Istio调试信息/envoy配置

Istio默认的配置信息全量下发,envoy里下发的配置

链接

数据平面 - Envoy proxy 配置详解 - 《Istio 服务网格进阶实战》 - 书栈网 · BookStack

Cluster 的数据结构

Cluster 的数据结构如下,除了 name 字段,其他都是可选的。

如果你留意到作为 Sidecar 启动的 Envoy 的参数的会注意到 --max-obj-name-len 189,该选项用来用来指定 cluster 的名字,例如 inbound|9080||ratings.default.svc.cluster.local。该名字字符串由 | 分隔成四个部分:

  •  inbound 或 outbound 代表入向流量或出向流量
  • 端口号
  • subcluster 名称, subcluster 名称将对应于 Istio DestinationRule 中配置的 subnet,如果是按照多版本按比例路由的话,该值可以是版本号。
  • FQDN

之前的状态:

➜  istioctl proxy-config endpoint global-sidecar-5ffb49c77c-2qbl4
ENDPOINT               STATUS      OUTLIER CHECK     CLUSTER
10.244.0.2:53          HEALTHY     OK                outbound|53||kube-dns.kube-system.svc.cluster.local
10.244.0.2:9153        HEALTHY     OK                outbound|9153||kube-dns.kube-system.svc.cluster.local
10.244.0.3:53          HEALTHY     OK                outbound|53||kube-dns.kube-system.svc.cluster.local
10.244.0.3:9153        HEALTHY     OK                outbound|9153||kube-dns.kube-system.svc.cluster.local
10.244.1.10:9080       HEALTHY     OK                outbound|9080||details.default.svc.cluster.local
10.244.1.11:9080       HEALTHY     OK                outbound|9080||reviews.default.svc.cluster.local
10.244.1.12:9080       HEALTHY     OK                outbound|9080||productpage.default.svc.cluster.local
10.244.1.13:8080       HEALTHY     OK                outbound|8080||istio-pilot.mesh-operator.svc.cluster.local
10.244.1.13:15010      HEALTHY     OK                outbound|15010||istio-pilot.mesh-operator.svc.cluster.local
10.244.1.13:15011      HEALTHY     OK                outbound|15011||istio-pilot.mesh-operator.svc.cluster.local
10.244.1.13:15014      HEALTHY     OK                outbound|15014||istio-pilot.mesh-operator.svc.cluster.local
10.244.1.14:80         HEALTHY     OK                outbound|80||lazyload.mesh-operator.svc.cluster.local
10.244.1.7:5984        HEALTHY     OK                outbound|5984||owdev-couchdb.openwhisk.svc.cluster.local
10.244.1.9:15010       HEALTHY     OK                outbound|15010||istiod.istio-system.svc.cluster.local
10.244.1.9:15012       HEALTHY     OK                outbound|15012||istiod.istio-system.svc.cluster.local
10.244.1.9:15014       HEALTHY     OK                outbound|15014||istiod.istio-system.svc.cluster.local
10.244.1.9:15017       HEALTHY     OK                outbound|443||istiod.istio-system.svc.cluster.local
10.244.2.10:8080       HEALTHY     OK                outbound|80||istio-ingressgateway.istio-system.svc.cluster.local
10.244.2.10:8443       HEALTHY     OK                outbound|443||istio-ingressgateway.istio-system.svc.cluster.local
10.244.2.10:15021      HEALTHY     OK                outbound|15021||istio-ingressgateway.istio-system.svc.cluster.local
10.244.2.10:15443      HEALTHY     OK                outbound|15443||istio-ingressgateway.istio-system.svc.cluster.local
10.244.2.10:31400      HEALTHY     OK                outbound|31400||istio-ingressgateway.istio-system.svc.cluster.local
10.244.2.11:9080       HEALTHY     OK                outbound|9080||ratings.default.svc.cluster.local
10.244.2.12:9080       HEALTHY     OK                outbound|9080||reviews.default.svc.cluster.local
10.244.2.13:9080       HEALTHY     OK                outbound|9080||reviews.default.svc.cluster.local
10.244.2.15:9080       HEALTHY     OK                outbound|9080||global-sidecar.default.svc.cluster.local
10.244.2.2:8080        HEALTHY     OK                outbound|8080||owdev-apigateway.openwhisk.svc.cluster.local
10.244.2.2:9000        HEALTHY     OK                outbound|9000||owdev-apigateway.openwhisk.svc.cluster.local
10.244.2.6:6379        HEALTHY     OK                outbound|6379||owdev-redis.openwhisk.svc.cluster.local
10.244.2.9:8080        HEALTHY     OK                outbound|80||istio-egressgateway.istio-system.svc.cluster.local
10.244.2.9:8443        HEALTHY     OK                outbound|443||istio-egressgateway.istio-system.svc.cluster.local
10.244.2.9:15443       HEALTHY     OK                outbound|15443||istio-egressgateway.istio-system.svc.cluster.local
10.96.31.171:15010     HEALTHY     OK                xds-grpc
127.0.0.1:15000        HEALTHY     OK                prometheus_stats
172.20.0.2:6443        HEALTHY     OK                outbound|443||kubernetes.default.svc.cluster.local
➜  istio-1.8.2 istioctl proxy-config endpoint global-sidecar-5ffb49c77c-2qbl4
ENDPOINT               STATUS      OUTLIER CHECK     CLUSTER
10.244.0.2:53          HEALTHY     OK                outbound|53||kube-dns.kube-system.svc.cluster.local
10.244.0.2:9153        HEALTHY     OK                outbound|9153||kube-dns.kube-system.svc.cluster.local
10.244.0.3:53          HEALTHY     OK                outbound|53||kube-dns.kube-system.svc.cluster.local
10.244.0.3:9153        HEALTHY     OK                outbound|9153||kube-dns.kube-system.svc.cluster.local
10.244.1.10:80         HEALTHY     OK                outbound|80||lazyload.mesh-operator.svc.cluster.local
10.244.1.11:9080       HEALTHY     OK                outbound|9080||productpage.default.svc.cluster.local
10.244.1.12:5984       HEALTHY     OK                outbound|5984||owdev-couchdb.openwhisk.svc.cluster.local
10.244.1.3:9080        HEALTHY     OK                outbound|9080||reviews.default.svc.cluster.local
10.244.1.7:9080        HEALTHY     OK                outbound|9080||details.default.svc.cluster.local
10.244.1.8:15010       HEALTHY     OK                outbound|15010||istiod.istio-system.svc.cluster.local
10.244.1.8:15012       HEALTHY     OK                outbound|15012||istiod.istio-system.svc.cluster.local
10.244.1.8:15014       HEALTHY     OK                outbound|15014||istiod.istio-system.svc.cluster.local
10.244.1.8:15017       HEALTHY     OK                outbound|443||istiod.istio-system.svc.cluster.local
10.244.1.9:8080        HEALTHY     OK                outbound|8080||istio-pilot.mesh-operator.svc.cluster.local
10.244.1.9:15010       HEALTHY     OK                outbound|15010||istio-pilot.mesh-operator.svc.cluster.local
10.244.1.9:15011       HEALTHY     OK                outbound|15011||istio-pilot.mesh-operator.svc.cluster.local
10.244.1.9:15014       HEALTHY     OK                outbound|15014||istio-pilot.mesh-operator.svc.cluster.local
10.244.2.10:8080       HEALTHY     OK                outbound|80||istio-ingressgateway.istio-system.svc.cluster.local
10.244.2.10:8443       HEALTHY     OK                outbound|443||istio-ingressgateway.istio-system.svc.cluster.local
10.244.2.10:15021      HEALTHY     OK                outbound|15021||istio-ingressgateway.istio-system.svc.cluster.local
10.244.2.10:15443      HEALTHY     OK                outbound|15443||istio-ingressgateway.istio-system.svc.cluster.local
10.244.2.10:31400      HEALTHY     OK                outbound|31400||istio-ingressgateway.istio-system.svc.cluster.local
10.244.2.11:8080       HEALTHY     OK                outbound|8080||owdev-apigateway.openwhisk.svc.cluster.local
10.244.2.11:9000       HEALTHY     OK                outbound|9000||owdev-apigateway.openwhisk.svc.cluster.local
10.244.2.12:9080       HEALTHY     OK                outbound|9080||ratings.default.svc.cluster.local
10.244.2.13:9080       HEALTHY     OK                outbound|9080||reviews.default.svc.cluster.local
10.244.2.14:9080       HEALTHY     OK                outbound|9080||reviews.default.svc.cluster.local
10.244.2.17:80         HEALTHY     OK                outbound|8000||httpbin.default.svc.cluster.local
10.244.2.5:9080        HEALTHY     OK                outbound|9080||global-sidecar.default.svc.cluster.local
10.244.2.6:8080        HEALTHY     OK                outbound|80||istio-egressgateway.istio-system.svc.cluster.local
10.244.2.6:8443        HEALTHY     OK                outbound|443||istio-egressgateway.istio-system.svc.cluster.local
10.244.2.6:15443       HEALTHY     OK                outbound|15443||istio-egressgateway.istio-system.svc.cluster.local
10.244.2.9:6379        HEALTHY     OK                outbound|6379||owdev-redis.openwhisk.svc.cluster.local
10.96.31.171:15010     HEALTHY     OK                xds-grpc
127.0.0.1:15000        HEALTHY     OK                prometheus_stats
172.20.0.2:6443        HEALTHY     OK                outbound|443||kubernetes.default.svc.cluster.local
➜  istio-1.8.2

 流量管理基础概念

流量管理 - 流量管理基础概念 - 《Istio 服务网格进阶实战》 - 书栈网 · BookStack

下面的例子中配置了一个名为 reviews 的 VirtualService,该配置的作用是将所有发送给 reviews 服务的流量发送到 v1 版本的子集。 

  1. apiVersion: networking.istio.io/v1alpha3
  2. kind: VirtualService
  3. metadata:
  4.   name: reviews   //名为 reviews 的 VirtualService
  5. spec:
  6.   hosts:   //流量的目标主机
  7.   - reviews  //
  8.   http:
  9.   - route:
  10.     - destination:
  11.        host: reviews
  12.        subset: v1
  • 该配置中流量的目标主机是 reviews,如果该服务和规则部署在 Kubernetes 的 default namespace 下的话,对应于 Kubernetes 中的服务的 DNS 名称就是 reviews.default.svc.cluster.local
  •  
  • 我们看到上面的 VirtualService 的 HTTP 路由中还定义了一个 destinationdestination 用于定义在网络中可寻址的服务,请求或连接在经过路由规则的处理之后,就会被发送给 destinationdestination.host 应该明确指向服务注册表中的一个服务。Istio 的服务注册表除包含平台服务注册表中的所有服务(例如 Kubernetes 服务、Consul 服务)之外,还包含了 ServiceEntry 资源所定义的服务。VirtualService 中只定义流量发送给哪个服务的路由规则,但是并不知道要发送的服务的地址是什么,这就需要 DestinationRule 来定义了。
版权声明:本文为violin_biubiubiu原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。