Differences

This shows you the differences between two versions of the page.

--- стратегии_деплоя_в_kubernetes [2025/02/24 05:48]
val [Шаг 1. Что у нас есть для начала]
+++ стратегии_деплоя_в_kubernetes [2025/03/24 18:06] (current)
val [Шаг 6. canary deployment with Istio VirtualService]
@@ Line 17: / Line 17: @@
 ===== Запись вебинара =====
-  * Тэги:
+  * Тэги: deployment rollout, canary deployment, ingress annotations, Kubernetes Gateway API, Istio Service Mesh, kiali, nginx proxy header
+  * https://rutube.ru/video/private/45160ea603c4f541cd11ebcc3fdf5109/
+  * https://youtu.be/uEpEDk8EWSg
 ===== Методическая подготовка =====
-==== В паузах рассказать про ====
-  *
 ===== Шаг 1. Что у нас есть для начала =====
@@ Line 203: / Line 202: @@
   * [[https://konghq.com/blog/engineering/gateway-api-vs-ingress|Gateway API vs Ingress: The Future of Kubernetes Networking]]
   * [[https://github.com/istio/istio/blob/master/samples/helloworld/gateway-api/README.md|Configure helloworld using the Kubernetes Gateway API]]
+  * [[https://medium.com/@kedarnath93/what-is-gateway-api-in-kubernetes-and-how-does-it-differ-from-ingress-api-aa0404d7fc09|What is Gateway API in Kubernetes and How does it differ from Ingress API?]]
-  * [[Система Kubernetes#MetalLB]] с autoAssign: true
   * [[https://habr.com/ru/companies/vk/articles/515138/|Простое объяснение CRD в Kubernetes и как его использовать]]
+  * [[https://github.com/kubernetes-sigs/kustomize]]
+  * [[https://habr.com/ru/companies/flant/articles/469179/|Краткое введение в Kustomize]]
   * [[https://istio.io/latest/docs/setup/getting-started/|Istio Getting Started]]
 <code>
 kube1# kubectl delete -f my-webd-ingress-and-canary.yaml -n my-ns
+kube1# kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.2.0" | kubectl apply -f -
+</code>
+  * [[Система Kubernetes#MetalLB]] с autoAssign: true
+<code>
+kube1# curl -L https://istio.io/downloadIstio | sh -
 kube1# cp -v /root/istio*/bin/istioctl /usr/local/bin/
@@ Line 234: / Line 245: @@
 kube1# kubectl -n my-ns get gtw my-webd-gateway
+my-webd-gateway   istio   192.168.13.66   True         113m
 kube1# cat my-webd-route.yaml
@@ Line 270: / Line 282: @@
   * [[https://istio.io/latest/blog/2017/0.1-canary/|Canary Deployments using Istio]]
   * [[https://habr.com/ru/companies/nixys/articles/513578/|Canary Deployment в Kubernetes #3: Istio]]
+  * [[https://habr.com/ru/companies/otus/articles/770254/|Использование Istio для управления трафиком и мониторинга в микросервисах]]
+  * [[https://tetrate.io/blog/header-based-routing-in-istio-without-header-propagation/|Header-Based Routing in Istio without Header Propagation]]
 <code>
-~/istio-1.24.3# kubectl apply -f samples/addons
+kube1:~/istio-1.24.3# kubectl apply -f samples/addons
-# kubectl get pods -n istio-system
+kube1# kubectl get pods -n istio-system
 /home/mobaxterm> ssh root@192.168.13.221 -X
-# istioctl dashboard kiali &
+kube1# istioctl dashboard kiali &
-# firefox &
+kube1# firefox &
 или
 cmder> ssh -L20001:localhost:20001 root@192.168.13.221
-# kubectl port-forward svc/kiali 20001:20001 -n istio-system
+kube1# kubectl port-forward svc/kiali 20001:20001 -n istio-system
 или
@@ Line 290: / Line 304: @@
 http://localhost:20001/
-kubectl delete ns my-ns; kubectl create ns my-ns
+kube1# kubectl delete ns my-ns; kubectl create ns my-ns
-kubectl label namespace my-ns istio-injection=enabled
+kube1# kubectl label namespace my-ns istio-injection=enabled
-kubectl get ns --show-labels
+kube1# kubectl get ns --show-labels
-kube1:~/gowebd-k8s# cat my-webd-deployment-v1-v2.yaml
+kube1# cat my-webd-deployment-v1-v2.yaml
 </code><code>
 apiVersion: apps/v1
@@ Line 336: / Line 350: @@
         image: server.corp13.un:5000/student/gowebd:ver1.2
 </code><code>
-# kubectl apply -f my-webd-deployment-v1-v2.yaml -n my-ns
+kube1# kubectl apply -f my-webd-deployment-v1-v2.yaml -n my-ns
-# kubectl -n my-ns describe pod my-webd-v1-<TAB> | grep istio
+kube1# kubectl -n my-ns describe pod my-webd-v1-<TAB> | grep istio
-# cat my-webd-service.yaml
+kube1# cat my-webd-service.yaml
 </code><code>
 apiVersion: v1
@@ Line 354: / Line 368: @@
     name: http  #need for istio
 </code><code>
-# kubectl apply -f my-webd-service.yaml -n my-ns
+kube1# kubectl apply -f my-webd-service.yaml -n my-ns
-# kubectl get svc -n istio-system | grep ingr
+kube1# kubectl get svc -n istio-system | grep ingr
 istio-ingressgateway   LoadBalancer   10.233.37.214   192.168.13.65   15021:31547/TCP,80:32173/TCP,443:31308/TCP       19h
-kube1:~/gowebd-k8s# cat my-webd-istio-gateway.yaml
+kube1# cat my-webd-istio-gateway.yaml
 </code><code>
 apiVersion: networking.istio.io/v1
@@ Line 378: / Line 392: @@
 #    - "*"
 </code><code>
-# kubectl apply -f my-webd-istio-gateway.yaml -n my-ns
+kube1# kubectl apply -f my-webd-istio-gateway.yaml -n my-ns
-# cat my-webd-destrul.yaml
+kube1# cat my-webd-destrul.yaml
 </code><code>
 apiVersion: networking.istio.io/v1alpha3
@@ Line 396: / Line 410: @@
       version: v2-lab
 </code><code>
-# kubectl apply -f my-webd-destrul.yaml -n my-ns
+kube1# kubectl apply -f my-webd-destrul.yaml -n my-ns
-# cat virtserv-after-gateway.yaml
+kube1# cat virtserv-after-gateway.yaml
 </code><code>
 apiVersion: networking.istio.io/v1alpha3
@@ Line 413: / Line 427: @@
 #    match:
 #    - headers:
-##        x-forwarded-for:
+#        x-forwarded-for:
-##          regex: "192.168.13.*"
+#          regex: "192.168.13.*"
-#        x-my-version:
+##        x-my-version:
-#          exact: canary
+##          exact: canary
 #    route:
 #    - destination:
@@ Line 437: / Line 451: @@
       weight: 10
 </code><code>
-# kubectl apply -f virtserv-after-gateway.yaml -n my-ns
+kube1# kubectl apply -f virtserv-after-gateway.yaml -n my-ns
-# while true; do curl 192.168.13.65 -H "Host: gowebd.corp13.un"; sleep 0.1; done
+kube1# while true; do curl 192.168.13.65 -H "Host: gowebd.corp13.un"; sleep 0.1; done
-# cat frontend.yaml
+kube1# cat frontend.yaml
 </code><code>
 apiVersion: apps/v1
@@ Line 543: / Line 557: @@
       version: v2
 </code><code>
-# cat virtserv-after-gateway.yaml
+kube1# kubectl apply -f frontend.yaml -n my-ns
+kube1# cat virtserv-after-gateway.yaml
 </code><code>
 ...
@@ Line 557: / Line 573: @@
 ...
 </code><code>
-# cat my-webd-virtserv-src-lab.yaml
+kube1# kubectl apply -f virtserv-after-gateway.yaml -n my-ns
+kube1# while true; do curl 192.168.13.65 -H "Host: gowebd.corp13.un"; sleep 0.1; done
+kube1# cat my-webd-virtserv-src-lab.yaml
 </code><code>
 apiVersion: networking.istio.io/v1alpha3
@@ Line 590: / Line 610: @@
           number: 80
       weight: 100
+</code><code>
+kube1# kubectl apply -f my-webd-virtserv-src-lab.yaml -n my-ns
+kube1# while true; do curl 192.168.13.65 -H "Host: gowebd.corp13.un"; sleep 0.1; done
 </code>
-  * [[https://istio.io/latest/docs/tasks/observability/logs/access-log/|Envoy Access Logs]]
+==== Добавление журналов ====
-<code>
+  * [[https://istio.io/latest/docs/tasks/observability/logs/access-log/|Envoy Access Logs ... Default access log format]]
-# curl 192.168.13.65 -H "Host: gowebd.corp13.un" -H "x-my-version: canary"
-# cat telemetry.yaml
+<code>
+kube1# vim virtserv-after-gateway.yaml
+</code><code>
+...
+        x-forwarded-for:
+          regex: "192.168.13.*"
+...
+    - {}
+    route:
+    - destination:
+        host: frontend
+        subset: v1
+</code><code>
+kube1# cat telemetry.yaml
+</code><code>
 apiVersion: telemetry.istio.io/v1alpha1
 kind: Telemetry
@@ Line 608: / Line 645: @@
       - name: Envoy
 </code><code>
-# kubectl apply -f telemetry.yaml -n istio-system
+kube1# kubectl apply -f telemetry.yaml -n istio-system
-# curl 192.168.13.65 -H "Host: gowebd.corp13.un" -H "x-forwarded-for: 192.168.13.10"
+kube1# curl 192.168.13.65 -H "Host: gowebd.corp13.un" -H "x-forwarded-for: 192.168.13.10"
-# kubectl -n my-ns logs -l app=my-webd-lab -c istio-proxy -f
+kube1# kubectl -n my-ns logs -l app=my-webd-lab -c istio-proxy -f
+kube1# kubectl -n my-ns logs pods/my-webd-v2-<TAB> -c istio-proxy -f
+kube1# kubectl -n my-ns logs pods/frontend-v2-<TAB> -c istio-proxy -f
+</code><code>
+kube1# vim virtserv-after-gateway.yaml
+</code><code>
+...
+#        x-my-version:
+#          exact: canary
+...
+</code><code>
+kube1# curl 192.168.13.65 -H "Host: gowebd.corp13.un" -H "x-my-version: canary"
+gate# systemctl disable haproxy --now
-# cat /etc/nginx/sites-available/gowebd
+gate# cat /etc/nginx/sites-available/gowebd
 </code><code>
     server {
         listen 80;
         server_name gowebd.corp13.un;
-        return 301 https://gowebd.corp13.un$request_uri;
+        return 301 https://gowebd.corp13.un:443$request_uri;
     }
@@ Line 633: / Line 683: @@
             proxy_set_header Host $host;
             proxy_set_header X-Forwarded-For $remote_addr;
+        }
+    }
+    server {
+        listen 8080;
+        server_name gowebd.corp13.un;
+        return 301 https://gowebd.corp13.un:8443$request_uri;
+    }
+    server {
+        listen 8443 ssl;
+        server_name gowebd.corp13.un;
+        ssl_certificate /root/gowebd.crt;
+        ssl_certificate_key /root/gowebd.key;
+        location / {
+            proxy_pass http://192.168.13.65;
+            proxy_http_version 1.1;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $remote_addr;
+            proxy_set_header X-My-Version "canary";
         }
     }
 </code><code>
-server.corp13.un:~# curl https://gowebd.corp13.un
+gate# systemctl enable nginx --now
+gate.corp13.un:~# cat /etc/iptables/rules.v4
+...
+:POSTROUTING ACCEPT [0:0]
+-A PREROUTING -d 172.16.1.13/32 -i eth1 -p udp -m udp --dport 53 -j DNAT --to-destination 192.168.13.10:53
+-A PREROUTING -s 172.16.1.113/32 -d 172.16.1.13/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.16.1.13:8080
+-A PREROUTING -s 172.16.1.113/32 -d 172.16.1.13/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination 172.16.1.13:8443
+-A POSTROUTING -s 192.168.13.0/24 -o eth1 -j MASQUERADE
+COMMIT
+...
+gate.corp13.un:~# iptables-restore /etc/iptables/rules.v4
+server# curl https://gowebd.corp13.un
-winclient> https://gowebd.corp13.un
+win client> https://gowebd.corp13.un
 </code>
 ===== Вопросы? =====

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools