Istio fault injection

Keywords: Nginx network

Index total: istio from getting started to giving up series

1. Introduction

Istio fault injection is different from other mechanisms that introduce errors (such as delaying packets or killing Pod directly) in the network layer. Istio allows fault injection in the application layer. This enables injection of more related faults, such as HTTP error codes.

Istio can inject two types of faults, both of which are configured using virtual services:

Delay: simulation increases network delay or upstream service overload.

Abort: simulate a service failure and make the calling service unavailable. Abortions are usually indicated by an HTTP error code or a TCP connection failure

2. Fault delay

2.1 client resources

apiVersion: apps/v1
kind: Deployment
metadata:
  name: client
spec:
  replicas: 1
  selector:
    matchLabels:
      app: client
  template:
    metadata:
      labels:
        app: client
    spec:
      containers:
      - name: busybox
        image: busybox
        imagePullPolicy: IfNotPresent
        command: [ "/bin/sh", "-c", "sleep 3600" ]

Deploy and use istio injection to get the following results

2.2 server resources

apiVersion: v1
kind: Service
metadata:
  name: nginx-svc
spec:
  selector:
    server: nginx
  ports:
  - name: http
    port: 80
    targetPort: 80
    protocol: TCP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
  labels:
    server: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      server: nginx
  template:
    metadata:
      labels:
        server: nginx
    spec:
      containers:
      - name: nginx
        image: nginx
        imagePullPolicy: IfNotPresent

2.3 virtual services

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: test-vs
spec:
  hosts:
  - nginx-svc
  http:
  - fault:
      delay:
        percentage:
          value: 100
        fixedDelay: 10s
    route:
    - destination:
        host: nginx-svc

3. Verify fault injection

Enter the client container to access the nginx service

kubectl exec -it client-8496866cdf-vkmcw /bin/sh

wget -q -O - http://nginx-svc

It can be seen that the time delay is more than 10 seconds, plus the operation time, which is consistent with the time set above.

4. Failure abort

Modify virtual service file

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: test-vs
spec:
  hosts:
  - nginx-svc
  http:
  - fault:
      abort:
        percentage:
          value: 100
        httpStatus: 503
    route:
    - destination:
        host: nginx-svc

5. Enter client authentication again

kubectl exec -it client-8496866cdf-vkmcw /bin/sh

wget -q -O - http://nginx-svc

Reference article: https://blog.51cto.com/14625168/2496878

                 https://blog.51cto.com/14625168/2496940

Posted by genista on Fri, 29 May 2020 07:15:01 -0700

Hot Keywords

©2024 Programmer Group