关于kubernetes:聊聊如何变更pod的流量路由

序

本文次要钻研一下如何变更 pod 的流量路由

配置

# Copyright Istio Authors
#
#   Licensed under the Apache License, Version 2.0 (the "License");
#   you may not use this file except in compliance with the License.
#   You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
#   Unless required by applicable law or agreed to in writing, software
#   distributed under the License is distributed on an "AS IS" BASIS,
#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#   See the License for the specific language governing permissions and
#   limitations under the License.

##################################################################################################
# Ratings service
##################################################################################################
apiVersion: v1
kind: Service
metadata:
  name: ratings
  labels:
    app: ratings
    service: ratings
spec:
  ports:
  - port: 8080
    name: http
  selector:
    app: ratings
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ratings-v1
  labels:
    app: ratings
    version: v1
spec:
  replicas: 3
  selector:
    matchLabels:
      app: ratings
      version: v1
  template:
    metadata:
      labels:
        app: ratings
        version: v1
    spec:
      containers:
      - name: ratings
        image: jvm-tools-demo
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8080
        securityContext:
          runAsUser: 1000
        resources:
          # keep request = limit to keep this container in guaranteed class
          requests:
            cpu: 50m
            memory: 128Mi          
---

kind load docker-image jvm-tools-demo
kind create -f ratings.yaml

查看

endpoint

kubectl get ep
NAME         ENDPOINTS                                           AGE
kubernetes   192.168.228.2:6443                                  43m
ratings      10.244.0.10:8080,10.244.0.8:8080,10.244.0.9:8080   6m18s

svc

kubectl get svc
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP    46m
ratings      ClusterIP   10.96.170.159   <none>        8080/TCP   9m3s

pods

kubectl get pods
NAME                         READY   STATUS    RESTARTS   AGE
ratings-v1-676f4d994-8xp7j   1/1     Running   0          9m22s
ratings-v1-676f4d994-9gbkh   1/1     Running   0          9m22s
ratings-v1-676f4d994-tg49h   1/1     Running   0          9m22s

更新 label

kubectl label pod ratings-v1-676f4d994-tg49h app=ratings2 --overwrite

查看变更

kubectl describe pod ratings-v1-676f4d994-tg49h
Name:             ratings-v1-676f4d994-tg49h
Namespace:        default
Priority:         0
Service Account:  default
Node:             kind-control-plane/192.168.228.2
Start Time:       Tue, 13 Feb 2024 10:27:11 +0800
Labels:           app=ratings2
                  pod-template-hash=676f4d994
                  version=v1
Annotations:      <none>
Status:           Running
IP:               10.244.0.8
IPs:
  IP:  10.244.0.8
Containers:
  ratings:
    Container ID:   containerd://fe1d8ddc2d27c557a51181f0b4df8187fb1c06c71d8e564fe9f1ceebb480e156
    Image:          registry.cn-hangzhou.aliyuncs.com/springcloud-cn/jvm-tools-demo
    Image ID:       docker.io/library/import-2024-02-13@sha256:4ed39c8b931585c67e28def544117913fddf929cff8c3062ae19c3d15fffebe7
    Port:           8080/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Tue, 13 Feb 2024 10:27:12 +0800
    Ready:          True
    Restart Count:  0
    Requests:
      cpu:        50m
      memory:     128Mi
    Environment:  <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-2f9mt (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  kube-api-access-2f9mt:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   Burstable
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age    From               Message
  ----    ------     ----   ----               -------
  Normal  Scheduled  5m42s  default-scheduler  Successfully assigned default/ratings-v1-676f4d994-tg49h to kind-control-plane
  Normal  Pulled     5m41s  kubelet            Container image "registry.cn-hangzhou.aliyuncs.com/springcloud-cn/jvm-tools-demo" already present on machine
  Normal  Created    5m41s  kubelet            Created container ratings
  Normal  Started    5m41s  kubelet            Started container ratings

能够看到 label 变更了

查看 ep

kubectl get ep
NAME         ENDPOINTS                                           AGE
kubernetes   192.168.228.2:6443                                  50m
ratings      10.244.0.10:8080,10.244.0.11:8080,10.244.0.9:8080   12m

能够看到原来 10.244.0.8:8080 的 pod 因为 label 被更新了，所以被移除了，但因为须要放弃 3 个正本，因此点多生成了一个 pod(10.244.0.11:8080)

查看 pod

kubectl get pods
NAME                         READY   STATUS    RESTARTS   AGE
ratings-v1-676f4d994-8xp7j   1/1     Running   0          13m
ratings-v1-676f4d994-9gbkh   1/1     Running   0          13m
ratings-v1-676f4d994-hpfg8   1/1     Running   0          9m6s
ratings-v1-676f4d994-tg49h   1/1     Running   0          13m

能够看到因为 ratings-v1-676f4d994-tg49h 的 label 被更新了，因此又从新生成了一个 pod

小结

通过更新 pod 的 label 能够将该 pod 从 endpoint 中移除，从而使得该 pod 不会被 svc 的流量路由到。然而因为更新了 label，原来 app=ratings 须要放弃 3 个正本，因此会从新创立一个 pod 来补充。

doc

• 应用 kind 在 mac 本地搭建 k8s 及 istio
• istio 流量路由小试牛刀
• Kubernetes 之 Label