Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kitex 在 k8s+istio 架构中,服务间调用无法实现header头流量转移 #849

Closed
booldesign opened this issue Mar 6, 2023 · 19 comments
Closed

kitex 在 k8s+istio 架构中,服务间调用无法实现header头流量转移 #849

booldesign opened this issue Mar 6, 2023 · 19 comments
Assignees
@CoderPoet @ppzqh
Labels
question Further information is requested

Comments

@booldesign
Copy link

booldesign commented Mar 6, 2023
edited

测试环境:k8s+istio 架构,服务发现是用原生的istio
系统版本:
k8s:版本:v1.25.4
istio版本:1.17.1
docker 20.10.23

kitex 做service 给 hertz做rpc调用
需求说明
api服务有v1/v2版本
hertz-api-v1 / hertz-api-v2
service服务也有v1/v2版本
kitex-rpc-v1 / kitex-rpc-v2
凡是有header头branch:v2的都走v2的版本

遇到的问题:
hertz-api 服务的VirtualService规则,header有v2标签时可以,打到hertz-api-v2的服务上,
但kitex的VirtualService规则没有达到效果,一直是轮询的方式,v1/v2都会请求到

hertz-api的VirtualService

kind: VirtualService
metadata:
  name: cloud
spec:
  hosts:
    - "*"
  gateways:
    - cloud-gateway
  http:
    - match:
        - headers:
            branch:
              exact: v2
      route:
        - destination:
            host:  hertz-api
            subset: v2
            port:
              number: 8100
    - match:
        - uri:
            prefix: /
      route:
        - destination:
            host: hertz-api
            subset: v1
            port:
              number: 8100

kitex-rpc的VirtualService

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: kitex-rpc
spec:
  hosts:
    - kitex-rpc
  http:
    - match:
        - headers:
            branch:
              exact: v2
      route:
        - destination:
            host: kitex-rpc
            subset: v2
    - route:
        - destination:
            host: kitex-rpc
            subset: v1
@booldesign booldesign changed the title kitex 在 k8s+istio 架构中,服务间调用会出现 kitex 在 k8s+istio 架构中,服务间调用无法实现header头流量转移 Mar 6, 2023
@booldesign
Copy link
Author

booldesign commented Mar 6, 2023
edited

hertz-api 的client code

return []client.Option{
		client.WithHostPorts([]string{"kitex-rpc:8001"}...),
		client.WithTransportProtocol(transport.GRPC),
	}

@ppzqh
Copy link
Contributor

ppzqh commented Mar 6, 2023

具体环境是什么?envoy 作为 proxy 吗?还是说使用了 kitex 的 proxyless 模式

@booldesign
Copy link
Author

envoy 作为 proxy

@ppzqh
Copy link
Contributor

ppzqh commented Mar 6, 2023

首先,如你所说,配置的是 http header 的VirtualService规则,而 kitex 默认使用的是 thrift 协议,所以不会生效。

不过,Istio 对 thrift 协议的支持确实非常有限,有需求的话可以配置 Thrift proxy Filter 以实现路由。

这里有一个示例,可以参考尝试配置:https://github.com/cloudwego/kitex-examples/blob/main/proxyless/yaml/server/thrift_proxy.yaml

@booldesign
Copy link
Author

我用的grpc

@ppzqh
Copy link
Contributor

ppzqh commented Mar 6, 2023

那可能得单独再看看,是否方便提供一个可复现的demo,我这边看一下。

@booldesign
Copy link
Author

这是demo https://github.com/booldesign/mesh-demo

@ppzqh
Copy link
Contributor

ppzqh commented Mar 6, 2023

好的,我本地验证一下。

@booldesign
Copy link
Author

您好,这问题好处理不

@booldesign
Copy link
Author

booldesign commented Mar 7, 2023
edited

我改成kitex 的 proxyless 模式了,不用sidecar,
报错一
"userCenterResp errno matched route for service account-service:4001, err=get listener failed: [XDS] manager, fetch Listener resource[account-service:4001] timeout"
有时报错误二
"userCenterResp errservice discovery error: no endpoints for cluster: outbound|4001|v1|account-service.banding-cloud.svc.cluster.local"

demo地址 https://github.com/booldesign/mesh-demo/tree/xds

$ kubectl get pods -n banding-cloud
NAME                                  READY   STATUS    RESTARTS   AGE
account-service-v1-6ccfff5fbb-z2p9h   1/1     Running   0          4m19s
account-service-v2-64bf55785c-rsx7t   1/1     Running   0          4m19s
usercenter-api-v1-78f6479bbd-b6qf2    1/1     Running   0          4m19s
usercenter-api-v2-dd57b7d59-8k667     1/1     Running   0          4m19s
centos                                2/2     Running   0          45m

$ kubectl get svc -n banding-cloud
NAME              TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
account-service   ClusterIP   10.104.33.215   <none>        4001/TCP   4m28s
usercenter-api    ClusterIP   10.96.139.157   <none>        8181/TCP   4m28s

$ kubectl get vs -n banding-cloud
NAME              GATEWAYS            HOSTS                 AGE
account-service                       ["account-service"]   52m
cloud             ["cloud-gateway"]   ["*"]                 53m
usercenter-api                        ["usercenter-api"]    52m

@ppzqh
Copy link
Contributor

ppzqh commented Mar 8, 2023

抱歉,这两天暂时没有时间看这个问题,后续会继续跟进

@li-jin-gou
Copy link
Member

li-jin-gou commented Mar 8, 2023
edited

参考一下 https://github.com/cloudwego/biz-demo/tree/main/bookinfo 试试能不能将 bookinfo run 起来,如果可以 run 起, 再看看 diff,找不到 diff 的话直接 copy bookinfo 快速解决吧 @booldesign

@li-jin-gou
Copy link
Member

如果 bookinfo 运行不起来的话说明环境有问题,看一下环境配置,如果能运行起来的话说明代码配置相关有问题,找找代码 diff 配置。

@CoderPoet
Copy link
Member

和 istio 没太大关系哈,是 K8S 相关的配置有误导致的

https://github.com/booldesign/mesh-demo/blob/xds/deploy/kube/cloud.yaml#L156

这边 targetPort: thrift 并不对,因为你的 POD 并没有 name 为 thrift 的 port

可以直接改成 pod 的 port,如下

image

@li-jin-gou
Copy link
Member

环境问题...🥺

@CoderPoet
Copy link
Member

环境问题...🥺

不是环境问题哈,是K8S Service配置问题

@li-jin-gou
Copy link
Member

环境问题...🥺

不是环境问题哈,是K8S Service配置问题

配置问题

@li-jin-gou li-jin-gou added the question Further information is requested label Mar 8, 2023
@booldesign
Copy link
Author

targetPort可以不设,用缺省

@CoderPoet
Copy link
Member

targetPort可以不设,用缺省

嗯嗯,缺省也可以的

@CoderPoet CoderPoet mentioned this issue Mar 14, 2023
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@CoderPoet CoderPoet

@ppzqh ppzqh

Labels
question Further information is requested
Milestone
No milestone
Development

No branches or pull requests
4 participants
@booldesign @CoderPoet @ppzqh @li-jin-gou