Traefik 企業實戰:TraefikService篇
2023.09.06
Traefik 企業實戰:TraefikService篇
灰度發布也稱為金絲雀發布,讓一部分即將上線的服務發佈到線上,觀察是否達到上線要求,主要通過加權輪詢的方式實現。創建traefikService 和inressRoute 資源,實現wrr 加權輪詢app-traefikService-ingressroute-wrr.yaml。
簡介
traefik 的路由規則就可以實現4 層和7 層的基本負載均衡操作,使用IngressRoute IngressRouteTCP IngressRouteUDP 資源即可。但是如果想要實現加權輪詢、流量複製等高級操作,traefik抽像出了一個TraefikService 資源。此時整體流量走向為:外部流量先通過entryPoints 端口進入traefik,然後由IngressRoute/IngressRouteTCP/IngressRouteUDP 匹配後進入TraefikService,在TraefikService 這一層實現加權輪循和流量複製,最後將請求轉發至kubernetes的service。
創建Demo應用
app-v1.yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
name: app-v1
spec:
replicas: 1
selector:
matchLabels:
app: app-v1
template:
metadata:
labels:
app: app-v1
spec:
containers:
- name: app-v1
image: nginx:latest
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "echo Hello app-v1 > /usr/share/nginx/html/index.html"]
ports:
- containerPort: 80
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 200m
memory: 256Mi
---
apiVersion: v1
kind: Service
metadata:
name: app-v1
spec:
selector:
app: app-v1
ports:
- name: http
port: 80
targetPort: 80
type: ClusterIP- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
- 40.
- 41.
- 42.
- 43.
- 44.
app-v2.yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
name: app-v2
spec:
replicas: 1
selector:
matchLabels:
app: app-v2
template:
metadata:
labels:
app: app-v2
spec:
containers:
- name: app-v2
image: nginx:latest
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "echo Hello app-v2 > /usr/share/nginx/html/index.html"]
ports:
- containerPort: 80
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 200m
memory: 256Mi
---
apiVersion: v1
kind: Service
metadata:
name: app-v2
spec:
selector:
app: app-v2
ports:
- name: http
port: 80
targetPort: 80
type: ClusterIP- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
- 40.
- 41.
- 42.
- 43.
- 44.
部署
[root@localhost traefik]# kubectl apply -f app-v1.yaml
deployment.apps/app-v1 created
service/app-v1 created
[root@localhost traefik]# kubectl apply -f app-v2.yaml
deployment.apps/app-v2 created
service/app-v2 created
[root@localhost traefik]# kubectl get pod,svc
NAME READY STATUS RESTARTS AGE
pod/app-v1-579dbbb754-nwtzw 1/1 Running 0 2m23s
pod/app-v2-7f7844f7b9-grsdk 1/1 Running 0 2m19s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/app-v1 ClusterIP 10.100.10.94 <none> 80/TCP 2m23s
service/app-v2 ClusterIP 10.104.145.150 <none> 80/TCP 2m18s- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
灰度發布(加權輪詢)
灰度發布也稱為金絲雀發布,讓一部分即將上線的服務發佈到線上,觀察是否達到上線要求,主要通過加權輪詢的方式實現。創建traefikService 和inressRoute 資源,實現wrr 加權輪詢app-traefikService-ingressroute-wrr.yaml:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: app-ingressroute-wrr
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`traefikservice-wrr.kubesre.lc`)
kind: Rule
services:
- name: wrr
namespace: default
kind: TraefikService
---
apiVersion: traefik.containo.us/v1alpha1
kind: TraefikService
metadata:
name: wrr
namespace: default
spec:
weighted:
services:
- name: app-v1
port: 80
weight: 1 # 定义权重
kind: Service # 可选,默认就是 Service
- name: app-v2
port: 80
weight: 2- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
部署
[root@localhost traefik]# kubectl apply -f app-traefikService-ingressroute-wrr.yaml
ingressroute.traefik.containo.us/app-ingressroute-wrr created
traefikservice.traefik.containo.us/wrr created
[root@localhost traefik]# kubectl get ingressroute
NAME AGE
app-ingressroute-wrr 6s
[root@localhost traefik]# kubectl get TraefikService
NAME AGE
wrr 3m42s- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
添加本地hosts解析
192.168.36.139 traefikservice-wrr.kubesre.lcc- 1.
測試結果如下:
[root@localhost traefik]# for i in {1..9}; do curl http://traefikservice-wrr.kubesre.lc && sleep 1; done
Hello app-v1
Hello app-v2
Hello app-v2
Hello app-v1
Hello app-v2
Hello app-v2
Hello app-v1
Hello app-v2
Hello app-v2- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
會話保持(粘性會話)
當我們使用traefik 的負載均衡時,默認情況下輪循多個k8s 的service 服務,如果用戶對同一內容的多次請求,可能被轉發到了不同的後端服務器。假設用戶發出請求被分配至服務器A,保存了一些信息在session 中,該用戶再次發送請求被分配到服務器B,要用之前保存的信息,若服務器A 和B 之間沒有session 粘滯,那麼服務器B 就拿不到之前的信息,這樣會導致一些問題。traefik 同樣也支持粘性會話,可以讓用戶在一次會話週期內的所有請求始終轉發到一台特定的後端服務器上。創建traefikervie 和ingressRoute,實現基於cookie 的會話保持app-traefikService-ingressroute-cokie.yaml:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: app-ingressroute-cokie
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`traefikservice-cokie.kubesre.lc`)
kind: Rule
services:
- name: cokie
namespace: default
kind: TraefikService
---
apiVersion: traefik.containo.us/v1alpha1
kind: TraefikService
metadata:
name: cokie
namespace: default
spec:
weighted:
services:
- name: app-v1
port: 80
weight: 1 # 定义权重
- name: app-v2
port: 80
weight: 2
sticky: # 开启粘性会话
cookie: # 基于cookie区分客户端
name: cookie # 指定客户端请求时,包含的cookie名称- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
部署
[root@localhost traefik]# kubectl apply -f app-traefikService-ingressroute-cokie.yaml
ingressroute.traefik.containo.us/app-ingressroute-cokie created
traefikservice.traefik.containo.us/cokie created
[root@localhost traefik]# kubectl get ingressroute
NAME AGE
app-ingressroute-cokie 5s
[root@localhost traefik]# kubectl get TraefikService
NAME AGE
cokie 8s- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
添加本地hosts解析
192.168.36.139 traefikservice-cokie.kubesre.lcc- 1.
客戶端訪問測試,攜帶cookie
[root@localhost traefik]# for i in {1..5}; do curl -b "cookie=default-app-v1-80" http://traefikservice-cokie.kubesre.lc/; done
Hello app-v1
Hello app-v1
Hello app-v1
Hello app-v1
Hello app-v1
[root@localhost traefik]# for i in {1..5}; do curl -b "cookie=default-app-v2-80" http://traefikservice-cokie.kubesre.lc/; done
Hello app-v2
Hello app-v2
Hello app-v2
Hello app-v2
Hello app-v2- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
流量複製
所謂的流量複製,也稱為鏡像服務是指將請求的流量按規則復制一份發送給其它服務,並且會忽略這部分請求的響應,這個功能在做一些壓測或者問題復現的時候很有用。創建traefikService 和ingressRoute app-traefikService-ingressroute-copy.yaml:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: app-ingressroute-copy
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`traefikservice-copy.kubesre.lc`)
kind: Rule
services:
- name: copy
namespace: default
kind: TraefikService
---
apiVersion: traefik.containo.us/v1alpha1
kind: TraefikService
metadata:
name: copy
namespace: default
spec:
mirroring:
name: app-v1 # 发送 100% 的请求到 app-v1
port: 80
mirrors:
- name: app-v2 # 然后复制 10% 的请求到 app-v2
port: 80
percent: 10- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
部署
[root@localhost traefik]# kubectl apply -f app-traefikService-ingressroute-copy.yaml
ingressroute.traefik.containo.us/app-ingressroute-copy created
traefikservice.traefik.containo.us/copy created
[root@localhost traefik]# kubectl get ingressroute
NAME AGE
app-ingressroute-copy 7s
[root@localhost traefik]# kubectl get TraefikService
NAME AGE
copy 13s- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
添加本地hosts解析
192.168.36.139 traefikservice-copy.kubesre.lc- 1.
測試結果如下:只能看到app-v1的返回信息,
[root@localhost traefik]# for i in {1..9}; do curl http://traefikservice-copy.kubesre.lc && sleep 1; done
Hello app-v1
Hello app-v1
Hello app-v1
Hello app-v1
Hello app-v1
Hello app-v1
Hello app-v1
Hello app-v1
Hello app-v1- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
查看app-v2的pod日誌,發現會有10%的流量請求進來
[root@localhost traefik]# kubectl logs -f app-v2-7f7844f7b9-grsdk
...
10.244.0.5 - - [23/Aug/2023:02:54:36 +0000] "GET / HTTP/1.1" 200 13 "-" "curl/7.29.0" "10