Istio-本地運行

概述

基於上一篇 Istio1.6-二進制編譯和本地運行 但集中在 pilot-discovery 和 envoy（pilot-agent 大部分功能僅作爲 envoy 的 watchdog，略過）

NOTE： 以下的描述，相對路徑都基於目錄 /go/src/istio.io/istio/out/linux_amd64/

pilot-discovery

提供http/grpc兩種接口，其中grpc是雙向通道

運行

可用命令：

./pilot-discovery discovery --kubeconfig /root/.kube/config   --caCertFile  ./docker_build/docker.pilot/cacert.pem

其中， /root/.kube/config 是本地 K8S 的配置文件 ./docker_build/docker.pilot/cacert.pem 是Istio編譯後自帶有的證書文件

同時，它還隱式的要求配置文件：./etc/istio/config/mesh，可用的一份如下（未必最簡化）：

{
    "disablePolicyChecks": true,
    "disableMixerHttpReports": true,
    "proxyListenPort": 15001,
    "connectTimeout": "10s",
    "protocolDetectionTimeout": "5s",
    "defaultConfig": {
        "configPath": "./etc/istio/proxy",
        "binaryPath": "/usr/local/bin/envoy",
        "serviceCluster": "istio-proxy",
        "drainDuration": "45s",
        "parentShutdownDuration": "60s",
        "discoveryAddress": "localhost:15012",
        "proxyAdminPort": 15000,
        "controlPlaneAuthPolicy": "NONE",
        "statNameLength": 189,
        "concurrency": 2,
        "envoyAccessLogService": {

        },
        "envoyMetricsService": {

        },
        "statusPort": 15020,
        "terminationDrainDuration": "5s"
    },
    "outboundTrafficPolicy": {
        "mode": "ALLOW_ANY"
    },
    "defaultServiceExportTo": [
        "*"
    ],
    "defaultVirtualServiceExportTo": [
        "*"
    ],
    "defaultDestinationRuleExportTo": [
        "*"
    ],
    "localityLbSetting": {
        "enabled": true
    },
    "dnsRefreshRate": "5s",
    "reportBatchMaxEntries": 100,
    "reportBatchMaxTime": "1s",
    "certificates": [
    ],
    "thriftConfig": {
    },
    "serviceSettings": [
    ]
}

envoy

可通過http/grpc兩種方式訪問pilot-discovery，具體細分爲 GPRC/DELTAGRPC/REST 等 其中DELTA前綴，表示：增量獲取，且獲取後斷開本次鏈接

運行

可用命令

./envoy -c envoy.yaml

其中，envoy.yaml 內容爲（未必最簡化）：

{
  "node": {
    "id": "router~172.26.33.33~istio123456~local",
    "cluster": "localhost-cluster",
    "locality": {
    }
  },
  "admin": {
    "access_log_path": "/dev/null",
    "address": {
      "socket_address": {
        "address": "0.0.0.0",
        "port_value": 15000
      }
    }
  },
  "dynamic_resources": {
    "lds_config": {
      "ads": {}
    },
    "cds_config": {
      "ads": {}
    },
    "ads_config": {
      "api_type": "GRPC",
      "grpc_services": [
        {
          "envoy_grpc": {
            "cluster_name": "xds-grpc"
          }
        }
      ]
    }
  },
  "static_resources": {
    "clusters": [
      {
        "name": "xds-grpc",
        "type": "STRICT_DNS",
        "respect_dns_ttl": true,
        "dns_lookup_family": "V4_ONLY",
        "connect_timeout": "1s",
        "lb_policy": "ROUND_ROBIN",
        "load_assignment": {
          "cluster_name": "xds-grpc",
          "endpoints": [{
            "lb_endpoints": [{
              "endpoint": {
                "address":{
                  "socket_address": {"address": "127.0.0.1", "port_value": 15010}
                }
              }
            }]
          }]
        },
        "circuit_breakers": {
          "thresholds": [
            {
              "priority": "DEFAULT",
              "max_connections": 100000,
              "max_pending_requests": 100000,
              "max_requests": 100000
            },
            {
              "priority": "HIGH",
              "max_connections": 100000,
              "max_pending_requests": 100000,
              "max_requests": 100000
            }
          ]
        },
        "upstream_connection_options": {
          "tcp_keepalive": {
            "keepalive_time": 300
          }
        },
        "max_requests_per_connection": 1,
        "http2_protocol_options": { }
      }
    ]
  }
}

當envoy啓動後，可在瀏覽器通過 http://所在可訪問IP:15000/ 訪問 envoy 的簡單管理界面(說是管理，其實大多僅可看，不可編輯)

---

爲了保持文章內容單一好消化，通訊機制見下一篇