Java知识分享网 - 轻松学习从此开始!    

Java知识分享网

Java1234官方群25:java1234官方群17
Java1234官方群25:838462530
        
SpringBoot+SpringSecurity+Vue+ElementPlus权限系统实战课程 震撼发布        

最新Java全栈就业实战课程(免费)

springcloud分布式电商秒杀实战课程

IDEA永久激活

66套java实战课程无套路领取

锋哥开始收Java学员啦!

锋哥开始收Java学员啦!
当前位置: 主页 > Java文档 > 大数据云计算 >

Istio核心架构原理及实战笔记 PDF 下载


分享到:
时间:2020-04-10 18:09来源:http://www.java1234.com 作者:小锋  侵权举报
Istio核心架构原理及实战笔记 PDF 下载
失效链接处理
Istio核心架构原理及实战笔记 PDF 下载

本站整理下载:
 
相关截图:
 
主要内容:
01 不妨聊聊各个组件
Components官网 :https://istio.io/docs/ops/deployment/architecture/#components
1.1 Proxy[Envoy]
Proxy在Istio架构中必须要有
Envoy是由Lyft开发并开源,使用C++编写的高性能代理,负责在服务网格中服务的进出流量。
官网 :https://www.envoyproxy.io/
github :https://github.com/envoyproxy/envoy
1.1.1 Features
Dynamic service discovery
Load balancing
TLS termination
HTTP/2 and gRPC proxies
Circuit breakers
Health checks
Staged rollouts with %-based traffic split
Fault injection
Rich metrics
1.1.2 为什么选择Envoy?
对于Sidecar/Proxy其实不仅仅可以选择Envoy,还可以用Linkerd、Nginx和NginMesh等。
像Nginx作为分布式架构中比较广泛使用的网关,Istio默认却没有选择,是因为Nginx没有Envoy优秀的
配置扩展,Envoy可以实时配置。
1.2 Mixer
Mixer在Istio架构中不是必须的
Istio uses an extended version of the Envoy proxy. Envoy is a high- performance proxy developed in C++ to mediate all inbound and outbound traffic for all services in the service mesh. Envoy proxies are the only Istio components that interact with data plane traffic. ENVOY IS AN OPEN SOURCE EDGE AND SERVICE PROXY, DESIGNED FOR CLOUD-NATIVE APPLICATIONS Envoy is hosted by the Cloud Native Computing Foundation (CNCF). If you are a company that wants to help shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented, consider joining the CNCF. For details about who's involved and how Envoy plays a role, read the CNCF announcement. 咕泡学院 只为更好的你
官网 :https://istio.io/docs/ops/deployment/architecture/#mixer
为集群执行访问控制,哪些用户可以访问哪些服务,包括白名单检查、ACL检查等
策略管理,比如某个服务最多只能接收多少流量请求
遥测报告上报,比如从Envoy中收集数据[请求数据、使用时间、使用的协议等],通过Adpater上
报给Promethues、Heapster等
1.3 Pilot
Pilot在Istio架构中必须要有
官网 :https://istio.io/docs/ops/deployment/architecture/#pilot
Pilot为Envoy sidecar提供了服务发现功能,为智能路由提供了流量管理能力(比如A/B测试、金丝
雀发布等)。
Pilot本身不做服务注册,它会提供一个接口,对接已有的服务注册系统,比如Eureka,Etcd等。
Pilot对配置的格式做了抽象,整理成能够符合Envoy数据层的API。
1.4 Galley
Galley在Istio架构中不是必须的
官网 :https://istio.io/docs/ops/deployment/architecture/#galley Mixer is a platform-independent component. Mixer enforces access control and usage policies across the service mesh, and collects telemetry data from the Envoy proxy and other services. The proxy extracts request level attributes, and sends them to Mixer for evaluation. You can find more information on this attribute extraction and policy evaluation in our Mixer Configuration documentation. Mixer includes a flexible plugin model. This model enables Istio to interface with a variety of host environments and infrastructure backends. Thus, Istio abstracts the Envoy proxy and Istio-managed services from these details. Pilot provides service discovery for the Envoy sidecars, traffic management capabilities for intelligent routing (e.g., A/B tests, canary rollouts, etc.), and resiliency (timeouts, retries, circuit breakers, etc.). (1)Polit定了一个抽象模型,从特定平台细节中解耦,用于对接外部的不同平台 (2)Envoy API负责和Envoy的通讯,主要是发送服务发现信息和流量控制规则给Envoy (3)Platform Adapter是Pilot抽象模型的实现版本,用于对接外部的不同平台 ... Galley is Istio’s configuration validation, ingestion, processing and distribution component. It is responsible for insulating the rest of the Istio components from the details of obtaining user configuration from the underlying platform (e.g. Kubernetes). 主要负责istio配置的校验、各种配置之间统筹,为istio提供配置管理服务。 通过kubernetes的webhook机制对pilot和mixer的配置进行验证。 咕泡学院 只为更好的你
1.5 Citadel
Citadel在Istio架构中不是必须的
官网 :https://istio.io/docs/ops/deployment/architecture/#citadel
在有一些场景中,对于安全要求是非常高的,比如支付,所以Citadel就是用来保证安全的。
02 Bookinfo
官网 :https://istio.io/docs/examples/bookinfo/
The Bookinfo application is broken into four separate microservices:
productpage . The productpage microservice calls the details and reviews
microservices to populate the page.
details . The details microservice contains book information.
reviews . The reviews microservice contains book reviews. It also calls the ratings
microservice.
ratings . The ratings microservice contains book ranking information that
accompanies a book review.
There are 3 versions of the reviews microservice:
Version v1 doesn’t call the ratings service.
Version v2 calls the ratings service, and displays each rating as 1 to 5 black stars.
Version v3 calls the ratings service, and displays each rating as 1 to 5 red stars.
This application is polyglot, i.e., the microservices are written in different languages. It’s
worth noting that these services have no dependencies on Istio, but make an interesting
service mesh example, particularly because of the multitude of services, languages and
versions for the reviews service.
2.1 理解bookinfo
(1)productpage是Python语言编写的,用于前端页面展示,会调用reviews微服务和details微服务
(2)details是Ruby语言编写的,是书籍的详情信息
Citadel enables strong service-to-service and end-user authentication with built-in identity and credential management. You can use Citadel to upgrade unencrypted traffic in the service mesh. Using Citadel, operators can enforce policies based on service identity rather than on relatively unstable layer 3 or layer 4 network identifiers. Starting from release 0.5, you can use Istio’s authorization feature to control who can access your services. This example deploys a sample application composed of four separate microservices used to demonstrate【/ˈdemənstreɪt/ 证明】 various Istio features. The application displays information about a book, similar to a single catalog entry of an online book store. Displayed on the page is a description of the book, book details (ISBN, number of pages, and so on), and a few book reviews. 咕泡学院 只为更好的你
(3)reviews是Java语言编写的,是书籍的评论信息,会调用ratings微服务,有3个版本
(4)ratings是nodejs语言编写的,是书籍的评分信息
2.2 sidecar自动注入到微服务
官网 :https://istio.io/docs/examples/bookinfo/#start-the-application-services
To run the sample with Istio requires no changes to the application itself. Instead, you
simply need to configure and run the services in an Istio-enabled environment, with Envoy
sidecars injected along side each service. The resulting deployment will look like this:
All of the microservices will be packaged with an Envoy sidecar that intercepts incoming
and outgoing calls for the services, providing the hooks needed to externally control, via
the Istio control plane, routing, telemetry collection, and policy enforcement for the
application as a whole.
(1)Change directory to the root of the Istio installation.
(2)The default Istio installation uses automatic sidecar injection. Label the namespace
that will host the application with istio-injection=enabled :
(3)Deploy your application using the kubectl command:
若镜像拉取不下来,可以用我的,记得打tag,rmi
(4)查看pod
cd istio-1.0.6 kubectl label namespace default istio-injection=enabled kubectl get namespaces --show-labels docker pull registry.cn-hangzhou.aliyuncs.com/istio-k8s/examples-bookinfo- details-v1:1.8.0 docker pull registry.cn-hangzhou.aliyuncs.com/istio-k8s/examples-bookinfo- ratings-v1:1.8.0 docker pull registry.cn-hangzhou.aliyuncs.com/istio-k8s/examples-bookinfo- reviews-v1:1.8.0 docker pull registry.cn-hangzhou.aliyuncs.com/istio-k8s/examples-bookinfo- reviews-v2:1.8.0 docker pull registry.cn-hangzhou.aliyuncs.com/istio-k8s/examples-bookinfo- reviews-v3:1.8.0 docker pull registry.cn-hangzhou.aliyuncs.com/istio-k8s/examples-bookinfo- productpage-v1:1.8.0 kubectl apply -f istio-1.0.6/samples/bookinfo/platform/kube/bookinfo.yaml kubectl get pods咕泡学院 只为更好的你

 

------分隔线----------------------------

锋哥公众号


锋哥微信


关注公众号
【Java资料站】
回复 666
获取 
66套java
从菜鸡到大神
项目实战课程

锋哥推荐