istio尝试
-
istio version: 0.8.0
-
mtls.enabled: false
-
rbacEnabled: true
-
galley.enabled: false
-
grafana.enabled: true
-
prometheus.enabled: true
-
servicegraph.enabled: true
-
tracing.enabled: true
-
tracing.jaeger.enabled: true
helm template ./ --name istio --namespace istio-system > $HOME/istio.yaml
or
helm install --dry-run --debug ./ --name istio --namespace istio-system
kubectl create namespace istio-system
kubectl create -f $HOME/istio.yaml
or
helm install --debug ./ --name istio --namespace istio-system
使运维人员可以配置service层的属性
通常由运维设置,负责:A/B测试,平滑升级,版本控制,超时/重试等
通常由 开发人员设置,熔断,负载均衡,TLS 等。发生在 virtualService 路由之后
By default, Istio-enabled services are unable to access URLs outside of the cluster because iptables is used in the pod to transparently redirect all outbound traffic to the sidecar proxy, which only handles intra-cluster destinations.