Back to Details

service-mesh

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Service Mesh

服务网格

Implement service-to-service communication management.
实现服务间通信管理。

Istio Installation

Istio 安装

bash
istioctl install --set profile=demo
bash
istioctl install --set profile=demo

Enable sidecar injection

启用 sidecar 注入

kubectl label namespace default istio-injection=enabled
undefined
kubectl label namespace default istio-injection=enabled
undefined

Traffic Management

流量管理

yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: myapp
spec:
  hosts:
  - myapp
  http:
  - match:
    - headers:
        canary:
          exact: "true"
    route:
    - destination:
        host: myapp
        subset: canary
  - route:
    - destination:
        host: myapp
        subset: stable
      weight: 90
    - destination:
        host: myapp
        subset: canary
      weight: 10
yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: myapp
spec:
  hosts:
  - myapp
  http:
  - match:
    - headers:
        canary:
          exact: "true"
    route:
    - destination:
        host: myapp
        subset: canary
  - route:
    - destination:
        host: myapp
        subset: stable
      weight: 90
    - destination:
        host: myapp
        subset: canary
      weight: 10

mTLS

mTLS

yaml
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
  name: default
spec:
  mtls:
    mode: STRICT
yaml
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
  name: default
spec:
  mtls:
    mode: STRICT

Best Practices

最佳实践

  • Enable strict mTLS
  • Implement circuit breakers
  • Use traffic shifting for deployments
  • Monitor with Kiali and Jaeger
  • 启用严格模式mTLS
  • 实现断路器
  • 为部署使用流量切换
  • 借助Kiali与Jaeger进行监控