流量管理 - 熔断

优质
小牛编辑
130浏览
2023-12-01

本文中的这一任务展示了弹性应用的熔断能力。开发人员可以凭借这一能力,来限制因为故障、延迟高峰以及其他预计外的网络异常所造成的影响范围。下面将会演示如何针对连接、请求以及外部检测来进行断路器配置。

开始之前

  • 遵循安装指南设置Istio。
  • 启动httpbin实例作为本任务的后端:

kubectl apply -f <(istioctl kube-inject -f samples/httpbin/httpbin.yaml)

断路器

接下来设置一个场景来演示熔断能力。现在我们已经运行了httpbin服务。我们想要通过对istio目标策略的配置来设置一个熔断规则。在这之前首先要设置一个到这一目的的路由规则,这一规则会把所有访问httpbin的流量路由到version=v1去。

创建断路策略

  1. 创建缺省路由规则,让所有目标为httpbin的流量都指向v1

    istioctl create -f samples/httpbin/routerules/httpbin-v1.yaml

  2. 创建目标策略来对httpbin的调用过程进行断路设置。

    1. cat <<EOF | istioctl create -f -
    2. apiVersion: config.istio.io/v1beta1
    3. kind: DestinationPolicy
    4. metadata:
    5. name: httpbin-circuit-breaker
    6. spec:
    7. destination:
    8. name: httpbin
    9. labels:
    10. version: v1
    11. circuitBreaker:
    12. simpleCb:
    13. maxConnections: 1
    14. httpMaxPendingRequests: 1
    15. sleepWindow: 3m
    16. httpDetectionInterval: 1s
    17. httpMaxEjectionPercent: 100
    18. httpConsecutiveErrors: 1
    19. httpMaxRequestsPerConnection: 1
    20. EOF
  3. 确认目标策略是否正确创建

    1. istioctl get destinationpolicy
    2. NAME KIND NAMESPACE
    3. httpbin-circuit-breaker DestinationPolicy.v1alpha2.config.istio.io istio-samples

设置客户端

接下来我们来定义调用httpbin服务的规则。要创建一个客户端,用于向我们的服务发送流量,从而进一步体验断路器功能。我们会使用一个简单的负载测试工具fortio。使用这个客户端我们可以控制连接数量、并发数以及外发HTTP调用的延迟。这一步骤中,我们会设置一个客户端,注入istio sidecar,以此保证客户端的通信也在istio的监管之下:

  1. kubectl apply -f <(istioctl kube-inject -f samples/httpbin/sample-client/fortio-deploy.yaml)

这样我们就能够登入客户端 Pod,并使用fortio工具来调用httpbin,使用-curl开关可以指定我们只执行一次调用。

  1. FORTIO_POD=$(kubectl get pod | grep fortio | awk '{ print $1 }')
  2. kubectl exec -it $FORTIO_POD -c fortio /usr/local/bin/fortio -- load -curl http://httpbin:8000/get
  3. HTTP/1.1 200 OK
  4. server: envoy
  5. date: Tue, 16 Jan 2018 23:47:00 GMT
  6. content-type: application/json
  7. access-control-allow-origin: *
  8. access-control-allow-credentials: true
  9. content-length: 445
  10. x-envoy-upstream-service-time: 36
  11. {
  12. "args": {},
  13. "headers": {
  14. "Content-Length": "0",
  15. "Host": "httpbin:8000",
  16. "User-Agent": "istio/fortio-0.6.2",
  17. "X-B3-Sampled": "1",
  18. "X-B3-Spanid": "824fbd828d809bf4",
  19. "X-B3-Traceid": "824fbd828d809bf4",
  20. "X-Ot-Span-Context": "824fbd828d809bf4;824fbd828d809bf4;0000000000000000",
  21. "X-Request-Id": "1ad2de20-806e-9622-949a-bd1d9735a3f4"
  22. },
  23. "origin": "127.0.0.1",
  24. "url": "http://httpbin:8000/get"
  25. }

这里可以看到,调用成功了!接下来我们试试熔断功能。

测试断路器

在断路器设置中,我们指定maxConnections: 1以及httpMaxPendingRequests: 1。这样的设置下,如果我们并发超过一个连接和请求,istio-proxy就会断掉后续的请求和连接。我们试试两个并发链接(-c 2),发送20个请求(-n 20):

  1. kubectl exec -it $FORTIO_POD -c fortio /usr/local/bin/fortio -- load -c 2 -qps 0 -n 20 -loglevel Warning http://httpbin:8000/get
  2. Fortio 0.6.2 running at 0 queries per second, 2->2 procs, for 5s: http://httpbin:8000/get
  3. Starting at max qps with 2 thread(s) [gomax 2] for exactly 20 calls (10 per thread + 0)
  4. 23:51:10 W http.go:617> Parsed non ok code 503 (HTTP/1.1 503)
  5. Ended after 106.474079ms : 20 calls. qps=187.84
  6. Aggregated Function Time : count 20 avg 0.010215375 +/- 0.003604 min 0.005172024 max 0.019434859 sum 0.204307492
  7. # range, mid point, percentile, count
  8. >= 0.00517202 <= 0.006 , 0.00558601 , 5.00, 1
  9. > 0.006 <= 0.007 , 0.0065 , 20.00, 3
  10. > 0.007 <= 0.008 , 0.0075 , 30.00, 2
  11. > 0.008 <= 0.009 , 0.0085 , 40.00, 2
  12. > 0.009 <= 0.01 , 0.0095 , 60.00, 4
  13. > 0.01 <= 0.011 , 0.0105 , 70.00, 2
  14. > 0.011 <= 0.012 , 0.0115 , 75.00, 1
  15. > 0.012 <= 0.014 , 0.013 , 90.00, 3
  16. > 0.016 <= 0.018 , 0.017 , 95.00, 1
  17. > 0.018 <= 0.0194349 , 0.0187174 , 100.00, 1
  18. # target 50% 0.0095
  19. # target 75% 0.012
  20. # target 99% 0.0191479
  21. # target 99.9% 0.0194062
  22. Code 200 : 19 (95.0 %)
  23. Code 503 : 1 (5.0 %)
  24. Response Header Sizes : count 20 avg 218.85 +/- 50.21 min 0 max 231 sum 4377
  25. Response Body/Total Sizes : count 20 avg 652.45 +/- 99.9 min 217 max 676 sum 13049
  26. All done 20 calls (plus 0 warmup) 10.215 ms avg, 187.8 qps

会看到几乎所有请求都通过了。

  1. Code 200 : 19 (95.0 %)
  2. Code 503 : 1 (5.0 %)

这是因为istio-proxy允许一定的误差。我们把连接数提高到3:

  1. kubectl exec -it $FORTIO_POD -c fortio /usr/local/bin/fortio -- load -c 3 -qps 0 -n 20 -loglevel Warning http://httpbin:8000/get
  2. Fortio 0.6.2 running at 0 queries per second, 2->2 procs, for 5s: http://httpbin:8000/get
  3. Starting at max qps with 3 thread(s) [gomax 2] for exactly 30 calls (10 per thread + 0)
  4. 23:51:51 W http.go:617> Parsed non ok code 503 (HTTP/1.1 503)
  5. 23:51:51 W http.go:617> Parsed non ok code 503 (HTTP/1.1 503)
  6. 23:51:51 W http.go:617> Parsed non ok code 503 (HTTP/1.1 503)
  7. 23:51:51 W http.go:617> Parsed non ok code 503 (HTTP/1.1 503)
  8. 23:51:51 W http.go:617> Parsed non ok code 503 (HTTP/1.1 503)
  9. 23:51:51 W http.go:617> Parsed non ok code 503 (HTTP/1.1 503)
  10. 23:51:51 W http.go:617> Parsed non ok code 503 (HTTP/1.1 503)
  11. 23:51:51 W http.go:617> Parsed non ok code 503 (HTTP/1.1 503)
  12. 23:51:51 W http.go:617> Parsed non ok code 503 (HTTP/1.1 503)
  13. 23:51:51 W http.go:617> Parsed non ok code 503 (HTTP/1.1 503)
  14. 23:51:51 W http.go:617> Parsed non ok code 503 (HTTP/1.1 503)
  15. Ended after 71.05365ms : 30 calls. qps=422.22
  16. Aggregated Function Time : count 30 avg 0.0053360199 +/- 0.004219 min 0.000487853 max 0.018906468 sum 0.160080597
  17. # range, mid point, percentile, count
  18. >= 0.000487853 <= 0.001 , 0.000743926 , 10.00, 3
  19. > 0.001 <= 0.002 , 0.0015 , 30.00, 6
  20. > 0.002 <= 0.003 , 0.0025 , 33.33, 1
  21. > 0.003 <= 0.004 , 0.0035 , 40.00, 2
  22. > 0.004 <= 0.005 , 0.0045 , 46.67, 2
  23. > 0.005 <= 0.006 , 0.0055 , 60.00, 4
  24. > 0.006 <= 0.007 , 0.0065 , 73.33, 4
  25. > 0.007 <= 0.008 , 0.0075 , 80.00, 2
  26. > 0.008 <= 0.009 , 0.0085 , 86.67, 2
  27. > 0.009 <= 0.01 , 0.0095 , 93.33, 2
  28. > 0.014 <= 0.016 , 0.015 , 96.67, 1
  29. > 0.018 <= 0.0189065 , 0.0184532 , 100.00, 1
  30. # target 50% 0.00525
  31. # target 75% 0.00725
  32. # target 99% 0.0186345
  33. # target 99.9% 0.0188793
  34. Code 200 : 19 (63.3 %)
  35. Code 503 : 11 (36.7 %)
  36. Response Header Sizes : count 30 avg 145.73333 +/- 110.9 min 0 max 231 sum 4372
  37. Response Body/Total Sizes : count 30 avg 507.13333 +/- 220.8 min 217 max 676 sum 15214
  38. All done 30 calls (plus 0 warmup) 5.336 ms avg, 422.2 qps

这样就看到,断路器开始发挥作用了:

  1. Code 200 : 19 (63.3 %)
  2. Code 503 : 11 (36.7 %)

只有63%的请求通过了,其他的都被断路器拒之门外,我们可以查询一下istio-proxy的统计数据:

  1. kubectl exec -it $FORTIO_POD -c istio-proxy -- sh -c 'curl localhost:15000/stats' | grep httpbin | grep pending
  2. cluster.out.httpbin.springistio.svc.cluster.local|http|version=v1.upstream_rq_pending_active: 0
  3. cluster.out.httpbin.springistio.svc.cluster.local|http|version=v1.upstream_rq_pending_failure_eject: 0
  4. cluster.out.httpbin.springistio.svc.cluster.local|http|version=v1.upstream_rq_pending_overflow: 12
  5. cluster.out.httpbin.springistio.svc.cluster.local|http|version=v1.upstream_rq_pending_total: 39

upstream_rq_pending_overflow的值为12,说明有12次调用被断路器拦截了。

清理

  1. 清除规则。

    1. istioctl delete routerule httpbin-default-v1
    2. istioctl delete destinationpolicy httpbin-circuit-breaker
  2. 关闭httpbin服务和客户端。

    1. kubectl delete deploy httpbin fortio-deploy
    2. kubectl delete svc httpbin

下一步

阅读目标策略参考,其中会有更详尽的断路器相关内容。