Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Istio в разрезе: что умеет и не умеет самый популярный Service Mesh

flant
March 17, 2023
Technology
0
35k

Istio в разрезе: что умеет и не умеет самый популярный Service Mesh

Доклад ведущего разработчика Kubernetes-платформы Deckhouse (https://deckhouse.ru/) Андрея Половова на DevOpsConf 2023.

flant

March 17, 2023
Tweet

More Decks by flant

See All by flant
Стандарты безопасности в Kubernetes
flant
0
8.2k
Мимо тёщиного дома я без метрик не хожу. То им пром в забор просуну, то mimir'у покажу!
flant
0
9k
Как устроена разработка Kubernetes-платформы Deckhouse
flant
0
2.9k
LINSTOR — это как Kubernetes, но для блочных устройств
flant
0
17k
Что ждать от внедрения Istio?
flant
0
19k
Как [не] продать технический долг
flant
0
4k
Как правильно сделать Kubernetes
flant
1
15k
Go? Bash! Meet the Shell-operator
flant
0
8.4k
10 лет on-call. Чему мы научились?
flant
0
8.9k

Other Decks in Technology

See All in Technology
サーバー間 GraphQL と webmock-graphql の話 / server-to-server graphql and webmock-graphql
qsona
2
180
TechFeed Experts Night#27 〜 フロントエンドフレームワーク最前線 (Svelte)
baseballyama
1
140
Delivering Millions of Messages within seconds @ Duolingo
pelelgrino
0
350
生産性向上チームの紹介
cybozuinsideout
PRO
1
860
プロトタイピングによる不確実性の低減 / Reducing Uncertainty through Prototyping
ohbarye
5
380
非同期推論システムによるコスト削減と信頼性向上
koki_nishihara
0
140
Next'24 事例セッションの紹介とクラウド資格を活用したキャリア形成について語りMuscle
yasumuusan
1
430
チームでロジカルシンキングに改めて向き合っている話 〜学習環境と実践⽅法〜
sansantech
PRO
2
1.6k
Azure犬駆動開発の記録/GlobalAzureFukuoka2024_20240420
nina01
1
200
最近たまに見かけるTiDBってなんだ? - Findy
pingcap0315
2
760
プロデザ! BY リクルート vol.18_リクルートのリサーチ実践組織「リサーチブーストコミュニティ」
recruitengineers
PRO
3
270
MapLibreとAmazon Location Service
dayjournal
1
150

Featured

See All Featured
The Mythical Team-Month
searls
216
42k
How GitHub Uses GitHub to Build GitHub
holman
468
290k
The Cult of Friendly URLs
andyhume
74
5.7k
Build The Right Thing And Hit Your Dates
maggiecrowley
24
2k
The Language of Interfaces
destraynor
151
23k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
352
28k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
6
1.5k
In The Pink: A Labor of Love
frogandcode
138
21k
VelocityConf: Rendering Performance Case Studies
addyosmani
320
23k
Design by the Numbers
sachag
274
18k
Building Your Own Lightsaber
phodgson
99
5.7k
Fashionably flexible responsive web design (full day workshop)
malarkey
398
65k

Transcript

  1. None

  2. Istio в разрезе: что умеет и не умеет самый популярный

    Service Mesh

  3. Istio в разрезе: что умеет и не умеет самый популярный

    Service Mesh

  4. Istio в разрезе: что умеет и не умеет самый популярный

    Service Mesh

  5. Istio в разрезе : что умеет и не умеет самый

    популярный Service Mesh

  6. Intro Service Mesh

  7. Intro Service Mesh Mutual TLS

  8. Intro Service Mesh Mutual TLS Authorization End-user Authentication

  9. Intro Service Mesh gRPC Load Balancing Mutual TLS Authorization Locality

    Load Balancing Weighted Load Balancer End-user Authentication

  10. Intro Service Mesh Traffic Shifting gRPC Load Balancing Mutual TLS

    A/B Tests Authorization Locality Load Balancing Weighted Load Balancer Canary Deployment End-user Authentication Fault Injection

  11. Intro Service Mesh Traffic Shifting End-user Authentication gRPC Load Balancing

    Mutual TLS A/B Tests Authorization Request Timeout Circuit Breaker Locality Load Balancing Canary Deployment Weighted Load Balancer Fault Injection

  12. Intro Service Mesh Traffic Shifting End-user Authentication gRPC Load Balancing

    Mutual TLS A/B Tests Authorization Request Timeout Circuit Breaker Locality Load Balancing Canary Deployment Weighted Load Balancer Fault Injection Multicluster Federation

  13. Intro Service Mesh Zone-aware Routing Traffic Shifting Metric Exporting &

    Tracing End-user Authentication Weighted Load Balancer gRPC Load Balancing Mutual TLS A/B Tests Fault Injection Authorization Egress Gateway Request Timeout Circuit Breaker Locality Load Balancing Canary Deployment Multicluster Federation

  14. Intro Service Mesh Zone-aware Routing Traffic Shifting Metric Exporting &

    Tracing End-user Authentication Weighted Load Balancer gRPC Load Balancing Mutual TLS A/B Tests Fault Injection Authorization Egress Gateway Request Timeout Circuit Breaker Locality Load Balancing Canary Deployment Multicluster Federation

  15. Intro Service Mesh Zone-aware Routing Traffic Shifting Metric Exporting &

    Tracing End-user Authentication Weighted Load Balancer gRPC Load Balancing Mutual TLS A/B Tests Fault Injection Authorization Egress Gateway Request Timeout Circuit Breaker Locality Load Balancing Canary Deployment Multicluster Federation Observability

  16. Intro Service Mesh Zone-aware Routing Traffic Shifting Metric Exporting &

    Tracing End-user Authentication Weighted Load Balancer gRPC Load Balancing Mutual TLS A/B Tests Fault Injection Authorization Egress Gateway Request Timeout Circuit Breaker Locality Load Balancing Canary Deployment Multicluster Federation Observability

  17. Intro

  18. Intro

  19. Intro

  20. Intro

  21. Intro

  22. Intro

  23. Intro

  24. Intro PeerAuthentication AuthorizationPolicy VirtualService DestinationRule Sidecar ServiceEntry EnvoyFilter

  25. Intro

  26. Intro

  27. Intro Observability

  28. Intro Observability

  29. Intro Observability

  30. Intro Observability

  31. None

  32. front back db

  33. front back db

  34. front back db

  35. istiod front back db

  36. front back db Control Plane istiod

  37. istiod front back db

  38. istio-proxy istiod front back db istio-proxy istio-proxy

  39. istiod front back db Data Plane istio-proxy istio-proxy istio-proxy

  40. istio-proxy istiod front back db istio-proxy istio-proxy

  41. istio-proxy istiod front back db istio-proxy istio-proxy

  42. istio-proxy istiod front back db istio-proxy istio-proxy

  43. istio-proxy istiod front back db istio-proxy istio-proxy

  44. istio-proxy istiod front back db istio-proxy istio-proxy Weighted Load Balancer

    gRPC Load Balancing Mutual TLS Authorization Circuit Breaker Locality Load Balancing

  45. istio-proxy istiod front back db istio-proxy istio-proxy Weighted Load Balancer

    gRPC Load Balancing Mutual TLS Authorization Circuit Breaker Locality Load Balancing

  46. istio-proxy istiod front back db istio-proxy istio-proxy Weighted Load Balancer

    gRPC Load Balancing Mutual TLS Authorization Circuit Breaker Locality Load Balancing

  47. istio-proxy istiod front back db istio-proxy istio-proxy Weighted Load Balancer

    gRPC Load Balancing Mutual TLS Authorization Circuit Breaker Locality Load Balancing

  48. istiod back db istio-proxy istio-proxy Weighted Load Balancer gRPC Load

    Balancing Mutual TLS Authorization Circuit Breaker Locality Load Balancing istio-proxy front

  49. front > Pod

  50. istio-proxy front > Pod

  51. istio-proxy front > Pod > istio-proxy

  52. istio-proxy front > Pod > istio-proxy

  53. istio-proxy front > Pod > istio-proxy > envoy

  54. > Pod > istio-proxy > envoy

  55. > Pod > istio-proxy > envoy

  56. > Pod > istio-proxy > envoy downstream HTTP TCP

  57. > Pod > istio-proxy > envoy downstream HTTP TCP

  58. > Pod > istio-proxy > envoy downstream HTTP TCP upstream

  59. > Pod > istio-proxy > envoy downstream HTTP TCP upstream

  60. > Pod > istio-proxy > envoy downstream HTTP TCP envoy

    API upstream

  61. downstream upstream > Pod > istio-proxy > envoy

  62. downstream upstream handle tls Listener 10.24.0.8:443 handle stats authorization route

    handle tls Listener 10.24.0.8:443 handle stats authorization route listener 10.24.0.8:443 > Pod > istio-proxy > envoy

  63. downstream upstream handle tls Listener 10.24.0.8:443 handle stats authorization route

    handle tls Listener 10.24.0.8:443 handle stats authorization route listener 10.24.0.8:443 > Pod > istio-proxy > envoy

  64. downstream upstream handle tls Listener 10.24.0.8:443 handle stats authorization route

    handle tls Listener 10.24.0.8:443 handle stats authorization route listener 10.24.0.8:443 > Pod > istio-proxy > envoy

  65. downstream upstream handle tls Listener 10.24.0.8:443 handle stats authorization route

    handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls listener 10.24.0.8:443 > Pod > istio-proxy > envoy

  66. downstream upstream handle tls Listener 10.24.0.8:443 handle stats authorization route

    handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls listener 10.24.0.8:443 handle stats > Pod > istio-proxy > envoy

  67. downstream upstream handle tls Listener 10.24.0.8:443 handle stats authorization route

    handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls listener 10.24.0.8:443 handle stats authorization > Pod > istio-proxy > envoy

  68. downstream upstream handle tls Listener 10.24.0.8:443 handle stats authorization route

    handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls listener 10.24.0.8:443 handle stats authorization route > Pod > istio-proxy > envoy

  69. downstream upstream handle tls Listener 10.24.0.8:443 handle stats authorization route

    handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance handle tls listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster foo.example.com > Pod > istio-proxy > envoy

  70. downstream upstream handle tls Listener 10.24.0.8:443 handle stats authorization route

    handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance handle tls listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster foo.example.com endpoints ip:port ip:port ip:port > Pod > istio-proxy > envoy

  71. downstream upstream handle tls Listener 10.24.0.8:443 handle stats authorization route

    handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance handle tls listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster foo.example.com endpoints ip:port ip:port ip:port load balance > Pod > istio-proxy > envoy

  72. downstream upstream handle tls Listener 10.24.0.8:443 handle stats authorization route

    handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance handle tls listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster foo.example.com endpoints ip:port ip:port ip:port load balance select endpoint connect outlier detection > Pod > istio-proxy > envoy

  73. downstream upstream handle tls Listener 10.24.0.8:443 handle stats authorization route

    handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance handle tls listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster foo.example.com endpoints ip:port ip:port ip:port load balance select endpoint connect outlier detection handle tls > Pod > istio-proxy > envoy

  74. downstream upstream handle tls Listener 10.24.0.8:443 handle stats authorization route

    handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance handle tls listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster foo.example.com endpoints ip:port ip:port ip:port load balance select endpoint connect outlier detection handle tls handle stats > Pod > istio-proxy > envoy

  75. downstream upstream handle tls Listener 10.24.0.8:443 handle stats authorization route

    handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance handle tls listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster foo.example.com endpoints ip:port ip:port ip:port load balance select endpoint connect outlier detection handle tls handle stats > Pod > istio-proxy > envoy

  76. istio-proxy > Pod > istio-proxy > envoy front

  77. istio-proxy > Pod > istio-proxy front

  78. > Pod > istio-proxy istio-proxy front

  79. > Pod > istio-proxy istio-proxy front

  80. > Pod > istio-proxy front istio-proxy

  81. > Pod > istio-proxy istio-proxy front

  82. > Pod > istio-proxy istio-proxy front

  83. > Pod > istio-proxy istio-proxy front ?

  84. > Pod > istio-proxy front istio-proxy ? ?

  85. > Pod > istio-proxy front istio-proxy

  86. > Pod > istio-proxy front istio-proxy DNAT

  87. > Pod > istio-proxy istio-proxy front DNAT --to-destination ???

  88. > Pod > istio-proxy front istio-proxy DNAT --to-destination 0.0.0.0:15001 ???

  89. > Pod > istio-proxy istio-proxy front DNAT --to-destination 127.0.0.1:15001 0.0.0.0:15001

  90. > Pod > istio-proxy front istio-proxy 0.0.0.0:15001 DNAT --to-destination 127.0.0.1:15001

    0.0.0.0:15006 DNAT --to-destination 127.0.0.1:15006

  91. > Pod > istio-proxy front istio-proxy 0.0.0.0:15001 DNAT --to-destination 127.0.0.1:15001

  92. > Pod > istio-proxy istio-proxy 0.0.0.0:15001 front DNAT --to-destination 127.0.0.1:15001

    ?

  93. > Pod > istio-proxy istio-proxy 0.0.0.0:15001 front DNAT --to-destination 127.0.0.1:15001

  94. > Pod > istio-proxy istio-proxy 0.0.0.0:15001 front DNAT --to-destination 127.0.0.1:15001

    istio-agent

  95. > Pod > istio-proxy istio-proxy 0.0.0.0:15001 front DNAT --to-destination 127.0.0.1:15001

    istiod istio-agent XDS

  96. > Pod > istio-proxy istio-proxy 0.0.0.0:15001 front DNAT --to-destination 127.0.0.1:15001

    istiod istio-agent XDS envoy API

  97. > Pod > istio-proxy istio-proxy 0.0.0.0:15001 front DNAT --to-destination 127.0.0.1:15001

    istiod istio-agent XDS envoy API

  98. istio-proxy istio-proxy front back db istio-proxy

  99. istio-proxy istio-proxy front back db istio-proxy

  100. istio-proxy istio-proxy front back db istio-proxy clusterIP: 10.222.0.78 ports: -

    name: http port: 8080 Service front

  101. istio-proxy istio-proxy front back db istio-proxy Service back clusterIP: 10.222.0.78

    ports: - name: http port: 8080 clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service front

  102. istio-proxy istio-proxy front back db istio-proxy Service back clusterIP: 10.222.0.78

    ports: - name: http port: 8080 clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 Service front

  103. istio-proxy istio-proxy front back db istio-proxy Service back clusterIP: 10.222.0.78

    ports: - name: http port: 8080 clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 Service front

  104. istio-proxy istio-proxy front back db istio-proxy Service back clusterIP: 10.222.0.78

    ports: - name: http port: 8080 clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 Service front 10.111.2.3 10.111.4.3 10.111.3.3 10.111.2.5 10.111.2.4 10.111.2.3 10.111.2.5 10.111.2.4 10.111.3.3

  105. istio-proxy istio-proxy front back db istio-proxy Service back clusterIP: 10.222.0.78

    ports: - name: http port: 8080 clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 Service front 10.111.2.3 10.111.4.3 10.111.3.3 istiod 10.111.2.5 10.111.2.4 10.111.2.3 10.111.2.5 10.111.2.4 10.111.3.3

  106. istio-proxy istio-proxy front back db istio-proxy Service back clusterIP: 10.222.0.78

    ports: - name: http port: 8080 clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 Service front 10.111.2.3 10.111.4.3 10.111.3.3 10.111.2.5 10.111.2.4 10.111.2.3 10.111.2.5 10.111.2.4 10.111.3.3 istiod

  107. istio-proxy istio-proxy front back db istio-proxy Service back clusterIP: 10.222.0.78

    ports: - name: http port: 8080 clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 Service front 10.111.2.3 10.111.4.3 10.111.3.3 10.111.2.5 10.111.2.4 10.111.2.3 10.111.2.5 10.111.2.4 10.111.3.3 istiod

  108. istio-proxy istio-proxy istiod front back db istio-proxy Service back clusterIP:

    10.222.0.78 ports: - name: http port: 8080 clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 Service front 10.111.4.3 10.111.2.5 10.111.2.4 10.111.2.3 10.111.2.5 10.111.2.4 10.111.3.3

  109. istio-proxy istio-proxy istiod front back db istio-proxy Service back clusterIP:

    10.222.0.78 ports: - name: http port: 8080 clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 Service front 10.111.4.3 10.111.2.5 10.111.2.4 10.111.2.3 10.111.2.5 10.111.2.4 10.111.3.3

  110. > From kubernetes to envoy handle tls listener 10.24.0.8:443 handle

    stats authorization route cluster foo.example.com endpoints ip:port ip:port ip:port load balance select endpoint connect outlier detection handle tls handle stats

  111. > From kubernetes to envoy listener 10.24.0.8:443 route cluster foo.example.com

    endpoints ip:port ip:port ip:port

  112. > From kubernetes to envoy route listener endpoints cluster ip:port

    ip:port ip:port

  113. > From kubernetes to envoy route listener endpoints cluster ip:port

    ip:port ip:port

  114. > From kubernetes to envoy route listener endpoints cluster ip:port

    ip:port ip:port

  115. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front route listener endpoints cluster ip:port ip:port ip:port

  116. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 route listener endpoints cluster ip:port ip:port ip:port

  117. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 route listener endpoints cluster ip:port ip:port ip:port

  118. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 route listener endpoints cluster ip:port ip:port ip:port

  119. Service back clusterIP: 10.222.0.5 ports: - name: http port: 8080

    Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 route listener endpoints cluster ip:port ip:port ip:port clusterIP: 10.222.0.78 ports: - name: http port: 8080 Service front 10.111.2.5 10.111.2.4 10.111.2.3

  120. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 route listener endpoints cluster ip:port ip:port ip:port

  121. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster front ip:port ip:port ip:port route listener

  122. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster front ip:port ip:port ip:port route listener

  123. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 route listener

  124. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 route listener

  125. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 route listener

  126. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 route listener

  127. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 listener 10.111.3.4:8080 10.111.3.3:8080 route

  128. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 route listener

  129. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 route listener TCP IP:port

  130. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 HTTP Host route listener TCP IP:port

  131. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 HTTP Host route listener TCP IP:port TLS SNI

  132. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 HTTP Host route listener TCP IP:port TLS SNI

  133. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 HTTP Host route listener TCP IP:port TLS SNI

  134. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 HTTP Host route listener TCP IP:port TLS SNI

  135. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 HTTP Host route listener TCP IP:port TLS SNI

  136. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 route listener HTTP Host TCP IP:port TLS SNI

  137. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 route listener

  138. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 route listener route listener 10.222.0.42:3306

  139. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 route listener route listener 10.222.0.42:3306 route

  140. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 route listener listener 10.222.0.42:3306 tcp_proxy

  141. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 listener 10.222.0.42:3306 tcp_proxy route listener 0.0.0.0:8080

  142. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 listener 10.222.0.42:3306 tcp_proxy route listener 0.0.0.0:8080

  143. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 route listener 0.0.0.0:8080 tcp_proxy listener 10.222.0.42:3306

  144. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 route listener 0.0.0.0:8080 tcp_proxy listener 10.222.0.42:3306 istio-proxy 0.0.0.0:15001 front istio-agent

  145. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 route listener 0.0.0.0:8080 tcp_proxy listener 10.222.0.42:3306 istio-proxy 0.0.0.0:15001 front istio-agent

  146. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 route listener 0.0.0.0:8080 tcp_proxy listener 10.222.0.42:3306

  147. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 route listener 0.0.0.0:8080 tcp_proxy listener 10.222.0.42:3306 listener 0.0.0.0:15001

  148. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 route listener 0.0.0.0:8080 tcp_proxy listener 10.222.0.42:3306 listener 0.0.0.0:15001

  149. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 route listener 0.0.0.0:8080 tcp_proxy listener 10.222.0.42:3306 listener 0.0.0.0:15001 use_original_dst

  150. Service back clusterIP: 10.222.0.78 ports: - name: http port: 8080

    clusterIP: 10.222.0.5 ports: - name: http port: 8080 Service db clusterIP: 10.222.0.42 ports: - name: mysql port: 3306 > From kubernetes to envoy Service front 10.111.2.5 10.111.2.4 10.111.2.3 10.111.3.5 10.111.3.4 10.111.3.3 10.111.4.3 endpoints cluster db 10.111.4.3:3306 endpoints cluster front 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 endpoints cluster back 10.111.3.5:8080 10.111.3.4:8080 10.111.3.3:8080 route listener 0.0.0.0:8080 tcp_proxy listener 10.222.0.42:3306 listener 0.0.0.0:15001 use_original_dst

  151. istio-proxy istio-proxy front back db istio-proxy

  152. > Request lifecycle istio-proxy back db istio-proxy istio-proxy front

  153. > Request lifecycle istio-proxy front istio-agent

  154. > Request lifecycle istio-proxy front istio-agent listener 0.0.0.0:8080 listener 10.222.0.42:3306

  155. > Request lifecycle istio-proxy front istio-agent listener 0.0.0.0:8080 listener 10.222.0.42:3306

  156. > Request lifecycle istio-proxy front istio-agent listener 0.0.0.0:8080 listener 10.222.0.42:3306

  157. > Request lifecycle istio-proxy front 0.0.0.0:15001 istio-agent listener 0.0.0.0:8080 listener

    10.222.0.42:3306

  158. > Request lifecycle istio-proxy front 0.0.0.0:15001 istio-agent GET http://back:8080 listener

    0.0.0.0:8080 listener 10.222.0.42:3306

  159. > Request lifecycle istio-proxy front 0.0.0.0:15001 istio-agent GET http://back:8080 listener

    0.0.0.0:8080 listener 10.222.0.42:3306

  160. > Request lifecycle istio-proxy front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78

    listener 0.0.0.0:8080 listener 10.222.0.42:3306

  161. > Request lifecycle istio-proxy front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78

    listener 0.0.0.0:8080 listener 10.222.0.42:3306

  162. > Request lifecycle istio-proxy front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78

    listener 0.0.0.0:8080 listener 10.222.0.42:3306

  163. > Request lifecycle istio-proxy front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78

    listener 0.0.0.0:8080 listener 10.222.0.42:3306

  164. > Request lifecycle istio-proxy front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78

    listener 0.0.0.0:8080 listener 10.222.0.42:3306

  165. > Request lifecycle istio-proxy front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78

    listener 0.0.0.0:8080 listener 10.222.0.42:3306

  166. > Request lifecycle istio-proxy front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78

    listener 0.0.0.0:8080 listener 10.222.0.42:3306

  167. > Request lifecycle listener 10.222.0.42:3306 istio-proxy front 0.0.0.0:15001 istio-agent GET

    http://back:8080 10.222.0.78 listener 0.0.0.0:8080

  168. > Request lifecycle istio-proxy front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78

    handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route listener 0.0.0.0:8080

  169. > Request lifecycle istio-proxy front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78

    handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls listener 0.0.0.0:8080

  170. > Request lifecycle istio-proxy front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78

    handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls listener 0.0.0.0:8080 handle stats

  171. > Request lifecycle istio-proxy front 0.0.0.0:15001 GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls listener 0.0.0.0:8080 handle stats authorization istio-agent

  172. > Request lifecycle istio-proxy front 0.0.0.0:15001 GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls listener 0.0.0.0:8080 handle stats authorization route istio-agent

  173. > Request lifecycle istio-proxy front 0.0.0.0:15001 GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls listener 0.0.0.0:8080 handle stats authorization route cluster back cluster front istio-agent

  174. > Request lifecycle istio-proxy front 0.0.0.0:15001 GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls listener 0.0.0.0:8080 handle stats authorization route cluster back cluster front istio-agent

  175. > Request lifecycle istio-proxy front 0.0.0.0:15001 GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance handle tls listener 0.0.0.0:8080 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back istio-agent

  176. > Request lifecycle istio-proxy front 0.0.0.0:15001 GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance handle tls listener 0.0.0.0:8080 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back istio-agent

  177. > Request lifecycle istio-proxy front 0.0.0.0:15001 GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance handle tls listener 0.0.0.0:8080 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back load balance istio-agent

  178. > Request lifecycle istio-proxy front 0.0.0.0:15001 GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance handle tls listener 0.0.0.0:8080 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back load balance select endpoint istio-agent

  179. > Request lifecycle istio-proxy front 0.0.0.0:15001 GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance handle tls listener 0.0.0.0:8080 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints load balance select endpoint 10.111.2.5:8080 10.111.2.4:8080 10.111.3.3:8080 istio-agent

  180. > Request lifecycle istio-proxy front 0.0.0.0:15001 GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance handle tls listener 0.0.0.0:8080 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints load balance select endpoint 10.111.2.5:8080 10.111.2.4:8080 10.111.3.3:8080 istio-agent

  181. > Request lifecycle istio-proxy front 0.0.0.0:15001 GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance handle tls listener 0.0.0.0:8080 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints load balance select endpoint connect 10.111.2.5:8080 10.111.2.4:8080 10.111.3.3:8080 istio-agent

  182. > Request lifecycle istio-proxy front 0.0.0.0:15001 GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance handle tls listener 0.0.0.0:8080 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints load balance select endpoint connect outlier detection 10.111.2.5:8080 10.111.2.4:8080 10.111.3.3:8080 istio-agent

  183. > Request lifecycle istio-proxy front 0.0.0.0:15001 GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance handle tls listener 0.0.0.0:8080 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints load balance select endpoint connect outlier detection handle tls 10.111.2.5:8080 10.111.2.4:8080 10.111.3.3:8080 istio-agent

  184. > Request lifecycle istio-proxy front 0.0.0.0:15001 GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance handle tls listener 0.0.0.0:8080 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints load balance select endpoint connect outlier detection handle tls handle stats 10.111.2.5:8080 10.111.2.4:8080 10.111.3.3:8080 istio-agent

  185. > Request lifecycle istio-proxy front 0.0.0.0:15001 GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance handle tls listener 0.0.0.0:8080 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints load balance select endpoint connect outlier detection handle tls handle stats istio-proxy back 10.111.3.3:8080 10.111.2.5:8080 10.111.2.4:8080 10.111.3.3:8080 istio-agent

  186. istio-proxy front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78 handle tls Listener

    10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle stats 10.111.2.5:8080 istio-proxy 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 back handle tls authorization route load balance select endpoint connect outlier detection handle tls

  187. > Istio API front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle stats 10.111.2.5:8080 istio-proxy 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 back authorization route load balance select endpoint connect outlier detection handle tls handle tls PeerAuthentication

  188. > Istio API front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle stats 10.111.2.5:8080 istio-proxy 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 back authorization route load balance select endpoint connect outlier detection handle tls handle tls PeerAuthentication DestinationRule

  189. > Istio API front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle stats 10.111.2.5:8080 istio-proxy 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 back authorization route load balance select endpoint connect outlier detection handle tls handle tls PeerAuthentication DestinationRule

  190. > Istio API front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle stats 10.111.2.5:8080 istio-proxy 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 back authorization route load balance select endpoint connect outlier detection handle tls handle tls PeerAuthentication AuthorizationPolicy DestinationRule

  191. > Istio API front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle stats 10.111.2.5:8080 istio-proxy 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 back authorization route load balance select endpoint connect outlier detection handle tls handle tls PeerAuthentication AuthorizationPolicy VirtualService DestinationRule

  192. > Istio API > PeerAuthentication front 0.0.0.0:15001 istio-agent GET http://back:8080

    10.222.0.78 handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle stats 10.111.2.5:8080 istio-proxy 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 back authorization route load balance select endpoint connect outlier detection handle tls AuthorizationPolicy VirtualService DestinationRule handle tls PeerAuthentication

  193. > Istio API > PeerAuthentication PeerAuthentication apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication

    metadata: name: mtls-on namespace: myns spec: mtls: mode: XXX

  194. PeerAuthentication apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: mtls-on namespace: myns

    spec: mtls: mode: XXX > Istio API > PeerAuthentication

  195. PeerAuthentication apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: mtls-on namespace: myns

    spec: mtls: mode: XXX > Istio API > PeerAuthentication <DISABLE>

  196. > Istio API > PeerAuthentication <STRICT> PeerAuthentication apiVersion: security.istio.io/v1beta1 kind:

    PeerAuthentication metadata: name: mtls-on namespace: myns spec: mtls: mode: XXX <DISABLE>

  197. > Istio API > PeerAuthentication <PERMISSIVE> <STRICT> PeerAuthentication apiVersion: security.istio.io/v1beta1

    kind: PeerAuthentication metadata: name: mtls-on namespace: myns spec: mtls: mode: XXX <DISABLE>

  198. > Istio API > PeerAuthentication <STRICT> PeerAuthentication apiVersion: security.istio.io/v1beta1 kind:

    PeerAuthentication metadata: name: mtls-on namespace: myns spec: mtls: mode: XXX <DISABLE> <PERMISSIVE> FTP SMTP MYSQL … +

  199. <STRICT> PeerAuthentication apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: mtls-on namespace:

    myns spec: mtls: mode: XXX <DISABLE> <PERMISSIVE> + FTP SMTP MYSQL … > Istio API > PeerAuthentication =

  200. > Istio API > PeerAuthentication <PERMISSIVE> <STRICT> PeerAuthentication apiVersion: security.istio.io/v1beta1

    kind: PeerAuthentication metadata: name: mtls-on namespace: myns spec: mtls: mode: XXX <DISABLE>

  201. > Istio API > PeerAuthentication PeerAuthentication apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication

    metadata: name: mtls-on namespace: myns spec: mtls: mode: STRICT

  202. > Istio API > PeerAuthentication front 0.0.0.0:15001 istio-agent GET http://back:8080

    10.222.0.78 handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle stats 10.111.2.5:8080 istio-proxy 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 back authorization route load balance select endpoint connect outlier detection handle tls handle tls AuthorizationPolicy VirtualService DestinationRule PeerAuthentication handle tls

  203. > Istio API front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle stats 10.111.2.5:8080 istio-proxy 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 back authorization route load balance select endpoint connect outlier detection handle tls handle tls AuthorizationPolicy VirtualService DestinationRule

  204. > Istio API > DestinationRule front 0.0.0.0:15001 istio-agent GET http://back:8080

    10.222.0.78 handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle stats 10.111.2.5:8080 istio-proxy 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 handle tls load balance select endpoint connect outlier detection back authorization route AuthorizationPolicy VirtualService handle tls DestinationRule

  205. > Istio API > DestinationRule DestinationRule DestinationRule

  206. > Istio API > DestinationRule DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule

    metadata: name: mtls-on namespace: myns spec: host: *.myns.svc trafficPolicy: tls: mode: ISTIO-MUTUAL apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: mtls-on namespace: myns spec: host: *.myns.svc trafficPolicy: tls: mode: XXX

  207. > Istio API > DestinationRule DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule

    metadata: name: mtls-on namespace: myns spec: host: *.myns.svc trafficPolicy: tls: mode: ISTIO-MUTUAL apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: mtls-on namespace: myns spec: host: *.myns.svc trafficPolicy: tls: mode: XXX

  208. > Istio API > DestinationRule <DISABLE> apiVersion: networking.istio.io/v1beta1 kind: DestinationRule

    metadata: name: mtls-on namespace: myns spec: host: *.myns.svc trafficPolicy: tls: mode: ISTIO-MUTUAL apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: mtls-on namespace: myns spec: host: *.myns.svc trafficPolicy: tls: mode: XXX DestinationRule

  209. > Istio API > DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata:

    name: mtls-on namespace: myns spec: host: *.myns.svc trafficPolicy: tls: mode: ISTIO-MUTUAL apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: mtls-on namespace: myns spec: host: *.myns.svc trafficPolicy: tls: mode: XXX DestinationRule <DISABLE> <ISTIO_MUTUAL>

  210. > Istio API > DestinationRule <DISABLE> <ISTIO_MUTUAL> <MUTUAL> apiVersion: networking.istio.io/v1beta1

    kind: DestinationRule metadata: name: mtls-on namespace: myns spec: host: *.myns.svc trafficPolicy: tls: mode: ISTIO-MUTUAL apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: mtls-on namespace: myns spec: host: *.myns.svc trafficPolicy: tls: mode: XXX DestinationRule

  211. > Istio API > DestinationRule <DISABLE> <ISTIO_MUTUAL> <MUTUAL> apiVersion: networking.istio.io/v1beta1

    kind: DestinationRule metadata: name: mtls-on namespace: myns spec: host: *.myns.svc trafficPolicy: tls: mode: ISTIO-MUTUAL apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: mtls-on namespace: myns spec: host: *.myns.svc trafficPolicy: tls: mode: XXX <SIMPLE> DestinationRule

  212. > Istio API > DestinationRule DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule

    metadata: name: mtls-on namespace: myns spec: host: *.myns.svc trafficPolicy: tls: mode: ISTIO-MUTUAL apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: mtls-on namespace: myns spec: host: *.myns.svc trafficPolicy: tls: mode: ISTIO_MUTUAL

  213. > Istio API > DestinationRule PeerAuthentication apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication

    metadata: name: mtls-on namespace: myns spec: mtls: mode: STRICT DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: mtls-on namespace: myns spec: host: *.myns.svc trafficPolicy: tls: mode: ISTIO-MUTUAL apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: mtls-on namespace: myns spec: host: *.myns.svc trafficPolicy: tls: mode: ISTIO_MUTUAL

  214. > Istio API > DestinationRule PeerAuthentication apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication

    metadata: name: mtls-on namespace: myns spec: mtls: mode: STRICT DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: mtls-on namespace: myns spec: host: *.myns.svc trafficPolicy: tls: mode: ISTIO-MUTUAL apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: mtls-on namespace: myns spec: host: *.myns.svc trafficPolicy: tls: mode: ISTIO_MUTUAL

  215. > Istio API > DestinationRule Mutual TLS PeerAuthentication apiVersion: security.istio.io/v1beta1

    kind: PeerAuthentication metadata: name: mtls-on namespace: myns spec: mtls: mode: STRICT DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: mtls-on namespace: myns spec: host: *.myns.svc trafficPolicy: tls: mode: ISTIO-MUTUAL apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: mtls-on namespace: myns spec: host: *.myns.svc trafficPolicy: tls: mode: ISTIO_MUTUAL

  216. PeerAuthentication apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: mtls-on namespace: myns

    spec: mtls: mode: STRICT DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: mtls-on namespace: myns spec: host: *.myns.svc trafficPolicy: tls: mode: ISTIO-MUTUAL apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: mtls-on namespace: myns spec: host: *.myns.svc trafficPolicy: tls: mode: ISTIO-MUTUAL > Istio API > DestinationRule Mutual TLS

  217. PeerAuthentication apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: mtls-on namespace: myns

    spec: mtls: mode: STRICT DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: mtls-on namespace: myns spec: host: *.myns.svc trafficPolicy: tls: mode: ISTIO-MUTUAL apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: mtls-on namespace: myns spec: host: *.myns.svc trafficPolicy: tls: mode: ISTIO-MUTUAL > Istio API > DestinationRule Mutual TLS

  218. back > Istio API > DestinationRule front 0.0.0.0:15001 istio-agent GET

    http://back:8080 10.222.0.78 handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle stats 10.111.2.5:8080 istio-proxy 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 handle tls load balance select endpoint connect outlier detection authorization route handle tls DestinationRule

  219. back > Istio API > DestinationRule front 0.0.0.0:15001 istio-agent GET

    http://back:8080 10.222.0.78 handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle stats 10.111.2.5:8080 istio-proxy 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 handle tls load balance select endpoint connect outlier detection handle tls authorization route DestinationRule

  220. back > Istio API > DestinationRule front 0.0.0.0:15001 istio-agent GET

    http://back:8080 10.222.0.78 handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle stats 10.111.2.5:8080 istio-proxy 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 handle tls load balance select endpoint connect outlier detection handle tls authorization route DestinationRule load balance select endpoint connect outlier detection

  221. back > Istio API > DestinationRule front 0.0.0.0:15001 istio-agent GET

    http://back:8080 10.222.0.78 handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle stats 10.111.2.5:8080 istio-proxy 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 handle tls load balance select endpoint connect outlier detection handle tls authorization route DestinationRule load balance select endpoint connect outlier detection Балансировка Тюнинг TCP Circuit Breaking

  222. > Istio API > DestinationRule DestinationRule

  223. > Istio API > DestinationRule DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule

    metadata: name: mypolicy spec: host: back trafficPolicy: loadBalancer: consistentHash: httpCookie: name: user ttl: 0s connectionPool: tcp: maxConnections: 1 http: maxRequestsPerConnection: 10 outlierDetection: consecutive5xxErrors: 7 interval: 5m baseEjectionTime: 15m

  224. > Istio API > DestinationRule DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule

    metadata: name: mypolicy spec: host: back trafficPolicy: loadBalancer: consistentHash: httpCookie: name: user ttl: 0s connectionPool: tcp: maxConnections: 1 http: maxRequestsPerConnection: 10 outlierDetection: consecutive5xxErrors: 7 interval: 5m baseEjectionTime: 15m

  225. > Istio API > DestinationRule DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule

    metadata: name: mypolicy spec: host: back trafficPolicy: loadBalancer: consistentHash: httpCookie: name: user ttl: 0s connectionPool: tcp: maxConnections: 1 http: maxRequestsPerConnection: 10 outlierDetection: consecutive5xxErrors: 7 interval: 5m baseEjectionTime: 15m Балансировка

  226. > Istio API > DestinationRule DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule

    metadata: name: mypolicy spec: host: back trafficPolicy: loadBalancer: consistentHash: httpCookie: name: user ttl: 0s connectionPool: tcp: maxConnections: 1 http: maxRequestsPerConnection: 10 outlierDetection: consecutive5xxErrors: 7 interval: 5m baseEjectionTime: 15m Балансировка Тюнинг TCP

  227. > Istio API > DestinationRule DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule

    metadata: name: mypolicy spec: host: back trafficPolicy: loadBalancer: consistentHash: httpCookie: name: user ttl: 0s connectionPool: tcp: maxConnections: 1 http: maxRequestsPerConnection: 10 outlierDetection: consecutive5xxErrors: 7 interval: 5m baseEjectionTime: 15m Балансировка Тюнинг TCP Circuit Breaking

  228. > Istio API > DestinationRule DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule

    metadata: name: mypolicy spec: host: back trafficPolicy: loadBalancer: consistentHash: httpCookie: name: user ttl: 0s connectionPool: tcp: maxConnections: 1 http: maxRequestsPerConnection: 10 outlierDetection: consecutive5xxErrors: 7 interval: 5m baseEjectionTime: 15m Балансировка Тюнинг TCP Circuit Breaking

  229. > Istio API > DestinationRule DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule

    metadata: name: mypolicy spec: host: back trafficPolicy: loadBalancer: consistentHash: httpCookie: name: user ttl: 0s connectionPool: tcp: maxConnections: 1 http: maxRequestsPerConnection: 10 outlierDetection: consecutive5xxErrors: 7 interval: 5m baseEjectionTime: 15m

  230. > Istio API > DestinationRule DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule

    metadata: name: mypolicy spec: host: back trafficPolicy: loadBalancer: consistentHash: httpCookie: name: user ttl: 0s connectionPool: tcp: maxConnections: 1 http: maxRequestsPerConnection: 10 outlierDetection: consecutive5xxErrors: 7 interval: 5m baseEjectionTime: 15m

  231. istio-proxy front back istio-proxy > Istio API > DestinationRule

  232. istio-proxy front back istio-proxy > Istio API > DestinationRule

  233. istio-proxy front back istio-proxy istio-proxy front istio-proxy front > Istio

    API > DestinationRule

  234. istio-proxy front back istio-proxy istio-proxy front istio-proxy front > Istio

    API > DestinationRule

  235. > Istio API > DestinationRule DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule

    metadata: name: mypolicy spec: host: back trafficPolicy: loadBalancer: consistentHash: httpCookie: name: user ttl: 0s connectionPool: tcp: maxConnections: 1 http: maxRequestsPerConnection: 10 outlierDetection: consecutive5xxErrors: 7 interval: 5m baseEjectionTime: 15m

  236. > Istio API > DestinationRule DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule

    metadata: name: mypolicy spec: host: back trafficPolicy: loadBalancer: consistentHash: httpCookie: name: user ttl: 0s connectionPool: tcp: maxConnections: 1 http: maxRequestsPerConnection: 10 outlierDetection: consecutive5xxErrors: 7 interval: 5m baseEjectionTime: 15m

  237. > Istio API > DestinationRule DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule

    metadata: name: mypolicy spec: host: back trafficPolicy: loadBalancer: consistentHash: httpCookie: name: user ttl: 0s connectionPool: tcp: maxConnections: 1 http: maxRequestsPerConnection: 10 outlierDetection: consecutive5xxErrors: 7 interval: 5m baseEjectionTime: 15m https://github.com/istio/istio/issues/10537 Dec 18, 2018 Istio

  238. back > Istio API > DestinationRule front 0.0.0.0:15001 istio-agent GET

    http://back:8080 10.222.0.78 handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle stats 10.111.2.5:8080 istio-proxy 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 handle tls load balance select endpoint connect outlier detection handle tls authorization route DestinationRule load balance select endpoint connect outlier detection Балансировка Тюнинг TCP Circuit Breaking

  239. back > Istio API front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78

    handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle tls DestinationRule handle stats 10.111.2.5:8080 istio-proxy 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 handle tls load balance select endpoint connect outlier detection authorization route

  240. back > Istio API front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78

    handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle tls DestinationRule handle stats 10.111.2.5:8080 istio-proxy 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 handle tls load balance select endpoint connect outlier detection authorization route Авторизация

  241. > Istio API > AuthorizationPolicy front 0.0.0.0:15001 istio-agent GET http://back:8080

    10.222.0.78 handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle tls DestinationRule handle stats 10.111.2.5:8080 istio-proxy back 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 handle tls load balance select endpoint connect outlier detection authorization route authorization AuthorizationPolicy Авторизация

  242. > Istio API > AuthorizationPolicy AuthorizationPolicy

  243. > Istio API > AuthorizationPolicy AuthorizationPolicy apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy

    metadata: name: httpbin namespace: foo spec: selector: matchLabels: app: httpbin action: ALLOW rules: - from: - source: principals: ["cluster.local/ns/default/sa/sleep"] - source: namespaces: ["test"] to: - operation: methods: ["GET"] paths: ["/info*"] when: - key: request.auth.claims[iss] values: ["https://accounts.google.com"] - key: request.headers[X-Secret] values: ["la-resistance"]

  244. > Istio API > AuthorizationPolicy AuthorizationPolicy apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy

    metadata: name: httpbin namespace: foo spec: selector: matchLabels: app: httpbin action: ALLOW rules: - from: - source: principals: ["cluster.local/ns/default/sa/sleep"] - source: namespaces: ["test"] to: - operation: methods: ["GET"] paths: ["/info*"] when: - key: request.auth.claims[iss] values: ["https://accounts.google.com"] - key: request.headers[X-Secret] values: ["la-resistance"]

  245. > Istio API > AuthorizationPolicy AuthorizationPolicy apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy

    metadata: name: httpbin namespace: foo spec: selector: matchLabels: app: httpbin action: ALLOW rules: - from: - source: principals: ["cluster.local/ns/default/sa/sleep"] - source: namespaces: ["test"] to: - operation: methods: ["GET"] paths: ["/info*"] when: - key: request.auth.claims[iss] values: ["https://accounts.google.com"] - key: request.headers[X-Secret] values: ["la-resistance"]

  246. > Istio API > AuthorizationPolicy AuthorizationPolicy apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy

    metadata: name: httpbin namespace: foo spec: selector: matchLabels: app: httpbin action: ALLOW rules: - from: - source: principals: ["cluster.local/ns/default/sa/sleep"] - source: namespaces: ["test"] to: - operation: methods: ["GET"] paths: ["/info*"] when: - key: request.auth.claims[iss] values: ["https://accounts.google.com"] - key: request.headers[X-Secret] values: ["la-resistance"]

  247. > Istio API > AuthorizationPolicy AuthorizationPolicy apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy

    metadata: name: httpbin namespace: foo spec: selector: matchLabels: app: httpbin action: ALLOW rules: - from: - source: principals: ["cluster.local/ns/default/sa/sleep"] - source: namespaces: ["test"] to: - operation: methods: ["GET"] paths: ["/info*"] when: - key: request.auth.claims[iss] values: ["https://accounts.google.com"] - key: request.headers[X-Secret] values: ["la-resistance"]

  248. > Istio API > AuthorizationPolicy AuthorizationPolicy apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy

    metadata: name: httpbin namespace: foo spec: selector: matchLabels: app: httpbin action: ALLOW rules: - from: - source: principals: ["cluster.local/ns/default/sa/sleep"] - source: namespaces: ["test"] to: - operation: methods: ["GET"] paths: ["/info*"] when: - key: request.auth.claims[iss] values: ["https://accounts.google.com"] - key: request.headers[X-Secret] values: ["la-resistance"]

  249. > Istio API > AuthorizationPolicy AuthorizationPolicy apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy

    metadata: name: httpbin namespace: foo spec: selector: matchLabels: app: httpbin action: ALLOW rules: - from: - source: principals: ["cluster.local/ns/default/sa/sleep"] - source: namespaces: ["test"] to: - operation: methods: ["GET"] paths: ["/info*"] when: - key: request.auth.claims[iss] values: ["https://accounts.google.com"] - key: request.headers[X-Secret] values: ["la-resistance"]

  250. > Istio API > AuthorizationPolicy AuthorizationPolicy apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy

    metadata: name: httpbin namespace: foo spec: selector: matchLabels: app: httpbin action: ALLOW rules: - from: - source: principals: ["cluster.local/ns/default/sa/sleep"] - source: namespaces: ["test"] to: - operation: methods: ["GET"] paths: ["/info*"] when: - key: request.auth.claims[iss] values: ["https://accounts.google.com"] - key: request.headers[X-Secret] values: ["la-resistance"]

  251. > Istio API > AuthorizationPolicy AuthorizationPolicy apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy

    metadata: name: httpbin namespace: foo spec: selector: matchLabels: app: httpbin action: ALLOW rules: - from: - source: principals: ["cluster.local/ns/default/sa/sleep"] - source: namespaces: ["test"] to: - operation: methods: ["GET"] paths: ["/info*"] when: - key: request.auth.claims[iss] values: ["https://accounts.google.com"] - key: request.headers[X-Secret] values: ["la-resistance"]

  252. > Istio API > AuthorizationPolicy AuthorizationPolicy Алгоритм принятия решения apiVersion:

    security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: httpbin namespace: foo spec: selector: matchLabels: app: httpbin action: ALLOW rules: - from: - source: principals: ["cluster.local/ns/default/sa/sleep"] - source: namespaces: ["test"] to: - operation: methods: ["GET"] paths: ["/info*"] when: - key: request.auth.claims[iss] values: ["https://accounts.google.com"] - key: request.headers[X-Secret] values: ["la-resistance"] deckhouse.ru deckhouse.ru

  253. istio-proxy front back istio-proxy > Istio API > AuthorizationPolicy

  254. istio-proxy front back istio-proxy > Istio API > AuthorizationPolicy

  255. istio-proxy front back istio-proxy > Istio API > AuthorizationPolicy

  256. > Istio API > AuthorizationPolicy front 0.0.0.0:15001 istio-agent GET http://back:8080

    10.222.0.78 handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle tls DestinationRule handle stats 10.111.2.5:8080 istio-proxy back 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 handle tls load balance select endpoint connect outlier detection authorization route authorization AuthorizationPolicy Авторизация

  257. > Istio API front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle tls DestinationRule handle stats 10.111.2.5:8080 istio-proxy back 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 handle tls load balance select endpoint connect outlier detection authorization route authorization

  258. > Istio API front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle tls DestinationRule handle stats 10.111.2.5:8080 istio-proxy back 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 handle tls load balance select endpoint connect outlier detection authorization route authorization Хитрая маршрутизация

  259. > Istio API front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle tls DestinationRule handle stats 10.111.2.5:8080 istio-proxy back 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 handle tls load balance select endpoint connect outlier detection authorization route authorization Хитрая маршрутизация route VirtualService

  260. istio-proxy front > Istio API > VirtualService

  261. istio-proxy front Service back > Istio API > VirtualService

  262. back back istio-proxy front Service back back > Istio API

    > VirtualService

  263. back back istio-proxy front Service back back / > Istio

    API > VirtualService

  264. back back istio-proxy front Service back back / > Istio

    API > VirtualService back Service admin admin

  265. back back istio-proxy front Service back back / > Istio

    API > VirtualService back Service admin admin admin /

  266. back back istio-proxy front Service back back > Istio API

    > VirtualService back Service admin admin / VirtualService / admin /

  267. back back istio-proxy front Service back back > Istio API

    > VirtualService back Service admin admin / VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back spec: hosts: - back http: - match: - uri: prefix: "/admin" route: - destination: host: admin - route: - destination: host: back / admin /

  268. back back istio-proxy front Service back back > Istio API

    > VirtualService back Service admin admin VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back spec: hosts: - back http: - match: - uri: prefix: "/admin" route: - destination: host: admin - route: - destination: host: back / admin /

  269. back back istio-proxy front Service back back > Istio API

    > VirtualService back Service admin admin VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back spec: hosts: - back http: - match: - uri: prefix: "/admin" route: - destination: host: admin - route: - destination: host: back / /admin /

  270. back back istio-proxy front Service back back > Istio API

    > VirtualService back Service admin admin VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back spec: hosts: - back http: - match: - uri: prefix: "/admin" route: - destination: host: admin - route: - destination: host: back / admin /

  271. back back istio-proxy front Service back back > Istio API

    > VirtualService back Service admin admin VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back spec: hosts: - back http: - match: - uri: prefix: "/admin" route: - destination: host: admin - route: - destination: host: back / admin / /

  272. back back istio-proxy front Service back back > Istio API

    > VirtualService back Service admin admin VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back spec: hosts: - back http: - match: - uri: prefix: "/admin" route: - destination: host: admin - route: - destination: host: back / admin /

  273. back back istio-proxy front Service back back > Istio API

    > VirtualService back Service admin admin VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back spec: hosts: - back http: - match: - uri: prefix: "/admin" route: - destination: host: admin - route: - destination: host: back / admin /

  274. back back istio-proxy front Service back back > Istio API

    > VirtualService back Service admin admin VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back spec: hosts: - back http: - match: - uri: prefix: "/admin" route: - destination: host: admin - route: - destination: host: back / admin /

  275. back back istio-proxy front Service back back > Istio API

    > VirtualService /

  276. back back istio-proxy front Service back back > Istio API

    > VirtualService back /

  277. back back istio-proxy front Service back back > Istio API

    > VirtualService back /

  278. back back istio-proxy front Service back back > Istio API

    > VirtualService back Canary Deployment /

  279. back back istio-proxy front Service back back > Istio API

    > VirtualService > Canary back /

  280. back back istio-proxy front Service back back > Istio API

    > VirtualService > Canary back /

  281. back back istio-proxy front Service back back > Istio API

    > VirtualService > Canary back-canary /

  282. back back istio-proxy front Service back back > Istio API

    > VirtualService > Canary back-canary /

  283. back back istio-proxy front Service back back back / >

    Istio API > VirtualService > Canary back-canary

  284. back back istio-proxy front Service back back back / >

    Istio API > VirtualService > Canary endpoints 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 back-canary

  285. back back istio-proxy front Service back back back / >

    Istio API > VirtualService > Canary endpoints 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 10.111.9.7:8080 back-canary

  286. back back istio-proxy front Service back back back / >

    Istio API > VirtualService > Canary endpoints 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 10.111.9.7:8080 LB back-canary

  287. back back istio-proxy front Service back back back / >

    Istio API > VirtualService > Canary endpoints 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 10.111.9.7:8080 LB back-canary

  288. back back istio-proxy front Service back back back / >

    Istio API > VirtualService > Canary endpoints 10.111.2.5:8080 10.111.2.4:8080 10.111.2.3:8080 10.111.9.7:8080 LB back-canary

  289. back back istio-proxy front Service back back back / >

    Istio API > VirtualService > Canary back-canary

  290. back back istio-proxy front Service back back back / >

    Istio API > VirtualService > Canary back-canary

  291. back back istio-proxy front Service back back back back-canary /

    > Istio API > VirtualService > Canary

  292. back back istio-proxy front Service back back back Service back-canary

    back-canary / > Istio API > VirtualService > Canary

  293. back back istio-proxy front Service back back back Service back-canary

    back-canary / back-canary > Istio API > VirtualService > Canary

  294. istio-proxy front Service back-canary back-canary / back-canary > Istio API

    > VirtualService > Canary back back Service back back back

  295. istio-proxy front Service back-canary back-canary / back-canary > Istio API

    > VirtualService > Canary back back Service back back back VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back-canary spec: hosts: - back http: - route: - weight: 90 destination: host: back - weight: 10 destination: host: back-canary

  296. istio-proxy front Service back-canary back-canary / back-canary > Istio API

    > VirtualService > Canary back back Service back back back VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back-canary spec: hosts: - back http: - route: - weight: 90 destination: host: back - weight: 10 destination: host: back-canary Weighted Load Balancer

  297. istio-proxy front Service back-canary back-canary / back-canary > Istio API

    > VirtualService > Canary back back Service back back back VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back-canary spec: hosts: - back http: - route: - weight: 90 destination: host: back - weight: 10 destination: host: back-canary

  298. istio-proxy front Service back-canary back-canary / back-canary > Istio API

    > VirtualService > Canary back back Service back back back VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back-canary spec: hosts: - back http: - route: - weight: 90 destination: host: back - weight: 10 destination: host: back-canary

  299. istio-proxy front Service back-canary back-canary / back-canary > Istio API

    > VirtualService > Canary back back Service back back back VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back-canary spec: hosts: - back http: - route: - weight: 90 destination: host: back - weight: 10 destination: host: back-canary

  300. istio-proxy front Service back-canary back-canary / back-canary > Istio API

    > VirtualService > Canary back back Service back back back VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back-canary spec: hosts: - back http: - route: - weight: 90 destination: host: back - weight: 10 destination: host: back-canary

  301. istio-proxy front Service back-canary back-canary / back-canary > Istio API

    > VirtualService > Canary back back Service back back back VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back-canary spec: hosts: - back http: - route: - weight: 90 destination: host: back - weight: 10 destination: host: back-canary

  302. istio-proxy front Service back-canary back-canary / VirtualService apiVersion: networking.istio.io/v1beta1 kind:

    VirtualService metadata: name: back-canary spec: hosts: - back http: - route: - weight: 90 destination: host: back - weight: 10 destination: host: back-canary back-canary > Istio API > VirtualService > Canary back back Service back back back

  303. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back back back-canary

  304. istio-proxy front back-canary / > Istio API > VirtualService >

    Canary > Istio-way back back Service back back back back

  305. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back back back back-canary

  306. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back back back back-canary

  307. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back back back back-canary endpoints load balance select endpoint connect outlier detection handle tls

  308. back istio-proxy front / > Istio API > VirtualService >

    Canary > Istio-way back back Service back back back back-canary endpoints load balance select endpoint connect outlier detection handle tls

  309. load balance select endpoint connect outlier detection handle tls back

    istio-proxy front endpoints / > Istio API > VirtualService > Canary > Istio-way back back Service back back back back-canary endpoints load balance select endpoint connect outlier detection handle tls

  310. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back endpoints load balance select endpoint connect outlier detection handle tls back back-canary

  311. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back endpoints load balance select endpoint connect outlier detection handle tls back back-canary

  312. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back endpoints load balance select endpoint connect outlier detection handle tls back back-canary

  313. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back endpoints load balance select endpoint connect outlier detection handle tls back back-canary

  314. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back back-canary endpoints load balance select endpoint connect outlier detection handle tls back subset

  315. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back back-canary endpoints load balance select endpoint connect outlier detection handle tls back

  316. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back back-canary endpoints load balance select endpoint connect outlier detection handle tls back

  317. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back endpoints load balance select endpoint connect outlier detection handle tls back back-canary

  318. > Istio API > VirtualService > Canary > Istio-way front

    0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78 handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle stats 10.111.2.5:8080 istio-proxy 10.111.3.3:8080 10.111.2.4:8080 authorization handle tls handle tls PeerAuthentication AuthorizationPolicy 10.111.3.3:8080 back load balance select endpoint connect outlier detection DestinationRule Хитрая маршрутизация route VirtualService

  319. > Istio API > VirtualService > Canary > Istio-way front

    0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78 handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back handle stats authorization route handle tls PeerAuthentication AuthorizationPolicy istio-proxy 10.111.3.3:8080 back load balance select endpoint connect outlier detection handle tls DestinationRule Хитрая маршрутизация route VirtualService endpoints 10.111.2.5:8080 10.111.2.4:8080 10.111.3.3:8080

  320. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back endpoints load balance select endpoint connect outlier detection handle tls back back-canary

  321. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back endpoints load balance select endpoint connect outlier detection handle tls back back-canary DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: back-canary spec: host: back subsets: - name: canary labels: version: new

  322. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back back-canary DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: back-canary spec: host: back subsets: - name: canary labels: version: new endpoints load balance select endpoint connect outlier detection handle tls back

  323. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back endpoints load balance select endpoint connect outlier detection handle tls back back-canary DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: back-canary spec: host: back subsets: - name: canary labels: version: new

  324. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back back-canary endpoints load balance select endpoint connect outlier detection handle tls back DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: back-canary spec: host: back subsets: - name: canary labels: version: new

  325. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back back-canary endpoints load balance select endpoint connect outlier detection handle tls DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: back-canary spec: host: back subsets: - name: canary labels: version: new canary

  326. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back back-canary endpoints load balance select endpoint connect outlier detection handle tls canary DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: back-canary spec: host: back subsets: - name: canary labels: version: new

  327. istio-proxy front > Istio API > VirtualService > Canary >

    Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back endpoints load balance select endpoint connect outlier detection handle tls canary back-canary / DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: back-canary spec: host: back subsets: - name: canary labels: version: new

  328. istio-proxy front > Istio API > VirtualService > Canary >

    Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back endpoints load balance select endpoint connect outlier detection handle tls canary back-canary / DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: back-canary spec: host: back subsets: - name: canary labels: version: new

  329. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back endpoints load balance select endpoint connect outlier detection handle tls canary back-canary DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: back-canary spec: host: back subsets: - name: canary labels: version: new VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back-canary spec: hosts: - back http: - route: - weight: 90 destination: host: back - weight: 10 destination: host: back subset: canary

  330. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back endpoints load balance select endpoint connect outlier detection handle tls canary back-canary DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: back-canary spec: host: back subsets: - name: canary labels: version: new VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back-canary spec: hosts: - back http: - route: - weight: 90 destination: host: back - weight: 10 destination: host: back subset: canary

  331. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back endpoints load balance select endpoint connect outlier detection handle tls canary back-canary DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: back-canary spec: host: back subsets: - name: canary labels: version: new VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back-canary spec: hosts: - back http: - route: - weight: 90 destination: host: back - weight: 10 destination: host: back subset: canary

  332. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back endpoints load balance select endpoint connect outlier detection handle tls canary back-canary DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: back-canary spec: host: back subsets: - name: canary labels: version: new VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back-canary spec: hosts: - back http: - route: - weight: 90 destination: host: back - weight: 10 destination: host: back subset: canary

  333. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back endpoints load balance select endpoint connect outlier detection handle tls canary back-canary DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: back-canary spec: host: back subsets: - name: canary labels: version: new VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back-canary spec: hosts: - back http: - route: - weight: 90 destination: host: back - weight: 10 destination: host: back subset: canary

  334. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back endpoints load balance select endpoint connect outlier detection handle tls canary back-canary DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: back-canary spec: host: back subsets: - name: canary labels: version: new VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back-canary spec: hosts: - back http: - route: - weight: 90 destination: host: back - weight: 10 destination: host: back subset: canary

  335. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back endpoints load balance select endpoint connect outlier detection handle tls canary back-canary DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: back-canary spec: host: back subsets: - name: canary labels: version: new VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back-canary spec: hosts: - back http: - route: - weight: 90 destination: host: back - weight: 10 destination: host: back subset: canary

  336. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back endpoints load balance select endpoint connect outlier detection handle tls canary back-canary DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: back-canary spec: host: back subsets: - name: canary labels: version: new VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back-canary spec: hosts: - back http: - route: - weight: 90 destination: host: back - weight: 10 destination: host: back subset: canary

  337. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back endpoints load balance select endpoint connect outlier detection handle tls canary back-canary DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: back-canary spec: host: back subsets: - name: canary labels: version: new VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back-canary spec: hosts: - back http: - route: - weight: 90 destination: host: back - weight: 10 destination: host: back subset: canary

  338. istio-proxy front / > Istio API > VirtualService > Canary

    > Istio-way back back Service back back endpoints load balance select endpoint connect outlier detection handle tls back endpoints load balance select endpoint connect outlier detection handle tls canary back-canary DestinationRule apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: back-canary spec: host: back subsets: - name: canary labels: version: new VirtualService apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: back-canary spec: hosts: - back http: - route: - weight: 90 destination: host: back - weight: 10 destination: host: back subset: canary

  339. > Istio API > VirtualService front 0.0.0.0:15001 istio-agent GET http://back:8080

    10.222.0.78 handle tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle stats 10.111.2.5:8080 istio-proxy 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 authorization route handle tls back route load balance select endpoint connect outlier detection handle tls VirtualService DestinationRule endpoints 10.111.2.5:8080 10.111.2.4:8080 10.111.3.3:8080 Хитрая маршрутизация

  340. > Istio API front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle stats 10.111.2.5:8080 istio-proxy 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 back route load balance select endpoint connect outlier detection handle tls endpoints 10.111.2.5:8080 10.111.2.4:8080 authorization route handle tls 10.111.3.3:8080

  341. > Istio API front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle stats 10.111.2.5:8080 istio-proxy 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 back authorization route load balance select endpoint connect outlier detection handle tls handle tls PeerAuthentication AuthorizationPolicy VirtualService DestinationRule endpoints 10.111.2.5:8080 10.111.2.4:8080 10.111.3.3:8080

  342. > Istio API front 0.0.0.0:15001 istio-agent GET http://back:8080 10.222.0.78 handle

    tls Listener 10.24.0.8:443 handle stats authorization route handle tls Listener 10.24.0.8:443 handle stats authorization route connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance listener 0.0.0.0:8080 handle stats connect Cluster foo.example.c om outlier detection handle tls handle stats select endpoint endpoints ip:port ip:port ip:port load balance cluster back endpoints handle stats 10.111.2.5:8080 istio-proxy 10.111.3.3:8080 10.111.2.4:8080 10.111.3.3:8080 back authorization route load balance select endpoint connect outlier detection handle tls handle tls PeerAuthentication AuthorizationPolicy VirtualService DestinationRule endpoints 10.111.2.5:8080 10.111.2.4:8080 10.111.3.3:8080 — ИНТЕРФЕЙС ДЛЯ

  343. Observability

  344. Observability

  345. None

  346. • Что с latency?

  347. • Что с latency? • Что с безопасностью?

  348. • Что с безопасностью? • Что, если что-то сломается? •

    Что с latency?

  349. • Что с безопасностью? • Что, если что-то сломается? •

    Что с масштабированием? • Что с latency?

  350. • Что с безопасностью? • Что, если что-то сломается? •

    Что с масштабированием? • Что с latency?

  351. • Что с безопасностью? • Что, если что-то сломается? •

    Что с масштабированием? • Что с latency?

  352. • Что с безопасностью? • Что, если что-то сломается? •

    Что с масштабированием? • Что с latency? ~2.5ms / request

  353. • Что с безопасностью? • Что, если что-то сломается? •

    Что с масштабированием? • Что с latency? ~2.5ms / request

  354. • Что с безопасностью? • Что, если что-то сломается? •

    Что с масштабированием? • Что с latency? ~2.5ms / request

  355. • Что с безопасностью? • Что, если что-то сломается? •

    Что с масштабированием? • Что с latency? API Server ~2.5ms / request

  356. • Что с безопасностью? • Что, если что-то сломается? •

    Что с масштабированием? • Что с latency? Root CA API Server ~2.5ms / request

  357. • Что с безопасностью? • Что, если что-то сломается? •

    Что с масштабированием? • Что с latency? Root CA SA token API Server ~2.5ms / request

  358. Root CA SA token API Server • Что с безопасностью?

    • Что, если что-то сломается? • Что с масштабированием? • Что с latency? ~2.5ms / request

  359. • Что с безопасностью? • Что, если что-то сломается? •

    Что с масштабированием? • Что с latency?

  360. > Ломаем компоненты

  361. istio-proxy istiod front back db istio-proxy istio-proxy > Ломаем компоненты

  362. istio-proxy istiod front back db istio-proxy istio-proxy > Ломаем компоненты

  363. istio-proxy istiod front back db istio-proxy istio-proxy > Ломаем компоненты

  364. istio-proxy istiod front back db istio-proxy istio-proxy > Ломаем компоненты

  365. istio-proxy istiod front back db istio-proxy istio-proxy > Ломаем компоненты

  366. istio-proxy istiod front back db istio-proxy istio-proxy checkout > Ломаем

    компоненты

  367. istio-proxy front back db istio-proxy istio-proxy checkout istiod > Ломаем

    компоненты

  368. istio-proxy istiod front back db istio-proxy istio-proxy checkout > Ломаем

    компоненты

  369. istio-proxy istiod front back db istio-proxy istio-proxy checkout > Ломаем

    компоненты

  370. istio-proxy istiod front back db istio-proxy istio-proxy checkout > Ломаем

    компоненты

  371. istio-proxy istiod front back db istio-proxy istio-proxy checkout > Ломаем

    компоненты

  372. istio-proxy istiod front back db istio-proxy istio-proxy checkout > Ломаем

    компоненты

  373. istio-proxy istiod front back db istio-proxy istio-proxy checkout > Ломаем

    компоненты

  374. istio-proxy istiod front back db istio-proxy istio-proxy checkout > Ломаем

    компоненты istio-proxy admin

  375. istio-proxy istiod front back db istio-proxy istio-proxy checkout > Ломаем

    компоненты istio-proxy admin

  376. istio-proxy istiod front back db istio-proxy istio-proxy checkout > Ломаем

    компоненты istio-proxy admin Pending…

  377. istio-proxy istiod front back db istio-proxy istio-proxy checkout > Ломаем

    компоненты istio-proxy admin Pending…

  378. istio-proxy front back db istio-proxy istio-proxy checkout > Ломаем компоненты

    istiod istio-proxy admin Pending…

  379. istio-proxy istiod front back db istio-proxy istio-proxy checkout > Ломаем

    компоненты istio-proxy admin Pending…

  380. • Что с безопасностью? • Что, если что-то сломается? •

    Что с масштабированием? • Что с latency?

  381. • Что с безопасностью? • Что, если что-то сломается? •

    Что с масштабированием? • Что с latency?

  382. > Масштабирование

  383. istio-proxy istiod front back db istio-proxy istio-proxy > Масштабирование

  384. istio-proxy istiod front back db istio-proxy istio-proxy > Масштабирование

  385. istio-proxy istiod front back db istio-proxy istio-proxy istio-proxy account istio-proxy

    warehouse > Масштабирование

  386. istio-proxy istiod front back db istio-proxy istio-proxy istio-proxy account istio-proxy

    warehouse > Масштабирование

  387. istio-proxy istiod front back db istio-proxy istio-proxy istio-proxy account istio-proxy

    warehouse > Масштабирование

  388. istio-proxy istiod front back db istio-proxy istio-proxy istio-proxy account istio-proxy

    warehouse > Масштабирование

  389. istio-proxy istiod front back db istio-proxy istio-proxy istio-proxy account istio-proxy

    warehouse > Масштабирование

  390. istio-proxy istiod front back db istio-proxy istio-proxy istio-proxy account istio-proxy

    warehouse > Масштабирование

  391. istio-proxy istiod front db istio-proxy istio-proxy istio-proxy account istio-proxy warehouse

    back > Масштабирование

  392. istio-proxy istiod front back db istio-proxy istio-proxy istio-proxy account istio-proxy

    warehouse > Масштабирование

  393. istio-proxy istiod front back db istio-proxy istio-proxy istio-proxy account istio-proxy

    warehouse > Масштабирование

  394. istio-proxy istiod front back db istio-proxy istio-proxy istio-proxy account istio-proxy

    warehouse > Масштабирование

  395. istio-proxy istiod front back db istio-proxy istio-proxy istio-proxy istio-proxy warehouse

    account > Масштабирование

  396. istio-proxy istiod front back db istio-proxy istio-proxy istio-proxy account istio-proxy

    warehouse > Масштабирование

  397. istio-proxy istiod front back db istio-proxy istio-proxy istio-proxy account istio-proxy

    warehouse > Масштабирование

  398. istio-proxy istiod front back db istio-proxy istio-proxy istio-proxy account istio-proxy

    warehouse > Масштабирование Асинхронно

  399. istio-proxy istiod front back db istio-proxy istio-proxy istio-proxy account istio-proxy

    warehouse > Масштабирование

  400. istio-proxy istiod front back db istio-proxy istio-proxy istio-proxy account istio-proxy

    warehouse > Масштабирование

  401. istio-proxy istiod front back db istio-proxy istio-proxy istio-proxy account istio-proxy

    warehouse > Масштабирование

  402. front back db istio-proxy istio-proxy istio-proxy account istio-proxy warehouse istio-proxy

    istiod > Масштабирование

  403. front back db istio-proxy istio-proxy istio-proxy account istio-proxy warehouse istio-proxy

    istiod Sidecar > Масштабирование

  404. front back db istio-proxy istio-proxy istio-proxy account istio-proxy warehouse istio-proxy

    istiod Sidecar apiVersion: networking.istio.io/v1beta1 kind: Sidecar metadata: name: default namespace: myns spec: egress: - hosts: - "myns/*" - "istio-system/*" > Масштабирование

  405. front back db istio-proxy istio-proxy istio-proxy account istio-proxy warehouse istio-proxy

    istiod Sidecar apiVersion: networking.istio.io/v1beta1 kind: Sidecar metadata: name: default namespace: myns spec: egress: - hosts: - "myns/*" - "istio-system/*" > Масштабирование

  406. front back db istio-proxy istio-proxy istio-proxy account istio-proxy warehouse istio-proxy

    istiod Sidecar apiVersion: networking.istio.io/v1beta1 kind: Sidecar metadata: name: default namespace: myns spec: egress: - hosts: - "myns/*" - "istio-system/*" > Масштабирование

  407. front back db istio-proxy istio-proxy istio-proxy account istio-proxy warehouse istio-proxy

    istiod Sidecar apiVersion: networking.istio.io/v1beta1 kind: Sidecar metadata: name: default namespace: myns spec: egress: - hosts: - "myns/*" - "istio-system/*" > Масштабирование

  408. front back db istio-proxy istio-proxy istio-proxy account istio-proxy warehouse istio-proxy

    istiod Sidecar apiVersion: networking.istio.io/v1beta1 kind: Sidecar metadata: name: default namespace: myns spec: egress: - hosts: - "myns/*" - "istio-system/*" > Масштабирование

  409. front back db istio-proxy istio-proxy istio-proxy account istio-proxy warehouse istio-proxy

    istiod > Масштабирование

  410. front back db istio-proxy istio-proxy istio-proxy account istio-proxy warehouse istio-proxy

    istiod > Масштабирование

  411. front back db istio-proxy istio-proxy istio-proxy account istio-proxy warehouse istio-proxy

    istiod > Масштабирование

  412. istiod istiod front back db istio-proxy istio-proxy istio-proxy account istio-proxy

    warehouse istio-proxy istiod > Масштабирование

  413. front back db istio-proxy istio-proxy istio-proxy account istio-proxy warehouse istio-proxy

    istiod > Масштабирование istiod istiod istiod

  414. front back db istio-proxy istio-proxy istio-proxy account istio-proxy warehouse istio-proxy

    istiod ISTIO_DELTA_XDS > Масштабирование Youtube QR istiod istiod istiod

  415. istiod istiod istiod front back db istio-proxy istio-proxy istio-proxy account

    istio-proxy warehouse istio-proxy istiod > Масштабирование ISTIO_DELTA_XDS

  416. front back db istio-proxy istio-proxy istio-proxy account istio-proxy warehouse istio-proxy

    istiod ISTIO_DELTA_XDS > Масштабирование istio.io qr istiod istiod istiod

  417. front back db istio-proxy istio-proxy istio-proxy account istio-proxy warehouse istio-proxy

    istiod ISTIO_DELTA_XDS Ambient Mesh > Масштабирование istio.io qr istiod istiod istiod Istio

  418. istiod istiod istiod front back db istio-proxy istio-proxy istio-proxy account

    istio-proxy warehouse istio-proxy istiod ISTIO_DELTA_XDS Ambient Mesh > Масштабирование Istio
  419. None

  420. Outro

  421. Outro

  422. Outro

  423. Павел Тишков RnD Алёна Лунина Оформление презентации Спасибо! Дмитрий Зайцев

    Куратор доклада Антон Климов Оформление презентации флант

  424. Спасибо! Вы! Павел Тишков RnD Алёна Лунина Оформление презентации Дмитрий

    Зайцев Куратор доклада Антон Климов Оформление презентации

  425. deckhouse.io Андрей Половов Ведущий разработчик Kubernetes-платформы Deckhouse Флант DevOps и

    Kubernetes, обслуживание 24/7 habr.com/ru/company/flant youtube.com/c/Флант flant.ru t.me/flant_ru t.me/andreypolovov andrey.polovov@flant.com istio.io Ещё один доклад Оценить доклад