如何在istio中调试QuotaSpecBinding的速率限制? [英] How to debug QuotaSpecBinding for rate-limits in istio?

问题描述

我正在尝试为启用istio的服务启用速率限制.但这是行不通的.如果我的配置正确，我该如何调试?

I am trying to enable the rate-limit for my istio enabled service. But it doesn't work. How do I debug if my configuration is correct?

apiVersion: config.istio.io/v1alpha2
kind: memquota
metadata:
  name: handler
  namespace: istio-system
spec:
  quotas:
  - name: requestcount.quota.istio-system
    maxAmount: 5
    validDuration: 1s
    overrides:
    - dimensions:
        engine: myEngineValue
      maxAmount: 5
      validDuration: 1s
---
apiVersion: config.istio.io/v1alpha2
kind: quota
metadata:
  name: requestcount
  namespace: istio-system
spec:
  dimensions:
    source: request.headers["x-forwarded-for"] | "unknown"
    destination: destination.labels["app"] | destination.service | "unknown"
    destinationVersion: destination.labels["version"] | "unknown"
    engine: destination.labels["engine"] | "unknown"
---
apiVersion: config.istio.io/v1alpha2
kind: QuotaSpec
metadata:
  name: request-count
  namespace: istio-system
spec:
  rules:
  - quotas:
    - charge: 1
      quota: requestcount
---
apiVersion: config.istio.io/v1alpha2
kind: QuotaSpecBinding
metadata:
  name: request-count
  namespace: istio-system
spec:
  quotaSpecs:
  - name: request-count
    namespace: istio-system
  services:
  # - service: '*' ; I tried with this as well
  - name: my-service
    namespace: default
---
apiVersion: config.istio.io/v1alpha2
kind: rule
metadata:
  name: quota
  namespace: istio-system
spec:
  actions:
  - handler: handler.memquota
    instances:
    - requestcount.quota

我也在QuotaSpecBinding中尝试了- service: '*'；但没有运气.

I tried with - service: '*' as well in the QuotaSpecBinding; but no luck.

如何确认我的配置是否正确? my-service是用于我的部署的kubernetes服务. (是否必须是istio的VirtualService才能使速率限制起作用?是的，必须！)

How, do I confirm if my configuration was correct? the my-service is the kubernetes service for my deployment. (Does this have to be a VirtualService of istio for rate limits to work? Yes, it has to!)

除了VirtualService部分，我遵循了此文档.

I followed this doc except the VirtualService part.

我在命名空间中的某个地方感觉到我做错了.

I have a feeling somewhere in the namespaces I am doing a mistake.

推荐答案

您必须为服务my-service定义虚拟服务:

You have to define the virtual service for the service my-service:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: myservice
spec:
  hosts:
  - myservice
  http:
  - route:
    - destination:
        host: myservice

通过这种方式，您可以让Istio知道您要托管的服务.

This way, you allow Istio to know which service are you host you are referring to.

在调试方面，我知道有一个名为 Kiali 的项目，旨在利用Istio环境中的可观察性.我知道他们已经对某些Istio和Kubernetes对象进行了验证: Istio配置浏览.

In terms of debugging, I know that there is a project named Kiali that aims to leverage observability in Istio environments. I know that they have validations for some Istio and Kubernetes objects: Istio configuration browse.

这篇关于如何在istio中调试QuotaSpecBinding的速率限制?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！