This sub-module focuses on Istio service-mesh features like Delay and Abort for network resiliency on Amazon EKS.
In this step we setup the delay configuration for catalogdetail virtual service
# This assumes that you are currently in "istio-on-eks/modules/03-network-resiliency/fault-injection" directory
kubectl apply -f ./delay/catalogdetail-virtualservice.yamlOutput should be similar to:
virtualservice.networking.istio.io/catalogdetail configuredRun the following command to retrieve the YAML configuration for catalogdetail VirtualService.
kubectl get virtualservice catalogdetail -o yaml -n workshopOutput should be similar to:
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"networking.istio.io/v1alpha3","kind":"VirtualService","metadata":{"annotations":{},"name":"catalogdetail","namespace":"workshop"},"spec":{"hosts":["catalogdetail"],"http":[{"fault":{"delay":{"fixedDelay":"15s","percentage":{"value":100}}},"match":[{"headers":{"user":{"exact":"internal"}}}],"route":[{"destination":{"host":"catalogdetail","port":{"number":3000}}}]},{"route":[{"destination":{"host":"catalogdetail","port":{"number":3000}}}]}]}}
creationTimestamp: "2024-01-19T17:47:48Z"
generation: 12
name: catalogdetail
namespace: workshop
resourceVersion: "35171847"
uid: 2060b9cd-1e4b-4127-bf94-5c6bc679f286
spec:
hosts:
- catalogdetail
http:
- fault:
delay:
fixedDelay: 15s
percentage:
value: 100
match:
- headers:
user:
exact: internal
route:
- destination:
host: catalogdetail
port:
number: 3000
- route:
- destination:
host: catalogdetail
port:
number: 3000Test the delay by running a curl command against the catalogdetail for user named 'internal' and 'external'.
# Set the FE_POD_NAME variable to the name of the frontend pod in the workshop namespace
export FE_POD_NAME=$(kubectl get pods -n workshop -l app=frontend -o jsonpath='{.items[].metadata.name}')# Access the frontend container in the workshop namespace interactively
kubectl exec -it ${FE_POD_NAME} -n workshop -c frontend -- bashOutput should be similar to:
root@frontend-container-id:/app#
# Allows accessing the shell inside the frontend container for executing commandsRun the curl command for the user named 'internal'
curl http://catalogdetail:3000/catalogdetail/ -s -H "user: internal" -o /dev/null \
-w "Time taken to start transfer: %{time_starttransfer}\n"Output should be similar to:
Time taken to start transfer: 15.009529
# A 15-sec delay is introduced for user named 'internal' based on the delay fault configuration for 'catalogdetail' virtual serviceRun the curl command for the user named 'external' (could be any user other than 'internal')
curl http://catalogdetail:3000/catalogdetail/ -s -H "user: external" -o /dev/null \
-w "Time taken to start transfer: %{time_starttransfer}\n"Output should be similar to:
Time taken to start transfer: 0.006548
# No delay is introduced for user named 'external', since delay fault configuration in 'catalogdetail' virtual service was only applied for user named 'internal'Exit from the shell inside the frontend container
root@frontend-container-id:/app#exitIn this step we setup the abort configuration for catalogdetail virtual service
# This assumes that you are currently in "istio-on-eks/modules/03-network-resiliency/fault-injection" directory
kubectl apply -f ./abort/catalogdetail-virtualservice.yamlOutput should be similar to:
virtualservice.networking.istio.io/catalogdetail configuredRun the following command to retrieve the YAML configuration for catalogdetail VirtualService.
kubectl get virtualservice catalogdetail -o yaml -n workshopOutput should be similar to:
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"networking.istio.io/v1alpha3","kind":"VirtualService","metadata":{"annotations":{},"name":"catalogdetail","namespace":"workshop"},"spec":{"hosts":["catalogdetail"],"http":[{"fault":{"abort":{"httpStatus":500,"percentage":{"value":100}}},"match":[{"headers":{"user":{"exact":"internal"}}}],"route":[{"destination":{"host":"catalogdetail","port":{"number":3000}}}]},{"route":[{"destination":{"host":"catalogdetail","port":{"number":3000}}}]}]}}
creationTimestamp: "2024-01-19T17:47:48Z"
generation: 13
name: catalogdetail
namespace: workshop
resourceVersion: "35180991"
uid: 2060b9cd-1e4b-4127-bf94-5c6bc679f286
spec:
hosts:
- catalogdetail
http:
- fault:
abort:
httpStatus: 500
percentage:
value: 100
match:
- headers:
user:
exact: internal
route:
- destination:
host: catalogdetail
port:
number: 3000
- route:
- destination:
host: catalogdetail
port:
number: 3000Test the abort by running a curl command against the catalogdetail for user named 'internal' and 'external'.
# Access the frontend container in the workshop namespace interactively
kubectl exec -it ${FE_POD_NAME} -n workshop -c frontend -- bashOutput should be similar to:
root@frontend-container-id:/app#
# Allows accessing the shell inside the frontend container for executing commandsRun the curl command for the user named 'internal'
curl http://catalogdetail:3000/catalogdetail/ -s -H "user: internal" -o /dev/null \
-w "HTTP Response: %{http_code}\n"Output should be similar to:
HTTP Response: 500
# HTTP code 500 (Abort) is returned for user named 'internal' based on the abort fault configuration for 'catalogdetail' virtual serviceRun the curl command for the user named 'external' (could be any user other than 'internal')
curl http://catalogdetail:3000/catalogdetail/ -s -H "user: external" -o /dev/null \
-w "HTTP Response: %{http_code}\n"Output should be similar to:
HTTP Response: 200
# HTTP code 200 (Success) is returned for user named 'external', since abort fault configuration in 'catalogdetail' virtual service was only applied for user named 'internal'Exit from the shell inside the frontend container
root@frontend-container-id:/app#exitRun the same set of steps as in the Initial state setup to reset the environment.