深入理解 Istio 流量管理的超時時間設(shè)置

環(huán)境準(zhǔn)備
部署 httpbin 服務(wù):

kubectl apply -f samples/httpbin/httpbin.yaml
部署 sleep 服務(wù):

kubectl apply -f samples/sleep/sleep.yaml
httpbin 服務(wù)作為接收請求的服務(wù)端, sleep 服務(wù)作為發(fā)送請求的客戶端。

設(shè)置超時時間
在 sleep 服務(wù)中向 httpbin 服務(wù)發(fā)出請求:

export SLEEP_POD=$(kubectl get pods -l app=sleep -o 'jsonpath={.items[0].metadata.name}')
kubectl exec "$SLEEP_POD" -c sleep -- time curl -o /dev/null -sS -w "%{http_code}\n" http://httpbin.org/delay/5
返回結(jié)果如下:

200
real    0m 5.69s
user    0m 0.00s
sys     0m 0.00s
可以看到,請求大約在 5 秒返回 200 (OK)。

創(chuàng)建虛擬服務(wù),訪問httpbin 服務(wù)時,請求超時設(shè)置為 3 秒:

kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: httpbin
spec:
  hosts:
  - httpbin
  http:
  - route:
    - destination:
        host: httpbin
    timeout: 3s
EOF
再次訪問,返回結(jié)果如下:

504
real    0m 3.01s
user    0m 0.00s
sys     0m 0.00s
可以看到,在 3 秒后出現(xiàn)了 504 (Gateway Timeout)。Istio 在 3 秒后切斷了響應(yīng)時間為 5 秒的httpbin 服務(wù)的請求。接下來,我們深入地看一下,Istio是怎么切斷請求的?

查看Envoy日志
執(zhí)行以下命令,查看sleep 服務(wù)的Envoy日志:

kubectl logs -l app=sleep -c istio-proxy
可以看到sleep服務(wù)對httpbin服務(wù)的調(diào)用的日志:

{
     "authority": "httpbin:8000",
     "bytes_received": 0,
     "bytes_sent": 24,
     "connection_termination_details": null,
     "downstream_local_address": "172.24.146.239:8000",
     "downstream_remote_address": "172.24.158.25:40384",
     "duration": 3001,
     "method": "GET",
     "path": "/delay/5",
     "protocol": "HTTP/1.1",
     "request_id": "5ef38816-7f49-48c8-9627-2416e1716293",
     "requested_server_name": null,
     "response_code": 504,
     "response_code_details": "upstream_response_timeout",
     "response_flags": "UT",
     "route_name": null,
     "start_time": "2022-07-01T09:40:13.882Z",
     "upstream_cluster": "outbound|8000||httpbin.onemore.svc.cluster.local",
     "upstream_host": "172.24.158.96:80",
     "upstream_local_address": "172.24.158.25:32846",
     "upstream_service_time": null,
     "upstream_transport_failure_reason": null,
     "user_agent": "curl/7.81.0-DEV",
     "x_forwarded_for": null
}
其中,response_flags為UT,表示上游(upstream)請求超時,也就是sleep服務(wù)檢測到了httpbin服務(wù)的請求超時。

執(zhí)行以下命令,查看httpbin 服務(wù)的Envoy日志:

kubectl logs -l app=httpbin -c istio-proxy
可以看到httpbin服務(wù)被sleep服務(wù)調(diào)用的Envoy日志:

{
     "authority": "httpbin:8000",
     "bytes_received": 0,
     "bytes_sent": 0,
     "connection_termination_details": null,
     "downstream_local_address": "172.24.158.96:80",
     "downstream_remote_address": "172.24.158.25:32846",
     "duration": 2997,
     "method": "GET",
     "path": "/delay/5",
     "protocol": "HTTP/1.1",
     "request_id": "5ef38816-7f49-48c8-9627-2416e1716293",
     "requested_server_name": "outbound_.8000_._.httpbin.onemore.svc.cluster.local",
     "response_code": 0,
     "response_code_details": "downstream_remote_disconnect",
     "response_flags": "DC",
     "route_name": "default",
     "start_time": "2022-07-01T09:40:13.885Z",
     "upstream_cluster": "inbound|80||",
     "upstream_host": "172.24.158.96:80",
     "upstream_local_address": "127.0.0.6:35701",
     "upstream_service_time": null,
     "upstream_transport_failure_reason": null,
     "user_agent": "curl/7.81.0-DEV",
     "x_forwarded_for": null
}
其中,response_flags為DC,表示下游(downstream)連接中斷,也就是sleep服務(wù)的調(diào)用請求被中斷了。

深入分析
通過Envoy日志,我們可以做出一些分析和判斷:

當(dāng)httpbin服務(wù)的請求正常的時候,調(diào)用過程如下圖:



當(dāng)httpbin服務(wù)的請求超時的時候,調(diào)用過程如下圖:



雖然,我們在httpbin服務(wù)上設(shè)置的請求超時時間,但實際上主動斷開請求的卻是sleep服務(wù)的Envoy。

清理
kubectl delete virtualservice httpbin
kubectl delete -f samples/httpbin/httpbin.yaml
kubectl delete -f samples/sleep/sleep.yaml

作者:萬貓學(xué)社


歡迎關(guān)注微信公眾號 :萬貓學(xué)社