由於 Open-Match 在 service 與 service 之間,是建議使用 gRPC 進行連線的,但在 kubernetes pods 上使用 gRPC 時,並沒有辦法自動地進行負載平衡,建立好的連線無法在各個 pods 之前切換,這時我們可以利用 Istio service mesh,來幫助我們達成目標,特別是當我們的 MMF, Director & Frontend,需要能有負載平衡的與核心溝通時。今天讓我們簡單的看一下 Istio 的概觀,與最最基本的使用方法,想有更多瞭解可以參考這篇 淺談 Istio。
Istio is an open source service mesh that layers transparently onto existing distributed applications.
Istio 是因應微服務後,產生的網路層溝通問題,而發展出的 service mesh 架構,會在服務與服務之間進行 proxy,並且有助於服務發現與降低服務依賴。以下為 Istio 所提供的主要特性:
官方有提供快速安裝工具 istioctl,以工具安裝的話,可以省去針對 istio 設定的問題,裏面有一些預設好的參數,方便初學者與輕度使用者使用。
~ curl -L https://istio.io/downloadIstio | sh - /
cd istio-1.11.3 /
export PATH=$PWD/bin:$PATH
確認工具有加到 PATH
~ istioctl -h
Istio configuration command line utility for service operators to
debug and diagnose their Istio mesh.
Usage:
istioctl [command]
Available Commands:
admin Manage control plane (istiod) configuration
analyze Analyze Istio configuration and print validation messages
authz (authz is experimental. Use `istioctl experimental authz`)
bug-report Cluster information and log capture support tool.
completion generate the autocompletion script for the specified shell
dashboard Access to Istio web UIs
experimental Experimental commands that may be modified or deprecated
help Help about any command
install Applies an Istio manifest, installing or reconfiguring Istio on a cluster.
kube-inject Inject Istio sidecar into Kubernetes pod resources
manifest Commands related to Istio manifests
operator Commands related to Istio operator controller.
profile Commands related to Istio configuration profiles
proxy-config Retrieve information about proxy configuration from Envoy [kube only]
proxy-status Retrieves the synchronization status of each Envoy in the mesh [kube only]
tag Command group used to interact with revision tags
upgrade Upgrade Istio control plane in-place
validate Validate Istio policy and rules files
verify-install Verifies Istio Installation Status
version Prints out build version information
~ istioctl install --set profile=demo
This will install the Istio 1.11.3 demo profile with ["Istio core" "Istiod" "Ingress gateways" "Egress gateways"] components into the cluster. Proceed? (y/N) y
✔ Istio core installed
✔ Istiod installed
✔ Ingress gateways installed
✔ Egress gateways installed
✔ Installation complete
針對 namespace 啟用 istio-injection
~ kubectl label namespace default istio-injection=enabled
namespace/default labeled
部署個 redis
~ helm repo add bitnami https://charts.bitnami.com/bitnami /
helm install helm-redis bitnami/redis
NAME: helm-redis
LAST DEPLOYED: Sat Sep 25 23:20:41 2021
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
check injection
~ kubectl get pods
NAME READY STATUS RESTARTS AGE
helm-redis-master-0 2/2 Running 0 3m6s
helm-redis-replicas-0 2/2 Running 0 3m6s
helm-redis-replicas-1 2/2 Running 0 2m30s
helm-redis-replicas-2 2/2 Running 0 2m5s
istio-proxy
~ kubectl get pods helm-redis-master-0 -o jsonpath='{.spec.containers[*].name}'
redis istio-proxy
可以看到在我們完成部署後,原先 Pods 內的 containers 從 1/1 變成 2/2,這個多出來的 container 便是 Istio proxy container,負責跟 Istio Control Plane 進行溝通,完成服務發現、health check、 load balance 等工作。