Istio 出站策略与多区域路由（Locality LB、Outlier Detection 与验证）

概述在多区域架构中，出站请求应优先就近路由并对异常实例进行剔除。通过Locality优先级与Outlier Detection，可在跨区域访问时兼顾延迟与稳定性。关键实践与参数本地优先: localityLbSetting优先分配到同区域与同可用区异常剔除: outlierDetection按错误比例与并发请求剔除异常端点连接与重试: 结合连接池与重试阈值提升鲁棒性监测: 在网关与Sidecar采集出站指标与错误率示例/配置/实现apiVersion: networking.istio.io/v1alpha3 kind: ServiceEntry metadata: name: external-api spec: hosts: - api.external.com location: MESH_EXTERNAL ports: - number: 443 name: https protocol: TLS resolution: DNS apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: external-dr spec: host: api.external.com trafficPolicy: connectionPool: http: maxRequestsPerConnection: 100 http1MaxPendingRequests: 200 outlierDetection: consecutive5xxErrors: 5 interval: 5s baseEjectionTime: 30s maxEjectionPercent: 50 loadBalancer: localityLbSetting: enabled: true localityWeightedLb: - locality: region: cn zone: a weight: 100 - locality: region: us zone: a weight: 50 apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: external-vs spec: hosts: - api.external.com tls: - match: - sniHosts: - api.external.com route: - destination: host: api.external.com port: number: 443 验证就近路由: 在不同区域进行请求, 延迟与带宽符合本地优先预期剔除效果: 注入5xx错误, 观察异常端点被剔除并在基准时间后恢复稳定性: 在高并发下错误率与延迟保持在目标区间指标: 采集出站请求成功率与剔除计数, 建立告警注意事项locality权重需结合实际拓扑与流量比例剔除参数过于激进可能影响可用性, 需权衡与Egress Gateway策略协同, 保持出站治理一致定期复盘出站拓扑与指标以优化参数