Istio-本地运行

概述

基于上一篇 Istio1.6-二进制编译和本地运行 但集中在 pilot-discovery 和 envoy（pilot-agent 大部分功能仅作为 envoy 的 watchdog，略过）

NOTE： 以下的描述，相对路径都基于目录 /go/src/istio.io/istio/out/linux_amd64/

pilot-discovery

提供http/grpc两种接口，其中grpc是双向通道

运行

可用命令：

./pilot-discovery discovery --kubeconfig /root/.kube/config   --caCertFile  ./docker_build/docker.pilot/cacert.pem

其中， /root/.kube/config 是本地 K8S 的配置文件 ./docker_build/docker.pilot/cacert.pem 是Istio编译后自带有的证书文件

同时，它还隐式的要求配置文件：./etc/istio/config/mesh，可用的一份如下（未必最简化）：

{
    "disablePolicyChecks": true,
    "disableMixerHttpReports": true,
    "proxyListenPort": 15001,
    "connectTimeout": "10s",
    "protocolDetectionTimeout": "5s",
    "defaultConfig": {
        "configPath": "./etc/istio/proxy",
        "binaryPath": "/usr/local/bin/envoy",
        "serviceCluster": "istio-proxy",
        "drainDuration": "45s",
        "parentShutdownDuration": "60s",
        "discoveryAddress": "localhost:15012",
        "proxyAdminPort": 15000,
        "controlPlaneAuthPolicy": "NONE",
        "statNameLength": 189,
        "concurrency": 2,
        "envoyAccessLogService": {

        },
        "envoyMetricsService": {

        },
        "statusPort": 15020,
        "terminationDrainDuration": "5s"
    },
    "outboundTrafficPolicy": {
        "mode": "ALLOW_ANY"
    },
    "defaultServiceExportTo": [
        "*"
    ],
    "defaultVirtualServiceExportTo": [
        "*"
    ],
    "defaultDestinationRuleExportTo": [
        "*"
    ],
    "localityLbSetting": {
        "enabled": true
    },
    "dnsRefreshRate": "5s",
    "reportBatchMaxEntries": 100,
    "reportBatchMaxTime": "1s",
    "certificates": [
    ],
    "thriftConfig": {
    },
    "serviceSettings": [
    ]
}

envoy

可通过http/grpc两种方式访问pilot-discovery，具体细分为 GPRC/DELTAGRPC/REST 等 其中DELTA前缀，表示：增量获取，且获取后断开本次链接

运行

可用命令

./envoy -c envoy.yaml

其中，envoy.yaml 内容为（未必最简化）：

{
  "node": {
    "id": "router~172.26.33.33~istio123456~local",
    "cluster": "localhost-cluster",
    "locality": {
    }
  },
  "admin": {
    "access_log_path": "/dev/null",
    "address": {
      "socket_address": {
        "address": "0.0.0.0",
        "port_value": 15000
      }
    }
  },
  "dynamic_resources": {
    "lds_config": {
      "ads": {}
    },
    "cds_config": {
      "ads": {}
    },
    "ads_config": {
      "api_type": "GRPC",
      "grpc_services": [
        {
          "envoy_grpc": {
            "cluster_name": "xds-grpc"
          }
        }
      ]
    }
  },
  "static_resources": {
    "clusters": [
      {
        "name": "xds-grpc",
        "type": "STRICT_DNS",
        "respect_dns_ttl": true,
        "dns_lookup_family": "V4_ONLY",
        "connect_timeout": "1s",
        "lb_policy": "ROUND_ROBIN",
        "load_assignment": {
          "cluster_name": "xds-grpc",
          "endpoints": [{
            "lb_endpoints": [{
              "endpoint": {
                "address":{
                  "socket_address": {"address": "127.0.0.1", "port_value": 15010}
                }
              }
            }]
          }]
        },
        "circuit_breakers": {
          "thresholds": [
            {
              "priority": "DEFAULT",
              "max_connections": 100000,
              "max_pending_requests": 100000,
              "max_requests": 100000
            },
            {
              "priority": "HIGH",
              "max_connections": 100000,
              "max_pending_requests": 100000,
              "max_requests": 100000
            }
          ]
        },
        "upstream_connection_options": {
          "tcp_keepalive": {
            "keepalive_time": 300
          }
        },
        "max_requests_per_connection": 1,
        "http2_protocol_options": { }
      }
    ]
  }
}

当envoy启动后，可在浏览器通过 http://所在可访问IP:15000/ 访问 envoy 的简单管理界面(说是管理，其实大多仅可看，不可编辑)

---

为了保持文章内容单一好消化，通讯机制见下一篇

来源：oschina

链接：https://my.oschina.net/kakablue/blog/4473010