istio - "max_connections"在 Envoy 中真正意味着什么?

标签 istio circuit-breaker envoyproxy

我的问题是关于 Envoy 中“cluster.CircuitBreakers.Thresholds.max_connections”的真正含义。 .

envoy doc 中的

cluster.CircuitBreakers.Thresholds.max_connections解释为:

The maximum number of connections that Envoy will make to the upstream cluster. If not specified, the default is 1024.

Istio使用 Envoy 作为 sidecar。最近我们尝试了熔断示例,但总是发现连接数比我们配置的要多。

因此我们进行另一个测试,如下所示:

  1. 向 istio 添加两个服务:

    • echo 客户端:1 个 pod,下游,将向 echo 服务器发送 HTTP 请求
    • echo 服务器:2 个 Pod,上游。

服务容器:

[root@k8s-master istio-1.0.3]# kubectl get pod -o wide
NAME                          READY   STATUS    RESTARTS   AGE     IP            NODE     NOMINATED NODE
echoclient-84485fbc5c-zxlv8   2/2     Running   0          8s      10.244.2.79   node02   <none>
echoserver-5655768fb9-smsvb   2/2     Running   0          23h     10.244.2.65   node02   <none>
echoserver-5655768fb9-srsq2   2/2     Running   0          7h52m   10.244.2.73   node02   <none>
  • 配置了 echo 服务器的目标规则,下面显示了 envoy 中的相应信息。 (最大连接数为 2)

    • istio 代理配置输出:

    [root@k8s-master istio-1.0.3]# istioctl proxy-config clusters echoclient-84485fbc5c-zxlv8 --fqdn echoserver.default.svc.cluster.local -o json
[
    {
        "name": "outbound|8080||echoserver.default.svc.cluster.local",
        "type": "EDS",
        "edsClusterConfig": {
            "edsConfig": {
                "ads": {}
            },
            "serviceName": "outbound|8080||echoserver.default.svc.cluster.local"
        },
        "connectTimeout": "1.000s",
        "circuitBreakers": {
            "thresholds": [
                {
                    "maxConnections": 2
                }
            ]
        }
    }
]
  • 从 echo 客户端向每个服务器同时发出多个请求(每个线程 40 个请求)。

    • 结果:

    [root@k8s-master istio-1.0.3]# kubectl exec -it echoclient-84485fbc5c-zxlv8 /bin/bash
Defaulting container name to echoclient.
Use 'kubectl describe pod/echoclient-84485fbc5c-zxlv8 -n default' to see all of the containers in this pod.
[root@echoclient-84485fbc5c-zxlv8 /]# /opt/jre/bin/java -cp /opt/echoclient-1.0-SNAPSHOT-jar-with-dependencies.jar hello.HttpSender "http://echoserver:8080/echo?name=peter" 10 40 0
using num threads: 10
Starting pool-1-thread-1 with numCalls=40 parallelSends=false delayBetweenCalls=0 url=http://echoserver:8080/echo?name=peter mixedRespTimes=false
Starting pool-1-thread-2 with numCalls=40 parallelSends=false delayBetweenCalls=0 url=http://echoserver:8080/echo?name=peter mixedRespTimes=false
Starting pool-1-thread-3 with numCalls=40 parallelSends=false delayBetweenCalls=0 url=http://echoserver:8080/echo?name=peter mixedRespTimes=false
Starting pool-1-thread-4 with numCalls=40 parallelSends=false delayBetweenCalls=0 url=http://echoserver:8080/echo?name=peter mixedRespTimes=false
Starting pool-1-thread-5 with numCalls=40 parallelSends=false delayBetweenCalls=0 url=http://echoserver:8080/echo?name=peter mixedRespTimes=false
Starting pool-1-thread-6 with numCalls=40 parallelSends=false delayBetweenCalls=0 url=http://echoserver:8080/echo?name=peter mixedRespTimes=false
Starting pool-1-thread-7 with numCalls=40 parallelSends=false delayBetweenCalls=0 url=http://echoserver:8080/echo?name=peter mixedRespTimes=false
Starting pool-1-thread-8 with numCalls=40 parallelSends=false delayBetweenCalls=0 url=http://echoserver:8080/echo?name=peter mixedRespTimes=false
Starting pool-1-thread-9 with numCalls=40 parallelSends=false delayBetweenCalls=0 url=http://echoserver:8080/echo?name=peter mixedRespTimes=false
Starting pool-1-thread-10 with numCalls=40 parallelSends=false delayBetweenCalls=0 url=http://echoserver:8080/echo?name=peter mixedRespTimes=false
pool-1-thread-7: successes=[40], failures=[0], duration=[481ms]
pool-1-thread-6: successes=[40], failures=[0], duration=[485ms]
pool-1-thread-4: successes=[40], failures=[0], duration=[504ms]
pool-1-thread-1: successes=[40], failures=[0], duration=[542ms]
pool-1-thread-9: successes=[40], failures=[0], duration=[626ms]
pool-1-thread-8: successes=[40], failures=[0], duration=[652ms]
pool-1-thread-2: successes=[40], failures=[0], duration=[684ms]
pool-1-thread-10: successes=[40], failures=[0], duration=[657ms]
pool-1-thread-5: successes=[40], failures=[0], duration=[678ms]
pool-1-thread-3: successes=[40], failures=[0], duration=[696ms]
  • 检查从 echo 客户端到 echo 服务器的 HTTP 连接

    • 来自 netstat 的连接信息:

    [root@echoclient-84485fbc5c-zxlv8 /]# netstat -ano | grep 8080 | grep ESTABLISHED
tcp        0      0 10.244.2.79:58074       10.244.2.65:8080        ESTABLISHED off (0.00/0/0)
tcp        0      0 10.244.2.79:38076       10.244.2.73:8080        ESTABLISHED off (0.00/0/0)
tcp        0      0 10.244.2.79:58088       10.244.2.65:8080        ESTABLISHED off (0.00/0/0)
tcp        0      0 10.244.2.79:38080       10.244.2.73:8080        ESTABLISHED off (0.00/0/0)
tcp        0      0 10.244.2.79:58056       10.244.2.65:8080        ESTABLISHED off (0.00/0/0)
tcp        0      0 10.244.2.79:38094       10.244.2.73:8080        ESTABLISHED off (0.00/0/0)
tcp        0      0 10.244.2.79:38110       10.244.2.73:8080        ESTABLISHED off (0.00/0/0)
tcp        0      0 10.244.2.79:58076       10.244.2.65:8080        ESTABLISHED off (0.00/0/0)

    来自 Envoy 集群的连接信息:

    [root@echoclient-84485fbc5c-zxlv8 /]# curl -s http://localhost:15000/clusters | grep echoserver
outbound|8080||echoserver.default.svc.cluster.local::default_priority::max_connections::2
outbound|8080||echoserver.default.svc.cluster.local::default_priority::max_pending_requests::1024
outbound|8080||echoserver.default.svc.cluster.local::default_priority::max_requests::1024
outbound|8080||echoserver.default.svc.cluster.local::default_priority::max_retries::3
outbound|8080||echoserver.default.svc.cluster.local::high_priority::max_connections::1024
outbound|8080||echoserver.default.svc.cluster.local::high_priority::max_pending_requests::1024
outbound|8080||echoserver.default.svc.cluster.local::high_priority::max_requests::1024
outbound|8080||echoserver.default.svc.cluster.local::high_priority::max_retries::3
outbound|8080||echoserver.default.svc.cluster.local::added_via_api::true
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.65:8080::cx_active::4
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.65:8080::cx_connect_fail::0
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.65:8080::cx_total::4
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.65:8080::rq_active::0
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.65:8080::rq_error::0
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.65:8080::rq_success::200
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.65:8080::rq_timeout::0
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.65:8080::rq_total::200
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.65:8080::health_flags::healthy
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.65:8080::weight::1
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.65:8080::region::
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.65:8080::zone::
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.65:8080::sub_zone::
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.65:8080::canary::false
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.65:8080::success_rate::-1
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.73:8080::cx_active::4
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.73:8080::cx_connect_fail::0
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.73:8080::cx_total::4
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.73:8080::rq_active::0
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.73:8080::rq_error::0
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.73:8080::rq_success::200
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.73:8080::rq_timeout::0
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.73:8080::rq_total::200
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.73:8080::health_flags::healthy
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.73:8080::weight::1
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.73:8080::region::
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.73:8080::zone::
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.73:8080::sub_zone::
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.73:8080::canary::false
outbound|8080||echoserver.default.svc.cluster.local::10.244.2.73:8080::success_rate::-1

    我们可以看到从 echoclient 到 echoserver 有 8 个连接(10.244.2.65,10.244.2.73),但不是配置的 maxConnections 2

    为什么有 8 个连接而不是 2 个? 对envoy的maxConnections有什么误解吗?

    最佳答案

    正如加勒特在评论中提到的:

    max_connectionsmax_requests 指的是 php 池的每个在重生之前可以获取的连接数,通常可以在/etc/etc/php/{version}/fpm/pool.d/www.conf max_children 基于机器的内存,一些有用的示例教程对我来说,理解是 Max Requests / Children

    关于istio - "max_connections"在 Envoy 中真正意味着什么?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/53493758/

    上一篇:asp.net - 生成 ModelState 字典的键

    下一篇: Angular 5 : How to get parent component routing parameter in child component?

    相关文章:

    kubernetes - Istio (1.0) 内部 ReplicaSet 路由 - 支持 Kubernetes Deployment 中 pod 之间的流量

    azure - Istio Operator Spec 如何为 addonComponents 添加 "hub"参数?

    spring-webflux - 如何在 Spring WebFlux 中使用 Jaeger?

    java - Resilience4J 断路器配置无法正常工作

    kubernetes - istio:VirtualService 重写到根 url

    kubernetes - istio可以调用lambda函数吗?

    amazon-web-services - Keycloak 服务器管理控制台阻止使用 Istio 网关和 AWS HTTPS 应用程序负载均衡器的 AWS K3S Kubernetes 集群上的混合内容响应

    kubernetes - Kubernetes 上的 EventStore : Connection refused

    java - Mockito 测试具有调用网关服务步骤的方法

    Elasticsearch 未分配分片 CircuitBreakingException[[parent] 数据太大

    ©2024 IT工具网  联系我们