Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Higress访问网关支持根据请求ip优先调用ip对应的服务 #1452

Open
abclint opened this issue Oct 29, 2024 · 8 comments
Open

Higress访问网关支持根据请求ip优先调用ip对应的服务 #1452

abclint opened this issue Oct 29, 2024 · 8 comments
Assignees
@jizhuozhi
Labels
area/loadbalancer

Comments

@abclint
Copy link

abclint commented Oct 29, 2024
edited
Loading

Why do you need it?

Is your feature request related to a problem? Please describe in details

Higress访问网关支持根据请求ip(x_forwarded_for)优先调用服务地址中对应ip的服务

How could it be?

A clear and concise description of what you want to happen. You can explain more about input of the feature, and output of it.

比如本机访问网关服务,本机ip:192.168.10.1
网关服务路由到目标服务A,A服务地址:192.168.10.1,192.168.10.2
优先调用192.168.10.1的A服务

Other related information

Add any other context or screenshots about the feature request here.
@jizhuozhi
Copy link
Collaborator

可以描述下在决定使用IP地址前的原始需求么?因为如果直接将私有IP地址暴露在公网的话是很危险的行为,我理解你需要的应该是泳道一类的环境隔离能力

@jizhuozhi
Copy link
Collaborator

jizhuozhi commented Oct 29, 2024
edited
Loading

在spring cloud中有支持类似的能力https://docs.spring.io/spring-cloud-commons/reference/spring-cloud-commons/loadbalancer.html#same-instance-preference-for-loadbalancer ,但是我觉得这是为有状态服务session固定设计的,他不是很适合用于公网ingress

@abclint
Copy link
Author

abclint commented Oct 29, 2024

可以描述下在决定使用IP地址前的原始需求么?因为如果直接将私有IP地址暴露在公网的话是很危险的行为,我理解你需要的应该是泳道一类的环境隔离能力

目前多个研发同时在本地开发调试同一个服务,网关路由如果调用到其他研发的开发机器,可能因为缺少代码导致报错,只有调用到自己本地才会正常

@jizhuozhi
Copy link
Collaborator

jizhuozhi commented Oct 29, 2024
edited
Loading

这个问题我觉得可以抽象出来,现在实际上是给某些机器进行打标(tag),希望在入口负载均衡的时候根据特定tag去选择对应的实例,这样的话在测试的时候可以通过对应的header去匹配对应的tag。可以看下这个subsets实现是不是和你的需求类似https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/subsets

或者只看描述

Divide the cluster into different subsets based on tags on the client, suitable for stateful services or multi-tenant services

@jizhuozhi jizhuozhi self-assigned this Oct 29, 2024
@abclint
Copy link
Author

abclint commented Oct 30, 2024

这个问题我觉得可以抽象出来,现在实际上是给某些机器进行打标(tag),希望在入口负载均衡的时候根据特定tag去选择对应的实例,这样的话在测试的时候可以通过对应的header去匹配对应的tag。可以看下这个lb实现是不是和你的需求类似https://github.com/kitex-contrib/loadbalance-tagging

或者只看描述

Divide the cluster into different subsets based on tags on the client, suitable for stateful services or multi-tenant services

是的,我们目前的方案是复制一份路由配置,匹配header中对应的tag,路由到固定地址的服务

@johnlanni
Copy link
Collaborator

基于ip到同ip服务这种个人感觉不通用。同意上面 @jizhuozhi 说的打标逻辑,但要实现这个需要联动服务注册,服务发现是通过什么呢,nacos?k8s? nacos的话通过注册时设置一个特殊的metadata比如source=local,k8s的话通过pod的label,然后结合istio destinationrule 这个CRD,给对应的服务设置subset,再调整ingress指向对应的subset。
不过这套机制其实挺复杂,我理解你需要一套简单的机制,可能不一定满足。

@johnlanni
Copy link
Collaborator

K8s上的话可以考虑用 telepresence,就是为了解决这类问题的

@jizhuozhi
Copy link
Collaborator

目前看metadata与header匹配进行分流的逻辑,在分泳道测试的场景下是个通用问题。目前在数据面上存在解决方案但是会比较繁琐,后面可以考虑做在控制面上提供UI界面作为产品化解决方案对外输出

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jizhuozhi jizhuozhi

Labels
area/loadbalancer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@johnlanni @jizhuozhi @abclint