今天,在测试环境跑通了istio。

惭愧,是用MicroK8s跑的,其它环境,不敢呀。

基本功能都OK了。

在运行了istio-injection=enabled之后,每个pod运行时,会多一个istio-proxy容器。这是istio功能实现的关键。

那,这里面都有什么进程呢?

/usr/local/bin/pilot-agent

/usr/local/bin/envoy

而pod运行时,启动参数和挂载目录呢?

Args:
      proxy
      sidecar
      --configPath
      /etc/istio/proxy
      --binaryPath
      /usr/local/bin/envoy
      --serviceCluster
      productpage
      --drainDuration
      45s
      --parentShutdownDuration
      1m0s
      --discoveryAddress
      istio-pilot.istio-system:15007
      --discoveryRefreshDelay
      1s
      --zipkinAddress
      zipkin.istio-system:9411
      --connectTimeout
      10s
      --proxyAdminPort
      15000
      --controlPlaneAuthPolicy
      NONE

 

 

最后,看看/etc/istio/proxy/envoy-rev0.json的内容,在这里,它应该已获取到控制面的数据,并且拦截了POD的所有流量了:

{
  "node": {
    "id": "sidecar~10.1.1.125~productpage-v1-6c5dc454fb-lxnwz.default~default.svc.cluster.local",
    "cluster": "productpage",

    "metadata": {"INTERCEPTION_MODE":"REDIRECT","ISTIO_PROXY_SHA":"istio-proxy:930841ca88b15365737acb7eddeea6733d4f98b9","ISTIO_PROXY_VERSION":"1.0.2","ISTIO_VERSION":"1.0.5","POD_NAME":"productpage-v1-6c5dc454fb-lxnwz","app":"productpage","istio":"sidecar","pod-template-hash":"6c5dc454fb","version":"v1"}
    },
    "stats_config": {
    "use_all_default_tags": false,
    "stats_tags": [{
        "tag_name": "cluster_name",
        "regex": "^cluster\\.((.+?(\\..+?\\.svc\\.cluster\\.local)?)\\.)"
      },
      {
        "tag_name": "tcp_prefix",
        "regex": "^tcp\\.((.*?)\\.)\\w+?$"
      },
      {
        "tag_name": "response_code",
        "regex": "_rq(_(\\d{3}))$"
      },
      {
        "tag_name": "response_code_class",
        "regex": "_rq(_(\\dxx))$"
      },
      {
        "tag_name": "http_conn_manager_listener_prefix",
        "regex": "^listener(?=\\.).*?\\.http\\.(((?:[_.[:digit:]]*|[_\\[\\]aAbBcCdDeEfF[:digit:]]*))\\.)"
      },
      {
        "tag_name": "http_conn_manager_prefix",
        "regex": "^http\\.(((?:[_.[:digit:]]*|[_\\[\\]aAbBcCdDeEfF[:digit:]]*))\\.)"
      },
      {
        "tag_name": "listener_address",
        "regex": "^listener\\.(((?:[_.[:digit:]]*|[_\\[\\]aAbBcCdDeEfF[:digit:]]*))\\.)"
      }
    ]
  },
  "admin": {
    "access_log_path": "/dev/null",
    "address": {
      "socket_address": {
        "address": "127.0.0.1",
        "port_value": 15000
      }
    }
  },
  "dynamic_resources": {
    "lds_config": {
        "ads": {}
    },
    "cds_config": {
        "ads": {}
    },
    "ads_config": {
      "api_type": "GRPC",
      "refresh_delay": "1s",
      "grpc_services": [
        {
          "envoy_grpc": {
            "cluster_name": "xds-grpc"
          }
        }
      ]
    }
  },
  "static_resources": {
    "clusters": [
    {
      "name": "prometheus_stats",
      "type": "STATIC",
      "connect_timeout": "0.250s",
      "lb_policy": "ROUND_ROBIN",
      "hosts": [{
        "socket_address": {
          "protocol": "TCP",
          "address": "127.0.0.1",
          "port_value": 15000,
        }
      }],
    },
    {
    "name": "xds-grpc",
    "type": "STRICT_DNS",
    "connect_timeout": "10s",
    "lb_policy": "ROUND_ROBIN",

    "hosts": [
    {
    "socket_address": {"address": "istio-pilot.istio-system", "port_value": 15010}
    }
    ],
    "circuit_breakers": {
        "thresholds": [
      {
        "priority": "DEFAULT",
        "max_connections": 100000,
        "max_pending_requests": 100000,
        "max_requests": 100000
      },
      {
        "priority": "HIGH",
        "max_connections": 100000,
        "max_pending_requests": 100000,
        "max_requests": 100000
      }]
    },
    "upstream_connection_options": {
      "tcp_keepalive": {
        "keepalive_time": 300
      }
    },
    "http2_protocol_options": { }
    }

    
    ,
      {
        "name": "zipkin",
        "type": "STRICT_DNS",
        "connect_timeout": "1s",
        "lb_policy": "ROUND_ROBIN",
        "hosts": [
          {
            "socket_address": {"address": "zipkin.istio-system", "port_value": 9411}
          }
        ]
      }
      
    ],
    "listeners":[
      {
        "address": {
          "socket_address": {
            "protocol": "TCP",
            "address": "0.0.0.0",
            "port_value": 15090,
          }
        },
        "filter_chains": [{
          "filters": [{
            "name": "envoy.http_connection_manager",
            "config": {
              "codec_type": "AUTO",
              "stat_prefix": "stats",
              "route_config": {
                "virtual_hosts": [{
                  "name": "backend",
                  "domains": [
                    "*"
                  ],
                  "routes": [{
                    "match": {
                      "prefix": "/stats/prometheus"
                    },
                    "route": {
                      "cluster": "prometheus_stats"
                    }
                  }]
                }]
              },
              "http_filters": {
                "name": "envoy.router"
              }
            }
          }]
        }],
      },
    ],
  },
  
  "tracing": {
    "http": {
      "name": "envoy.zipkin",
      "config": {
        "collector_cluster": "zipkin"
      }
    }
  },
  
  
}

 

转载于:https://www.cnblogs.com/aguncn/p/11243119.html

# lua # 网络 # json
Logo
K8S/Kubernetes

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐

【深度】阿里巴巴万级规模 K8s 集群全局高可用体系之美

作者 |  韩堂、柘远、沉醉来源 | 阿里巴巴云原生公众号​前言台湾作家林清玄在接受记者采访的时候,如此评价自己 30 多年写作生涯:“第一个十年我才华横溢,‘贼光闪现’,令周边黯然失色;第二个十年,我终于‘宝光现形’,不再去抢风头,反而与身边的美丽相得益彰;进入第三个十年,繁华落尽见真醇,我进入了‘醇光初现’的阶段,真正体味到了境界之美”。​长夜有穷,真水无香。领略过了 K8s“身在江

avatar K8S/Kubernetes

如何基于 K8s 构建下一代 DevOps 平台?

作者 | 孙健波(天元)导读:当前云原生 DevOps 体系现状如何?面临哪些挑战?如何通过 OAM 解决云原生 DevOps 场景下的诸多问题?云原生开发应用模型 OAM(Open Application Model) 社区核心成员孙健波将为大家一一解答,并分享如何基于 OAM 和 Kubernetes 打造无限能力的下一代 DevOps 平台。什么是 DevOps?为什么基于 Kub

avatar K8S/Kubernetes

k8s 火了!

2020,上云之年,产品云端化成为一种趋势。在一线城市,很多公司都已经构建了自己的私有云环境,比如阿里云、网易云、华为云等。而Kubernetes 作为基于容器编排领域的王者,具备扩展...

avatar K8S/Kubernetes