Istio Notes¶
Service Mesh¶
Service Mesh manages communications between microservices.¶
Istio is a Service Mesh.¶
Challenges of Microservice Achitecture¶
Case¶
- business logic (BL)
- communication configurations (COMM)
- security logic (SEC)
- retry logic (R)
- metrics & tracing logic (MT)
Core features of Service Mesh¶
Service Mesh with Sidecar Pattern¶
-
Sidecar Proxy
- handle networking logic
- act as proxy
- third-party application
- cluster operators can configure it easily
- developers focus on actual business logic
-
Control Panel
- injects Sidecar Proxy in every microservice pod
Traffic Splitting¶
- release new version without worrying about breaking application
- canary deployment
Istio Features¶
- Service Discovery
- Security
- Metrics & Tracing
Istio Achitecture¶
Service Mesh is a Pattern or Paradigm. Istio is an implementation.¶
Control Plane (Istiod)¶
- configure
- discovery
- certificates
Data Plane (Envoy Proxy)¶
How to Configure Istio¶
Virtual Service (CRD)¶
- How you route your traffic TO a given destination.
Destination Rule (CRD)¶
- Configure what happens to traffic FOR that destination.
Configuration Propagation¶
- We don't configure Proxies, we configure Istiod.
- Proxies can communicate with connecting to Istiod.
Istio Ingress Gateway (CRD)¶
Entrypoint to you cluster¶
Gateway directs traffic to MS using Virtual Service.¶
Istio Traffic Flow¶
- request -> Istio Gateway -> Virtual Service -> Envoy Proxy -> actual web server container
- web server container -> Virtual Service & Destination Rule -> other Envoy Proxy
实战¶
修改服务暴露方式为 nodeport¶
-
查看
- kubectl -n istio-system get service istio-ingressgateway
-
修改
- kubectl -n istio-system edit service istio-ingressgateway
type: NodePort
-
验证
- kubectl get po -l istio=ingressgateway -n istio-system -o jsonpath='{.items[0].status.hostIP}'