2017-08-21 18:44:34 +08:00
<!DOCTYPE HTML>
2017-09-19 22:01:07 +08:00
< html lang = "zh-hans" >
2017-08-21 18:44:34 +08:00
< head >
< meta charset = "UTF-8" >
< meta content = "text/html; charset=utf-8" http-equiv = "Content-Type" >
< title > 5.1.1 Istio · Kubernetes Handbook< / title >
< meta http-equiv = "X-UA-Compatible" content = "IE=edge" / >
< meta name = "description" content = "" >
< meta name = "generator" content = "GitBook 3.2.2" >
< meta name = "author" content = "Jimmy Song" >
< link rel = "stylesheet" href = "../gitbook/style.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-splitter/splitter.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-page-toc-button/plugin.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-image-captions/image-captions.css" >
2017-10-09 15:28:05 +08:00
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-back-to-top-button/plugin.css" >
2017-08-21 18:44:34 +08:00
2017-10-09 15:28:05 +08:00
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-search-plus/search.css" >
2017-09-19 21:38:03 +08:00
2017-10-09 15:28:05 +08:00
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-tbfed-pagefooter/footer.css" >
2017-08-21 18:44:34 +08:00
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-highlight/website.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-fontsettings/website.css" >
2017-10-09 15:28:05 +08:00
2017-08-21 18:44:34 +08:00
< meta name = "HandheldFriendly" content = "true" / >
< meta name = "viewport" content = "width=device-width, initial-scale=1, user-scalable=no" >
< meta name = "apple-mobile-web-app-capable" content = "yes" >
< meta name = "apple-mobile-web-app-status-bar-style" content = "black" >
< link rel = "apple-touch-icon-precomposed" sizes = "152x152" href = "../gitbook/images/apple-touch-icon-precomposed-152.png" >
< link rel = "shortcut icon" href = "../gitbook/images/favicon.ico" type = "image/x-icon" >
< link rel = "next" href = "istio-installation.html" / >
2017-09-20 21:55:19 +08:00
< link rel = "prev" href = "service-mesh.html" / >
2017-08-21 18:44:34 +08:00
2017-10-09 15:28:05 +08:00
< link rel = "shortcut icon" href = '../favicon.ico' type = "image/x-icon" >
< link rel = "bookmark" href = '../favicon.ico' type = "image/x-icon" >
< style >
@media only screen and (max-width: 640px) {
.book-header .hidden-mobile {
display: none;
}
}
< / style >
< script >
window["gitbook-plugin-github-buttons"] = {"repo":"rootsongjc/kubernetes-handbook","types":["star"],"size":"small"};
< / script >
2017-08-21 18:44:34 +08:00
< / head >
< body >
< div class = "book" >
< div class = "book-summary" >
< div id = "book-search-input" role = "search" >
2017-09-19 22:01:07 +08:00
< input type = "text" placeholder = "输入并搜索" / >
2017-08-21 18:44:34 +08:00
< / div >
< nav role = "navigation" >
< ul class = "summary" >
2017-10-09 15:28:05 +08:00
< li >
< a href = "https://jimmysong.io" target = "_blank" class = "custom-link" > Home< / a >
< / li >
2017-08-21 18:44:34 +08:00
2017-10-09 15:28:05 +08:00
< li class = "divider" > < / li >
2017-08-21 18:44:34 +08:00
< li class = "chapter " data-level = "1.1" data-path = "../" >
< a href = "../" >
1. 前言
< / a >
< / li >
< li class = "chapter " data-level = "1.2" data-path = "../concepts/" >
< a href = "../concepts/" >
2. 概念原理
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.2.1" data-path = "../concepts/concepts.html" >
< a href = "../concepts/concepts.html" >
2.1 设计理念
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2" data-path = "../concepts/objects.html" >
< a href = "../concepts/objects.html" >
2017-09-03 13:29:38 +08:00
2.2 Objects
2017-08-21 18:44:34 +08:00
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.2.2.1" data-path = "../concepts/pod-overview.html" >
< a href = "../concepts/pod-overview.html" >
2.2.1 Pod
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.2.2.1.1" data-path = "../concepts/pod.html" >
< a href = "../concepts/pod.html" >
2.2.1.1 Pod解析
< / a >
2017-08-31 23:28:33 +08:00
< / li >
< li class = "chapter " data-level = "1.2.2.1.2" data-path = "../concepts/init-containers.html" >
< a href = "../concepts/init-containers.html" >
2.2.1.2 Init容器
< / a >
2017-09-03 15:58:39 +08:00
< / li >
< li class = "chapter " data-level = "1.2.2.1.3" data-path = "../concepts/pod-security-policy.html" >
< a href = "../concepts/pod-security-policy.html" >
2.2.1.3 Pod安全策略
< / a >
2017-09-17 15:39:26 +08:00
< / li >
< li class = "chapter " data-level = "1.2.2.1.4" data-path = "../concepts/pod-lifecycle.html" >
< a href = "../concepts/pod-lifecycle.html" >
2.2.1.4 Pod的生命周期
< / a >
2017-08-21 18:44:34 +08:00
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.2.2.2" data-path = "../concepts/node.html" >
< a href = "../concepts/node.html" >
2.2.2 Node
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.3" data-path = "../concepts/namespace.html" >
< a href = "../concepts/namespace.html" >
2.2.3 Namespace
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.4" data-path = "../concepts/service.html" >
< a href = "../concepts/service.html" >
2.2.4 Service
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.5" data-path = "../concepts/volume.html" >
< a href = "../concepts/volume.html" >
2.2.5 Volume和Persistent Volume
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.6" data-path = "../concepts/deployment.html" >
< a href = "../concepts/deployment.html" >
2.2.6 Deployment
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.7" data-path = "../concepts/secret.html" >
< a href = "../concepts/secret.html" >
2.2.7 Secret
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.8" data-path = "../concepts/statefulset.html" >
< a href = "../concepts/statefulset.html" >
2.2.8 StatefulSet
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.9" data-path = "../concepts/daemonset.html" >
< a href = "../concepts/daemonset.html" >
2.2.9 DaemonSet
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.10" data-path = "../concepts/serviceaccount.html" >
< a href = "../concepts/serviceaccount.html" >
2.2.10 ServiceAccount
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.11" data-path = "../concepts/replicaset.html" >
< a href = "../concepts/replicaset.html" >
2.2.11 ReplicationController和ReplicaSet
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.12" data-path = "../concepts/job.html" >
< a href = "../concepts/job.html" >
2.2.12 Job
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.13" data-path = "../concepts/cronjob.html" >
< a href = "../concepts/cronjob.html" >
2.2.13 CronJob
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.14" data-path = "../concepts/ingress.html" >
< a href = "../concepts/ingress.html" >
2.2.14 Ingress
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.15" data-path = "../concepts/configmap.html" >
< a href = "../concepts/configmap.html" >
2.2.15 ConfigMap
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.16" data-path = "../concepts/horizontal-pod-autoscaling.html" >
< a href = "../concepts/horizontal-pod-autoscaling.html" >
2.2.16 Horizontal Pod Autoscaling
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.17" data-path = "../concepts/label.html" >
< a href = "../concepts/label.html" >
2.2.17 Label
< / a >
2017-09-03 15:58:39 +08:00
< / li >
< li class = "chapter " data-level = "1.2.2.18" data-path = "../concepts/garbage-collection.html" >
< a href = "../concepts/garbage-collection.html" >
2.2.18 垃圾收集
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.19" data-path = "../concepts/network-policy.html" >
< a href = "../concepts/network-policy.html" >
2.2.19 NetworkPolicy
< / a >
2017-08-21 18:44:34 +08:00
< / li >
< / ul >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.3" data-path = "../guide/" >
< a href = "../guide/" >
3. 用户指南
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.3.1" data-path = "../guide/resource-configuration.html" >
< a href = "../guide/resource-configuration.html" >
2017-09-28 21:20:49 +08:00
3.1 资源对象配置
2017-08-21 18:44:34 +08:00
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.3.1.1" data-path = "../guide/configure-liveness-readiness-probes.html" >
< a href = "../guide/configure-liveness-readiness-probes.html" >
3.1.1 配置Pod的liveness和readiness探针
< / a >
< / li >
< li class = "chapter " data-level = "1.3.1.2" data-path = "../guide/configure-pod-service-account.html" >
< a href = "../guide/configure-pod-service-account.html" >
3.1.2 配置Pod的Service Account
< / a >
2017-09-28 21:20:49 +08:00
< / li >
< li class = "chapter " data-level = "1.3.1.3" data-path = "../guide/secret-configuration.html" >
< a href = "../guide/secret-configuration.html" >
3.1.3 Secret配置
< / a >
2017-10-10 14:51:45 +08:00
< / li >
< li class = "chapter " data-level = "1.3.1.4" data-path = "../guide/resource-quota-management.html" >
< a href = "../guide/resource-quota-management.html" >
3.2.3 管理namespace中的资源配额
< / a >
2017-08-21 18:44:34 +08:00
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.3.2" data-path = "../guide/command-usage.html" >
< a href = "../guide/command-usage.html" >
3.2 命令使用
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.3.2.1" data-path = "../guide/using-kubectl.html" >
< a href = "../guide/using-kubectl.html" >
3.2.1 使用kubectl
< / a >
2017-09-16 20:56:43 +08:00
< / li >
< li class = "chapter " data-level = "1.3.2.2" data-path = "../guide/docker-cli-to-kubectl.html" >
< a href = "../guide/docker-cli-to-kubectl.html" >
3.2.2 docker用户过度到kubectl命令行指南
< / a >
2017-08-21 18:44:34 +08:00
< / li >
< / ul >
< / li >
2017-09-07 12:29:13 +08:00
< li class = "chapter " data-level = "1.3.3" data-path = "../guide/cluster-security-management.html" >
2017-08-21 18:44:34 +08:00
2017-09-07 12:29:13 +08:00
< a href = "../guide/cluster-security-management.html" >
2017-08-21 18:44:34 +08:00
2017-09-07 12:29:13 +08:00
3.3 集群安全性管理
2017-08-21 18:44:34 +08:00
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.3.3.1" data-path = "../guide/managing-tls-in-a-cluster.html" >
< a href = "../guide/managing-tls-in-a-cluster.html" >
3.3.1 管理集群中的TLS
< / a >
< / li >
< li class = "chapter " data-level = "1.3.3.2" data-path = "../guide/kubelet-authentication-authorization.html" >
< a href = "../guide/kubelet-authentication-authorization.html" >
3.3.2 kubelet的认证授权
< / a >
< / li >
< li class = "chapter " data-level = "1.3.3.3" data-path = "../guide/tls-bootstrapping.html" >
< a href = "../guide/tls-bootstrapping.html" >
3.3.3 TLS bootstrap
< / a >
2017-08-31 14:23:44 +08:00
< / li >
< li class = "chapter " data-level = "1.3.3.4" data-path = "../guide/kubectl-user-authentication-authorization.html" >
< a href = "../guide/kubectl-user-authentication-authorization.html" >
3.3.4 kubectl的用户认证授权
< / a >
< / li >
< li class = "chapter " data-level = "1.3.3.5" data-path = "../guide/rbac.html" >
< a href = "../guide/rbac.html" >
3.3.5 RBAC——基于角色的访问控制
< / a >
2017-09-07 14:13:59 +08:00
< / li >
< li class = "chapter " data-level = "1.3.3.6" data-path = "../guide/ip-masq-agent.html" >
< a href = "../guide/ip-masq-agent.html" >
3.3.6 IP伪装代理
< / a >
2017-08-21 18:44:34 +08:00
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.3.4" data-path = "../guide/access-kubernetes-cluster.html" >
< a href = "../guide/access-kubernetes-cluster.html" >
3.4 访问 Kubernetes 集群
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.3.4.1" data-path = "../guide/access-cluster.html" >
< a href = "../guide/access-cluster.html" >
3.4.1 访问集群
< / a >
< / li >
< li class = "chapter " data-level = "1.3.4.2" data-path = "../guide/authenticate-across-clusters-kubeconfig.html" >
< a href = "../guide/authenticate-across-clusters-kubeconfig.html" >
3.4.2 使用 kubeconfig 文件配置跨集群认证
< / a >
< / li >
< li class = "chapter " data-level = "1.3.4.3" data-path = "../guide/connecting-to-applications-port-forward.html" >
< a href = "../guide/connecting-to-applications-port-forward.html" >
3.4.3 通过端口转发访问集群中的应用程序
< / a >
< / li >
< li class = "chapter " data-level = "1.3.4.4" data-path = "../guide/service-access-application-cluster.html" >
< a href = "../guide/service-access-application-cluster.html" >
3.4.4 使用 service 访问群集中的应用程序
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.3.5" data-path = "../guide/application-development-deployment-flow.html" >
< a href = "../guide/application-development-deployment-flow.html" >
3.5 在kubernetes中开发部署应用
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.3.5.1" data-path = "../guide/deploy-applications-in-kubernetes.html" >
< a href = "../guide/deploy-applications-in-kubernetes.html" >
3.5.1 适用于kubernetes的应用开发部署流程
< / a >
< / li >
< li class = "chapter " data-level = "1.3.5.2" data-path = "../guide/migrating-hadoop-yarn-to-kubernetes.html" >
< a href = "../guide/migrating-hadoop-yarn-to-kubernetes.html" >
3.5.2 迁移传统应用到kubernetes中——以Hadoop YARN为例
< / a >
< / li >
< / ul >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.4" data-path = "../practice/" >
< a href = "../practice/" >
4. 最佳实践
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.4.1" data-path = "../practice/install-kbernetes1.6-on-centos.html" >
< a href = "../practice/install-kbernetes1.6-on-centos.html" >
4.1 在CentOS上部署kubernetes1.6集群
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.4.1.1" data-path = "../practice/create-tls-and-secret-key.html" >
< a href = "../practice/create-tls-and-secret-key.html" >
4.1.1 创建TLS证书和秘钥
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.2" data-path = "../practice/create-kubeconfig.html" >
< a href = "../practice/create-kubeconfig.html" >
4.1.2 创建kubeconfig文件
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.3" data-path = "../practice/etcd-cluster-installation.html" >
< a href = "../practice/etcd-cluster-installation.html" >
4.1.3 创建高可用etcd集群
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.4" data-path = "../practice/kubectl-installation.html" >
< a href = "../practice/kubectl-installation.html" >
4.1.4 安装kubectl命令行工具
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.5" data-path = "../practice/master-installation.html" >
< a href = "../practice/master-installation.html" >
4.1.5 部署master节点
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.6" data-path = "../practice/node-installation.html" >
< a href = "../practice/node-installation.html" >
4.1.6 部署node节点
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.7" data-path = "../practice/kubedns-addon-installation.html" >
< a href = "../practice/kubedns-addon-installation.html" >
4.1.7 安装kubedns插件
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.8" data-path = "../practice/dashboard-addon-installation.html" >
< a href = "../practice/dashboard-addon-installation.html" >
4.1.8 安装dashboard插件
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.9" data-path = "../practice/heapster-addon-installation.html" >
< a href = "../practice/heapster-addon-installation.html" >
4.1.9 安装heapster插件
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.10" data-path = "../practice/efk-addon-installation.html" >
< a href = "../practice/efk-addon-installation.html" >
4.1.10 安装EFK插件
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.4.2" data-path = "../practice/service-discovery-and-loadbalancing.html" >
< a href = "../practice/service-discovery-and-loadbalancing.html" >
4.2 服务发现与负载均衡
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.4.2.1" data-path = "../practice/traefik-ingress-installation.html" >
< a href = "../practice/traefik-ingress-installation.html" >
4.2.1 安装Traefik ingress
< / a >
< / li >
< li class = "chapter " data-level = "1.4.2.2" data-path = "../practice/distributed-load-test.html" >
< a href = "../practice/distributed-load-test.html" >
4.2.2 分布式负载测试
< / a >
< / li >
< li class = "chapter " data-level = "1.4.2.3" data-path = "../practice/network-and-cluster-perfermance-test.html" >
< a href = "../practice/network-and-cluster-perfermance-test.html" >
4.2.3 网络和集群性能测试
< / a >
< / li >
< li class = "chapter " data-level = "1.4.2.4" data-path = "../practice/edge-node-configuration.html" >
< a href = "../practice/edge-node-configuration.html" >
4.2.4 边缘节点配置
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.4.3" data-path = "../practice/operation.html" >
< a href = "../practice/operation.html" >
4.3 运维管理
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.4.3.1" data-path = "../practice/service-rolling-update.html" >
< a href = "../practice/service-rolling-update.html" >
4.3.1 服务滚动升级
< / a >
< / li >
< li class = "chapter " data-level = "1.4.3.2" data-path = "../practice/app-log-collection.html" >
< a href = "../practice/app-log-collection.html" >
4.3.2 应用日志收集
< / a >
< / li >
< li class = "chapter " data-level = "1.4.3.3" data-path = "../practice/configuration-best-practice.html" >
< a href = "../practice/configuration-best-practice.html" >
4.3.3 配置最佳实践
< / a >
< / li >
< li class = "chapter " data-level = "1.4.3.4" data-path = "../practice/monitor.html" >
< a href = "../practice/monitor.html" >
4.3.4 集群及应用监控
< / a >
< / li >
< li class = "chapter " data-level = "1.4.3.5" data-path = "../practice/jenkins-ci-cd.html" >
< a href = "../practice/jenkins-ci-cd.html" >
4.3.5 使用Jenkins进行持续构建与发布
< / a >
< / li >
< li class = "chapter " data-level = "1.4.3.6" data-path = "../practice/data-persistence-problem.html" >
< a href = "../practice/data-persistence-problem.html" >
4.3.6 数据持久化问题
< / a >
2017-09-03 15:58:39 +08:00
< / li >
< li class = "chapter " data-level = "1.4.3.7" data-path = "../practice/manage-compute-resources-container.html" >
< a href = "../practice/manage-compute-resources-container.html" >
4.3.7 管理容器的计算资源
< / a >
2017-09-25 21:41:08 +08:00
< / li >
< li class = "chapter " data-level = "1.4.3.8" data-path = "../practice/using-prometheus-to-monitor-kuberentes-cluster.html" >
< a href = "../practice/using-prometheus-to-monitor-kuberentes-cluster.html" >
4.3.8 使用Prometheus监控kubernetes集群
< / a >
2017-08-21 18:44:34 +08:00
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.4.4" data-path = "../practice/storage.html" >
< a href = "../practice/storage.html" >
4.4 存储管理
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.4.4.1" data-path = "../practice/glusterfs.html" >
< a href = "../practice/glusterfs.html" >
4.4.1 GlusterFS
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.4.4.1.1" data-path = "../practice/using-glusterfs-for-persistent-storage.html" >
< a href = "../practice/using-glusterfs-for-persistent-storage.html" >
4.4.1.1 使用GlusterFS做持久化存储
< / a >
< / li >
< li class = "chapter " data-level = "1.4.4.1.2" data-path = "../practice/storage-for-containers-using-glusterfs-with-openshift.html" >
< a href = "../practice/storage-for-containers-using-glusterfs-with-openshift.html" >
4.4.1.2 在OpenShift中使用GlusterFS做持久化存储
< / a >
2017-09-01 21:04:51 +08:00
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.4.4.2" data-path = "../practice/cephfs.html" >
< a href = "../practice/cephfs.html" >
4.4.2 CephFS
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.4.4.2.1" data-path = "../practice/using-ceph-for-persistent-storage.html" >
< a href = "../practice/using-ceph-for-persistent-storage.html" >
4.4.2.1 使用Ceph做持久化存储
< / a >
2017-08-21 18:44:34 +08:00
< / li >
< / ul >
< / li >
< / ul >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.5" data-path = "./" >
< a href = "./" >
5. 领域应用
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.5.1" data-path = "microservices.html" >
< a href = "microservices.html" >
5.1 微服务架构
< / a >
< ul class = "articles" >
2017-09-20 21:55:19 +08:00
< li class = "chapter " data-level = "1.5.1.1" data-path = "service-discovery-in-microservices.html" >
< a href = "service-discovery-in-microservices.html" >
5.1.1 微服务中的服务发现
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.5.2" data-path = "service-mesh.html" >
< a href = "service-mesh.html" >
5.2 Service Mesh 服务网格
< / a >
< ul class = "articles" >
< li class = "chapter active" data-level = "1.5.2.1" data-path = "istio.html" >
2017-08-21 18:44:34 +08:00
< a href = "istio.html" >
5.1.1 Istio
< / a >
< ul class = "articles" >
2017-09-20 21:55:19 +08:00
< li class = "chapter " data-level = "1.5.2.1.1" data-path = "istio-installation.html" >
2017-08-21 18:44:34 +08:00
< a href = "istio-installation.html" >
5.1.1.1 安装istio
< / a >
< / li >
2017-09-20 21:55:19 +08:00
< li class = "chapter " data-level = "1.5.2.1.2" data-path = "configuring-request-routing.html" >
2017-08-21 18:44:34 +08:00
< a href = "configuring-request-routing.html" >
5.1.1.2 配置请求的路由规则
< / a >
< / li >
< / ul >
< / li >
2017-09-20 21:55:19 +08:00
< li class = "chapter " data-level = "1.5.2.2" data-path = "linkerd.html" >
2017-08-21 18:44:34 +08:00
< a href = "linkerd.html" >
5.1.2 Linkerd
< / a >
< ul class = "articles" >
2017-09-20 21:55:19 +08:00
< li class = "chapter " data-level = "1.5.2.2.1" data-path = "linkerd-user-guide.html" >
2017-08-21 18:44:34 +08:00
< a href = "linkerd-user-guide.html" >
5.1.2.1 Linkerd 使用指南
< / a >
< / li >
< / ul >
< / li >
< / ul >
< / li >
2017-09-20 21:55:19 +08:00
< li class = "chapter " data-level = "1.5.3" data-path = "big-data.html" >
2017-08-21 18:44:34 +08:00
< a href = "big-data.html" >
5.2 大数据
< / a >
< ul class = "articles" >
2017-09-20 21:55:19 +08:00
< li class = "chapter " data-level = "1.5.3.1" data-path = "spark-standalone-on-kubernetes.html" >
2017-08-21 18:44:34 +08:00
2017-08-30 14:20:52 +08:00
< a href = "spark-standalone-on-kubernetes.html" >
2017-08-21 18:44:34 +08:00
2017-08-30 14:20:52 +08:00
5.2.1 Spark standalone on Kubernetes
2017-08-21 18:44:34 +08:00
< / a >
2017-08-31 14:23:44 +08:00
< / li >
2017-09-20 21:55:19 +08:00
< li class = "chapter " data-level = "1.5.3.2" data-path = "running-spark-with-kubernetes-native-scheduler.html" >
2017-08-31 14:23:44 +08:00
2017-09-14 15:57:50 +08:00
< a href = "running-spark-with-kubernetes-native-scheduler.html" >
2017-08-31 14:23:44 +08:00
5.2.2 运行支持kubernetes原生调度的Spark程序
< / a >
2017-08-21 18:44:34 +08:00
< / li >
< / ul >
2017-08-30 16:52:33 +08:00
< / li >
2017-09-20 21:55:19 +08:00
< li class = "chapter " data-level = "1.5.4" data-path = "serverless.html" >
2017-08-30 16:52:33 +08:00
< a href = "serverless.html" >
5.3 Serverless架构
< / a >
2017-08-21 18:44:34 +08:00
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.6" data-path = "../develop/" >
< a href = "../develop/" >
6. 开发指南
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.6.1" data-path = "../develop/developing-environment.html" >
< a href = "../develop/developing-environment.html" >
6.1 开发环境搭建
< / a >
< / li >
< li class = "chapter " data-level = "1.6.2" data-path = "../develop/testing.html" >
< a href = "../develop/testing.html" >
6.2 单元测试和集成测试
< / a >
< / li >
< li class = "chapter " data-level = "1.6.3" data-path = "../develop/client-go-sample.html" >
< a href = "../develop/client-go-sample.html" >
6.3 client-go示例
< / a >
< / li >
< li class = "chapter " data-level = "1.6.4" data-path = "../develop/contribute.html" >
< a href = "../develop/contribute.html" >
6.4 社区贡献
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.7" data-path = "../appendix/" >
< a href = "../appendix/" >
7. 附录
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.7.1" data-path = "../appendix/docker-best-practice.html" >
< a href = "../appendix/docker-best-practice.html" >
7.1 Docker最佳实践
< / a >
< / li >
< li class = "chapter " data-level = "1.7.2" data-path = "../appendix/issues.html" >
< a href = "../appendix/issues.html" >
7.2 问题记录
< / a >
< / li >
< li class = "chapter " data-level = "1.7.3" data-path = "../appendix/tricks.html" >
< a href = "../appendix/tricks.html" >
7.3 使用技巧
< / a >
2017-09-21 15:00:54 +08:00
< / li >
< li class = "chapter " data-level = "1.7.4" data-path = "../appendix/debug-kubernetes-services.html" >
< a href = "../appendix/debug-kubernetes-services.html" >
7.4 kubernetes service中的故障排查
< / a >
2017-08-21 18:44:34 +08:00
< / li >
< / ul >
< / li >
< li class = "divider" > < / li >
< li >
< a href = "https://www.gitbook.com" target = "blank" class = "gitbook-link" >
2017-09-19 22:01:07 +08:00
本书使用 GitBook 发布
2017-08-21 18:44:34 +08:00
< / a >
< / li >
< / ul >
< / nav >
< / div >
< div class = "book-body" >
< div class = "body-inner" >
< div class = "book-header" role = "navigation" >
<!-- Title -->
< h1 >
< i class = "fa fa-circle-o-notch fa-spin" > < / i >
< a href = ".." > 5.1.1 Istio< / a >
< / h1 >
< / div >
< div class = "page-wrapper" tabindex = "-1" role = "main" >
< div class = "page-inner" >
< div class = "search-plus" id = "book-search-results" >
< div class = "search-noresults" >
< section class = "normal markdown-section" >
< h1 id = "istio简介" > Istio简 介 < / h1 >
< h2 id = "前言" > 前 言 < / h2 >
< p > < a href = "https://istio.io" target = "_blank" > Istio< / a > 是 由 Google、 IBM和 Lyft开 源 的 微 服 务 管 理 、 保 护 和 监 控 框 架 。 Istio为 希 腊 语 , 意 思 是 ” 起 航 “ 。 < / p >
< h2 id = "简介" > 简 介 < / h2 >
< p > 使 用 istio可 以 很 简 单 的 创 建 具 有 负 载 均 衡 、 服 务 间 认 证 、 监 控 等 功 能 的 服 务 网 络 , 而 不 需 要 对 服 务 的 代 码 进 行 任 何 修 改 。 你 只 需 要 在 部 署 环 境 中 , 例 如 Kubernetes的 pod里 注 入 一 个 特 别 的 sidecar proxy来 增 加 对 istio的 支 持 , 用 来 截 获 微 服 务 之 间 的 网 络 流 量 。 < / p >
< p > 目 前 版 本 的 istio只 支 持 kubernetes, 未 来 计 划 支 持 其 他 其 他 环 境 。 < / p >
< p > 另 外 , Istio的 前 身 是 IBM开 源 的 < a href = "https://www.amalgam8.io" target = "_blank" > Amalgam8< / a > , 追 本 溯 源 , 我 们 来 看 下 它 的 特 性 。 < / p >
< h3 id = "amalgam8" > Amalgam8< / h3 >
< p > Amalgam8的 网 站 上 说 , 它 是 一 个 < strong > Content-based Routing Fabric for Polyglot Microservices< / strong > , 简 单 、 强 大 且 开 源 。 < / p >
< p > Amalgam8是 一 款 基 于 内 容 和 版 本 的 路 由 布 局 , 用 于 集 成 多 语 言 异 构 体 微 服 务 。 其 control plane API可 用 于 动 态 编 程 规 则 , 用 于 在 正 在 运 行 的 应 用 程 序 中 跨 微 服 务 进 行 路 由 和 操 作 请 求 。 < / p >
< p > 以 内 容 /版 本 感 知 方 式 路 由 请 求 的 能 力 简 化 了 DevOps任 务 , 如 金 丝 雀 和 红 /黑 发 布 , A/B Test和 系 统 地 测 试 弹 性 微 服 务 。 < / p >
< p > 可 以 使 用 Amalgam8平 台 与 受 欢 迎 的 容 器 运 行 时 ( 如 Docker, Kubernetes, Marathon / Mesos) 或 其 他 云 计 算 提 供 商 ( 如 IBM Bluemix, Google Cloud Platform或 Amazon AWS) 。 < / p >
< h2 id = "特性" > 特 性 < / h2 >
< p > 使 用 istio的 进 行 微 服 务 管 理 有 如 下 特 性 : < / p >
< ul >
< li > < strong > 流 量 管 理 < / strong > : 控 制 服 务 间 的 流 量 和 API调 用 流 , 使 调 用 更 可 靠 , 增 强 不 同 环 境 下 的 网 络 鲁 棒 性 。 < / li >
< li > < strong > 可 观 测 性 < / strong > : 了 解 服 务 之 间 的 依 赖 关 系 和 它 们 之 间 的 性 质 和 流 量 , 提 供 快 速 识 别 定 位 问 题 的 能 力 。 < / li >
< li > < strong > 策 略 实 施 < / strong > : 通 过 配 置 mesh而 不 是 以 改 变 代 码 的 方 式 来 控 制 服 务 之 间 的 访 问 策 略 。 < / li >
< li > < strong > 服 务 识 别 和 安 全 < / strong > : 提 供 在 mesh里 的 服 务 可 识 别 性 和 安 全 性 保 护 。 < / li >
< / ul >
< p > 未 来 将 支 持 多 种 平 台 , 不 论 是 kubernetes、 Mesos、 还 是 云 。 同 时 可 以 集 成 已 有 的 ACL、 日 志 、 监 控 、 配 额 、 审 计 等 。 < / p >
< h2 id = "架构" > 架 构 < / h2 >
2017-10-09 15:28:05 +08:00
< figure id = "fig1.5.2.1.1" > < img src = "../images/istio-arch.jpg" alt = "Istio架构图" > < figcaption > 图 片 - Istio架 构 图 < / figcaption > < / figure >
2017-08-21 18:44:34 +08:00
< p > Istio架 构 分 为 控 制 层 和 数 据 层 。 < / p >
< ul >
< li > < strong > 数 据 层 < / strong > : 由 一 组 智 能 代 理 ( Envoy) 作 为 sidecar部 署 , 协 调 和 控 制 所 有 microservices之 间 的 网 络 通 信 。 < / li >
< li > < strong > 控 制 层 < / strong > : 负 责 管 理 和 配 置 代 理 路 由 流 量 , 以 及 在 运 行 时 执 行 的 政 策 。 < / li >
< / ul >
< h2 id = "envoy" > Envoy< / h2 >
< p > Istio使 用 Envoy代 理 的 扩 展 版 本 , 该 代 理 是 以 C++开 发 的 高 性 能 代 理 , 用 于 调 解 service mesh中 所 有 服 务 的 所 有 入 站 和 出 站 流 量 。 Istio利 用 了 Envoy的 许 多 内 置 功 能 , 例 如 动 态 服 务 发 现 , 负 载 平 衡 , TLS终 止 , HTTP/2& gRPC代 理 , 断 路 器 , 运 行 状 况 检 查 , 基 于 百 分 比 的 流 量 拆 分 分 阶 段 上 线 , 故 障 注 入 和 丰 富 指 标 。 < / p >
< p > Envoy在 kubernetes中 作 为 pod的 sidecar来 部 署 。 这 允 许 Istio将 大 量 关 于 流 量 行 为 的 信 号 作 为 属 性 提 取 出 来 , 这 些 属 性 又 可 以 在 Mixer中 用 于 执 行 策 略 决 策 , 并 发 送 给 监 控 系 统 以 提 供 有 关 整 个 mesh的 行 为 的 信 息 。 Sidecar代 理 模 型 还 允 许 你 将 Istio功 能 添 加 到 现 有 部 署 中 , 无 需 重 新 构 建 或 重 写 代 码 。 更 多 信 息 参 见 < a href = "https://istio.io/docs/concepts/what-is-istio/goals.html" target = "_blank" > 设 计 目 标 < / a > 。 < / p >
< h2 id = "mixer" > Mixer< / h2 >
< p > Mixer负 责 在 service mesh上 执 行 访 问 控 制 和 使 用 策 略 , 并 收 集 Envoy代 理 和 其 他 服 务 的 遥 测 数 据 。 代 理 提 取 请 求 级 属 性 , 发 送 到 mixer进 行 评 估 。 有 关 此 属 性 提 取 和 策 略 评 估 的 更 多 信 息 , 请 参 见 < a href = "https://istio.io/docs/concepts/policy-and-control/mixer-config.html" target = "_blank" > Mixer配 置 < / a > 。 混 音 器 包 括 一 个 灵 活 的 插 件 模 型 , 使 其 能 够 与 各 种 主 机 环 境 和 基 础 架 构 后 端 进 行 接 口 , 从 这 些 细 节 中 抽 象 出 Envoy代 理 和 Istio管 理 的 服 务 。 < / p >
< h2 id = "istio-manager" > Istio Manager< / h2 >
< p > Istio-Manager用 作 用 户 和 Istio之 间 的 接 口 , 收 集 和 验 证 配 置 , 并 将 其 传 播 到 各 种 Istio组 件 。 它 从 Mixer和 Envoy中 抽 取 环 境 特 定 的 实 现 细 节 , 为 他 们 提 供 独 立 于 底 层 平 台 的 用 户 服 务 的 抽 象 表 示 。 此 外 , 流 量 管 理 规 则 ( 即 通 用 4层 规 则 和 七 层 HTTP/gRPC路 由 规 则 ) 可 以 在 运 行 时 通 过 Istio-Manager进 行 编 程 。 < / p >
< h2 id = "istio-auth" > Istio-auth< / h2 >
< p > Istio-Auth提 供 强 大 的 服 务 间 和 最 终 用 户 认 证 , 使 用 相 互 TLS, 内 置 身 份 和 凭 据 管 理 。 它 可 用 于 升 级 service mesh中 的 未 加 密 流 量 , 并 为 运 营 商 提 供 基 于 服 务 身 份 而 不 是 网 络 控 制 的 策 略 的 能 力 。 Istio的 未 来 版 本 将 增 加 细 粒 度 的 访 问 控 制 和 审 计 , 以 使 用 各 种 访 问 控 制 机 制 ( 包 括 属 性 和 基 于 角 色 的 访 问 控 制 以 及 授 权 hook) 来 控 制 和 监 控 访 问 你 服 务 、 API或 资 源 的 人 员 。 < / p >
< h2 id = "参考" > 参 考 < / h2 >
< p > < a href = "http://www.leiphone.com/news/201705/RwRlyAs7Mi8pqhSb.html" target = "_blank" > Istio开 源 平 台 发 布 , Google、 IBM和 Lyft分 别 承 担 什 么 角 色 ? < / a > < / p >
< p > < a href = "http://www.infoq.com/cn/news/2017/05/istio?utm_source=news_about_opensource&utm_medium=link&utm_campaign=opensource" target = "_blank" > Istio: 用 于 微 服 务 的 服 务 啮 合 层 < / a > < / p >
2017-10-09 15:28:05 +08:00
< p > < a href = "https://istio.io/docs/concepts/what-is-istio/overview.html" target = "_blank" > Istio Overview< / a > < / p >
< footer class = "page-footer" > < span class = "copyright" > Copyright © jimmysong.io 2017 all right reserved, powered by Gitbook< / span > < span class = "footer-modification" > Updated:
2017-08-21 18:23:35
< / span > < / footer >
2017-08-21 18:44:34 +08:00
< / section >
< / div >
< div class = "search-results" >
< div class = "has-results" >
< h1 class = "search-results-title" > < span class = 'search-results-count' > < / span > results matching "< span class = 'search-query' > < / span > "< / h1 >
< ul class = "search-results-list" > < / ul >
< / div >
< div class = "no-results" >
< h1 class = "search-results-title" > No results matching "< span class = 'search-query' > < / span > "< / h1 >
< / div >
< / div >
< / div >
< / div >
< / div >
< / div >
2017-09-20 21:55:19 +08:00
< a href = "service-mesh.html" class = "navigation navigation-prev " aria-label = "Previous page: 5.2 Service Mesh 服务网格" >
2017-08-21 18:44:34 +08:00
< i class = "fa fa-angle-left" > < / i >
< / a >
< a href = "istio-installation.html" class = "navigation navigation-next " aria-label = "Next page: 5.1.1.1 安装istio" >
< i class = "fa fa-angle-right" > < / i >
< / a >
< / div >
< script >
var gitbook = gitbook || [];
gitbook.push(function() {
2017-10-11 17:30:58 +08:00
gitbook.page.hasChanged({"page":{"title":"5.1.1 Istio","level":"1.5.2.1","depth":3,"next":{"title":"5.1.1.1 安装istio","level":"1.5.2.1.1","depth":4,"path":"usecases/istio-installation.md","ref":"usecases/istio-installation.md","articles":[]},"previous":{"title":"5.2 Service Mesh 服务网格","level":"1.5.2","depth":2,"path":"usecases/service-mesh.md","ref":"usecases/service-mesh.md","articles":[{"title":"5.1.1 Istio","level":"1.5.2.1","depth":3,"path":"usecases/istio.md","ref":"usecases/istio.md","articles":[{"title":"5.1.1.1 安装istio","level":"1.5.2.1.1","depth":4,"path":"usecases/istio-installation.md","ref":"usecases/istio-installation.md","articles":[]},{"title":"5.1.1.2 配置请求的路由规则","level":"1.5.2.1.2","depth":4,"path":"usecases/configuring-request-routing.md","ref":"usecases/configuring-request-routing.md","articles":[]}]},{"title":"5.1.2 Linkerd","level":"1.5.2.2","depth":3,"path":"usecases/linkerd.md","ref":"usecases/linkerd.md","articles":[{"title":"5.1.2.1 Linkerd 使用指南","level":"1.5.2.2.1","depth":4,"path":"usecases/linkerd-user-guide.md","ref":"usecases/linkerd-user-guide.md","articles":[]}]}]},"dir":"ltr"},"config":{"plugins":["github","codesnippet","splitter","page-toc-button","image-captions","editlink","back-to-top-button","-lunr","-search","search-plus","github-buttons@2.1.0","favicon@^0.0.2","tbfed-pagefooter@^0.0.1"],"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"pluginsConfig":{"tbfed-pagefooter":{"copyright":"Copyright © jimmysong.io 2017","modify_label":"Updated:","modify_format":"YYYY-MM-DD HH:mm:ss"},"github":{"url":"https://github.com/rootsongjc/kubernetes-handbook"},"editlink":{"label":"编辑本页","multilingual":false,"base":"https://github.com/rootsongjc/kubernetes-handbook/blob/master/"},"splitter":{},"codesnippet":{},"fontsettings":{"theme":"white","family":"sans","size":2},"highlight":{},"favicon":{"shortcut":"favicon.ico","bookmark":"favicon.ico"},"page-toc-button":{},"back-to-top-button":{},"github-buttons":{"repo":"rootsongjc/kubernetes-handbook","types":["star"],"size":"small"},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false},"search-plus":{},"image-captions":{"caption":"图片 - _CAPTION_","variable_name":"_pictures"}},"theme":"default","author":"Jimmy Song","pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"variables":{"_pictures":[{"backlink":"concepts/index.html#fig1.2.1","level":"1.2","list_caption":"Figure: Borg架构","alt":"Borg架构","nro":1,"url":"../images/borg.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Borg架构","attributes":{},"skip":false,"key":"1.2.1"},{"backlink":"concepts/index.html#fig1.2.2","level":"1.2","list_caption":"Figure: Kubernetes架构","alt":"Kubernetes架构","nro":2,"url":"../images/architecture.png","index":2,"caption_template":"图片 - _CAPTION_","label":"Kubernetes架构","attributes":{},"skip":false,"key":"1.2.2"},{"backlink":"concepts/index.html#fig1.2.3","level":"1.2","list_caption":"Figure: kubernetes整体架构示意图","alt":"kubernetes整体架构示意图","nro":3,"url":"../images/kubernetes-whole-arch.png","index":3,"caption_template":"图片 - _CAPTION_","label":"kubernetes整体架构示意图","attributes":{},"skip":false,"key":"1.2.3"},{"backlink":"concepts/index.html#fig1.2.4","level":"1.2","list_caption":"Figure: Kubernetes master架构示意图","alt":"Kubernetes master架构示意图","nro":4,"url":"../im
2017-08-21 18:44:34 +08:00
});
< / script >
< / div >
< script src = "../gitbook/gitbook.js" > < / script >
< script src = "../gitbook/theme.js" > < / script >
< script src = "../gitbook/gitbook-plugin-github/plugin.js" > < / script >
< script src = "../gitbook/gitbook-plugin-splitter/splitter.js" > < / script >
< script src = "../gitbook/gitbook-plugin-page-toc-button/plugin.js" > < / script >
< script src = "../gitbook/gitbook-plugin-editlink/plugin.js" > < / script >
2017-09-19 21:38:03 +08:00
< script src = "../gitbook/gitbook-plugin-back-to-top-button/plugin.js" > < / script >
2017-08-21 18:44:34 +08:00
< script src = "../gitbook/gitbook-plugin-search-plus/jquery.mark.min.js" > < / script >
< script src = "../gitbook/gitbook-plugin-search-plus/search.js" > < / script >
2017-10-09 15:28:05 +08:00
< script src = "../gitbook/gitbook-plugin-github-buttons/plugin.js" > < / script >
2017-08-21 18:44:34 +08:00
< script src = "../gitbook/gitbook-plugin-sharing/buttons.js" > < / script >
< script src = "../gitbook/gitbook-plugin-fontsettings/fontsettings.js" > < / script >
< / body >
< / html >