Alibaba Cloud Service Mesh:Scenario 2: Request routing headers are the same as E2E pass-through request headers

Feature description

In permissive mode, you need to only create a baseline lane that contains all services in the relevant call chains. Other lanes are not required to contain all services in the relevant call chains. When services in a lane call each other, if the service to be called does not exist in the lane, requests are forwarded to the same service in the baseline lane. When the service to be called becomes available in the lane, requests are forwarded back to the desired service in the lane. When you use traffic lanes in permissive mode, your application must add E2E pass-through request headers to the request message. These headers must be transmitted without modification through the call chains. In addition, you must specify request routing headers. The ASM ingress gateway routes traffic to different lanes based on the content of the request routing headers.

In Scenario 1: Request routing headers are different from E2E pass-through request headers, the request routing header is x-asm-prefer-tag and the E2E pass-through request header is my-request-id. In this scenario, the content of E2E pass-through request headers varies with requests. This means that each call chain has a unique ID. If you specify the E2E pass-through request header as the request routing header, the preceding limit for the E2E pass-through request header is no longer applicable. This allows you to route traffic to different lanes based on the content of the E2E pass-through request header.

In this example, three lanes (s1, s2, and s3) are created for the mocka, mockb, and mockc services. s1 represents the call chain of mocka v1, mockb v1, and mockc v1, and this pattern continues with s2 representing the call chain of mocka v2, mockb v2, and mockc v2, and s3 representing the call chain of mocka v3, mockb v3, and mockc v3. s1 is the baseline lane and contains all three services. s2 contains only the mocka and mockc services. s3 contains only the mockb service. In this example, both the E2E pass-through request header and the request routing header are specified as my-request-id.

Step 1: Deploy sample services

1. Enable automatic sidecar proxy injection for the default namespace. For more information about how to enable this feature, see Enable automatic sidecar proxy injection.

   For more information about automatic sidecar proxy injection, see Configure automatic sidecar proxy injection policies.

2. Run the following commands to deploy sample services in a Container Service for Kubernetes (ACK) cluster:

   kubectl apply -f https://alibabacloudservicemesh.oss-cn-beijing.aliyuncs.com/asm-labs/swimlane/v1/mock-v1.yaml
   kubectl apply -f https://alibabacloudservicemesh.oss-cn-beijing.aliyuncs.com/asm-labs/swimlane/v2/mock-v2.yaml
   kubectl apply -f https://alibabacloudservicemesh.oss-cn-beijing.aliyuncs.com/asm-labs/swimlane/v3/mock-v3.yaml

Step 2: Create a lane group and lanes

1. Create a lane group.

   1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.

   2. On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose Traffic Management Center > Traffic Lane.

   3. On the Traffic Lane page, click Create Swimlane Group. In the Create Swimlane Group panel, set the parameters and click OK.

      Parameter	Description
      Name of swim lane group	For this example, enter test.
      Entrance gateway	Select ingressgateway.
      Lane Mode	Select Permissive Mode.
      Request Header Settings	Set E2E Pass-through Request Header to my-request-id and select Use E2E Pass-through Request Header for Traffic Routing.
      Swimlane Services	Select the desired ACK cluster from the Kubernetes Clusters drop-down list and select default from the Namespace drop-down list. Then, select mocka, mockb, and mockc in the service list, and click the icon to add the services to the selected section.

2. Create s1, s2, and s3 lanes and bind the s1 lane to version 1 (v1) of the sample services, the s2 lane to version 2 (v2) of the sample services, and the s3 lane to version 3 (v3) of the sample services.

   1. In the Traffic Rule Definition section of the Traffic Lane page, click Create swimlanes.

   2. In the Create swimlanes dialog box, set the parameters and click OK.

      Parameter	Description
      Swimlane Name	Name the three lanes as s1, s2, and s3 respectively.
      Configure Service Tag	Label Key: Select ASM_TRAFFIC_TAG. Label Value: Select v1 for the s1 lane, v2 for the s2 lane, and v3 for the s3 lane.
      Add Service	For the s1 lane, select mocka(default), mockb(default), and mockc(default). For the s2 lane, select mocka(default) and mockc(default). For the s3 lane, select mockb(default).

      The following figure shows the configurations of the s1 lane.

      

      After the three lanes are created, you can view them in the Traffic Rule Definition section, as shown in the following figure. By default, the first lane you create in a lane group is set as the baseline lane. However, you can change the baseline lane. When traffic is destined for services that do not exist in the other lanes, requests are forwarded to the baseline lane according to the fallback mechanism. For more information about how to change the baseline lane, see Change the baseline lane in permissive mode.

      A destination rule and a virtual service are automatically generated for each service in the lanes. You can choose Traffic Management Center > DestinationRule or VirtualService in the left-side navigation pane to view the destination rule or virtual service. For example, the following destination rule and virtual service are automatically created for the mocka service.

      Expand to view the sample YAML code of the destination rule

      apiVersion: networking.istio.io/v1beta1
      kind: DestinationRule
      metadata:
        labels:
          asm-system: 'true'
          provider: asm
          swimlane-group: test
        name: trafficlabel-dr-test-default-mocka
        namespace: istio-system
      spec:
        host: mocka.default.svc.cluster.local
        subsets:
          - labels:
              ASM_TRAFFIC_TAG: v1
            name: s1
          - labels:
              ASM_TRAFFIC_TAG: v2
            name: s2
      

      Expand to view the sample YAML code of the virtual service

      apiVersion: networking.istio.io/v1beta1
      kind: VirtualService
      metadata:
        labels:
          asm-system: 'true'
          provider: asm
          swimlane-group: test
        name: trafficlabel-vs-test-default-mocka
        namespace: istio-system
      spec:
        hosts:
          - mocka.default.svc.cluster.local
        http:
          - match:
              - headers:
                  my-request-id:
                    exact: s1
            route:
              - destination:
                  host: mocka.default.svc.cluster.local
                  subset: s1
                fallback:
                  target:
                    host: mocka.default.svc.cluster.local
                    subset: s1
          - match:
              - headers:
                  my-request-id:
                    exact: s2
            route:
              - destination:
                  host: mocka.default.svc.cluster.local
                  subset: s2
                fallback:
                  target:
                    host: mocka.default.svc.cluster.local
                    subset: s1
          - match:
              - headers:
                  my-request-id:
                    exact: s3
            route:
              - destination:
                  host: mocka.default.svc.cluster.local
                  subset: s3
                fallback:
                  target:
                    host: mocka.default.svc.cluster.local
                    subset: s1
      

3. Create a traffic routing rule for each lane.

   1. In the Traffic Rule Definition section of the Traffic Lane page, find the lane for which you want to create a traffic routing rule, and click Ingress traffic rules in the Actions column.

   2. In the Add drainage rule dialog box, set the parameters and click OK.

      This example assumes that the inbound request path of all services in the lanes is /mock, and the same traffic routing rule is configured for each lane.

      Parameter	Description
      Ingress service	For this example, select mocka.default.svc.cluster.local.
      Ingress traffic rules	For this example, set the Name parameter to r1, r2, and r3 respectively for the three lanes. Set the realm name parameter to *.
      Matching request URI	For this example, set the Method parameter to Exact and the Content parameter to /mock.

      The following figure shows the configurations of the traffic routing rule for the s1 lane.

      

      After traffic routing rules are created, you can view them in the Traffic Rule Definition section, as shown in the following figure.

      After a traffic routing rule is created, a virtual service is automatically generated for the lane. For example, the following virtual service is generated for the s2 lane.

      Expand to view the sample YAML code of the virtual service

      apiVersion: networking.istio.io/v1beta1
      kind: VirtualService
      metadata:
        labels:
          asm-system: 'true'
          provider: asm
          swimlane-group: test
        name: swimlane-ingress-vs-test-s2
        namespace: istio-system
      spec:
        gateways:
          - istio-system/ingressgateway
        hosts:
          - '*'
        http:
          - match:
              - headers:
                  my-request-id:
                    exact: s2
                uri:
                  exact: /mock
            name: r2
            route:
              - destination:
                  host: mocka.default.svc.cluster.local
                  subset: s2
                fallback:
                  target:
                    host: mocka.default.svc.cluster.local
                    subset: s1
      

Step 3: Verify that the E2E canary release feature takes effect

1. Obtain the public IP address of the ASM ingress gateway. For more information, see Step 2: Obtain the IP address of the ASM ingress gateway in Integrate KServe with ASM to implement inference services based on cloud-native AI models.

2. Run the following command to configure an environment variable.

   xxx.xxx.xxx.xxx is the IP address obtained in substep 1.

   export ASM_GATEWAY_IP=xxx.xxx.xxx.xxx

3. Verify that the E2E canary release feature takes effect.

   1. Run the following command to access services in the s1 lane.

      In the command, the value of my-request-id is s1, which is the name of the s1 lane that you configured when you created the s1 lane in the substep 2 of Step 2.

      for i in {1..100};  do curl -H'my-request-id: s1' http://${ASM_GATEWAY_IP}/mock ;  echo ''; sleep 1; done;

      Expected output:

      -> mocka(version: v1, ip: 172.17.0.54)-> mockb(version: v1, ip: 172.17.0.129)-> mockc(version: v1, ip: 172.17.0.130)

      The output indicates that traffic specified by the HTTP header my-request-id: s1 flows to the relevant services in the s1 lane. This meets expectations.

   2. Run the following command to access services in the s2 lane.

      In the command, the value of my-request-id is s2, which is the name of the s2 lane that you configured when you created the s2 lane in the substep 2 of Step 2.

      for i in {1..100};  do curl -H'my-request-id: s2' http://${ASM_GATEWAY_IP}/mock ;  echo ''; sleep 1; done;

      Expected output:

      mocka(version: v2, ip: 192.168.1.101)-> mockb(version: v1, ip: 192.168.1.100)-> mockc(version: v2, ip: 192.168.1.116)

      The output indicates that traffic specified by the HTTP header my-request-id: s2 flows to the relevant services in the s2 lane. This meets expectations. When traffic is destined for the mockb service that does not exist in the s2 lane, the traffic is forwarded to the mockb service in the s1 baseline lane according to the fallback mechanism. Then, the traffic is sent to the mockc service in the s2 lane as expected.

   3. Run the following command to access the service in the s3 lane.

      In the command, the value of my-request-id is s3, which is the name of the s3 lane that you configured when you created the s3 lane in substep 2 of Step 2.

      for i in {1..100};  do curl -H'my-request-id: s3' http://${ASM_GATEWAY_IP}/mock ;  echo ''; sleep 1; done;

      Expected output:

      mocka(version: v1, ip: 192.168.1.103)-> mockb(version: v3, ip: 192.168.1.120)-> mockc(version: v1, ip: 192.168.1.105)

      The output indicates that traffic specified by the HTTP header my-request-id: s3 flows to the relevant service in the s3 lane. This meets expectations. When traffic is destined for the mocka and mockc services that do not exist in the s3 lane, the traffic is forwarded to the mocka and mockc services in the s1 baseline lane according to the fallback mechanism.

References

• Traffic lanes have two modes: strict and permissive. For more information about the two modes and differences between them, see Overview of traffic lanes.

• If you want to use traffic lanes in permissive mode to manage E2E traffic in scenarios where request routing headers are different from E2E pass-through request headers, see Scenario 1: Request routing headers are different from E2E pass-through request headers.

• You can configure traffic lanes by specifying virtual services and destination rules. You can also use these rules to configure traffic shifting, which routes traffic to the baseline version or an application with specific characteristics when the destination version or application is unavailable. For more information, see Use traffic rules to configure traffic lanes and traffic shifting.