servicePort: 80
kubectl apply -f ingress-header.yaml
一直返回springboot版本 通过header方式调整流量
将上述三个组合在一起 header cookie weight
创建ingress-compose.yaml
#ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: web-canary-b
namespace: canary
annotations:
nginx.ingress.kubernetes.io/canary: "true"
nginx.ingress.kubernetes.io/canary-by-header: "web-canary"
nginx.ingress.kubernetes.io/canary-by-cookie: "web-canary"
nginx.ingress.kubernetes.io/canary-weight: "90"
spec:
rules:
- host: canary.pdabc.com
http:
paths:
- path: /
backend:
serviceName: web-canary-b
servicePort: 80
kubectl apply -f ingress-compose.yaml
http://canary.pdabc.com/hello?name=jiaminxu