OpenShift 4 之Istio-Tutorial (9) 访问限流

本系列OpenShift Servic Mesh教程是基于Red Hat官方公开发行的《Introducing Istio Service Mesh for Micoservices》出版物,我将所有操作在OpenShift 4.2.x环境中进行了验证。喜欢读英文或者需要了解更多和场景相关知识点的小伙伴可以通过上面的链接下载该书慢慢阅读。

Istio可以实现对服务访问的限流。通常限流可以保护被调用服务的可用性,以防止被调用服务由于频繁访问出现不稳定情况。本章节我们实现对服务访问的限流。

  1. 我们在开始之前先确保环境和完成《OpenShift 4 之Istio-Tutorial (2)
    部署三个微服务》一样,只部署了3个微服务和VirtualService、Gateway,没有DestinationRule。

  2. 此时使用脚本访问customer可以正常连续访问。

$ export INGRESS_GATEWAY=$(oc get route -n user1-smcp istio-ingressgateway -o 'jsonpath={.spec.host}')
$ ./scripts/run.sh $INGRESS_GATEWAY/customer
  1. 文件定istiofiles/rate_limit_rule.yml义了对recommendation服务的访问限流(每5s只能访问1次),而 其它服务是缺省的限流(1s可以访问500次)。
apiVersion: config.istio.io/v1alpha2
kind: memquota
metadata:
  name: handler
  namespace: istio-system
spec:
  quotas:
  -- name: requestcount.quota.istio-system
    maxAmount: 500
    validDuration: 1s
    overrides:
    - dimensions:
        destination: recommendation
      maxAmount: 1
      validDuration: 5s
---
apiVersion: config.istio.io/v1alpha2
kind: quota
metadata:
  name: requestcount
  namespace: istio-system
spec:
  dimensions:
    source: request.headers["x-forwarded-for"] | "unknown"
    destination: destination.labels["app"] | destination.service.name | "unknown"
    destinationVersion: destination.labels["version"] | "unknown"
---
apiVersion: config.istio.io/v1alpha2
kind: QuotaSpec
metadata:
  name: request-count
  namespace: istio-system
spec:
  rules:
  -- quotas:
    - charge: 1
      quota: requestcount
---
apiVersion: config.istio.io/v1alpha2
kind: QuotaSpecBinding
metadata:
  name: request-count
  namespace: istio-system
spec:
  quotaSpecs:
  -- name: request-count
    namespace: istio-system
  services:
  -- name: recommendation
    namespace: istio-tutorial
---
apiVersion: config.istio.io/v1alpha2
kind: rule
metadata:
  name: quota
  namespace: istio-system
spec:
  actions:
  -- handler: handler.memquota
    instances:
    - requestcount.quota
  1. 执行脚本,先创建限流资源对象,然后持续访问customer服务。可以看到preference服务提示:访问已经超过限流了。
$ oc create -f istiofiles/rate_limit_rule.yml
$ ./scripts/run.sh $INGRESS_GATEWAY/customer
customer => preference => recommendation v1 from '67976848-4l4s7': 8348
customer => preference => recommendation v1 from '67976848-4l4s7': 8349
customer => Error: 503 - preference => Error: 429 - RESOURCE_EXHAUSTED:Quota is exhausted for: requestcount
customer => Error: 503 - preference => Error: 429 - RESOURCE_EXHAUSTED:Quota is exhausted for: requestcount
customer => Error: 503 - preference => Error: 429 - RESOURCE_EXHAUSTED:Quota is exhausted for: requestcount
Ccustomer => Error: 503 - preference => Error: 429 - RESOURCE_EXHAUSTED:Quota is exhausted for: requestcount
  1. 最后恢复环境即可。
$ oc delete -f istiofiles/rate_limit_rule.yml

你可能感兴趣的:(OpenShift,4,ServiceMesh,微服务,openshift,istio,servicemesh,microservice)