Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
219 lines (187 sloc) 4.95 KB

CHECK demo.readme for step by step instructions to run this demo !


Istio

Istio lets you connect, secure, control, and observe services


How we ended up here ?



breaking from monolith to distributed lead to:




All that lead to this point of time where we have CNCF

Way to the cloud


Now imagine if we can give each container a helper that handles some of the needs above (load balancing, timeouts, traffic encryption, and much more) without changing our container code or even knowing what's inside it

that's called side car pattern in distributed systems, and with k8s it became generic enough to implement a framework based on it


Architecture


What is istio

  • data plane: proxies mediate and control all network communication between microservices

  • control plane:

    • manages and configures the proxies to route traffic (pilot & citadel)
    • configures Mixers to enforce policies and collect telemetry

Istio resources intro

Networking & Traffic management:


example:

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: bookinfo-ratings
spec:
  host: ratings.prod.svc.cluster.local
  # default load balancing policy
  trafficPolicy:
    loadBalancer:
      simple: LEAST_CONN
  # uses a round robin load balancing policy for all traffic going to a
  # subset named testversion that is composed of endpoints (e.g., pods) with
  # labels (version:v3).
  subsets:
  - name: testversion
    labels:
      version: v3
    trafficPolicy:
      loadBalancer:
        simple: ROUND_ROBIN

Virtual service:


apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: reviews-route
spec:
  hosts:
  - reviews.prod.svc.cluster.local
  http:
  # conditional route
  - match:
    - uri:
        prefix: "/wpcatalog"
    # or
    - uri:
        prefix: "/consumercatalog"
    rewrite:
      uri: "/newcatalog"
    route:
    - destination:
        host: reviews.prod.svc.cluster.local
        subset: v2
  # default route:
  - route:
    - destination:
        host: reviews.prod.svc.cluster.local
        subset: v1

the corresponding DestinationRules:

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: reviews-destination
spec:
  host: reviews.prod.svc.cluster.local
  subsets:
  - name: v1
    labels:
      version: v1
  - name: v2
    labels:
      version: v2

Gateway:


apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: my-gateway
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
      - my.host.com

connect the gateway with a virtual services:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: frontend-service
spec:
  hosts:
  - my.host.com
  gateways:
  - my-gateway
  http:
  - route:
    - destination:
        host: frontend
        port:
          number: 80

ServiceEntry (egress):


apiVersion: networking.istio.io/v1alpha3
  kind: ServiceEntry
  metadata:
    name: jsontime
  spec:
    hosts:
    - worldclockapi.com
    ports:
    - number: 80
      name: http
      protocol: HTTP
    - number: 443
      name: https
      protocol: HTTPS

others:


You can’t perform that action at this time.