1、需求
2、版本备注
2.1 环境镜像
| 镜像版本 | deployment | 备注 |
|---|---|---|
| harbor.test.com/java-dev/demo:Canary | dev-demo-canary | 假设是灰度版本 |
| harbor.test.com/java-dev/demo:Prod | dev-demo | 假设是正式版本 |
2.2 环境deployment
canary版本
apiVersion: apps/v1
kind: Deployment
metadata:
name: dev-demo-canary
namespace: devops
spec:
replicas: 1
selector:
matchLabels:
app: dev-demo-canary
template:
metadata:
labels:
app: dev-demo-canary
spec:
containers:
- name: dev-demo-canary
image: harbor.test.com/java-dev/demo:Canary
volumeMounts: []
volumes: []
restartPolicy: Always
dnsPolicy: ClusterFirst
---
apiVersion: v1
kind: Service
metadata:
name: dev-demo-canary
namespace: devops
spec:
selector:
app: dev-demo-canary
ports:
- name: dev-demo-canary-8080
protocol: TCP
port: 8080
targetPort: 8080
Prod版本
apiVersion: apps/v1
kind: Deployment
metadata:
name: dev-demo-prod
namespace: devops
spec:
replicas: 1
selector:
matchLabels:
app: dev-demo-prod
template:
metadata:
labels:
app: dev-demo-prod
spec:
containers:
- name: dev-demo-prod
image: harbor.test.com/java-dev/demo:Prod
volumeMounts: []
volumes: []
restartPolicy: Always
dnsPolicy: ClusterFirst
---
apiVersion: v1
kind: Service
metadata:
name: dev-demo-prod
namespace: devops
spec:
selector:
app: dev-demo-prod
ports:
- name: dev-demo-prod-8080
protocol: TCP
port: 8080
targetPort: 8080
3、Canary灰度发布
3.1 基于Header灰度发布
使用
nginx.ingress.kubernetes.io/canary注解实现灰度流量控制。
3.1.1 prod的ingress-rule
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dev-ingress-prod
namespace: devops
spec:
ingressClassName: nginx
tls:
- hosts:
- mydevweb.local
secretName: mydevweb-secret
rules:
- host: mydevweb.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: dev-demo-prod
port:
number: 8080
3.1.2 canary的ingress-rule
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dev-ingress-canary
namespace: devops
###canary的header注解
annotations:
nginx.ingress.kubernetes.io/canary: "true"
nginx.ingress.kubernetes.io/canary-by-header: "Canary"
nginx.ingress.kubernetes.io/canary-by-header-value: "true"
###以上是header注解
spec:
ingressClassName: nginx
tls:
- hosts:
- mydevweb.local
secretName: mydevweb-secret
rules:
- host: mydevweb.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: dev-demo-canary
port:
number: 8080
注释
| 注解 | 作用 |
|---|---|
| http://nginx.ingress.kubernetes.io/canary: "true" | 表示此 Ingress 为灰度规则 |
| http://nginx.ingress.kubernetes.io/canary-by-header | 指定用于判断的 HTTP Header 名称 |
| http://nginx.ingress.kubernetes.io/canary-by-header-value | 指定 Header 的值,当匹配该值时流量进入 Canary |
3.1.3 验证服务
kubectl -n devops get deploy |grep dev-demo
kubectl -n devops get svc |grep dev-demo
kubectl -n devops get ingress
普通用户场景访问
#-k忽略证书校验
curl -k https://mydevweb.local
#或
curl -k -H "Host: mydevweb.local" https://mydevweb.local
灰度用户访问
curl -k -H "Host: mydevweb.local" -H "Canary: true" https://mydevweb.local
3.2 基于Cookie灰度发布
3.2.1 prod的ingress-rule
不变
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dev-ingress-prod
namespace: devops
spec:
ingressClassName: nginx
tls:
- hosts:
- mydevweb.local
secretName: mydevweb-secret
rules:
- host: mydevweb.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: dev-demo-prod
port:
number: 8080
3.2.2 canary的ingress-rule
注解内容有变
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dev-ingress-canary
namespace: devops
###canary的cookie注解
annotations:
nginx.ingress.kubernetes.io/canary: "true"
nginx.ingress.kubernetes.io/canary-by-cookie: "Canary"
###以上是cookie注解
spec:
ingressClassName: nginx
tls:
- hosts:
- mydevweb.local
secretName: mydevweb-secret
rules:
- host: mydevweb.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: dev-demo-canary
port:
number: 8080
注释
| 注解 | 含义 |
|---|---|
| nginx.ingress.kubernetes.io/canary | 标记为灰度规则 |
| nginx.ingress.kubernetes.io/canary-by-cookie | 指定 Cookie 名(这里是 Canary) |
3.2.3 验证服务
灰度用户场景访问
curl -k -H "Host: mydevweb.local" -H "Canary: true" https://mydevweb.local
评论区