云原生之Istio初识
Envoy 是CNCF毕业的第三个项目
- Listeners (LDS)
- Routes (RDS)
- Clusters (CDS)
- Endpoints (EDS)
以上俗称"XDS"
在Envoy中它们四个怎么工作的请看Envoy的配置
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address: protocol: TCP address: 127.0.0.1 port_value: 9901
static_resources:
listeners:
- name: listener_0
address:
socket_address: protocol: TCP address: 0.0.0.0 port_value: 10000
filter_chains:
- filters:
- name: envoy.http_connection_manager
typed_config:
"@type":type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match:
prefix: "/"
route:
host_rewrite: www.google.com
cluster: service_google
http_filters:
- name: envoy.router
clusters:
- name: service_google
connect_timeout: 0.25s
type: LOGICAL_DNS
# Comment out the following line to test on v6 networks
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: service_google
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: www.google.com
port_value: 443
tls_context:
sni: www.google.com
Istio基本概念:
- Geteway 用于处理mesh的输入和输出,类似ingress.
- Virtual Services Istio根据virtual services中定义的rule将外部请求分发到内部mesh的service subsets. 比如同样的请求可以被分发到不同版本的subset.
-
Destination rules Destination rules 和 Virtual Services 一起使用. Virtual Services 定义了路由的规则,Destination rules则描述了具体如何执行这些规则.
- ServiceEntry 用于定义mesh的外部资源,使mesh内部可以访问外部的service
原理图如下:
基于k8s运行Istio集群