listener,VSIP:port定义,关联相关route "routeConfigName": "9411"。 并施加相关协议等filter(类似F5 vs profile等):
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 |
$ istioctl proxy-config listener ratings-v1-756b788d54-r59h5.istio-bookinfo --port 9411 -o json [ { "name": "0.0.0.0_9411", "address": { "socketAddress": { "address": "0.0.0.0", "portValue": 9411 } }, "filterChains": [ { "filterChainMatch": { "applicationProtocols": [ "http/1.0", "http/1.1", "h2c" ] }, "filters": [ { "name": "envoy.http_connection_manager", "typedConfig": { "@type": "type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager", "statPrefix": "outbound_0.0.0.0_9411", "rds": { "configSource": { "ads": {} }, "routeConfigName": "9411" }, "httpFilters": [ { "name": "istio.metadata_exchange", "typedConfig": { "@type": "type.googleapis.com/udpa.type.v1.TypedStruct", "typeUrl": "type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm", "value": { "config": { "configuration": "{}\n", "vm_config": { "code": { "local": { "inline_string": "envoy.wasm.metadata_exchange" } }, "runtime": "envoy.wasm.runtime.null" } } } } }, { "name": "istio.alpn", "typedConfig": { "@type": "type.googleapis.com/istio.envoy.config.filter.http.alpn.v2alpha1.FilterConfig", "alpnOverride": [ { "alpnOverride": [ "istio-http/1.0", "istio" ] }, { "upstreamProtocol": "HTTP11", "alpnOverride": [ "istio-http/1.1", "istio" ] }, { "upstreamProtocol": "HTTP2", "alpnOverride": [ "istio-h2", "istio" ] } ] } }, { "name": "envoy.cors", "typedConfig": { "@type": "type.googleapis.com/envoy.config.filter.http.cors.v2.Cors" } }, { "name": "envoy.fault", "typedConfig": { "@type": "type.googleapis.com/envoy.config.filter.http.fault.v2.HTTPFault" } }, { "name": "istio.stats", "typedConfig": { "@type": "type.googleapis.com/udpa.type.v1.TypedStruct", "typeUrl": "type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm", "value": { "config": { "configuration": "{\n \"debug\": \"false\",\n \"stat_prefix\": \"istio\"\n}\n", "root_id": "stats_outbound", "vm_config": { "code": { "local": { "inline_string": "envoy.wasm.stats" } }, "runtime": "envoy.wasm.runtime.null", "vm_id": "stats_outbound" } } } } }, { "name": "envoy.router", "typedConfig": { "@type": "type.googleapis.com/envoy.config.filter.http.router.v2.Router" } } ], "tracing": { "clientSampling": { "value": 100 }, "randomSampling": { "value": 100 }, "overallSampling": { "value": 100 } }, "streamIdleTimeout": "0s", "accessLog": [ { "name": "envoy.file_access_log", "typedConfig": { "@type": "type.googleapis.com/envoy.config.accesslog.v2.FileAccessLog", "path": "/dev/stdout", "format": "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% \"%DYNAMIC_METADATA(istio.mixer:status)%\" \"%UPSTREAM_TRANSPORT_FAILURE_REASON%\" %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\" %UPSTREAM_CLUSTER% %UPSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_REMOTE_ADDRESS% %REQUESTED_SERVER_NAME% %ROUTE_NAME%\n" } } ], "useRemoteAddress": false, "generateRequestId": true, "upgradeConfigs": [ { "upgradeType": "websocket" } ], "normalizePath": true } } ] }, { "filterChainMatch": {}, "filters": [ { "name": "istio.stats", "typedConfig": { "@type": "type.googleapis.com/udpa.type.v1.TypedStruct", "typeUrl": "type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm", "value": { "config": { "configuration": "{\n \"debug\": \"false\",\n \"stat_prefix\": \"istio\"\n}\n", "root_id": "stats_outbound", "vm_config": { "code": { "local": { "inline_string": "envoy.wasm.stats" } }, "runtime": "envoy.wasm.runtime.null", "vm_id": "tcp_stats_outbound" } } } } }, { "name": "envoy.tcp_proxy", "typedConfig": { "@type": "type.googleapis.com/envoy.config.filter.network.tcp_proxy.v2.TcpProxy", "statPrefix": "PassthroughCluster", "cluster": "PassthroughCluster", "accessLog": [ { "name": "envoy.file_access_log", "typedConfig": { "@type": "type.googleapis.com/envoy.config.accesslog.v2.FileAccessLog", "path": "/dev/stdout", "format": "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% \"%DYNAMIC_METADATA(istio.mixer:status)%\" \"%UPSTREAM_TRANSPORT_FAILURE_REASON%\" %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\" %UPSTREAM_CLUSTER% %UPSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_REMOTE_ADDRESS% %REQUESTED_SERVER_NAME% %ROUTE_NAME%\n" } } ] } } ], "metadata": { "filterMetadata": { "pilot_meta": { "fallthrough": true } } }, "name": "PassthroughFilterChain" } ], "deprecatedV1": { "bindToPort": false }, "listenerFilters": [ { "name": "envoy.listener.tls_inspector", "typedConfig": { "@type": "type.googleapis.com/envoy.config.filter.listener.tls_inspector.v2.TlsInspector" } }, { "name": "envoy.listener.http_inspector", "typedConfig": { "@type": "type.googleapis.com/envoy.config.filter.listener.http_inspector.v2.HttpInspector" } } ], "listenerFiltersTimeout": "0.100s", "continueOnListenerFiltersTimeout": true, "trafficDirection": "OUTBOUND" } ] |
Routes通过端口归类不同的route:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
$ ic proxy-config routes ratings-v1-756b788d54-r59h5.istio-bookinfo NOTE: This output only contains routes loaded via RDS. NAME VIRTUAL HOSTS istiod.istio-system.svc.cluster.local:853 1 f5demoapp.default.svc.cluster.local:8181 1 9080 12 12345 2 grafana.monitoring.svc.cluster.local:80 1 jaeger-query.istio-system.svc.cluster.local:16686 1 prom-svc.monitoring.svc.cluster.local:9090 1 jaeger-collector.istio-system.svc.cluster.local:14268 1 nginxdemo-svc-as3-1.as3-1.svc.cluster.local:80 1 nginxdemo-svc-as3-2.as3-2.svc.cluster.local:80 1 3000 2 jaeger-collector.istio-system.svc.cluster.local:14267 1 20001 2 9411 2 9090 3 15010 2 kube-dns.kube-system.svc.cluster.local:9153 1 elasticsearch-logging.kube-system.svc.cluster.local:9200 1 15014 2 istio-ingressgateway.istio-system.svc.cluster.local:15020 1 14250 3 kibana-logging.kube-system.svc.cluster.local:5601 1 80 11 f5demoapp-svc.default.svc.cluster.local:80 1 jaeger-collector.istio-system.svc.cluster.local:14250 1 inbound|9080|http|ratings.istio-bookinfo.svc.cluster.local 1 inbound|9080|http|ratings.istio-bookinfo.svc.cluster.local 1 1 InboundPassthroughClusterIpv4 1 InboundPassthroughClusterIpv4 1 1 |
Zipkin Routes,domain匹配策略,充实策略,path匹配策略,L7路由策略。 所有path路由到 "cluster": "outbound|9411||zipkin.istio-system.svc.cluster.local" :
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
$ istioctl proxy-config route ratings-v1-756b788d54-r59h5.istio-bookinfo --name 9411 -o json [ { "name": "9411", "virtualHosts": [ { "name": "allow_any", "domains": [ "*" ], "routes": [ { "name": "allow_any", "match": { "prefix": "/" }, "route": { "cluster": "PassthroughCluster", "timeout": "0s", "maxGrpcTimeout": "0s" } } ], "includeRequestAttemptCount": true }, { "name": "zipkin.istio-system.svc.cluster.local:9411", "domains": [ "zipkin.istio-system.svc.cluster.local", "zipkin.istio-system.svc.cluster.local:9411", "zipkin.istio-system", "zipkin.istio-system:9411", "zipkin.istio-system.svc.cluster", "zipkin.istio-system.svc.cluster:9411", "zipkin.istio-system.svc", "zipkin.istio-system.svc:9411", "10.98.181.246", "10.98.181.246:9411" ], "routes": [ { "name": "default", "match": { "prefix": "/" }, "route": { "cluster": "outbound|9411||zipkin.istio-system.svc.cluster.local", "timeout": "0s", "retryPolicy": { "retryOn": "connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes", "numRetries": 2, "retryHostPredicate": [ { "name": "envoy.retry_host_predicates.previous_hosts" } ], "hostSelectionRetryMaxAttempts": "5", "retriableStatusCodes": [ 503 ] }, "maxGrpcTimeout": "0s" }, "decorator": { "operation": "zipkin.istio-system.svc.cluster.local:9411/*" } } ], "includeRequestAttemptCount": true } ], "validateClusters": false } ] |
指向的cluster,并采用eds发现cluster包含的endpoints:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 |
$ istioctl proxy-config cluster ratings-v1-756b788d54-r59h5.istio-bookinfo -o json --fqdn zipkin.istio-system.svc.cluster.local [ { "transportSocketMatches": [ { "name": "tlsMode-istio", "match": { "tlsMode": "istio" }, "transportSocket": { "name": "envoy.transport_sockets.tls", "typedConfig": { "@type": "type.googleapis.com/envoy.api.v2.auth.UpstreamTlsContext", "commonTlsContext": { "tlsCertificateSdsSecretConfigs": [ { "name": "default", "sdsConfig": { "apiConfigSource": { "apiType": "GRPC", "grpcServices": [ { "envoyGrpc": { "clusterName": "sds-grpc" } } ] } } } ], "combinedValidationContext": { "defaultValidationContext": { "matchSubjectAltNames": [ { "exact": "spiffe://cluster.local/ns/istio-system/sa/default" } ] }, "validationContextSdsSecretConfig": { "name": "ROOTCA", "sdsConfig": { "apiConfigSource": { "apiType": "GRPC", "grpcServices": [ { "envoyGrpc": { "clusterName": "sds-grpc" } } ] } } } }, "alpnProtocols": [ "istio-peer-exchange", "istio" ] }, "sni": "outbound_.9411_._.zipkin.istio-system.svc.cluster.local" } } }, { "name": "tlsMode-disabled", "match": {}, "transportSocket": { "name": "envoy.transport_sockets.raw_buffer" } } ], "name": "outbound|9411||zipkin.istio-system.svc.cluster.local", "type": "EDS", "edsClusterConfig": { "edsConfig": { "ads": {} }, "serviceName": "outbound|9411||zipkin.istio-system.svc.cluster.local" }, "connectTimeout": "10s", "circuitBreakers": { "thresholds": [ { "maxConnections": 4294967295, "maxPendingRequests": 4294967295, "maxRequests": 4294967295, "maxRetries": 4294967295 } ] }, "filters": [ { "name": "istio.metadata_exchange", "typedConfig": { "@type": "type.googleapis.com/udpa.type.v1.TypedStruct", "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange", "value": { "protocol": "istio-peer-exchange" } } } ] } ] |
Cluster对应的endpoints:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
$ istioctl proxy-config endpoints ratings-v1-756b788d54-r59h5.istio-bookinfo --cluster 'outbound|9411||zipkin.istio-system.svc.cluster.local' -o json [ { "name": "outbound|9411||zipkin.istio-system.svc.cluster.local", "addedViaApi": true, "hostStatuses": [ { "address": { "socketAddress": { "address": "10.244.1.194", "portValue": 9411 } }, "stats": [ { "name": "cx_connect_fail" }, { "name": "cx_total" }, { "name": "rq_error" }, { "name": "rq_success" }, { "name": "rq_timeout" }, { "name": "rq_total" }, { "type": "GAUGE", "name": "cx_active" }, { "type": "GAUGE", "name": "rq_active" } ], "healthStatus": { "edsHealthStatus": "HEALTHY" }, "weight": 1, "locality": {} } ] } ] |
文章评论