聊聊如何變更pod的流量路由

序

本文主要研究一下如何變更pod的流量路由

配置

# Copyright Istio Authors
#
#   Licensed under the Apache License, Version 2.0 (the "License");
#   you may not use this file except in compliance with the License.
#   You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
#   Unless required by applicable law or agreed to in writing, software
#   distributed under the License is distributed on an "AS IS" BASIS,
#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#   See the License for the specific language governing permissions and
#   limitations under the License.

##################################################################################################
# Ratings service
##################################################################################################
apiVersion: v1
kind: Service
metadata:
  name: ratings
  labels:
    app: ratings
    service: ratings
spec:
  ports:
  - port: 8080
    name: http
  selector:
    app: ratings
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ratings-v1
  labels:
    app: ratings
    version: v1
spec:
  replicas: 3
  selector:
    matchLabels:
      app: ratings
      version: v1
  template:
    metadata:
      labels:
        app: ratings
        version: v1
    spec:
      containers:
      - name: ratings
        image: jvm-tools-demo
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8080
        securityContext:
          runAsUser: 1000
        resources:
          # keep request = limit to keep this container in guaranteed class
          requests:
            cpu: 50m
            memory: 128Mi          
---

kind load docker-image jvm-tools-demo
kind create -f ratings.yaml

檢視

endpoint

kubectl get ep
NAME         ENDPOINTS                                           AGE
kubernetes   192.168.228.2:6443                                  43m
ratings      10.244.0.10:8080,10.244.0.8:8080,10.244.0.9:8080   6m18s

svc

kubectl get svc
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP    46m
ratings      ClusterIP   10.96.170.159   <none>        8080/TCP   9m3s

pods

kubectl get pods
NAME                         READY   STATUS    RESTARTS   AGE
ratings-v1-676f4d994-8xp7j   1/1     Running   0          9m22s
ratings-v1-676f4d994-9gbkh   1/1     Running   0          9m22s
ratings-v1-676f4d994-tg49h   1/1     Running   0          9m22s

更新label

kubectl label pod ratings-v1-676f4d994-tg49h app=ratings2 --overwrite

檢視變更

kubectl describe pod ratings-v1-676f4d994-tg49h
Name:             ratings-v1-676f4d994-tg49h
Namespace:        default
Priority:         0
Service Account:  default
Node:             kind-control-plane/192.168.228.2
Start Time:       Tue, 13 Feb 2024 10:27:11 +0800
Labels:           app=ratings2
                  pod-template-hash=676f4d994
                  version=v1
Annotations:      <none>
Status:           Running
IP:               10.244.0.8
IPs:
  IP:  10.244.0.8
Containers:
  ratings:
    Container ID:   containerd://fe1d8ddc2d27c557a51181f0b4df8187fb1c06c71d8e564fe9f1ceebb480e156
    Image:          registry.cn-hangzhou.aliyuncs.com/springcloud-cn/jvm-tools-demo
    Image ID:       docker.io/library/import-2024-02-13@sha256:4ed39c8b931585c67e28def544117913fddf929cff8c3062ae19c3d15fffebe7
    Port:           8080/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Tue, 13 Feb 2024 10:27:12 +0800
    Ready:          True
    Restart Count:  0
    Requests:
      cpu:        50m
      memory:     128Mi
    Environment:  <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-2f9mt (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  kube-api-access-2f9mt:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   Burstable
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age    From               Message
  ----    ------     ----   ----               -------
  Normal  Scheduled  5m42s  default-scheduler  Successfully assigned default/ratings-v1-676f4d994-tg49h to kind-control-plane
  Normal  Pulled     5m41s  kubelet            Container image "registry.cn-hangzhou.aliyuncs.com/springcloud-cn/jvm-tools-demo" already present on machine
  Normal  Created    5m41s  kubelet            Created container ratings
  Normal  Started    5m41s  kubelet            Started container ratings

可以看到label變更了

檢視ep

kubectl get ep
NAME         ENDPOINTS                                           AGE
kubernetes   192.168.228.2:6443                                  50m
ratings      10.244.0.10:8080,10.244.0.11:8080,10.244.0.9:8080   12m

可以看到原來10.244.0.8:8080的pod由於label被更新了，所以被移除了，但因為需要保持3個副本，因而點多生成了一個pod(10.244.0.11:8080)

檢視pod

kubectl get pods
NAME                         READY   STATUS    RESTARTS   AGE
ratings-v1-676f4d994-8xp7j   1/1     Running   0          13m
ratings-v1-676f4d994-9gbkh   1/1     Running   0          13m
ratings-v1-676f4d994-hpfg8   1/1     Running   0          9m6s
ratings-v1-676f4d994-tg49h   1/1     Running   0          13m

可以看到由於ratings-v1-676f4d994-tg49h的label被更新了，因而又重新生成了一個pod

小結

透過更新pod的label可以將該pod從endpoint中移除，從而使得該pod不會被svc的流量路由到。但是因為更新了label，原來app=ratings需要保持3個副本，因而會重新建立一個pod來補充。

doc

• 使用kind在mac本地搭建k8s及istio
• istio流量路由小試牛刀
• Kubernetes之Label