ambassador网关实现灰度部署

40次阅读

共计 5239 个字符,预计需要花费 14 分钟才能阅读完成。

开发者可以通过 kuberneters annotation,很容易控制服务的流量,实现灰度发布

应用场景

  1. 微服务各组件独立更新,然后验证又必须在实际环境中进行
  2. 部署新功能有风险,然后可以通过导流一小部分用户实际使用,来减小风险
  3. 依赖的第三方组件,无法很好地进行测试,只能依靠实际的使用,来验证是否能成功的对接。

过程

  1. 部署 v2 版本,定义导量 1%
  2. 测试(请求多少次,有木有失败之类的,由业务方决定),观测和监控
  3. 没有问题则 v2 100%(没有迭代的过程,区别滚动部署),下线 v1 版本

架构图

工作流程

  • service annotation 中定义配置,Kubernetes API 异步通知 Ambassador 的更改。
  • Ambassador 将配置转换为抽象的中间代码 (IR)。
  • 从 IR 中生成一个 Envoy 配置文件。
  • 使用 Ambassador 验证 Envoy 配置文件。
  • 如果配置文件有效,Ambassador 将使用 Envoy 的热重新启动机制来部署新的配置,并保持连接。
  • 流量将会在新启动的 Envoy 进程中传输。

功能描述

Self-Service via Kubernetes Annotations

developer 可以通过 kubernetes service 的 annotations 来定义 ambassadorf 服务,很容易集成到你的现有项目中。

Flexible Canary Deployments

developer 可以通过 kuberneters annotation 很容易控制到服务的流量,实现金丝雀发布。

Kubernetes-Native Architecture

利用 k8s 原生能力实现可靠性、可用性和可伸缩性。使用 envoy 实现路由和代理

gRPC and HTTP/2 Support

由 envoy 提供的能力

Istio Integration

和 istio 配合实现服务网格。ambassador 作为边缘代理,实现外部流量到内部 istio 的桥梁。

Authentication

ambassador 支持请求认证。如果配置了,ambassador 在路由之前会事先请求第三方认证服务

Rate Limiting

ambassador 支持限流。ambassador 在路由之前会事先请求第三方速度限流服务

Integrated Diagnostics

ambassador 包含一个诊断服务,可以快速定位问题

部署

install deploy

测试

提前部署两个后台服务 sv1 和 sv2

sv1 请求返回 ”Hello World, this is test service num 1!”
sv2 请求返回 ”Hello World, this is test service num 2!”

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: svc1
spec:
  replicas: 1
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: svc1
    spec:
      containers:
      - name: svc1
        image: ambassador-sv1:1.0
        ports:
        - name: http-api
          containerPort: 5000
        resources:
          limits:
            cpu: "0.1"
            memory: 100Mi
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: svc2
spec:
  replicas: 1
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: svc2
    spec:
      containers:
      - name: svc2
        image: ambassador-sv2:1.0
        ports:
        - name: http-api
          containerPort: 5000
        resources:
          limits:
            cpu: "0.1"
            memory: 100Mi

根据 weight 进行灰度

以 80% 的概率路由到 svc1, 20% 的概率路由到 svc2

svc1 (不配置权重,默认 100%)

---
apiVersion: v1
kind: Service
metadata:
  name: svc1
  namespace: 295-a222222
  annotations:
    getambassador.io/config: |
      ---
      apiVersion: ambassador/v0
      kind:  Mapping
      name:  svc1_mapping
      prefix: /svc/
      service: svc1.295-a222222:8080
spec:
  selector:
    app: svc1
  ports:
  - port: 8080
    name: http-svc
    targetPort: http-api

svc2

---
apiVersion: v1
kind: Service
metadata:
  name: svc2
  namespace: 295-a222222
  annotations:
    getambassador.io/config: |
      ---
      apiVersion: ambassador/v0
      kind:  Mapping
      name:  svc2_mapping
      prefix: /svc/
      service: svc2.295-a222222:8080
      weight: 20
spec:
  selector:
    app: svc2
  ports:
  - port: 8080
    name: http-svc
    targetPort: http-api

结果:

[root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 2![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 2![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 2![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl 

根据请求头 header 进行灰度 (regex_headers 正则匹配)

请求头中包含 Cookie: UM_distinctid=12345 的请求全部路由到 svc2 中

---
apiVersion: v1
kind: Service
metadata:
  name: svc2
  annotations:
    getambassador.io/config: |
      ---
      apiVersion: ambassador/v0
      kind:  Mapping
      name:  svc2_mapping
      prefix: /svc/
      service: svc2
      headers:
        Cookie: UM_distinctid=12345
spec:
  selector:
    app: svc2
  ports:
  - port: 80
    name: http-svc2
    targetPort: http-api
regex_headers
apiVersion: v1
kind: Service
metadata:
  annotations:
    getambassador.io/config: |
      ---
      apiVersion: ambassador/v0
      kind:  Mapping
      name:  create
      prefix: /svc/create/
      service: create:8080
      regex_headers:
        Cookie: "ddddd.*"

结果:

[root@master01 ambassador]# curl  10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl  10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl  10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl  10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# curl  10.104.75.142:80/svc/
Hello World, this is test service num 1![root@master01 ambassador]# 
[root@master01 ambassador]# 
[root@master01 ambassador]# curl -H "Cookie: UM_distinctid=12345" 10.104.75.142:80/svc/
Hello World, this is test service num 2![root@master01 ambassador]# curl -H "Cookie: UM_distinctid=12345" 10.104.75.142:80/svc/
Hello World, this is test service num 2![root@master01 ambassador]# curl -H "Cookie: UM_distinctid=12345" 10.104.75.142:80/svc/
Hello World, this is test service num 2![root@master01 ambassador]# curl -H "Cookie: UM_distinctid=12345" 10.104.75.142:80/svc/
Hello World, this is test service num 2![root@master01 ambassador]# curl -H "Cookie: UM_distinctid=12345" 10.104.75.142:80/svc/
Hello World, this is test service num 2![root@master01 ambassador]# curl -H "Cookie: UM_distinctid=12345" 10.104.75.142:80/svc/
Hello World, this is test service num 2![root@master01 ambassador]# 

正文完
 0