Skip to content

Latest commit

 

History

History
114 lines (113 loc) · 3.37 KB

istio配置请求速率限制.md

File metadata and controls

114 lines (113 loc) · 3.37 KB

###istio配置服务访问速率限制 1、创建名为requestcount的quota实例(instance),quota的dimensions定义速率限制的维度标识。 名为requestcount的quota定义了source,sourceVersion,destination,destinationVersion四个维度标识。开发人员还可以配置多个自定义的标识。例如,可以多加一个

path: request.path | "unknow"

可以将速率配额限定粒度到url级别。

apiVersion: config.istio.io/v1alpha2
kind: quota
metadata:
  name: requestcount
  namespace: istio-system
spec:
  dimensions:
    source: source.labels["app"] | source.service | "unknown"
    sourceVersion: source.labels["version"] | "unknown"
    destination: destination.labels["app"] | destination.service | "unknown"
    destinationVersion: destination.labels["version"] | "unknown"

2、配置速率限制的类型为memquota的适配器 memquota配置定义了quota作用的服务的速率限制为1天5000次请求,并且标志了由v2版本的reviews服务到ratings服务的访问速率限制为1天100次请求。 在overrides下有个dimensions,里面的子项便是根据requestcount.quota.istio-system(即名为requestcount的quota)中dimensions声明的。

apiVersion: config.istio.io/v1alpha2
kind: memquota
metadata:
  name: handler
  namespace: istio-system
spec:
  quotas:
  - name: requestcount.quota.istio-system
    # default rate limit is 5000qps
    maxAmount: 5000
    validDuration: 86400s
    # The first matching override is applied.
    # A requestcount instance is checked against override dimensions.
    overrides:
    # The following override applies to traffic from 'rewiews' version v2,
    # destined for the ratings service. The destinationVersion dimension is ignored.
    - dimensions:
        destination: ratings
        source: reviews
        sourceVersion: v2
      maxAmount: 100
      validDuration: 86400s

3、创建rule把quota实例应用到memquota的适配器。

---
apiVersion: config.istio.io/v1alpha2
kind: rule
metadata:
  name: quota
  namespace: istio-system
spec:
  actions:
  - handler: handler.memquota
    instances:
    - requestcount.quota

也可以配置带条件的服务访问限制,例如 创建如下的rule,会配置不同namespace之间的服务的访问速率进行限制。

apiVersion: config.istio.io/v1alpha2
kind: rule
metadata:
 name: quota
 namespace: istio-system
spec:
 match: source.namespace != destination.namespace
 actions:
 - handler: handler.memquota
   instances:
   - requestcount.quota

4、指定配额作用到服务 配置名为RequestCount的quota每次计数加1。

apiVersion: config.istio.io/v1alpha2
kind: QuotaSpec
metadata:
  creationTimestamp: null
  name: request-count
  namespace: istio-system
spec:
  rules:
  - quotas:
    - charge: 1
      quota: RequestCount

配置名为RequestCount的quota作用到namespace为default下的ratings,reviews,details,productpage服务上。如果没有配置这一项,速率限制是不会在服务上生效的。

apiVersion: config.istio.io/v1alpha2
kind: QuotaSpecBinding
metadata:
  creationTimestamp: null
  name: request-count
  namespace: istio-system
spec:
  quotaSpecs:
  - name: request-count
    namespace: istio-system
  services:
  - name: ratings
    namespace: default
  - name: reviews
    namespace: default
  - name: details
    namespace: default
  - name: productpage
    namespace: default