Mesh Week: Traffic Management (# 3)
takashi.kanazawaI tried the mock exam provided by Mesh Week at the following link:
Question: Traffic Management
Create a VirtualService that injects delays and faults for the “backend” for these cases:
A 5-second delay whenever a request is made to backend.default.svc.cluster.local/delay
An HTTP 403 response whenever a request is made to backend.default.svc.cluster.local/fault
takashi.kanazawaAnswer
Step 1: Install Istio
First, install Istio using the demo profile.
$ istioctl install --set profile=demo
$ kubectl label ns default istio-injection=enabled
Step 2: Create the backend Deployment
Create a deployment named backend using the kennethreitz/httpbin image.
$ kubectl create deployment backend --image=kennethreitz/httpbin
Step 3: Create a Service
Expose the backend deployment using a ClusterIP service.
$ kubectl expose deployment backend --port=80 --type=ClusterIP
Step 4: Create the tester Pod
Create a tester pod using the nginx:alpine image to send requests.
$ kubectl run tester --image=nginx:alpine
Step 5: Verify Resources
Check the status of the created pods and services.
$ kubectl get po,svc -L app
Step 6: Create the VirtualService
Now, create a VirtualService with the following fault injection configurations:
- Add a 5-second delay for requests to the
/delaypath. - Return a 403 error for requests to the
/faultpath. - Redirect all other requests to
/get.
Create a file named backend-vs.yaml with the following content:
apiVersion: networking.istio.io/v1
kind: VirtualService
metadata:
name: backend
spec:
hosts:
- backend
http:
- match:
- uri:
prefix: "/delay"
rewrite:
uri: "/get"
fault:
delay:
percentage:
value: 100
fixedDelay: 5s
route:
- destination:
host: backend
- match:
- uri:
prefix: "/fault"
rewrite:
uri: "/get"
fault:
abort:
percentage:
value: 100
httpStatus: 403
route:
- destination:
host: backend
- rewrite:
uri: "/get"
route:
- destination:
host: backend
Apply the VirtualService configuration:
$ kubectl apply -f backend-vs.yaml
Step 7: Test the VirtualService
Send requests from the tester pod to the backend service to verify if the fault injection works as expected.
Normal Request
Run the following command to send a normal request to the backend service.
$ kubectl exec tester -- curl -s -w "time_total:%{time_total}" -o /dev/null -D - http://backend
Response:
HTTP/1.1 200 OK
server: envoy
date: Fri, 06 Sep 2024 05:21:30 GMT
content-type: application/json
content-length: 458
access-control-allow-origin: *
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
time_total:0.002987%
Request with Delay
Send a request to the /delay path, which should induce a 5-second delay.
$ kubectl exec tester -- curl -s -w "time_total:%{time_total}" -o /dev/null -D - http://backend/delay
Response:
HTTP/1.1 200 OK
server: envoy
date: Fri, 06 Sep 2024 05:21:40 GMT
content-type: application/json
content-length: 463
access-control-allow-origin: *
access-control-allow-credentials: true
x-envoy-upstream-service-time: 3
time_total:5.009150%
Request with 403 Error
Send a request to the /fault path, which should return a 403 error.
$ kubectl exec tester -- curl -s -w "time_total:%{time_total}" -o /dev/null -D - http://backend/fault
Response:
HTTP/1.1 403 Forbidden
content-length: 18
content-type: text/plain
date: Fri, 06 Sep 2024 05:21:43 GMT
server: envoy
time_total:0.003623%
Conclusion
I configured a VirtualService in Istio to handle fault injection, including delay and HTTP 403 errors. The test results show that Istio is correctly processing the requests according to the rules defined in the VirtualService.
takashi.kanazawaHTTPRoute:
HTTPFaultInjection: