我正在尝试为启用istio的服务启用速率限制。但这是行不通的。如果我的配置正确,我该如何调试?
apiVersion: config.istio.io/v1alpha2
kind: memquota
metadata:
name: handler
namespace: istio-system
spec:
quotas:
- name: requestcount.quota.istio-system
maxAmount: 5
validDuration: 1s
overrides:
- dimensions:
engine: myEngineValue
maxAmount: 5
validDuration: 1s
---
apiVersion: config.istio.io/v1alpha2
kind: quota
metadata:
name: requestcount
namespace: istio-system
spec:
dimensions:
source: request.headers["x-forwarded-for"] | "unknown"
destination: destination.labels["app"] | destination.service | "unknown"
destinationVersion: destination.labels["version"] | "unknown"
engine: destination.labels["engine"] | "unknown"
---
apiVersion: config.istio.io/v1alpha2
kind: QuotaSpec
metadata:
name: request-count
namespace: istio-system
spec:
rules:
- quotas:
- charge: 1
quota: requestcount
---
apiVersion: config.istio.io/v1alpha2
kind: QuotaSpecBinding
metadata:
name: request-count
namespace: istio-system
spec:
quotaSpecs:
- name: request-count
namespace: istio-system
services:
# - service: '*' ; I tried with this as well
- name: my-service
namespace: default
---
apiVersion: config.istio.io/v1alpha2
kind: rule
metadata:
name: quota
namespace: istio-system
spec:
actions:
- handler: handler.memquota
instances:
- requestcount.quota
我在- service: '*'中也尝试过QuotaSpecBinding;但没有运气。
如何确认我的配置是否正确? my-service是用于我的部署的kubernetes服务。 (是否必须是istio的VirtualService才能使速率限制起作用?编辑:是的,必须!)
除了VirtualService部分,我关注了this doc。
我在命名空间中的某个地方感觉到我做错了。
答案 0 :(得分:2)
您必须为服务my-service定义虚拟服务:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: myservice
spec:
hosts:
- myservice
http:
- route:
- destination:
host: myservice
这样,您可以让Istio知道您要托管的服务。
在调试方面,我知道有一个名为Kiali的项目,旨在利用Istio环境中的可观察性。我知道他们已经对某些Istio和Kubernetes对象进行了验证:Istio configuration browse。