{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"8月12日,服務網格 Istio 背後的團隊發佈了該項目的 1.11 版本,該版本包含網關注入,以及 Kubernetes 多集羣服務的實驗性實現。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"Istio 提供了網關作爲與外部世界連接的方式。新版本在項目中引入了"},{"type":"link","attrs":{"href":"https:\/\/istio.io\/latest\/docs\/setup\/additional-setup\/gateway\/","title":null,"type":null},"content":[{"type":"text","text":"網關注入"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":",可以讓管理員更輕鬆地管理和升級網關。更新後,可以通過與 sidecar 代理相同的方法進行管理,因此全局代理配置也將應用於網關,這有助於減少組件之間的漂移。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"Kubernetes 項目正在建立一個"},{"type":"link","attrs":{"href":"https:\/\/github.com\/kubernetes\/enhancements\/tree\/master\/keps\/sig-multicluster\/1645-multi-cluster-services-api","title":null,"type":null},"content":[{"type":"text","text":"多集羣服務 API"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":",允許服務所有者或網格管理員決定是否導出整個網格的服務及其端點。如果通過 ENABLE_MCS_SERVICE_DISCOVERY 標誌啓用了新功能,則默認情況下只能從同一集羣中發現服務端點。針對在不同集羣內的端點,如果需要在整個網格中訪問它們,則需要首先導出端點。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"除此之外,自上次發佈以來,Istio 團隊對 "},{"type":"link","attrs":{"href":"https:\/\/istio.io\/latest\/docs\/setup\/additional-setup\/cni\/","title":null,"type":null},"content":[{"type":"text","text":"CNI 插件"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"進行了大量測試和文檔工作。默認情況下,Istio 會在部署在網格的 pod 中注入一個 init 容器。istio-init 容器使用 iptables 設置 pod 網絡流量重定向到(來自)Istio sidecar 代理。這需要部署 pod 的用戶或服務賬戶有足夠高的權限來部署具有 NET_ADMIN 和 NET_RAW 功能的容器。但擁有較高的 Kubernetes 權限,對於組織內的安全合規性來說是有問題的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"所以beta版的CNI 插件是 istio-init 容器的替代品,它執行相同的網絡功能,但不要求 Istio 用戶啓用更高的 Kubernetes 權限。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"Istio 的命令行工具 istioctl 現在包括了諸如 istioctl 命名空間、Kubernetes pod 和服務的自動完成等功能。 –dry-run ,卸載時使用該試運行命令,可以在爲時已晚之前更好地瞭解將要刪除的內容。新的 –workloadIP 可以幫助設置工作負載 IP sidecar 代理,用於自動註冊工作負載。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"有經驗的 Istio 用戶將不得不稍微改變他們的工作流程,以便在具有外部控制平面的遠程集羣上安裝網格。由於 istiodRemote 組件最近配備了任何集羣所需的所有圖表,用戶可以通過新的 values.global.configCluster 變量啓用配置集羣所需的資源。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"具體的"},{"type":"link","attrs":{"href":"https:\/\/istio.io\/latest\/news\/releases\/1.11.x\/announcing-1.11\/change-notes\/","title":null,"type":null},"content":[{"type":"text","text":"說明文檔"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"可以在Istio 網站上找到。該項目由Google、IBM 和 Lyft 團隊聯合創建,於2017年發佈第一個版本。去年7月,Istio 社區官方博客發文稱,決定將 Istio 項目商標的所有權轉讓給Open Usage Commons組織,而不是將其納入 CNCF。Open Usage Commons 是谷歌不久前宣佈成立的一個組織,專注於以符合開放源碼定義的方式提供開源項目商標的管理和指導。目前谷歌已經將三個項目的商標轉讓給了 OUC,分別是移動端的 Angular Web 應用框架、Gerrit 代碼審查工具和 Istio 服務網格。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"延伸閱讀:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/cloudnative.to\/blog\/istio-111-release\/","title":null,"type":null},"content":[{"type":"text","text":"https:\/\/cloudnative.to\/blog\/istio-111-release\/"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/www.infoq.cn\/article\/NAB71Cb7vwqeYOOAluNS","title":null,"type":null},"content":[{"type":"text","text":"https:\/\/www.infoq.cn\/article\/NAB71Cb7vwqeYOOAluNS"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]}]}]}
服務網格Istio 1.11 發佈:重新設計了網關管理,支持 Kubernetes 多集羣服務
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"8月12日,服務網格 Istio 背後的團隊發佈了該項目的 1.11 版本,該版本包含網關注入,以及 Kubernetes 多集羣服務的實驗性實現。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"Istio 提供了網關作爲與外部世界連接的方式。新版本在項目中引入了"},{"type":"link","attrs":{"href":"https:\/\/istio.io\/latest\/docs\/setup\/additional-setup\/gateway\/","title":null,"type":null},"content":[{"type":"text","text":"網關注入"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":",可以讓管理員更輕鬆地管理和升級網關。更新後,可以通過與 sidecar 代理相同的方法進行管理,因此全局代理配置也將應用於網關,這有助於減少組件之間的漂移。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"Kubernetes 項目正在建立一個"},{"type":"link","attrs":{"href":"https:\/\/github.com\/kubernetes\/enhancements\/tree\/master\/keps\/sig-multicluster\/1645-multi-cluster-services-api","title":null,"type":null},"content":[{"type":"text","text":"多集羣服務 API"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":",允許服務所有者或網格管理員決定是否導出整個網格的服務及其端點。如果通過 ENABLE_MCS_SERVICE_DISCOVERY 標誌啓用了新功能,則默認情況下只能從同一集羣中發現服務端點。針對在不同集羣內的端點,如果需要在整個網格中訪問它們,則需要首先導出端點。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"除此之外,自上次發佈以來,Istio 團隊對 "},{"type":"link","attrs":{"href":"https:\/\/istio.io\/latest\/docs\/setup\/additional-setup\/cni\/","title":null,"type":null},"content":[{"type":"text","text":"CNI 插件"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"進行了大量測試和文檔工作。默認情況下,Istio 會在部署在網格的 pod 中注入一個 init 容器。istio-init 容器使用 iptables 設置 pod 網絡流量重定向到(來自)Istio sidecar 代理。這需要部署 pod 的用戶或服務賬戶有足夠高的權限來部署具有 NET_ADMIN 和 NET_RAW 功能的容器。但擁有較高的 Kubernetes 權限,對於組織內的安全合規性來說是有問題的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"所以beta版的CNI 插件是 istio-init 容器的替代品,它執行相同的網絡功能,但不要求 Istio 用戶啓用更高的 Kubernetes 權限。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"Istio 的命令行工具 istioctl 現在包括了諸如 istioctl 命名空間、Kubernetes pod 和服務的自動完成等功能。 –dry-run ,卸載時使用該試運行命令,可以在爲時已晚之前更好地瞭解將要刪除的內容。新的 –workloadIP 可以幫助設置工作負載 IP sidecar 代理,用於自動註冊工作負載。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"有經驗的 Istio 用戶將不得不稍微改變他們的工作流程,以便在具有外部控制平面的遠程集羣上安裝網格。由於 istiodRemote 組件最近配備了任何集羣所需的所有圖表,用戶可以通過新的 values.global.configCluster 變量啓用配置集羣所需的資源。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"具體的"},{"type":"link","attrs":{"href":"https:\/\/istio.io\/latest\/news\/releases\/1.11.x\/announcing-1.11\/change-notes\/","title":null,"type":null},"content":[{"type":"text","text":"說明文檔"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"可以在Istio 網站上找到。該項目由Google、IBM 和 Lyft 團隊聯合創建,於2017年發佈第一個版本。去年7月,Istio 社區官方博客發文稱,決定將 Istio 項目商標的所有權轉讓給Open Usage Commons組織,而不是將其納入 CNCF。Open Usage Commons 是谷歌不久前宣佈成立的一個組織,專注於以符合開放源碼定義的方式提供開源項目商標的管理和指導。目前谷歌已經將三個項目的商標轉讓給了 OUC,分別是移動端的 Angular Web 應用框架、Gerrit 代碼審查工具和 Istio 服務網格。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"延伸閱讀:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/cloudnative.to\/blog\/istio-111-release\/","title":null,"type":null},"content":[{"type":"text","text":"https:\/\/cloudnative.to\/blog\/istio-111-release\/"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/www.infoq.cn\/article\/NAB71Cb7vwqeYOOAluNS","title":null,"type":null},"content":[{"type":"text","text":"https:\/\/www.infoq.cn\/article\/NAB71Cb7vwqeYOOAluNS"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章