User Tools
стратегии_деплоя_в_kubernetes
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
стратегии_деплоя_в_kubernetes [2025/02/24 15:37] val [Шаг 6. canary deployment with Istio VirtualService] |
стратегии_деплоя_в_kubernetes [2025/03/24 18:06] (current) val [Шаг 6. canary deployment with Istio VirtualService] |
||
|---|---|---|---|
| Line 17: | Line 17: | ||
| ===== Запись вебинара ===== | ===== Запись вебинара ===== | ||
| - | * Тэги: | + | * Тэги: deployment rollout, canary deployment, ingress annotations, Kubernetes Gateway API, Istio Service Mesh, kiali, nginx proxy header |
| + | * https://rutube.ru/video/private/45160ea603c4f541cd11ebcc3fdf5109/ | ||
| + | * https://youtu.be/uEpEDk8EWSg | ||
| ===== Методическая подготовка ===== | ===== Методическая подготовка ===== | ||
| - | ==== В паузах рассказать про ==== | ||
| - | |||
| - | * | ||
| ===== Шаг 1. Что у нас есть для начала ===== | ===== Шаг 1. Что у нас есть для начала ===== | ||
| Line 428: | Line 427: | ||
| # match: | # match: | ||
| # - headers: | # - headers: | ||
| - | ## x-forwarded-for: | + | # x-forwarded-for: |
| - | ## regex: "192.168.13.*" | + | # regex: "192.168.13.*" |
| - | # x-my-version: | + | ## x-my-version: |
| - | # exact: canary | + | ## exact: canary |
| # route: | # route: | ||
| # - destination: | # - destination: | ||
| Line 616: | Line 615: | ||
| kube1# while true; do curl 192.168.13.65 -H "Host: gowebd.corp13.un"; sleep 0.1; done | kube1# while true; do curl 192.168.13.65 -H "Host: gowebd.corp13.un"; sleep 0.1; done | ||
| </code> | </code> | ||
| + | |||
| + | ==== Добавление журналов ==== | ||
| * [[https://istio.io/latest/docs/tasks/observability/logs/access-log/|Envoy Access Logs ... Default access log format]] | * [[https://istio.io/latest/docs/tasks/observability/logs/access-log/|Envoy Access Logs ... Default access log format]] | ||
| Line 621: | Line 622: | ||
| <code> | <code> | ||
| kube1# vim virtserv-after-gateway.yaml | kube1# vim virtserv-after-gateway.yaml | ||
| - | + | </code><code> | |
| - | kube1# curl 192.168.13.65 -H "Host: gowebd.corp13.un" -H "x-my-version: canary" | + | ... |
| + | x-forwarded-for: | ||
| + | regex: "192.168.13.*" | ||
| + | ... | ||
| + | - {} | ||
| + | route: | ||
| + | - destination: | ||
| + | host: frontend | ||
| + | subset: v1 | ||
| + | </code><code> | ||
| kube1# cat telemetry.yaml | kube1# cat telemetry.yaml | ||
| </code><code> | </code><code> | ||
| Line 641: | Line 650: | ||
| kube1# kubectl -n my-ns logs -l app=my-webd-lab -c istio-proxy -f | kube1# kubectl -n my-ns logs -l app=my-webd-lab -c istio-proxy -f | ||
| + | kube1# kubectl -n my-ns logs pods/my-webd-v2-<TAB> -c istio-proxy -f | ||
| + | kube1# kubectl -n my-ns logs pods/frontend-v2-<TAB> -c istio-proxy -f | ||
| + | </code><code> | ||
| + | kube1# vim virtserv-after-gateway.yaml | ||
| + | </code><code> | ||
| + | ... | ||
| + | # x-my-version: | ||
| + | # exact: canary | ||
| + | ... | ||
| + | </code><code> | ||
| + | kube1# curl 192.168.13.65 -H "Host: gowebd.corp13.un" -H "x-my-version: canary" | ||
| + | |||
| + | gate# systemctl disable haproxy --now | ||
| gate# cat /etc/nginx/sites-available/gowebd | gate# cat /etc/nginx/sites-available/gowebd | ||
| Line 647: | Line 669: | ||
| listen 80; | listen 80; | ||
| server_name gowebd.corp13.un; | server_name gowebd.corp13.un; | ||
| - | return 301 https://gowebd.corp13.un$request_uri; | + | return 301 https://gowebd.corp13.un:443$request_uri; |
| } | } | ||
| Line 661: | Line 683: | ||
| proxy_set_header Host $host; | proxy_set_header Host $host; | ||
| proxy_set_header X-Forwarded-For $remote_addr; | proxy_set_header X-Forwarded-For $remote_addr; | ||
| + | } | ||
| + | } | ||
| + | |||
| + | server { | ||
| + | listen 8080; | ||
| + | server_name gowebd.corp13.un; | ||
| + | return 301 https://gowebd.corp13.un:8443$request_uri; | ||
| + | } | ||
| + | |||
| + | server { | ||
| + | listen 8443 ssl; | ||
| + | server_name gowebd.corp13.un; | ||
| + | ssl_certificate /root/gowebd.crt; | ||
| + | ssl_certificate_key /root/gowebd.key; | ||
| + | |||
| + | location / { | ||
| + | proxy_pass http://192.168.13.65; | ||
| + | proxy_http_version 1.1; | ||
| + | proxy_set_header Host $host; | ||
| + | proxy_set_header X-Forwarded-For $remote_addr; | ||
| + | proxy_set_header X-My-Version "canary"; | ||
| } | } | ||
| } | } | ||
| </code><code> | </code><code> | ||
| + | gate# systemctl enable nginx --now | ||
| + | |||
| + | gate.corp13.un:~# cat /etc/iptables/rules.v4 | ||
| + | ... | ||
| + | :POSTROUTING ACCEPT [0:0] | ||
| + | -A PREROUTING -d 172.16.1.13/32 -i eth1 -p udp -m udp --dport 53 -j DNAT --to-destination 192.168.13.10:53 | ||
| + | -A PREROUTING -s 172.16.1.113/32 -d 172.16.1.13/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.16.1.13:8080 | ||
| + | -A PREROUTING -s 172.16.1.113/32 -d 172.16.1.13/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination 172.16.1.13:8443 | ||
| + | -A POSTROUTING -s 192.168.13.0/24 -o eth1 -j MASQUERADE | ||
| + | COMMIT | ||
| + | ... | ||
| + | gate.corp13.un:~# iptables-restore /etc/iptables/rules.v4 | ||
| + | |||
| server# curl https://gowebd.corp13.un | server# curl https://gowebd.corp13.un | ||
стратегии_деплоя_в_kubernetes.1740400650.txt.gz · Last modified: 2025/02/24 15:37 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
