Difference between revisions of "Kubernetes/Istio"
Jump to navigation
Jump to search
| Line 113: | Line 113: | ||
# Verify | # Verify | ||
env | grep INGRESS | env | grep INGRESS | ||
</source> | |||
= Add custom headers = | |||
<source lang=yaml> | |||
apiVersion: networking.istio.io/v1alpha3 | |||
kind: VirtualService | |||
metadata: | |||
name: httpbin | |||
spec: | |||
hosts: | |||
- "*" | |||
gateways: | |||
- httpbin-gateway | |||
http: | |||
- match: | |||
- uri: | |||
prefix: /headers | |||
route: | |||
- destination: | |||
port: | |||
number: 8000 | |||
host: httpbin | |||
headers: | |||
response: # add to response | |||
add: | |||
"key1": "abc" | |||
request: # add to request | |||
add: | |||
"key2": "def" | |||
</source> | </source> | ||
Revision as of 09:41, 21 August 2020
Architecture
. | app1 | | app2 | | proxy | <----------> | proxy | # Envoy proxy sidecars | | pod | | pod | | pod | | | |citadel| |mixer| |pilot| | | C o n t r o l P l a n e A P I | ----------------------------------------
| Envoy L7 proxy | Pilot | Citadel | Mixer | Galley |
|---|---|---|---|---|
|
Aware about pods health, what pods are available and sends to the proxy pods that are alive with any other configuration updates. |
Pods
It's certificate store. |
It has a lot of modules/plugins. Pods: istio-policy-* istio-telemetry-* |
Interface for underlying Istio API gateway(aka server) |
Istio on minikube
# Minimum requirements are 8G and 4 CPUs PROFILE=minikube-v1.17.6-istio minikube start --memory=8192 --cpus=4 --kubernetes-version=v1.17.6 --profile $PROFILE minikube start --memory=8192 --cpus=4 --kubernetes-version=v1.17.6 --driver kvm --profile $PROFILE-kvm2 minikube tunnel --profile $PROFILE minikube addons enable istio --profile $PROFILE # [1] error
Troubleshooting
- [1] - no matches for kind "IstioOperator"
💣 enable failed: run callbacks: running callbacks: [sudo KUBECONFIG=/var/lib/minikube/kubeconfig /var/lib/minikube/binaries/v1.17.6/kubectl apply -f /etc/kubernetes/addons/istio-default-profile.yaml: Process exited with status 1 stdout: namespace/istio-system unchanged stderr: error: unable to recognize "/etc/kubernetes/addons/istio-default-profile.yaml": no matches for kind "IstioOperator" in version "install.istio.io/v1alpha1"
Download istioctl
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.6.4 sh - cd istio-1.6.4/ # istio package directory export PATH=$PWD/bin:$PATH export PATH=$PATH:/git3rd/istio-1.6.4/bin # make sure you can connect to k8s cluster, then verify the install istioctl verify-install ... CustomResourceDefinition: templates.config.istio.io.default checked successfully CustomResourceDefinition: istiooperators.install.istio.io.default checked successfully Checked 25 custom resource definitions Checked 1 Istio Deployments Istio is installed successfully $ istioctl version --remote client version: 1.6.4 control plane version: 1.6.4 data plane version: 1.6.4 (21 proxies)
Ingress Gateways
# manually inject the sidecar
kubectl -n bin apply -f <(istioctl kube-inject -f httpbin.yaml)
export INGRESS_HOST=$( kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
# AWS, uses 'hostname'
export INGRESS_HOST=$( kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
export INGRESS_PORT=$( kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}')
# This is not necessary set/configured
export TCP_INGRESS_PORT=$( kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="tcp")].port}')
# Verify
env | grep INGRESS
Add custom headers
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: httpbin
spec:
hosts:
- "*"
gateways:
- httpbin-gateway
http:
- match:
- uri:
prefix: /headers
route:
- destination:
port:
number: 8000
host: httpbin
headers:
response: # add to response
add:
"key1": "abc"
request: # add to request
add:
"key2": "def"