Advanced Router Rules - TheOpenCloudEngine/uEngine-cloud GitHub Wiki

Advanced Route Rules

์ ‘์† ์›น๋ธŒ๋ผ์šฐ์ €์— ๋”ฐ๋ฅธ ์Šค๋งˆํŠธํ•œ ๋ผ์šฐํŒ… (Canary Deployment)

What is your user-agent?

Note: the "user-agent" header is added to OpenTracing baggage in the Customer service. From there it is automatically propagated to all downstream services. To enable automatic baggage propagation all intermediate services have to be instrumented with OpenTracing. The baggage header for user agent has following form baggage-user-agent: <value>.

๋จผ์ € ๋ชจ๋“  ํŠธ๋ž˜ํ”ฝ์„ v1 ๋กœ ์ „์†กํ•ฉ๋‹ˆ๋‹ค

istioctl create -f istiofiles/destination-rule-recommendation-v1-v2.yml
istioctl create -f istiofiles/virtual-service-recommendation-v1.yml

์‚ฌํŒŒ๋ฆฌ ์œ ์ €๋งŒ v2๋กœ ๋ผ์šฐํŒ…

istioctl replace -f istiofiles/virtual-service-safari-recommendation-v2.yml

istioctl get virtualservice -n tutorial

๊ทธ๋Ÿฐํ›„์— Safari ๋ธŒ๋ผ์šฐ์ €๋กœ ์ ‘์†ํ•ฉ๋‹ˆ๋‹ค.(ํ˜น์€ Firefox ๋ธŒ๋ผ์šฐ์ €์šฉ ์„ค์ •์œผ๋กœ ๋””ํ”Œ๋กœ์ด ํ•œํ›„, ์˜ˆ์ œ๋ฅผ ํ…Œ์ŠคํŠธ ํ•ฉ๋‹ˆ๋‹ค.

ํ˜น์€, curl -A ์ปค๋งจ๋“œ๋ฅผ ํ†ตํ•˜์—ฌ user-agent ๋ฌธ์ž์—ด์„ ์ „๋‹ฌํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

curl -A Safari <service url>
curl -A Firefox <service url>

ํŠธ๋ž˜ํ”ฝ ๋ฏธ๋Ÿฌ๋ง (Dark Launch or Shaddow deploy)

์ƒˆ๋„์šฐ ๋ฐฐํฌ๋ฅผ ํ…Œ์ŠคํŠธํ•˜๊ธฐ ์œ„ํ•ด์„œ๋Š” recommendation ๋ฒ„์ „์ด 2๊ฐœ ์ด์ƒ์žˆ์–ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ์‹ค์ œ ํŠธ๋ž˜ํ”ฝ์˜ ๊ฒฐ๊ณผ๋Š” ๋ชจ๋‘ v1๊ฒƒ์„ ์œ ์ €๋กœ ๋ณด๋‚ด๋ฉด์„œ v2

istioctl create -f istiofiles/destination-rule-recommendation-v1-v2.yml -n tutorial
istioctl create -f istiofiles/virtual-service-recommendation-v1-mirror-v2.yml -n tutorial

curl <service url>

recommendation-v2 ์˜ ๋กœ๊ทธ ํ™•์ธํ•˜๊ธฐ

kubectl logs -f `oc get pods|grep recommendation-v2|awk '{ print $1 }'` -c recommendation

Access Control

Important
 The Access Control rules take some time to be applied and reflected. Be patient here!

Whitelist

Weโ€™ll create a whitelist on the preference service to only allow requests from the recommendation service, which will make the preference service invisible to the customer service. Requests from the customer service to the preference service will return a 404 Not Found HTTP error code.

istioctl create -f istiofiles/acl-whitelist.yml -n tutorial
curl customer-tutorial.$(minishift ip).nip.io
customer => 404 NOT_FOUND:preferencewhitelist.listchecker.tutorial:customer is not whitelisted

Clean up

istioctl delete -f istiofiles/acl-whitelist.yml -n tutorial

Blacklist

Weโ€™ll create a blacklist making the customer service blacklist to the preference service. Requests from the customer service to the preference service will return a 403 Forbidden HTTP error code.

istioctl create -f istiofiles/acl-blacklist.yml -n tutorial
curl customer-tutorial.$(minishift ip).nip.io
customer => 403 PERMISSION_DENIED:denycustomerhandler.denier.tutorial:Not allowed

Clean up

istioctl delete -f istiofiles/acl-blacklist.yml -n tutorial

Load Balancer

By default, you will see "round-robin" style load-balancing, but you can change it up, with the RANDOM option being fairly visible to the naked eye.

Add another v2 pod to the mix

oc scale deployment recommendation-v2 --replicas=2 -n tutorial
or
kubectl scale deployment recommendation-v2 --replicas=2 -n tutorial

Wait a bit (oc get pods -w to watch) and curl the customer endpoint many times

curl customer-tutorial.$(minishift ip).nip.io

Add a 3rd v2 pod to the mix

$ oc scale deployment recommendation-v2 --replicas=3 -n tutorial
$ oc get pods -n tutorial

or

$ kubectl scale deployment recommendation-v2 --replicas=3 -n tutorial
$ kubectl get pods -n tutorial


NAME                                  READY     STATUS    RESTARTS   AGE
customer-1755156816-cjd2z             2/2       Running   0          1h
preference-3336288630-2cc6f          2/2       Running   0          1h
recommendation-v1-3719512284-bn42p   2/2       Running   0          59m
recommendation-v2-2815683430-97nnf   2/2       Running   0          43m
recommendation-v2-2815683430-d49n6   2/2       Running   0          51m
recommendation-v2-2815683430-tptf2   2/2       Running   0          33m

Wait for those 2/2 (two containers in each pod) and then poll the customer endpoint:

./scripts/run.sh

The results should follow a fairly normal round-robin distribution pattern

customer => preference => recommendation v1 from '99634814-d2z2t': 1145
customer => preference => recommendation v2 from '2819441432-525lh': 1
customer => preference => recommendation v2 from '2819441432-rg45q': 2
customer => preference => recommendation v2 from '2819441432-bs5ck': 181
customer => preference => recommendation v1 from '99634814-d2z2t': 1146
customer => preference => recommendation v2 from '2819441432-rg45q': 3
customer => preference => recommendation v2 from '2819441432-rg45q': 4
customer => preference => recommendation v2 from '2819441432-bs5ck': 182

Now, add the Random LB DestinationPolicy

istioctl create -f istiofiles/destination-rule-recommendation_lb_policy_app.yml -n tutorial

And you should see a different pattern of which pod is being selected

customer => preference => recommendation v2 from '2819441432-rg45q': 10
customer => preference => recommendation v2 from '2819441432-525lh': 3
customer => preference => recommendation v2 from '2819441432-rg45q': 11
customer => preference => recommendation v1 from '99634814-d2z2t': 1153
customer => preference => recommendation v1 from '99634814-d2z2t': 1154
customer => preference => recommendation v1 from '99634814-d2z2t': 1155
customer => preference => recommendation v2 from '2819441432-rg45q': 12
customer => preference => recommendation v2 from '2819441432-525lh': 4
customer => preference => recommendation v2 from '2819441432-525lh': 5
customer => preference => recommendation v2 from '2819441432-rg45q': 13
customer => preference => recommendation v2 from '2819441432-rg45q': 14

Clean up

istioctl delete -f istiofiles/destination-rule-recommendation_lb_policy_app.yml -n tutorial

oc scale deployment recommendation-v2 --replicas=1 -n tutorial
or
kubectl scale deployment recommendation-v2 --replicas=1 -n tutorial

Rate Limiting

Important
 The Rate Limiting rules take some time to be applied and reflected. Be patient here!

Here we will limit the number of concurrent requests into recommendation v2

Now apply the rate limit handler

istioctl create -f istiofiles/recommendation_rate_limit_handler.yml

Now setup the requestcount quota

istioctl create -f istiofiles/rate_limit_rule.yml

Throw some requests at customer:

./scripts/run.sh

You should see some 429 errors:

customer => preference => recommendation v2 from '2819441432-f4ls5': 108
customer => preference => recommendation v1 from '99634814-d2z2t': 1932
customer => preference => recommendation v2 from '2819441432-f4ls5': 109
customer => preference => recommendation v1 from '99634814-d2z2t': 1933
customer => 503 preference => 429 RESOURCE_EXHAUSTED:Quota is exhausted for: RequestCount
customer => preference => recommendation v1 from '99634814-d2z2t': 1934
customer => preference => recommendation v2 from '2819441432-f4ls5': 110
customer => preference => recommendation v1 from '99634814-d2z2t': 1935
customer => 503 preference => 429 RESOURCE_EXHAUSTED:Quota is exhausted for: RequestCount
customer => preference => recommendation v1 from '99634814-d2z2t': 1936
customer => preference => recommendation v2 from '2819441432-f4ls5': 111
customer => preference => recommendation v1 from '99634814-d2z2t': 1937
customer => 503 preference => 429 RESOURCE_EXHAUSTED:Quota is exhausted for: RequestCount
customer => preference => recommendation v1 from '99634814-d2z2t': 1938
customer => preference => recommendation v2 from '2819441432-f4ls5': 112

Clean up

istioctl delete -f istiofiles/rate_limit_rule.yml

istioctl delete -f istiofiles/recommendation_rate_limit_handler.yml

or you can run:

./scripts/clean.sh
โš ๏ธ **GitHub.com Fallback** โš ๏ธ