简介
熔断是一种流量管理的策略,用于在系统出现故障或超负荷的情况下,保护系统免受进一步的损害。ASM 支持为集群内或集群外服务配置熔断,由 sidecar 自动完成熔断行为,无须修改任何应用配置。
实践步骤
- 参考 管理全局命名空间 开启 default 命名空间的 sidecar 自动注入。
- 执行以下命令,在 default 命名空间下部署 sleep 应用对外发起请求。
kubectl apply -f - <<EOF apiVersion: v1 kind: ServiceAccount metadata: name: sleep --- apiVersion: v1 kind: Service metadata: name: sleep labels: app: sleep service: sleep spec: ports: - port: 80 name: http selector: app: sleep --- apiVersion: apps/v1 kind: Deployment metadata: name: sleep spec: replicas: 1 selector: matchLabels: app: sleep template: metadata: labels: app: sleep spec: terminationGracePeriodSeconds: 0 serviceAccountName: sleep containers: - name: sleep image: registry.cn-hangzhou.aliyuncs.com/acs/curl:8.1.2 command: ["/bin/sleep", "infinity"] imagePullPolicy: IfNotPresent volumeMounts: - mountPath: /etc/sleep/tls name: secret-volume volumes: - name: secret-volume secret: secretName: sleep-secret optional: true EOF
部署完实例应用之后,执行如下命令,访问外部服务 httpbin.org。
kubectl exec -it deploy/sleep -- sh -c "for i in \$(seq 1 100); do curl httpbin.org/status/503 -v; sleep 1; done"
您应该能看到如下响应,可以看出,服务端返回了 503 状态码。
* Trying 240.240.0.5:80... * Connected to httpbin.org (240.240.0.5) port 80 (#0) > GET /status/503 HTTP/1.1 > Host: httpbin.org > User-Agent: curl/8.1.2 > Accept: */* > < HTTP/1.1 503 Service Unavailable < date: Fri, 08 Aug 2025 06:41:28 GMT < content-type: text/html; charset=utf-8 < content-length: 0 < server: envoy < access-control-allow-origin: * < access-control-allow-credentials: true < x-envoy-upstream-service-time: 485
- 执行如下命令,在集群中部署熔断配置。该配置当 sleep 应用访问 httpbin 应用在 10 秒内有 60% 以上的请求发生错误,或是超过 10 个慢请求时,对客户端进行熔断,返回 499 状态码。更多相关配置,参照 ASMCircuitBreaker CRD说明。
kubectl apply -f - <<EOF apiVersion: networking.istio.io/v1 kind: ServiceEntry metadata: name: httpbin-org spec: exportTo: - '*' hosts: - httpbin.org location: MESH_EXTERNAL ports: - name: http number: 80 protocol: HTTP resolution: DNS --- apiVersion: istio.alibabacloud.com/v1 kind: ASMCircuitBreaker metadata: name: httpbin-org-breaker spec: workloadSelector: labels: app: sleep applyToTraffic: sidecar_outbound configs: - target_services: - kind: ServiceEntry name: httpbin-org port: 80 breaker_config: slow_request_rt: 0.1s break_duration: 90s window_size: 10s max_slow_requests: 10 min_request_amount: 3 error_percent: value: 60 custom_response: header_to_add: x-envoy-circuitbreak: "true" body: "hello, break!" status_code: 499 EOF
- 执行如下命令,对熔断配置进行验证。
kubectl exec -it deploy/sleep -- sh -c "for i in \$(seq 1 100); do curl httpbin.org/status/503 -v; sleep 1; done"
当进行第四个请求时,您应该可以看到如下结果,可以看出 sidecar 进行了熔断并向客户端返回了 499 状态码。
* Connection #0 to host httpbin.org left intact * Trying 240.240.0.5:80... * Connected to httpbin.org (240.240.0.5) port 80 (#0) > GET /status/503 HTTP/1.1 > Host: httpbin.org > User-Agent: curl/8.1.2 > Accept: */* > < HTTP/1.1 499 Unknown < x-envoy-circuitbreak: true < content-length: 13 < content-type: text/plain < date: Fri, 08 Aug 2025 06:47:09 GMT < server: envoy <
