Difference between revisions of "Kubernetes/Istio"
Jump to navigation
Jump to search
(Created page with "= Architecture = <source> . | app1 | | app2 | | proxy | <----------> | proxy | # Envoy proxy sidecars | | pod | | pod | | pod | | | |...") |
|||
| Line 11: | Line 11: | ||
</source> | </source> | ||
{| class="wikitable" | |||
Envoy: | |+ TableHeadline | ||
|- | |||
! Envoy L7 proxy | |||
! Pilot | |||
! Citadel | |||
! Mixer | |||
! Galley | |||
|- style="vertical-align:top;" | |||
| | |||
* Dynamic service discovery | * Dynamic service discovery | ||
* Load balancing | * Load balancing | ||
| Line 19: | Line 27: | ||
* Staged rollouts | * Staged rollouts | ||
* Fault injection | * Fault injection | ||
| | |||
* Service discovery | |||
* Intelligent routing | |||
* Resiliency | |||
Aware about pods health, what pods are available and sends to the proxy pods that are alive with any other configuration updates. | |||
| | |||
* User authentication | |||
* Credential management | |||
* Certificate management | |||
* Traffic encryption | |||
Pods | |||
* istio-citadel-* | |||
It's certificate store. | |||
| | |||
* handles Access control | |||
* Usage policies | |||
* Telemetry data (data scraping) | |||
It has a lot of modules/plugins. | |||
Pods: | |||
istio-policy-* | |||
istio-telemetry-* | |||
| | |||
Interface for underlying Istio API gateway(aka server) | |||
|} | |||
= Istio on minikube = | |||
<source lang=bash> | |||
# Minimum requirements are 8G and 4 CPUs | |||
PROFILE=minikube-v1.17.6-istio | |||
minikube start --memory=8192 --cpus=4 --kubernetes-version=v1.17.6 --profile $PROFILE | |||
minikube start --memory=8192 --cpus=4 --kubernetes-version=v1.17.6 --driver kvm --profile $PROFILE-kvm2 | |||
minikube tunnel --profile $PROFILE | |||
minikube addons enable istio --profile $PROFILE # [1] error | |||
</source> | |||
Troubleshooting | |||
; [1] - no matches for kind "IstioOperator" | |||
<source lang=log> | |||
💣 enable failed: run callbacks: running callbacks: [sudo KUBECONFIG=/var/lib/minikube/kubeconfig /var/lib/minikube/binaries/v1.17.6/kubectl apply -f /etc/kubernetes/addons/istio-default-profile.yaml: Process exited with status 1 | |||
stdout: | |||
namespace/istio-system unchanged | |||
stderr: | |||
error: unable to recognize "/etc/kubernetes/addons/istio-default-profile.yaml": no matches for kind "IstioOperator" in version "install.istio.io/v1alpha1" | |||
</source> | |||
Revision as of 10:44, 16 August 2020
Architecture
. | app1 | | app2 | | proxy | <----------> | proxy | # Envoy proxy sidecars | | pod | | pod | | pod | | | |citadel| |mixer| |pilot| | | C o n t r o l P l a n e A P I | ----------------------------------------
| Envoy L7 proxy | Pilot | Citadel | Mixer | Galley |
|---|---|---|---|---|
|
Aware about pods health, what pods are available and sends to the proxy pods that are alive with any other configuration updates. |
Pods
It's certificate store. |
It has a lot of modules/plugins. Pods: istio-policy-* istio-telemetry-* |
Interface for underlying Istio API gateway(aka server) |
Istio on minikube
# Minimum requirements are 8G and 4 CPUs PROFILE=minikube-v1.17.6-istio minikube start --memory=8192 --cpus=4 --kubernetes-version=v1.17.6 --profile $PROFILE minikube start --memory=8192 --cpus=4 --kubernetes-version=v1.17.6 --driver kvm --profile $PROFILE-kvm2 minikube tunnel --profile $PROFILE minikube addons enable istio --profile $PROFILE # [1] error
Troubleshooting
- [1] - no matches for kind "IstioOperator"
💣 enable failed: run callbacks: running callbacks: [sudo KUBECONFIG=/var/lib/minikube/kubeconfig /var/lib/minikube/binaries/v1.17.6/kubectl apply -f /etc/kubernetes/addons/istio-default-profile.yaml: Process exited with status 1 stdout: namespace/istio-system unchanged stderr: error: unable to recognize "/etc/kubernetes/addons/istio-default-profile.yaml": no matches for kind "IstioOperator" in version "install.istio.io/v1alpha1"