共计 5239 个字符,预计需要花费 14 分钟才能阅读完成。
开发者可以通过 kuberneters annotation,很容易控制服务的流量,实现灰度发布
应用场景
- 微服务各组件独立更新,然后验证又必须在实际环境中进行
- 部署新功能有风险,然后可以通过导流一小部分用户实际使用,来减小风险
- 依赖的第三方组件,无法很好地进行测试,只能依靠实际的使用,来验证是否能成功的对接。
过程
- 部署 v2 版本,定义导量 1%
- 测试(请求多少次,有木有失败之类的,由业务方决定),观测和监控
- 没有问题则 v2 100%(没有迭代的过程,区别滚动部署),下线 v1 版本
架构图
工作流程
- service annotation 中定义配置,Kubernetes API 异步通知 Ambassador 的更改。
- Ambassador 将配置转换为抽象的中间代码 (IR)。
- 从 IR 中生成一个 Envoy 配置文件。
- 使用 Ambassador 验证 Envoy 配置文件。
- 如果配置文件有效,Ambassador 将使用 Envoy 的热重新启动机制来部署新的配置,并保持连接。
- 流量将会在新启动的 Envoy 进程中传输。
功能描述
Self-Service via Kubernetes Annotations
developer 可以通过 kubernetes service 的 annotations 来定义 ambassadorf 服务,很容易集成到你的现有项目中。
Flexible Canary Deployments
developer 可以通过 kuberneters annotation 很容易控制到服务的流量,实现金丝雀发布。
Kubernetes-Native Architecture
利用 k8s 原生能力实现可靠性、可用性和可伸缩性。使用 envoy 实现路由和代理
gRPC and HTTP/2 Support
由 envoy 提供的能力
Istio Integration
和 istio 配合实现服务网格。ambassador 作为边缘代理,实现外部流量到内部 istio 的桥梁。
Authentication
ambassador 支持请求认证。如果配置了,ambassador 在路由之前会事先请求第三方认证服务
Rate Limiting
ambassador 支持限流。ambassador 在路由之前会事先请求第三方速度限流服务
Integrated Diagnostics
ambassador 包含一个诊断服务,可以快速定位问题
部署
install deploy
测试
提前部署两个后台服务 sv1 和 sv2
sv1 请求返回 ”Hello World, this is test service num 1!”
sv2 请求返回 ”Hello World, this is test service num 2!”
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: svc1
spec:
replicas: 1
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: svc1
spec:
containers:
- name: svc1
image: ambassador-sv1:1.0
ports:
- name: http-api
containerPort: 5000
resources:
limits:
cpu: "0.1"
memory: 100Mi
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: svc2
spec:
replicas: 1
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: svc2
spec:
containers:
- name: svc2
image: ambassador-sv2:1.0
ports:
- name: http-api
containerPort: 5000
resources:
limits:
cpu: "0.1"
memory: 100Mi根据 weight 进行灰度
以 80% 的概率路由到 svc1, 20% 的概率路由到 svc2
svc1 (不配置权重,默认 100%)
---
apiVersion: v1
kind: Service
metadata:
name: svc1
namespace: 295-a222222
annotations:
getambassador.io/config: |
---
apiVersion: ambassador/v0
kind: Mapping
name: svc1_mapping
prefix: /svc/
service: svc1.295-a222222:8080
spec:
selector:
app: svc1
ports:
- port: 8080
name: http-svc
targetPort: http-apisvc2
---
apiVersion: v1
kind: Service
metadata:
name: svc2
namespace: 295-a222222
annotations:
getambassador.io/config: |
---
apiVersion: ambassador/v0
kind: Mapping
name: svc2_mapping
prefix: /svc/
service: svc2.295-a222222:8080
weight: 20
spec:
selector:
app: svc2
ports:
- port: 8080
name: http-svc
targetPort: http-api结果:
[root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 2![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 2![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 2![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl
根据请求头 header 进行灰度 (regex_headers 正则匹配)
请求头中包含 Cookie: UM_distinctid=12345 的请求全部路由到 svc2 中
---
apiVersion: v1
kind: Service
metadata:
name: svc2
annotations:
getambassador.io/config: |
---
apiVersion: ambassador/v0
kind: Mapping
name: svc2_mapping
prefix: /svc/
service: svc2
headers:
Cookie: UM_distinctid=12345
spec:
selector:
app: svc2
ports:
- port: 80
name: http-svc2
targetPort: http-apiregex_headers
apiVersion: v1
kind: Service
metadata:
annotations:
getambassador.io/config: |
---
apiVersion: ambassador/v0
kind: Mapping
name: create
prefix: /svc/create/
service: create:8080
regex_headers:
Cookie: "ddddd.*"结果:
[root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]#
[root@master01 ambassador]#
[root@master01 ambassador]# curl -H "Cookie: UM_distinctid=12345" 10.104.75.142:80/svc/
Hello World, this is test service num 2![root@master01 ambassador]# curl -H "Cookie: UM_distinctid=12345" 10.104.75.142:80/svc/
Hello World, this is test service num 2![root@master01 ambassador]# curl -H "Cookie: UM_distinctid=12345" 10.104.75.142:80/svc/
Hello World, this is test service num 2![root@master01 ambassador]# curl -H "Cookie: UM_distinctid=12345" 10.104.75.142:80/svc/
Hello World, this is test service num 2![root@master01 ambassador]# curl -H "Cookie: UM_distinctid=12345" 10.104.75.142:80/svc/
Hello World, this is test service num 2![root@master01 ambassador]# curl -H "Cookie: UM_distinctid=12345" 10.104.75.142:80/svc/
Hello World, this is test service num 2![root@master01 ambassador]# 正文完