Istio的本地运行是怎样的

这篇文章给大家介绍Istio的本地运行是怎样的，内容非常详细，感兴趣的小伙伴们可以参考借鉴，希望对大家能有所帮助。

概述

pilot-discovery

提供http/grpc两种接口，其中grpc是双向通道

运行

可用命令：

./pilot-discovery discovery --kubeconfig /root/.kube/config   --caCertFile  ./docker_build/docker.pilot/cacert.pem

其中， /root/.kube/config 是本地 K8S 的配置文件 ./docker_build/docker.pilot/cacert.pem 是Istio编译后自带有的证书文件

同时，它还隐式的要求配置文件：./etc/istio/config/mesh，可用的一份如下（未必最简化）：

{    "disablePolicyChecks": true,    "disableMixerHttpReports": true,    "proxyListenPort": 15001,    "connectTimeout": "10s",    "protocolDetectionTimeout": "5s",    "defaultConfig": {        "configPath": "./etc/istio/proxy",        "binaryPath": "/usr/local/bin/envoy",        "serviceCluster": "istio-proxy",        "drainDuration": "45s",        "parentShutdownDuration": "60s",        "discoveryAddress": "localhost:15012",        "proxyAdminPort": 15000,        "controlPlaneAuthPolicy": "NONE",        "statNameLength": 189,        "concurrency": 2,        "envoyAccessLogService": {        },        "envoyMetricsService": {        },        "statusPort": 15020,        "terminationDrainDuration": "5s"    },    "outboundTrafficPolicy": {        "mode": "ALLOW_ANY"    },    "defaultServiceExportTo": [        "*"    ],    "defaultVirtualServiceExportTo": [        "*"    ],    "defaultDestinationRuleExportTo": [        "*"    ],    "localityLbSetting": {        "enabled": true    },    "dnsRefreshRate": "5s",    "reportBatchMaxEntries": 100,    "reportBatchMaxTime": "1s",    "certificates": [    ],    "thriftConfig": {    },    "serviceSettings": [    ]}

envoy

可通过http/grpc两种方式访问pilot-discovery，具体细分为 GPRC/DELTAGRPC/REST 等 其中DELTA前缀，表示：增量获取，且获取后断开本次链接

运行

可用命令

./envoy -c envoy.yaml

其中，envoy.yaml 内容为（未必最简化）：

{  "node": {    "id": "router~172.26.33.33~istio123456~local",    "cluster": "localhost-cluster",    "locality": {    }  },  "admin": {    "access_log_path": "/dev/null",    "address": {      "socket_address": {        "address": "0.0.0.0",        "port_value": 15000      }    }  },  "dynamic_resources": {    "lds_config": {      "ads": {}    },    "cds_config": {      "ads": {}    },    "ads_config": {      "api_type": "GRPC",      "grpc_services": [        {          "envoy_grpc": {            "cluster_name": "xds-grpc"          }        }      ]    }  },  "static_resources": {    "clusters": [      {        "name": "xds-grpc",        "type": "STRICT_DNS",        "respect_dns_ttl": true,        "dns_lookup_family": "V4_ONLY",        "connect_timeout": "1s",        "lb_policy": "ROUND_ROBIN",        "load_assignment": {          "cluster_name": "xds-grpc",          "endpoints": [{            "lb_endpoints": [{              "endpoint": {                "address":{                  "socket_address": {"address": "127.0.0.1", "port_value": 15010}                }              }            }]          }]        },        "circuit_breakers": {          "thresholds": [            {              "priority": "DEFAULT",              "max_connections": 100000,              "max_pending_requests": 100000,              "max_requests": 100000            },            {              "priority": "HIGH",              "max_connections": 100000,              "max_pending_requests": 100000,              "max_requests": 100000            }          ]        },        "upstream_connection_options": {          "tcp_keepalive": {            "keepalive_time": 300          }        },        "max_requests_per_connection": 1,        "http2_protocol_options": { }      }    ]  }}

当envoy启动后，可在浏览器通过 http://所在可访问IP:15000/ 访问 envoy 的简单管理界面(说是管理，其实大多仅可看，不可编辑)

关于Istio的本地运行是怎样的就分享到这里了，希望以上内容可以对大家有一定的帮助，可以学到更多知识。如果觉得文章不错，可以把它分享出去让更多的人看到。