为什么Istio限速工作不正确?

时间:2019-05-29 16:01:29

标签: kubernetes istio

我根据istio教程正确配置了速率限制,并且该方法有效。但是当我降低该限制时,似乎限速没有改变,这是我所有的配置文件。希望您能给我一些帮助。非常感谢。

apiVersion: config.istio.io/v1alpha2
kind: handler
metadata:
  name: quotahandler
  namespace: istio-system
spec:
  compiledAdapter: memquota
  params:
    quotas:
    - name: requestcountquota.instance.istio-system
      maxAmount: 500
      validDuration: 1s
      overrides:
      - dimensions:
          destination: productpage
          source: "10.28.11.20"
        maxAmount: 500
        validDuration: 1s
      - dimensions:
          destination: productpage
        maxAmount: 500  (Here I increased the number of requests per second.)
        validDuration: 1s
---
apiVersion: config.istio.io/v1alpha2
kind: instance
metadata:
  name: requestcountquota
  namespace: istio-system
spec:
  compiledTemplate: quota
  params:
    dimensions:
      source: request.headers["x-forwarded-for"] | "unknown"
      destination: destination.labels["app"] | destination.service.name | "unknown"
      destinationVersion: destination.labels["version"] | "unknown"
---
apiVersion: config.istio.io/v1alpha2
kind: QuotaSpec
metadata:
  name: request-count
  namespace: istio-system
spec:
  rules:
  - quotas:
    - charge: 1
      quota: requestcountquota
---
apiVersion: config.istio.io/v1alpha2
kind: QuotaSpecBinding
metadata:
  name: request-count
  namespace: istio-system
spec:
  quotaSpecs:
  - name: request-count
    namespace: istio-system
  services:
  - name: productpage
    namespace: default
    #  - service: '*'  # Uncomment this to bind *all* services to request-count
---
apiVersion: config.istio.io/v1alpha2
kind: rule
metadata:
  name: quota
  namespace: istio-system
spec:
  # quota only applies if you are not logged in.
  # match: match(request.headers["cookie"], "user=*") == false
  actions:
  - handler: quotahandler
    instances:
    - requestcountquota

首先,我直接对其进行配置。

- dimensions:
Destination: product page
MaxAmount: 1
Valid Duration: 5S

限制速率效果很好。 当我配置时:

- dimensions:
Destination: product page
MaxAmount: 500
ValidDuration: 1s

请求仍然会在短时间内返回429,此时的配置(500 / s)应该不受限制。在测试期间,我直接访问了k8s产品页面服务IP,例如curl 10.233.5.240:9080/product页面。

我希望你能告诉我为什么。非常感谢您的回答。

1 个答案:

答案 0 :(得分:0)

我已经解决了这个问题,因为istio-policy组件的资源(cpu和内存)不足,并且默认情况下分配的太少,这使该策略无效。但是我不知道为什么。请解释什么在memquota或redisquota中。配额配置不是全部在特使配置中吗?