All Products
Search
Document Center

Alibaba Cloud Service Mesh:Use lanes to manage traffic

更新時間:Jul 11, 2023

Service Mesh (ASM) allows you to use the traffic label feature to isolate a version or certain features of an application into an independent runtime environment (known as lane). Then, you can configure lane rules to route requests that meet the rules to the destination version or features of the application. This topic describes how to use lanes to manage traffic in the ASM console.

Prerequisites

  • An ASM instance of Enterprise Edition or Ultimate Edition is created and the instance is of version 1.17.2.22 or later. For more information, see Create an ASM instance or Update an ASM instance.

  • The cluster is added to the ASM instance. For more information, see Add a cluster to an ASM instance.
  • An ASM gateway named ingressgateway is created. For more information, see Create an ingress gateway service.

  • An Istio gateway named ingressgateway is created in the istio-system namespace. For more information, see Manage Istio gateways.

    Show the sample YAML code of the gateway

    apiVersion: networking.istio.io/v1beta1
    kind: Gateway
    metadata:
      name: ingressgateway
      namespace: istio-system
    spec:
      selector:
        istio: ingressgateway
      servers:
        - port:
            number: 80
            name: http
            protocol: HTTP
          hosts:
            - '*'
    

Features

Canary release allows you to incrementally roll out new services or versions. For example, if you want to release a new version, you can first direct a portion of traffic to the version to test its functionality, and increase traffic after the functionality is verified.

End-to-end canary release primarily routes request traffic over different microservice call chains. You do not need to reconfigure your microservices for this purpose. Only a few rules are needed to build isolated environments for traffic from the gateway to services. End-to-end canary release facilitates the release of multiple services or multiple versions of a service at the same time. For more information, see Label traffic.

In this example, three lanes s1, s2, and s3 are deployed, and each lane contains three services mocka, mockb, and mockc. After the lanes are deployed in the ASM console, check whether the traffic is distributed among the lanes as expected.泳道模式的全链路灰度

Step 1: Deploy sample services

  1. Enable automatic sidecar proxy injection for the default namespace.

    For more information, see Enable automatic sidecar proxy injection.

    1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.
    2. On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose ASM Instance > Global Namespace.
    3. On the Global Namespace page, find the default namespace and click Enable Automatic Sidecar Injection in the Automatic Sidecar Injection column. In the Submit message, click OK.

  2. Run the following commands to deploy sample services in the Container Service for Kubernetes (ACK) cluster:

    kubectl apply -f https://alibabacloudservicemesh.oss-cn-beijing.aliyuncs.com/asm-labs/swimlane/v1/application-v1.yaml
    kubectl apply -f https://alibabacloudservicemesh.oss-cn-beijing.aliyuncs.com/asm-labs/swimlane/v2/application-v2.yaml
    kubectl apply -f https://alibabacloudservicemesh.oss-cn-beijing.aliyuncs.com/asm-labs/swimlane/v3/application-v3.yaml

Step 2: Create a lane group and lanes

  1. Create a lane group.

    1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.
    2. On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose Traffic Management Center > Traffic Lane.
    3. On the Traffic Lane page, click Create Swimlane Group. In the Create Swimlane Group panel, set the parameters and click OK.

      Parameter

      Description

      Name of swim lane group

      For this example, enter test.

      Entrance gateway

      Select ingressgateway.

      Swimlane Services

      Select the desired ACK cluster from the Kubernetes Clusters drop-down list and select default from the Namespace drop-down list. Then, select mocka, mockb, and mockc in the service list, and click the 移动 icon to add the services to the selected section.

      After the configuration, the corresponding traffic label is generated.

      Show the YAML code of the traffic label

      apiVersion: istio.alibabacloud.com/v1beta1
      kind: TrafficLabel
      metadata:
        labels:
          asm-system: 'true'
          provider: asm
        name: asm-trafficlabel-global
        namespace: istio-system
      spec:
        rules:
          - labels:
              - name: asm-label
                valueFrom:
                  - $getLabel(ASM_TRAFFIC_TAG)
      

  2. Create s1, s2, and s3 lanes and bind the s1 lane to v1 of the sample services, the s2 lane to v2 of the sample services, and the s3 lane to v3 of the sample services.

    This topic only describes how to create the s1 lane. You can create s2 and s3 lanes by using the same method.

    1. In the Traffic Rule Definition section of the Traffic Lane page, click Create swimlanes.

    2. In the Create swimlanes dialog box, set the parameters and click OK.

      Parameter

      Description

      Swimlane Name

      For this example, enter s1.

      Note

      Requests whose headers contain the lane name in the format of 'x-asm-prefer-tag: lane name' are routed to the corresponding version of the services.

      Configure Service Tag

      For this example, enter v1.

      Add Service

      For this example, select the mocka(default), mockb(default), and mockc(default) services.

      创建泳道

      After the three lanes are created, you can view them in the Traffic Rule Definition section, as shown in the following figure:创建泳道

      Each time you create a lane, the system creates a destination rule. The following code provides an example of the destination rule that is created after you create the s1 lane:

      Show the sample YAML code of the destination rule

      apiVersion: networking.istio.io/v1beta1
      kind: DestinationRule
      metadata:
        creationTimestamp: '2023-05-29T09:06:09Z'
        generation: 3
        labels:
          asm-system: 'true'
          provider: asm
          swimlane-group: test
        name: trafficlabel-dr-test-default-mocka
        namespace: istio-system
        resourceVersion: '1310364657'
        uid: 7112ce64-0176-4ff3-b5f3-66263085****
      spec:
        host: mocka.default.svc.cluster.local
        subsets:
          - labels:
              ASM_TRAFFIC_TAG: v1
            name: s1
          - labels:
              ASM_TRAFFIC_TAG: v1
            name: v1
          - labels:
              ASM_TRAFFIC_TAG: v2
            name: v2
          - labels:
              ASM_TRAFFIC_TAG: v2
            name: s2
          - labels:
              ASM_TRAFFIC_TAG: v3
            name: v3
          - labels:
              ASM_TRAFFIC_TAG: v3
            name: s3
      

  3. Create a traffic routing rule for each lane.

    This topic only describes how to create a traffic routing rule for the s1 lane. You can create traffic routing rules for the s2 and s3 lanes by using the same method.

    1. In the Traffic Rule Definition section of the Traffic Lane page, find the lane for which you want to create a traffic routing rule, and click Ingress traffic rules in the Actions column.

    2. In the Add drainage rule dialog box, set the parameters and click OK.

      This example assumes that the inbound request path of all the lane services is /mock, and the same traffic routing rule is configured for each lane.

      Parameter

      Description

      Ingress service

      For this example, select mocka.default.svc.cluster.local.

      Ingress traffic rules

      For this example, set the Name parameter to r1 and the realm name parameter to *.

      Matching request URI

      For this example, set the Method parameter to Exact and the Content parameter to /mock.

      After traffic routing rules are created, you can view them in the Traffic Rule Definition section, as shown in the following figure:引流规则

      Then, the system generates a virtual service. The following code provides an example of the virtual service:

      Show the sample YAML code of the virtual service

      apiVersion: networking.istio.io/v1beta1
      kind: VirtualService
      metadata:
        creationTimestamp: '2023-05-29T09:13:00Z'
        generation: 3
        labels:
          asm-system: 'true'
          istioGateway: ingressgateway
          provider: asm
        name: ingressgateway
        namespace: istio-system
        resourceVersion: '1310388638'
        uid: d60baa2f-3a12-472f-881a-15d21004****
      spec:
        gateways:
          - istio-system/ingressgateway
        hosts:
          - '*'
        http:
          - match:
              - headers:
                  x-asm-prefer-tag:
                    exact: s2
                uri:
                  exact: /mock
            name: swimelane-ingress-route-test-s2-rule2
            route:
              - destination:
                  host: mocka.default.svc.cluster.local
                  subset: s2
          - match:
              - headers:
                  x-asm-prefer-tag:
                    exact: s3
                uri:
                  exact: /mock
            name: swimelane-ingress-route-test-s3-rule3
            route:
              - destination:
                  host: mocka.default.svc.cluster.local
                  subset: s3
          - match:
              - headers:
                  x-asm-prefer-tag:
                    exact: s1
                uri:
                  exact: /mock
            name: swimelane-ingress-route-test-s1-rule1
            route:
              - destination:
                  host: mocka.default.svc.cluster.local
                  subset: s1
      apiVersion: networking.istio.io/v1beta1
      kind: VirtualService
      metadata:
        creationTimestamp: '2023-05-29T09:13:00Z'
        generation: 3
        labels:
          asm-system: 'true'
          istioGateway: ingressgateway
          provider: asm
        name: ingressgateway
        namespace: istio-system
        resourceVersion: '1310388638'
        uid: d60baa2f-3a12-472f-881a-15d21004****
      spec:
        gateways:
          - istio-system/ingressgateway
        hosts:
          - '*'
        http:
          - match:
              - headers:
                  x-asm-prefer-tag:
                    exact: s2
                uri:
                  exact: /mock
            name: swimelane-ingress-route-test-s2-rule2
            route:
              - destination:
                  host: mocka.default.svc.cluster.local
                  subset: s2
          - match:
              - headers:
                  x-asm-prefer-tag:
                    exact: s3
                uri:
                  exact: /mock
            name: swimelane-ingress-route-test-s3-rule3
            route:
              - destination:
                  host: mocka.default.svc.cluster.local
                  subset: s3
          - match:
              - headers:
                  x-asm-prefer-tag:
                    exact: s1
                uri:
                  exact: /mock
            name: swimelane-ingress-route-test-s1-rule1
            route:
              - destination:
                  host: mocka.default.svc.cluster.local
                  subset: s1
      

Step 3: Verify that the end-to-end canary release feature takes effect

  1. Obtain the public IP address of the ASM gateway. For more information, see Step 2: Query the IP address of the ASM instance's ingress gateway in Integrate the cloud-native inference service KServe with ASM.

  2. Run the following command to configure an environment variable.

    xxx.xxx.xxx.xxx is the IP address obtained in Substep 1.

    export ASM_GATEWAY_IP=xxx.xxx.xxx.xxx
  3. Verify that the end-to-end canary release feature takes effect.

    1. Run the following command to access services in the s1 lane.

      In the command, the value of x-asm-prefer-tag is s1, which is the name of the lane that you configured when you created the lane in Step 2.

      for i in {1..100};  do curl   -H 'x-asm-prefer-tag: s1' http://${ASM_GATEWAY_IP}/mock ;  echo ''; sleep 1; done;

      Expected output:

      -> mocka(version: v1, ip: 172.17.0.54)-> mockb(version: v1, ip: 172.17.0.129)-> mockc(version: v1, ip: 172.17.0.130)

      Traffic specified by the HTTP header x-asm-prefer-tag: s1 flows to the relevant services in the s1 lane. This meets expectations.

    2. Run the following command to access services in the s2 lane.

      In the command, the value of x-asm-prefer-tag is s2, which is the name of the lane that you configured when you created the lane in Step 2.

      for i in {1..100};  do curl   -H 'x-asm-prefer-tag: s2' http://${ASM_GATEWAY_IP}/mock ;  echo ''; sleep 1; done;

      Expected output:

      -> mocka(version: v2, ip: 172.17.0.9)-> mockb(version: v2, ip: 172.17.0.126)-> mockc(version: v2, ip: 172.17.0.128)

      Traffic specified by the HTTP header x-asm-prefer-tag: s2 flows to the relevant services in the s2 lane. This meets expectations.

    3. Run the following command to access services in the s3 lane.

      In the command, the value of x-asm-prefer-tag is s3, which is the name of the lane that you configured when you created the lane in Step 2.

      for i in {1..100};  do curl   -H 'x-asm-prefer-tag: s3' http://${ASM_GATEWAY_IP}/mock ;  echo ''; sleep 1; done;

      Expected output:

      -> mocka(version: v3, ip: 172.17.0.132)-> mockb(version: v3, ip: 172.17.0.127)-> mockc(version: v3, ip: 172.17.0.69)

      Traffic specified by the HTTP header x-asm-prefer-tag: s3 flows to the relevant services in the s3 lane. This meets expectations.

(Optional) Step 4: Check the mesh topology

If you have enabled Mesh Topology in the ASM console, you can check the topology for the preceding requests. For more information, see Enable Mesh Topology to observe an ASM instance in the ASM console.