Traefik 企业实战：TraefikService篇观察是业实否达到上线要求

2024-05-14 20:41:39 [百科] 来源：避面尹邢网

Traefik 企业实战：TraefikService篇

作者：Jack 2023-09-05 07:24:33网络网络优化灰度发布也称为金丝雀发布，业实让一部分即将上线的业实服务发布到线上，观察是业实否达到上线要求，主要通过加权轮询的业实方式实现。创建 traefikService 和 inressRoute 资源，业实实现 wrr 加权轮询 app-traefikService-ingressroute-wrr.yaml。业实

简介

traefik 的业实路由规则就可以实现 4 层和 7 层的基本负载均衡操作，使用 IngressRoute IngressRouteTCP IngressRouteUDP 资源即可。业实但是业实如果想要实现加权轮询、流量复制等高级操作，业实traefik抽象出了一个 TraefikService 资源。业实此时整体流量走向为：外部流量先通过 entryPoints 端口进入 traefik，业实然后由 IngressRoute/IngressRouteTCP/IngressRouteUDP 匹配后进入 TraefikService，业实在 TraefikService 这一层实现加权轮循和流量复制，业实最后将请求转发至kubernetes的业实service。

创建Demo应用

app-v1.yaml：

Traefik 企业实战：TraefikService篇观察是业实否达到上线要求

apiVersion: apps/v1kind: Deploymentmetadata:  name: app-v1spec:  replicas: 1  selector:    matchLabels:      app: app-v1  template:    metadata:      labels:        app: app-v1    spec:      containers:        - name: app-v1          image: nginx:latest          lifecycle:            postStart:              exec:                command:  ["/bin/sh", "-c", "echo Hello app-v1 > /usr/share/nginx/html/index.html"]          ports:            - containerPort: 80          resources:            requests:              cpu: 100m              memory: 128Mi            limits:              cpu: 200m              memory: 256Mi    ---apiVersion: v1kind: Servicemetadata:  name: app-v1spec:  selector:    app: app-v1  ports:    - name: http      port: 80      targetPort: 80  type: ClusterIP

app-v2.yaml：

Traefik 企业实战：TraefikService篇观察是业实否达到上线要求

apiVersion: apps/v1kind: Deploymentmetadata:  name: app-v2spec:  replicas: 1  selector:    matchLabels:      app: app-v2  template:    metadata:      labels:        app: app-v2    spec:      containers:        - name: app-v2          image: nginx:latest          lifecycle:            postStart:              exec:                command:  ["/bin/sh", "-c", "echo Hello app-v2 > /usr/share/nginx/html/index.html"]          ports:            - containerPort: 80          resources:            requests:              cpu: 100m              memory: 128Mi            limits:              cpu: 200m              memory: 256Mi    ---apiVersion: v1kind: Servicemetadata:  name: app-v2spec:  selector:    app: app-v2  ports:    - name: http      port: 80      targetPort: 80  type: ClusterIP

部署

Traefik 企业实战：TraefikService篇观察是业实否达到上线要求

[root@localhost traefik]# kubectl apply -f app-v1.yamldeployment.apps/app-v1 createdservice/app-v1 created[root@localhost traefik]# kubectl apply -f app-v2.yaml deployment.apps/app-v2 createdservice/app-v2 created    [root@localhost traefik]# kubectl get pod,svc                      NAME                          READY   STATUS    RESTARTS   AGEpod/app-v1-579dbbb754-nwtzw   1/1     Running   0          2m23spod/app-v2-7f7844f7b9-grsdk   1/1     Running   0          2m19s NAME                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGEservice/app-v1       ClusterIP   10.100.10.94     <none>        80/TCP    2m23sservice/app-v2       ClusterIP   10.104.145.150   <none>        80/TCP    2m18s

灰度发布(加权轮询)

灰度发布也称为金丝雀发布，让一部分即将上线的服务发布到线上，观察是否达到上线要求，主要通过加权轮询的方式实现。创建 traefikService 和 inressRoute 资源，实现 wrr 加权轮询 app-traefikService-ingressroute-wrr.yaml：

apiVersion: traefik.containo.us/v1alpha1kind: IngressRoutemetadata:  name: app-ingressroute-wrr  namespace: defaultspec:  entryPoints:    - web  routes:  - match: Host(`traefikservice-wrr.kubesre.lc`)    kind: Rule    services:    - name: wrr      namespace: default      kind: TraefikService---apiVersion: traefik.containo.us/v1alpha1kind: TraefikServicemetadata:  name: wrr  namespace: defaultspec:  weighted:    services:      - name: app-v1         port: 80        weight: 1          # 定义权重        kind: Service      # 可选，默认就是 Service      - name: app-v2        port: 80            weight: 2

部署

[root@localhost traefik]# kubectl apply -f app-traefikService-ingressroute-wrr.yamlingressroute.traefik.containo.us/app-ingressroute-wrr createdtraefikservice.traefik.containo.us/wrr created   [root@localhost traefik]# kubectl get ingressrouteNAME                   AGEapp-ingressroute-wrr   6s [root@localhost traefik]# kubectl get TraefikServiceNAME   AGEwrr    3m42s

添加本地hosts解析

192.168.36.139 traefikservice-wrr.kubesre.lcc

测试结果如下：

[root@localhost traefik]# for i in { 1..9}; do curl http://traefikservice-wrr.kubesre.lc && sleep 1; done             Hello app-v1Hello app-v2Hello app-v2Hello app-v1Hello app-v2Hello app-v2Hello app-v1Hello app-v2Hello app-v2

会话保持(粘性会话)

当我们使用 traefik 的负载均衡时，默认情况下轮循多个 k8s 的 service 服务，如果用户对同一内容的多次请求，可能被转发到了不同的后端服务器。假设用户发出请求被分配至服务器 A，保存了一些信息在 session 中，该用户再次发送请求被分配到服务器 B，要用之前保存的信息，若服务器 A 和 B 之间没有 session 粘滞，那么服务器 B 就拿不到之前的信息，这样会导致一些问题。traefik 同样也支持粘性会话，可以让用户在一次会话周期内的所有请求始终转发到一台特定的后端服务器上。创建 traefikervie 和 ingressRoute，实现基于 cookie 的会话保持 app-traefikService-ingressroute-cokie.yaml：

apiVersion: traefik.containo.us/v1alpha1kind: IngressRoutemetadata:  name: app-ingressroute-cokie  namespace: defaultspec:  entryPoints:    - web  routes:  - match: Host(`traefikservice-cokie.kubesre.lc`)    kind: Rule    services:    - name: cokie      namespace: default      kind: TraefikService---apiVersion: traefik.containo.us/v1alpha1kind: TraefikServicemetadata:  name: cokie  namespace: defaultspec:  weighted:    services:      - name: app-v1        port: 80        weight: 1          # 定义权重      - name: app-v2        port: 80        weight: 2    sticky:                 # 开启粘性会话      cookie:               # 基于cookie区分客户端             name: cookie   # 指定客户端请求时，包含的cookie名称

部署

[root@localhost traefik]# kubectl apply -f  app-traefikService-ingressroute-cokie.yaml   ingressroute.traefik.containo.us/app-ingressroute-cokie createdtraefikservice.traefik.containo.us/cokie created [root@localhost traefik]# kubectl get ingressrouteNAME                     AGEapp-ingressroute-cokie   5s[root@localhost traefik]# kubectl get TraefikServiceNAME    AGEcokie   8s

添加本地hosts解析

192.168.36.139 traefikservice-cokie.kubesre.lcc

客户端访问测试，携带 cookie

[root@localhost traefik]# for i in { 1..5}; do curl -b "cookie=default-app-v1-80" http://traefikservice-cokie.kubesre.lc/; doneHello app-v1Hello app-v1Hello app-v1Hello app-v1Hello app-v1[root@localhost traefik]# for i in { 1..5}; do curl -b "cookie=default-app-v2-80" http://traefikservice-cokie.kubesre.lc/; doneHello app-v2Hello app-v2Hello app-v2Hello app-v2Hello app-v2

流量复制

所谓的流量复制，也称为镜像服务是指将请求的流量按规则复制一份发送给其它服务，并且会忽略这部分请求的响应，这个功能在做一些压测或者问题复现的时候很有用。创建 traefikService 和 ingressRoute app-traefikService-ingressroute-copy.yaml：

apiVersion: traefik.containo.us/v1alpha1kind: IngressRoutemetadata:  name: app-ingressroute-copy  namespace: defaultspec:  entryPoints:    - web  routes:  - match: Host(`traefikservice-copy.kubesre.lc`)    kind: Rule    services:    - name: copy      namespace: default      kind: TraefikService---apiVersion: traefik.containo.us/v1alpha1kind: TraefikServicemetadata:  name: copy  namespace: defaultspec:  mirroring:    name: app-v1       # 发送 100% 的请求到 app-v1    port: 80    mirrors:      - name: app-v2   # 然后复制 10% 的请求到 app-v2        port: 80        percent: 10

部署

[root@localhost traefik]# kubectl apply -f app-traefikService-ingressroute-copy.yamlingressroute.traefik.containo.us/app-ingressroute-copy createdtraefikservice.traefik.containo.us/copy created [root@localhost traefik]# kubectl get ingressrouteNAME                     AGEapp-ingressroute-copy    7s[root@localhost traefik]# kubectl get TraefikServiceNAME    AGEcopy    13s

添加本地hosts解析

192.168.36.139 traefikservice-copy.kubesre.lc

测试结果如下：只能看到 app-v1的返回信息，

[root@localhost traefik]#  for i in { 1..9}; do curl http://traefikservice-copy.kubesre.lc && sleep 1; done   Hello app-v1Hello app-v1Hello app-v1Hello app-v1Hello app-v1Hello app-v1Hello app-v1Hello app-v1Hello app-v1

查看app-v2的pod日志，发现会有10%的流量请求进来

[root@localhost traefik]# kubectl logs -f app-v2-7f7844f7b9-grsdk...10.244.0.5 - - [23/Aug/2023:02:54:36 +0000] "GET / HTTP/1.1" 200 13 "-" "curl/7.29.0" "10.244.0.1"

责任编辑：武晓燕来源：云原生运维圈 Traefik加权轮询

(责任编辑：娱乐)