英文:
Istio Send Request to wrong subset pod
问题
Here's the translation of the provided text:
我尝试进行我的服务的镜像测试
但我尚未配置镜像测试配置,但 Pod B 已经接收到了流量。似乎服务分发流量,而不是由 VirtualService 控制?
还是我在那里设置错误?
这里我创建了一个示例
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: helloworld
spec:
hosts:
- helloworld
http:
- route:
- destination:
host: helloworld
subset: v1
weight: 100
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: helloworld
spec:
host: helloworld
subsets:
- name: v1
labels:
version: v1
---
apiVersion: v1
kind: Service
metadata:
name: helloworld
labels:
app: helloworld
service: helloworld
spec:
selector:
app: helloworld
ports:
- name: http
protocol: TCP
port: 80
targetPort: 3000
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld-v1
labels:
app: helloworld
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: helloworld
version: v1
template:
metadata:
labels:
app: helloworld
version: v1
spec:
containers:
- name: helloworld-v1
image: surprised128/nodetestserver:log
ports:
- containerPort: 3000
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld-v2
labels:
app: helloworld
version: v2
spec:
replicas: 1
selector:
matchLabels:
app: helloworld
version: v2
template:
metadata:
labels:
app: helloworld
version: v2
spec:
containers:
- name: helloworld-v2
image: surprised128/nodetestserver:v2
ports:
- containerPort: 3000
我使用 curl 发送请求,然后我们可以看到响应包含 v1 和 v2 的结果。
for i in `seq 1 100`; do curl http://helloworld.connext3.svc.cluster.local/nodejs/hello; done
这是 istioctl 测试,看起来一切正常。
这个 YAML 在 Istio 版本 1.13.0 中正常工作,在 1.16.4 中失败了,是否有版本之间的差异?
英文:
I try to do a mirror test of my service
But I haven't configured the mirror testing config yet, but Pod b has already received the traffic. It seems that the Service distributes the traffic instead of being controlled by VirtualService ?
Or do I have a setting error there?
Here I create a sample about it
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: helloworld
spec:
hosts:
- helloworld
http:
- route:
- destination:
host: helloworld
subset: v1
weight: 100
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: helloworld
spec:
host: helloworld
subsets:
- name: v1
labels:
version: v1
---
apiVersion: v1
kind: Service
metadata:
name: helloworld
labels:
app: helloworld
service: helloworld
spec:
selector:
app: helloworld
ports:
- name: http
protocol: TCP
port: 80
targetPort: 3000
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld-v1
labels:
app: helloworld
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: helloworld
version: v1
template:
metadata:
labels:
app: helloworld
version: v1
spec:
containers:
- name: helloworld-v1
image: surprised128/nodetestserver:log
ports:
- containerPort: 3000
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld-v2
labels:
app: helloworld
version: v2
spec:
replicas: 1
selector:
matchLabels:
app: helloworld
version: v2
template:
metadata:
labels:
app: helloworld
version: v2
spec:
containers:
- name: helloworld-v2
image: surprised128/nodetestserver:v2
ports:
- containerPort: 3000
And I use curl to send request, then we can see the response was contain result of v1 and v2.
for i in `seq 1 100`; do curl http://helloworld.connext3.svc.cluster.local/nodejs/hello; done
Here is the istioctl test, nothing looks wrong
This Yaml is work well in istio version 1.13.0, but fail in 1.16.4, Are there any differences between versions?
答案1
得分: 0
最终,我找到了问题。根本原因是我用来访问目标服务的 Pod 不在 Istio 服务网格内(意味着它的 Pod 中没有 Istio 代理 sidecar)。
因此,来自这个 Pod 的请求会经过 Kubernetes 服务,而不是受虚拟服务或目标规则管理。
参考:https://istio.io/latest/docs/ops/deployment/requirements/
为了支持 Istio 的流量路由能力,离开 Pod 的流量可能会与未部署 sidecar 的情况下不同。
英文:
Finally, I found the problem. The root cause was the pod which I using to curl target service was out of istio service mesh(means it has no istio proxy sidecar in pod)
So the request from this pod was pass by k8s service, not managed by the virtual service or destination rule.
https://istio.io/latest/docs/ops/deployment/requirements/
> In order to support Istio’s traffic routing capabilities, traffic leaving a pod may be routed differently than when a sidecar is not deployed.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论