概述
多集群网格通过EastWest Gateway进行跨集群互联,在出站路由层结合本地优先与Failover策略保证就近访问与故障切换。在区域故障或实例异常时自动切换到备份集群,提升可用性与性能。
关键实践与参数
- EastWest Gateway: 在每个集群部署并暴露网格内部服务
- ServiceEntry: 为跨集群目标声明外部主机与端口
- 本地优先: `localityLbSetting` 优先同Region/Zone
- 故障切换: `failover` 区域映射, 异常时跨区路由
- 异常剔除: `outlierDetection` 剔除错误端点
示例/配置/实现
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: orders-global
spec:
hosts: ["orders.global"]
location: MESH_EXTERNAL
ports:
- number: 15443
name: tls
protocol: TLS
resolution: DNS
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: dr-orders-global
spec:
host: orders.global
trafficPolicy:
loadBalancer:
localityLbSetting:
enabled: true
failover:
- from: cn
to: us
outlierDetection:
consecutive5xxErrors: 5
interval: 5s
baseEjectionTime: 30s
maxEjectionPercent: 50
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: vs-orders
spec:
hosts: ["orders.global"]
tls:
- match:
- sniHosts: ["orders.global"]
route:
- destination:
host: orders.global
port: { number: 15443 }
验证
- 就近访问: 在不同区域发起请求, 延迟与带宽显示本地优先效果
- 故障切换: 注入区域故障或5xx错误, 自动切换至Failover目标
- 剔除与恢复: 异常端点被剔除并在基准时间后恢复
- 可观测: 采集出站请求成功率与切换事件, 设置告警
注意事项
- DNS与Gateway需正确暴露EastWest入口
- Failover映射需贴合业务拓扑与成本
- 与出口治理策略一致, 防止绕过
- 定期演练跨区切换并记录审计
发表评论 取消回复