我想实现的速率限制为我不在网现有的应用程序。
当前设置的只是入口网关,网关和虚拟服务。
apiVersion: "config.istio.io/v1alpha2"
kind: memquota
metadata:
name: handler
namespace: istio-system
spec:
quotas:
- name: requestcount.quota.istio-system
maxAmount: 1
validDuration: 1s
---
apiVersion: "config.istio.io/v1alpha2"
kind: quota
metadata:
name: requestcount
namespace: istio-system
spec:
dimensions:
source: request.headers["x-forwarded-for"] | "unknown"
destination: destination.labels["app"] | destination.service | "unknown"
---
apiVersion: config.istio.io/v1alpha2
kind: rule
metadata:
name: quota
spec:
actions:
- handler: handler.memquota
instances:
- requestcount.quota
---
apiVersion: config.istio.io/v1alpha2
kind: QuotaSpec
metadata:
name: request-count
namespace: istio-system
spec:
rules:
- quotas:
- charge: 1
quota: requestcount
---
apiVersion: config.istio.io/v1alpha2
kind: QuotaSpecBinding
metadata:
name: request-count
namespace: istio-system
spec:
quotaSpecs:
- name: request-count
namespace: istio-system
services:
- name: web-stage
namespace: default
---
### Virtual Service
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: web-stage
namespace: default
spec:
hosts:
- "web-stage.host.com"
gateways:
- web-gateway
http:
- match:
route:
- destination:
port:
number: 80
host: web-stage
使用配额设置为1我应该能够有服务容易堵塞,但我能推通RPS的任何量。
我不知道从哪里开始调试。
答案 0 :(得分:0)
就rule定义而言,这可能是个问题,据我所知,它必须在与quota资源相同的名称空间中声明,因此quota尚未分派给memquota适配器:
apiVersion: config.istio.io/v1alpha2
kind: rule
metadata:
name: quota
namespace: istio-system
spec:
actions:
- handler: handler.memquota
instances:
- requestcount.quota
出于调试目的,您可以通过指定Mixer容器来从istio-policy窗格中查询日志:
kubectl logs <istio-policy-Pod-name> -n istio-system -c mixer
我建议您访问此tutorial,以实现Istio网格中的速率限制。