{"id":18739945,"url":"https://github.com/withlin/istio-demo","last_synced_at":"2025-11-19T17:30:17.762Z","repository":{"id":96510944,"uuid":"297623634","full_name":"withlin/istio-demo","owner":"withlin","description":null,"archived":false,"fork":false,"pushed_at":"2020-10-09T09:30:19.000Z","size":18,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-12-28T18:32:41.057Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/withlin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-09-22T11:11:13.000Z","updated_at":"2020-10-10T06:21:54.000Z","dependencies_parsed_at":"2023-03-24T04:20:02.735Z","dependency_job_id":null,"html_url":"https://github.com/withlin/istio-demo","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/withlin%2Fistio-demo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/withlin%2Fistio-demo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/withlin%2Fistio-demo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/withlin%2Fistio-demo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/withlin","download_url":"https://codeload.github.com/withlin/istio-demo/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239619572,"owners_count":19669447,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T15:37:58.732Z","updated_at":"2025-11-19T17:30:17.661Z","avatar_url":"https://github.com/withlin.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"## Istio 介绍\n\n## VirtaulService(虚拟服务)\n\n\u003e 虚拟服务在增强 Istio 流量管理的灵活性和有效性方面,发挥着至关重要的作用,通过对客户端请求的目标地址与真实响应请求的目标工作负载进行解耦来实现。虚拟服务同时提供了丰富的方式,为发送至这些工作负载的流量指定不同的路由规则。\n\n使用虚拟服务,您可以为一个或多个主机名指定流量行为。在虚拟服务中使用路由规则,告诉 Envoy 如何发送虚拟服务的流量到适当的目标。路由目标地址可以是同一服务的不同版本,也可以是完全不同的服务。\n\n```text\n\n[devops_root@ali-tekton-CI-devops-dev-01 istio-1.7.1]$ kd vs\nName: bookinfo\nNamespace: default\nLabels: \u003cnone\u003e\nAnnotations: \u003cnone\u003e\nAPI Version: networking.istio.io/v1beta1\nKind: VirtualService\nMetadata:\n Creation Timestamp: 2020-09-15T08:32:36Z\n Generation: 1\n Managed Fields:\n API Version: networking.istio.io/v1alpha3\n Fields Type: FieldsV1\n fieldsV1:\n f:metadata:\n f:annotations:\n .:\n f:kubectl.kubernetes.io/last-applied-configuration:\n f:spec:\n .:\n f:gateways:\n f:hosts:\n f:http:\n Manager: kubectl-client-side-apply\n Operation: Update\n Time: 2020-09-15T08:32:36Z\n Resource Version: 295670\n Self Link: /apis/networking.istio.io/v1beta1/namespaces/default/virtualservices/bookinfo\n UID: 15705622-2450-441d-a164-96cc2a1a61b2\nSpec:\n Gateways:\n bookinfo-gateway\n Hosts:\n *\n Http:\n Match:\n Uri:\n Exact: /productpage\n Uri:\n Prefix: /static\n Uri:\n Exact: /login\n Uri:\n Exact: /logout\n Uri:\n Prefix: /api/v1/products\n Route:\n Destination:\n Host: productpage\n Port:\n Number: 9080\nEvents: \u003cnone\u003e\n```\n\n## GateWay(网关)\n\n使用网关为网格来管理入站和出站流量,可以让您指定进入或离开网格的流量。网关配置被用于运行在网格边界的独立 Envoy 代理,而不是网络工作负载 sidecar 代理。\n\n### Gateway 示例\n\n```text\n\napiVersion: networking.istio.io/v1alpha3\nkind: Gateway\nmetadata:\n name: ext-host-gwy\nspec:\n selector:\n app: my-gateway-controller\n servers:\n - port:\n number: 443\n name: https\n protocol: HTTPS\n hosts:\n - ext-host.example.com\n tls:\n mode: SIMPLE\n serverCertificate: /tmp/tls.crt\n privateKey: /tmp/tls.key\n\n```\n\n这个网关配置让 HTTPS 流量从 ext-host.example.com 通过 443 端口流入网格,但没有为请求指定任何路由规则。为想要工作的网关指定路由,您必须把网关绑定到虚拟服务上。正如下面的示例所示,使用虚拟服务的 gateways 字段进行设置\n\n```Virtual Service\napiVersion: networking.istio.io/v1alpha3\nkind: VirtualService\nmetadata:\n name: virtual-svc\nspec:\n hosts:\n - ext-host.example.com\n gateways:\n - ext-host-gwy\n\n```\n\n### ServiceEntry(服务入口)\n\n使用服务入口来添加一个入口到 Istio 内部维护的服务注册中心,添加服务入口后,添加服务之后,Envoy 代理可以向服务发送流量,就好像他是网格内部服务一样。功能:\n\n- 为外部目标 redirect 和转发请求,例如 web 端的 api 调用,或者流向老系统的服务\n- 为外部目标定义`重试`,`超时`和`故障注入`策略\n- 添加一个虚拟机的服务来扩展你的服务网格\n\n### 事例\n\n```text\napiVersion: networking.istio.io/v1alpha3\nkind: ServiceEntry\nmetadata:\n name: svc-entry\nspec:\n hosts:\n - ext-svc.example.com\n ports:\n - number: 443\n name: https\n protocol: HTTPS\n location: MESH_EXTERNAL\n resolution: DNS\n```\n\n您可以配置虚拟服务和目标规则,以更细粒度的方式控制到服务入口的流量,这与网格中的任何其他服务配置流量的方式相同。例如,下面的目标规则配置流量路由以使用双向 TLS 来保护到 ext-svc.example.com 外部服务的连接,我们使用服务入口配置了该外部服务:\n\n```text\n\napiVersion: networking.istio.io/v1alpha3\nkind: DestinationRule\nmetadata:\n name: ext-res-dr\nspec:\n host: ext-svc.example.com\n trafficPolicy:\n tls:\n mode: MUTUAL\n clientCertificate: /etc/certs/myclientcert.pem\n privateKey: /etc/certs/client_private_key.pem\n caCertificates: /etc/certs/rootcacerts.pem\n\n```\n\n## Sidecar\n\n默认情况下,Istio 让每个 Envoy 代理都可以访问来自和它关联的工作负载的所有端口的请求,然后转发到对应的工作负载。您可以使用 sidecar 配置去做下面的事情:\n\n- 微调 Envoy 代理接收代理和协议集\n- 限制 Envoy 可以访问的服务集合\n\n```text\n\napiVersion: networking.istio.io/v1alpha3\nkind: Sidecar\nmetadata:\n name: default\n namespace: bookinfo\nspec:\n egress:\n - hosts:\n - \"./*\"\n - \"istio-system/*\"\n\n\n```\n\n## 超时\n\n```text\n\napiVersion: networking.istio.io/v1alpha3\nkind: VirtualService\nmetadata:\n name: ratings\nspec:\n hosts:\n - ratings\n http:\n - route:\n - destination:\n host: ratings\n subset: v1\n timeout: 10s\n\n```\n\n## 重试\n\n```text\n\napiVersion: networking.istio.io/v1alpha3\nkind: VirtualService\nmetadata:\n name: ratings\nspec:\n hosts:\n - ratings\n http:\n - route:\n - destination:\n host: ratings\n subset: v1\n retries:\n attempts: 3\n perTryTimeout: 2s\n\n\n```\n\n### 熔断器\n\n```text\napiVersion: networking.istio.io/v1alpha3\nkind: DestinationRule\nmetadata:\n name: reviews\nspec:\n host: reviews\n subsets:\n - name: v1\n labels:\n version: v1\n trafficPolicy:\n connectionPool:\n tcp:\n maxConnections: 100\n\n```\n\n### 网关 Ingress 和 Eggress\n\n## 安全(Citadel)\n\n### TLS\n\n## 策略\n\n### 限速\n\n### 请求头和路由控制\n\n### Denials 和黑白名单\n\n通过 Istio 您可以根据 Mixer 中可用的任意属性来控制对服务的访问。 这种简单形式的访问控制是基于 Mixer 选择器的条件拒绝请求功能实现的。\n\n## 可观察性\n\n### 指标度量\n\n### 日志收集\n\n### 分布式链路跟踪(zipkip/skywalking/jaeger)\n\n## 网络可视化\n\ncompass 的 service mesh 功能\n\n- 服务拓扑 ✔︎\n- 服务列表 ✔︎\n- 灰度发布 ✔︎\n- 流量监控 ✔︎\n- 路由管理 ✔︎\n- 流量策略 ✔︎\n- 服务网关 ✔︎\n- 安全策略 ✺\n- 调用链跟踪 ✔︎\n- 资源列表 ✔︎\n\nGalley:Galley 代表其他的 Istio 控制平面组件,用来验证用户编写的 Istio API 配置\n\nCitadel:Citadel 通过内置身份和凭证管理赋能强大的服务间和最终用户身份验证。可用于升级服务网格中未加密的流量,并为运维人员提供基于服务标识而不是网络控制的强制执行策略的能力。\n\n策略执行模块(Mixer):负责在服务网格上执行访问控制和使用策略,并从智能代理(Envoy)和其他服务收集遥测数据。依据智能代理(Envoy)提供的属性执行策略。\n\nIstio 管理器(Pilot):负责收集和验证配置,并将其传播到各种 Istio 组件。它从策略执行模块(Mixer)和智能代理(Envoy)中抽取环境特定的实现细节,为他们提供用户服务的抽象表示,独立于底层平台。此外,流量管理规则(即通用 4 层规则和 7 层 HTTP/gRPC 路由规则)可以在运行时通过 Pilot 进行编程。\n\nPilot 相关的 CRD\n\n- Virtualservice:用于定义路由规则,如根据来源或 Header 制定规则,或在不同服务版本之间分拆流量。\n- DestinationRule:定义目的服务的配置策略以及可路由子集。策略包括断路器、负载均衡以及 TLS 等。\n- ServiceEntry:可以使用 ServiceEntry 向 Istio 中加入附加的服务条目,以使网格内可以向 istio 服务网格之外的服务发出请求。\n- Gateway:为网格配置网关,以允许一个服务可以被网格外部访问。\n- EnvoyFilter:可以为 Envoy 配置过滤器。由于 Envoy 已经支持 Lua 过滤器,因此可以通过 EnvoyFilter 启用 Lua 过滤器,动态改变 Envoy 的过滤链行为。我之前一直在考虑如何才能动态扩展 Envoy 的能力,EnvoyFilter 提供了很灵活的扩展性。\n- Sidecar:缺省情况下,Pilot 将会把和 Envoy Sidecar 所在 namespace 的所有 services 的相关配置,包括 inbound 和 outbound listenter, cluster, route 等,都下发给 Enovy。使用 Sidecar 可以对 Pilot 向 Envoy Sidcar 下发的配置进行更细粒度的调整,例如只向其下发该 Sidecar 所在服务需要访问的那些外部服务的相关 outbound 配置。\n\n## 数据平面\n\n在数据面有两个进程 Pilot-agent 和 envoy,这两个进程被放在一个 docker 容器 gcr.io/istio-release/proxyv2 中。\n\n```text\n{\n \"node\": {\n \"id\": \"sidecar~10.16.0.104~productpage-v1-65576bb7bf-djw4c.default~default.svc.cluster.local\",\n \"cluster\": \"productpage.default\",\n \"locality\": {\n },\n \"metadata\": {\"APP_CONTAINERS\":\"productpage\",\"CLUSTER_ID\":\"Kubernetes\",\"EXCHANGE_KEYS\":\"NAME,NAMESPACE,INSTANCE_IPS,LABELS,OWNER,PLATFORM_METADATA,WORKLOAD_NAME,MESH_ID,SERVICE_ACCOUNT,CLUSTER_ID\",\"INSTANCE_IPS\":\"10.16.0.104\",\"INTERCEPTION_MODE\":\"REDIRECT\",\"ISTIO_PROXY_SHA\":\"istio-proxy:262253d9d066f8ef7ed82fd175c28b8f95acbec0\",\"ISTIO_VERSION\":\"1.7.1\",\"LABELS\":{\"app\":\"productpage\",\"istio.io/rev\":\"default\",\"pod-template-hash\":\"65576bb7bf\",\"security.istio.io/tlsMode\":\"istio\",\"service.istio.io/canonical-name\":\"productpage\",\"service.istio.io/canonical-revision\":\"v1\",\"version\":\"v1\"},\"MESH_ID\":\"cluster.local\",\"NAME\":\"productpage-v1-65576bb7bf-djw4c\",\"NAMESPACE\":\"default\",\"OWNER\":\"kubernetes://apis/apps/v1/namespaces/default/deployments/productpage-v1\",\"POD_PORTS\":\"[{\\\"containerPort\\\":9080,\\\"protocol\\\":\\\"TCP\\\"}]\",\"PROXY_CONFIG\":{\"binaryPath\":\"/usr/local/bin/envoy\",\"concurrency\":2,\"configPath\":\"./etc/istio/proxy\",\"controlPlaneAuthPolicy\":\"MUTUAL_TLS\",\"discoveryAddress\":\"istiod.istio-system.svc:15012\",\"drainDuration\":\"45s\",\"envoyAccessLogService\":{},\"envoyMetricsService\":{},\"parentShutdownDuration\":\"60s\",\"proxyAdminPort\":15000,\"proxyMetadata\":{\"DNS_AGENT\":\"\"},\"serviceCluster\":\"productpage.default\",\"statNameLength\":189,\"statusPort\":15020,\"terminationDrainDuration\":\"5s\",\"tracing\":{\"zipkin\":{\"address\":\"zipkin.istio-system:9411\"}}},\"SDS\":\"true\",\"SERVICE_ACCOUNT\":\"bookinfo-productpage\",\"WORKLOAD_NAME\":\"productpage-v1\"}\n },\n \"layered_runtime\": {\n \"layers\": [\n {\n \"name\": \"deprecation\",\n \"static_layer\": {\n \"envoy.deprecated_features:envoy.config.listener.v3.Listener.hidden_envoy_deprecated_use_original_dst\": true\n }\n },\n {\n \"name\": \"admin\",\n \"admin_layer\": {}\n }\n ]\n },\n \"stats_config\": {\n \"use_all_default_tags\": false,\n \"stats_tags\": [\n {\n \"tag_name\": \"cluster_name\",\n \"regex\": \"^cluster\\\\.((.+?(\\\\..+?\\\\.svc\\\\.cluster\\\\.local)?)\\\\.)\"\n },\n {\n \"tag_name\": \"tcp_prefix\",\n \"regex\": \"^tcp\\\\.((.*?)\\\\.)\\\\w+?$\"\n },\n {\n \"regex\": \"(response_code=\\\\.=(.+?);\\\\.;)|_rq(_(\\\\.d{3}))$\",\n \"tag_name\": \"response_code\"\n },\n {\n \"tag_name\": \"response_code_class\",\n \"regex\": \"_rq(_(\\\\dxx))$\"\n },\n {\n \"tag_name\": \"http_conn_manager_listener_prefix\",\n \"regex\": \"^listener(?=\\\\.).*?\\\\.http\\\\.(((?:[_.[:digit:]]*|[_\\\\[\\\\]aAbBcCdDeEfF[:digit:]]*))\\\\.)\"\n },\n {\n \"tag_name\": \"http_conn_manager_prefix\",\n \"regex\": \"^http\\\\.(((?:[_.[:digit:]]*|[_\\\\[\\\\]aAbBcCdDeEfF[:digit:]]*))\\\\.)\"\n },\n {\n \"tag_name\": \"listener_address\",\n \"regex\": \"^listener\\\\.(((?:[_.[:digit:]]*|[_\\\\[\\\\]aAbBcCdDeEfF[:digit:]]*))\\\\.)\"\n },\n {\n \"tag_name\": \"mongo_prefix\",\n \"regex\": \"^mongo\\\\.(.+?)\\\\.(collection|cmd|cx_|op_|delays_|decoding_)(.*?)$\"\n },\n {\n \"regex\": \"(reporter=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"reporter\"\n },\n {\n \"regex\": \"(source_namespace=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"source_namespace\"\n },\n {\n \"regex\": \"(source_workload=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"source_workload\"\n },\n {\n \"regex\": \"(source_workload_namespace=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"source_workload_namespace\"\n },\n {\n \"regex\": \"(source_principal=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"source_principal\"\n },\n {\n \"regex\": \"(source_app=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"source_app\"\n },\n {\n \"regex\": \"(source_version=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"source_version\"\n },\n {\n \"regex\": \"(source_cluster=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"source_cluster\"\n },\n {\n \"regex\": \"(destination_namespace=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"destination_namespace\"\n },\n {\n \"regex\": \"(destination_workload=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"destination_workload\"\n },\n {\n \"regex\": \"(destination_workload_namespace=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"destination_workload_namespace\"\n },\n {\n \"regex\": \"(destination_principal=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"destination_principal\"\n },\n {\n \"regex\": \"(destination_app=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"destination_app\"\n },\n {\n \"regex\": \"(destination_version=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"destination_version\"\n },\n {\n \"regex\": \"(destination_service=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"destination_service\"\n },\n {\n \"regex\": \"(destination_service_name=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"destination_service_name\"\n },\n {\n \"regex\": \"(destination_service_namespace=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"destination_service_namespace\"\n },\n {\n \"regex\": \"(destination_port=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"destination_port\"\n },\n {\n \"regex\": \"(destination_cluster=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"destination_cluster\"\n },\n {\n \"regex\": \"(request_protocol=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"request_protocol\"\n },\n {\n \"regex\": \"(request_operation=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"request_operation\"\n },\n {\n \"regex\": \"(request_host=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"request_host\"\n },\n {\n \"regex\": \"(response_flags=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"response_flags\"\n },\n {\n \"regex\": \"(grpc_response_status=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"grpc_response_status\"\n },\n {\n \"regex\": \"(connection_security_policy=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"connection_security_policy\"\n },\n {\n \"regex\": \"(permissive_response_code=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"permissive_response_code\"\n },\n {\n \"regex\": \"(permissive_response_policyid=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"permissive_response_policyid\"\n },\n {\n \"regex\": \"(source_canonical_service=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"source_canonical_service\"\n },\n {\n \"regex\": \"(destination_canonical_service=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"destination_canonical_service\"\n },\n {\n \"regex\": \"(source_canonical_revision=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"source_canonical_revision\"\n },\n {\n \"regex\": \"(destination_canonical_revision=\\\\.=(.*?);\\\\.;)\",\n \"tag_name\": \"destination_canonical_revision\"\n },\n {\n \"regex\": \"(cache\\\\.(.+?)\\\\.)\",\n \"tag_name\": \"cache\"\n },\n {\n \"regex\": \"(component\\\\.(.+?)\\\\.)\",\n \"tag_name\": \"component\"\n },\n {\n \"regex\": \"(tag\\\\.(.+?);\\\\.)\",\n \"tag_name\": \"tag\"\n },\n {\n \"regex\": \"(wasm_filter\\\\.(.+?)\\\\.)\",\n \"tag_name\": \"wasm_filter\"\n }\n ],\n \"stats_matcher\": {\n \"inclusion_list\": {\n \"patterns\": [\n {\n \"prefix\": \"reporter=\"\n },\n {\n \"prefix\": \"cluster_manager\"\n },\n {\n \"prefix\": \"listener_manager\"\n },\n {\n \"prefix\": \"http_mixer_filter\"\n },\n {\n \"prefix\": \"tcp_mixer_filter\"\n },\n {\n \"prefix\": \"server\"\n },\n {\n \"prefix\": \"cluster.xds-grpc\"\n },\n {\n \"prefix\": \"wasm\"\n },\n {\n \"prefix\": \"component\"\n }\n ]\n }\n }\n },\n \"admin\": {\n \"access_log_path\": \"/dev/null\",\n \"profile_path\": \"/var/lib/istio/data/envoy.prof\",\n \"address\": {\n \"socket_address\": {\n \"address\": \"127.0.0.1\",\n \"port_value\": 15000\n }\n }\n },\n \"dynamic_resources\": {\n \"lds_config\": {\n \"ads\": {},\n \"resource_api_version\": \"V3\"\n },\n \"cds_config\": {\n \"ads\": {},\n \"resource_api_version\": \"V3\"\n },\n \"ads_config\": {\n \"api_type\": \"GRPC\",\n \"transport_api_version\": \"V3\",\n \"grpc_services\": [\n {\n \"envoy_grpc\": {\n \"cluster_name\": \"xds-grpc\"\n }\n }\n ]\n }\n },\n \"static_resources\": {\n \"clusters\": [\n {\n \"name\": \"prometheus_stats\",\n \"type\": \"STATIC\",\n \"connect_timeout\": \"0.250s\",\n \"lb_policy\": \"ROUND_ROBIN\",\n \"load_assignment\": {\n \"cluster_name\": \"prometheus_stats\",\n \"endpoints\": [{\n \"lb_endpoints\": [{\n \"endpoint\": {\n \"address\":{\n \"socket_address\": {\n \"protocol\": \"TCP\",\n \"address\": \"127.0.0.1\",\n \"port_value\": 15000\n }\n }\n }\n }]\n }]\n }\n },\n {\n \"name\": \"agent\",\n \"type\": \"STATIC\",\n \"connect_timeout\": \"0.250s\",\n \"lb_policy\": \"ROUND_ROBIN\",\n \"load_assignment\": {\n \"cluster_name\": \"prometheus_stats\",\n \"endpoints\": [{\n \"lb_endpoints\": [{\n \"endpoint\": {\n \"address\":{\n \"socket_address\": {\n \"protocol\": \"TCP\",\n \"address\": \"127.0.0.1\",\n \"port_value\": 15020\n }\n }\n }\n }]\n }]\n }\n },\n {\n \"name\": \"sds-grpc\",\n \"type\": \"STATIC\",\n \"http2_protocol_options\": {},\n \"connect_timeout\": \"1s\",\n \"lb_policy\": \"ROUND_ROBIN\",\n \"load_assignment\": {\n \"cluster_name\": \"sds-grpc\",\n \"endpoints\": [{\n \"lb_endpoints\": [{\n \"endpoint\": {\n \"address\":{\n \"pipe\": {\n \"path\": \"./etc/istio/proxy/SDS\"\n }\n }\n }\n }]\n }]\n }\n },\n {\n \"name\": \"xds-grpc\",\n \"type\": \"STRICT_DNS\",\n \"respect_dns_ttl\": true,\n \"dns_lookup_family\": \"V4_ONLY\",\n \"connect_timeout\": \"1s\",\n \"lb_policy\": \"ROUND_ROBIN\",\n \"transport_socket\": {\n \"name\": \"envoy.transport_sockets.tls\",\n \"typed_config\": {\n \"@type\": \"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext\",\n \"sni\": \"istiod.istio-system.svc\",\n \"common_tls_context\": {\n \"alpn_protocols\": [\n \"h2\"\n ],\n \"tls_certificate_sds_secret_configs\": [\n {\n \"name\": \"default\",\n \"sds_config\": {\n \"resource_api_version\": \"V3\",\n \"initial_fetch_timeout\": \"0s\",\n \"api_config_source\": {\n \"api_type\": \"GRPC\",\n \"transport_api_version\": \"V3\",\n \"grpc_services\": [\n {\n \"envoy_grpc\": { \"cluster_name\": \"sds-grpc\" }\n }\n ]\n }\n }\n }\n ],\n \"validation_context\": {\n \"trusted_ca\": {\n \"filename\": \"./var/run/secrets/istio/root-cert.pem\"\n },\n \"match_subject_alt_names\": [{\"exact\":\"istiod.istio-system.svc\"}]\n }\n }\n }\n },\n \"load_assignment\": {\n \"cluster_name\": \"xds-grpc\",\n \"endpoints\": [{\n \"lb_endpoints\": [{\n \"endpoint\": {\n \"address\":{\n \"socket_address\": {\"address\": \"istiod.istio-system.svc\", \"port_value\": 15012}\n }\n }\n }]\n }]\n },\n \"circuit_breakers\": {\n \"thresholds\": [\n {\n \"priority\": \"DEFAULT\",\n \"max_connections\": 100000,\n \"max_pending_requests\": 100000,\n \"max_requests\": 100000\n },\n {\n \"priority\": \"HIGH\",\n \"max_connections\": 100000,\n \"max_pending_requests\": 100000,\n \"max_requests\": 100000\n }\n ]\n },\n \"upstream_connection_options\": {\n \"tcp_keepalive\": {\n \"keepalive_time\": 300\n }\n },\n \"max_requests_per_connection\": 1,\n \"http2_protocol_options\": { }\n }\n\n ,\n {\n \"name\": \"zipkin\",\n \"type\": \"STRICT_DNS\",\n \"respect_dns_ttl\": true,\n \"dns_lookup_family\": \"V4_ONLY\",\n \"connect_timeout\": \"1s\",\n \"lb_policy\": \"ROUND_ROBIN\",\n \"load_assignment\": {\n \"cluster_name\": \"zipkin\",\n \"endpoints\": [{\n \"lb_endpoints\": [{\n \"endpoint\": {\n \"address\":{\n \"socket_address\": {\"address\": \"zipkin.istio-system\", \"port_value\": 9411}\n }\n }\n }]\n }]\n }\n }\n\n\n ],\n \"listeners\":[\n {\n \"address\": {\n \"socket_address\": {\n \"protocol\": \"TCP\",\n \"address\": \"0.0.0.0\",\n \"port_value\": 15090\n }\n },\n \"filter_chains\": [\n {\n \"filters\": [\n {\n \"name\": \"envoy.http_connection_manager\",\n \"typed_config\": {\n \"@type\": \"type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager\",\n \"codec_type\": \"AUTO\",\n \"stat_prefix\": \"stats\",\n \"route_config\": {\n \"virtual_hosts\": [\n {\n \"name\": \"backend\",\n \"domains\": [\n \"*\"\n ],\n \"routes\": [\n {\n \"match\": {\n \"prefix\": \"/stats/prometheus\"\n },\n \"route\": {\n \"cluster\": \"prometheus_stats\"\n }\n }\n ]\n }\n ]\n },\n \"http_filters\": [{\n \"name\": \"envoy.router\",\n \"typed_config\": {\n \"@type\": \"type.googleapis.com/envoy.extensions.filters.http.router.v3.Router\"\n }\n }]\n }\n }\n ]\n }\n ]\n },\n {\n \"address\": {\n \"socket_address\": {\n \"protocol\": \"TCP\",\n \"address\": \"0.0.0.0\",\n \"port_value\": 15021\n }\n },\n \"filter_chains\": [\n {\n \"filters\": [\n {\n \"name\": \"envoy.http_connection_manager\",\n \"typed_config\": {\n \"@type\": \"type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager\",\n \"codec_type\": \"AUTO\",\n \"stat_prefix\": \"agent\",\n \"route_config\": {\n \"virtual_hosts\": [\n {\n \"name\": \"backend\",\n \"domains\": [\n \"*\"\n ],\n \"routes\": [\n {\n \"match\": {\n \"prefix\": \"/healthz/ready\"\n },\n \"route\": {\n \"cluster\": \"agent\"\n }\n }\n ]\n }\n ]\n },\n \"http_filters\": [{\n \"name\": \"envoy.router\",\n \"typed_config\": {\n \"@type\": \"type.googleapis.com/envoy.extensions.filters.http.router.v3.Router\"\n }\n }]\n }\n }\n ]\n }\n ]\n }\n ]\n }\n ,\n \"tracing\": {\n \"http\": {\n \"name\": \"envoy.zipkin\",\n \"typed_config\": {\n \"@type\": \"type.googleapis.com/envoy.config.trace.v3.ZipkinConfig\",\n \"collector_cluster\": \"zipkin\",\n \"collector_endpoint\": \"/api/v2/spans\",\n \"collector_endpoint_version\": \"HTTP_JSON\",\n \"trace_id_128bit\": true,\n \"shared_span_context\": false\n }\n }\n }\n\n\n}\n```\n\n## 部署模型\n\n### 单一集群\n\n一个集群和一个单一的 istio 网络模型\n\n### 多集群\n\n单个服务欧网格配置成为多集群\n\n- 故障隔离和转移:当 cluster-1 下线业务将转移至 cluster-2\n- 位置感知路由和故障转移: 支持不同级别的可用信\n- 多种控制平面模型\n- 团队或项目隔离:每个团队仅运行自己的集群\n\n## 性能\n\n1000 个服务和 2000 个 sidecar,全网格内 QPS 为 70000,Isito 的结果:\n\n- 通过大力的 QPS 有 1000 时,Envoy 使用了 0.5vCPU 和 50MB 内存\n- 网格总的 QPS 为 1000 时,istio-telemetry 服务使用了 0.6vCPU\n- Pilot 使用了 1vCPU 和 1.5G 内存\n- 90%的情况 Envoy 代理只增加了 6.3ms 的延迟\n\n## Pod 和 Service\n\nk8s 集群中的 Pod 和 Service 必须满足以下要求:\n\n- 命名的服务端口: Service 的端口必须命名,端口名键值对必须按以下格式: name:\u003cprotocol\u003e[-\u003csuffix\u003e]\n- Service 关联:每个 Pod 必须至少属于一个 Kubernetes Service,不管这个 Pod 是否对外暴露端口。\n- 带有 app 和 version 标签(label)的 Deployment:\n - app 标签:每个部署配置应该有一个不同的 app 标签并且该标签的值具有一定的意义。app label 用于在分布式链路追踪添加上下文信息。\n - verion 标签:这个标签用于在特定的方式部署应用中表示版本\n\n## 流量管理\n\n- 协议选择:Istio 默认支持代理所有 TCP 流量,但为了提供附加的能力,比如路由和丰富的指标,使用什么协议必须被确定。协议可以被自动检测或者明确的声明确定。\n- 地域负载均衡:地理位置通常代表数据中心。Istio 使用该信息来优化负载均衡池,用以控制请求发送到的地理位置。 默认开启。\n\n## 可观测性\n\n- Envoy 的统计信息只覆盖了特定 Envoy 实例的流量。参考可观测性 了解关于服务级别的 Istio 遥测方面的内容。这些由 Envoy 代理产生的统计数据记录能够提供更多关于 pod 实例的具体信息:\n\n```text\n[devops_root@ali-tekton-CI-devops-dev-01 ~]$ k exec productpage-v1-65576bb7bf-djw4c -c istio-proxy -- pilot-agent request GET stats\ncluster_manager.cds.version_text: \"2020-09-18T09:42:08Z/26\"\nlistener_manager.lds.version_text: \"2020-09-18T09:42:08Z/26\"\ncluster.xds-grpc.assignment_stale: 0\ncluster.xds-grpc.assignment_timeout_received: 0\ncluster.xds-grpc.bind_errors: 0\ncluster.xds-grpc.circuit_breakers.default.cx_open: 0\ncluster.xds-grpc.circuit_breakers.default.cx_pool_open: 0\ncluster.xds-grpc.circuit_breakers.default.rq_open: 0\ncluster.xds-grpc.circuit_breakers.default.rq_pending_open: 0\ncluster.xds-grpc.circuit_breakers.default.rq_retry_open: 0\ncluster.xds-grpc.circuit_breakers.high.cx_open: 0\ncluster.xds-grpc.circuit_breakers.high.cx_pool_open: 0\ncluster.xds-grpc.circuit_breakers.high.rq_open: 0\ncluster.xds-grpc.circuit_breakers.high.rq_pending_open: 0\ncluster.xds-grpc.circuit_breakers.high.rq_retry_open: 0\ncluster.xds-grpc.client_ssl_socket_factory.downstream_context_secrets_not_ready: 0\ncluster.xds-grpc.client_ssl_socket_factory.ssl_context_update_by_sds: 12\ncluster.xds-grpc.client_ssl_socket_factory.upstream_context_secrets_not_ready: 0\ncluster.xds-grpc.default.total_match_count: 19946\ncluster.xds-grpc.http2.dropped_headers_with_underscores: 0\ncluster.xds-grpc.http2.header_overflow: 0\ncluster.xds-grpc.http2.headers_cb_no_stream: 0\ncluster.xds-grpc.http2.inbound_empty_frames_flood: 0\ncluster.xds-grpc.http2.inbound_priority_frames_flood: 0\ncluster.xds-grpc.http2.inbound_window_update_frames_flood: 0\ncluster.xds-grpc.http2.outbound_control_flood: 0\ncluster.xds-grpc.http2.outbound_flood: 0\ncluster.xds-grpc.http2.pending_send_bytes: 0\ncluster.xds-grpc.http2.requests_rejected_with_underscores_in_headers: 0\ncluster.xds-grpc.http2.rx_messaging_error: 0\ncluster.xds-grpc.http2.rx_reset: 0\ncluster.xds-grpc.http2.streams_active: 1\ncluster.xds-grpc.http2.too_many_header_frames: 0\ncluster.xds-grpc.http2.trailers: 0\ncluster.xds-grpc.http2.tx_flush_timeout: 0\ncluster.xds-grpc.http2.tx_reset: 0\ncluster.xds-grpc.internal.upstream_rq_200: 285\ncluster.xds-grpc.internal.upstream_rq_2xx: 285\ncluster.xds-grpc.internal.upstream_rq_503: 3\ncluster.xds-grpc.internal.upstream_rq_5xx: 3\ncluster.xds-grpc.internal.upstream_rq_completed: 288\ncluster.xds-grpc.lb_healthy_panic: 3\ncluster.xds-grpc.lb_local_cluster_not_ok: 0\ncluster.xds-grpc.lb_recalculate_zone_structures: 0\ncluster.xds-grpc.lb_subsets_active: 0\ncluster.xds-grpc.lb_subsets_created: 0\ncluster.xds-grpc.lb_subsets_fallback: 0\ncluster.xds-grpc.lb_subsets_fallback_panic: 0\ncluster.xds-grpc.lb_subsets_removed: 0\ncluster.xds-grpc.lb_subsets_selected: 0\ncluster.xds-grpc.lb_zone_cluster_too_small: 0\ncluster.xds-grpc.lb_zone_no_capacity_left: 0\ncluster.xds-grpc.lb_zone_number_differs: 0\ncluster.xds-grpc.lb_zone_routing_all_directly: 0\ncluster.xds-grpc.lb_zone_routing_cross_zone: 0\ncluster.xds-grpc.lb_zone_routing_sampled: 0\ncluster.xds-grpc.max_host_weight: 1\ncluster.xds-grpc.membership_change: 1\ncluster.xds-grpc.membership_degraded: 0\ncluster.xds-grpc.membership_excluded: 0\ncluster.xds-grpc.membership_healthy: 1\ncluster.xds-grpc.membership_total: 1\ncluster.xds-grpc.original_dst_host_invalid: 0\ncluster.xds-grpc.retry_or_shadow_abandoned: 0\ncluster.xds-grpc.ssl.ciphers.ECDHE-RSA-AES128-GCM-SHA256: 285\ncluster.xds-grpc.ssl.connection_error: 0\ncluster.xds-grpc.ssl.curves.X25519: 285\ncluster.xds-grpc.ssl.fail_verify_cert_hash: 0\ncluster.xds-grpc.ssl.fail_verify_error: 0\ncluster.xds-grpc.ssl.fail_verify_no_cert: 0\ncluster.xds-grpc.ssl.fail_verify_san: 0\ncluster.xds-grpc.ssl.handshake: 285\ncluster.xds-grpc.ssl.no_certificate: 0\ncluster.xds-grpc.ssl.session_reused: 216\ncluster.xds-grpc.ssl.sigalgs.rsa_pss_rsae_sha256: 285\ncluster.xds-grpc.ssl.versions.TLSv1.2: 285\ncluster.xds-grpc.update_attempt: 19946\ncluster.xds-grpc.update_empty: 0\ncluster.xds-grpc.update_failure: 0\ncluster.xds-grpc.update_no_rebuild: 19945\ncluster.xds-grpc.update_success: 19946\ncluster.xds-grpc.upstream_cx_active: 1\ncluster.xds-grpc.upstream_cx_close_notify: 284\ncluster.xds-grpc.upstream_cx_connect_attempts_exceeded: 0\ncluster.xds-grpc.upstream_cx_connect_fail: 0\ncluster.xds-grpc.upstream_cx_connect_timeout: 0\ncluster.xds-grpc.upstream_cx_destroy: 284\ncluster.xds-grpc.upstream_cx_destroy_local: 0\ncluster.xds-grpc.upstream_cx_destroy_local_with_active_rq: 0\ncluster.xds-grpc.upstream_cx_destroy_remote: 284\ncluster.xds-grpc.upstream_cx_destroy_remote_with_active_rq: 284\ncluster.xds-grpc.upstream_cx_destroy_with_active_rq: 284\ncluster.xds-grpc.upstream_cx_http1_total: 0\ncluster.xds-grpc.upstream_cx_http2_total: 285\ncluster.xds-grpc.upstream_cx_idle_timeout: 0\ncluster.xds-grpc.upstream_cx_max_requests: 285\ncluster.xds-grpc.upstream_cx_none_healthy: 3\ncluster.xds-grpc.upstream_cx_overflow: 0\ncluster.xds-grpc.upstream_cx_pool_overflow: 0\ncluster.xds-grpc.upstream_cx_protocol_error: 0\ncluster.xds-grpc.upstream_cx_rx_bytes_buffered: 17\ncluster.xds-grpc.upstream_cx_rx_bytes_total: 49678276\ncluster.xds-grpc.upstream_cx_total: 285\ncluster.xds-grpc.upstream_cx_tx_bytes_buffered: 0\ncluster.xds-grpc.upstream_cx_tx_bytes_total: 29267888\ncluster.xds-grpc.upstream_flow_control_backed_up_total: 0\ncluster.xds-grpc.upstream_flow_control_drained_total: 0\ncluster.xds-grpc.upstream_flow_control_paused_reading_total: 0\ncluster.xds-grpc.upstream_flow_control_resumed_reading_total: 0\ncluster.xds-grpc.upstream_internal_redirect_failed_total: 0\ncluster.xds-grpc.upstream_internal_redirect_succeeded_total: 0\ncluster.xds-grpc.upstream_rq_200: 285\ncluster.xds-grpc.upstream_rq_2xx: 285\ncluster.xds-grpc.upstream_rq_503: 3\ncluster.xds-grpc.upstream_rq_5xx: 3\ncluster.xds-grpc.upstream_rq_active: 1\ncluster.xds-grpc.upstream_rq_cancelled: 0\ncluster.xds-grpc.upstream_rq_completed: 288\ncluster.xds-grpc.upstream_rq_maintenance_mode: 0\ncluster.xds-grpc.upstream_rq_max_duration_reached: 0\ncluster.xds-grpc.upstream_rq_pending_active: 0\ncluster.xds-grpc.upstream_rq_pending_failure_eject: 284\ncluster.xds-grpc.upstream_rq_pending_overflow: 0\ncluster.xds-grpc.upstream_rq_pending_total: 285\ncluster.xds-grpc.upstream_rq_per_try_timeout: 0\ncluster.xds-grpc.upstream_rq_retry: 0\ncluster.xds-grpc.upstream_rq_retry_limit_exceeded: 0\ncluster.xds-grpc.upstream_rq_retry_overflow: 0\ncluster.xds-grpc.upstream_rq_retry_success: 0\ncluster.xds-grpc.upstream_rq_rx_reset: 0\ncluster.xds-grpc.upstream_rq_timeout: 0\ncluster.xds-grpc.upstream_rq_total: 285\ncluster.xds-grpc.upstream_rq_tx_reset: 0\ncluster.xds-grpc.version: 0\ncluster_manager.active_clusters: 45\ncluster_manager.cds.init_fetch_timeout: 0\ncluster_manager.cds.update_attempt: 585\ncluster_manager.cds.update_failure: 284\ncluster_manager.cds.update_rejected: 0\ncluster_manager.cds.update_success: 300\ncluster_manager.cds.update_time: 1600671023819\ncluster_manager.cds.version: 11549674845441926298\ncluster_manager.cluster_added: 45\ncluster_manager.cluster_modified: 7\ncluster_manager.cluster_removed: 0\ncluster_manager.cluster_updated: 3\ncluster_manager.cluster_updated_via_merge: 0\ncluster_manager.update_merge_cancelled: 0\ncluster_manager.update_out_of_merge_window: 0\ncluster_manager.warming_clusters: 0\ncomponent.proxy.tag.1.7.1;._istio_build: 1\nlistener_manager.lds.init_fetch_timeout: 0\nlistener_manager.lds.update_attempt: 585\nlistener_manager.lds.update_failure: 284\nlistener_manager.lds.update_rejected: 0\nlistener_manager.lds.update_success: 300\nlistener_manager.lds.update_time: 1600671023827\nlistener_manager.lds.version: 11549674845441926298\nlistener_manager.listener_added: 32\nlistener_manager.listener_create_failure: 0\nlistener_manager.listener_create_success: 64\nlistener_manager.listener_in_place_updated: 0\nlistener_manager.listener_modified: 0\nlistener_manager.listener_removed: 0\nlistener_manager.listener_stopped: 0\nlistener_manager.total_filter_chains_draining: 0\nlistener_manager.total_listeners_active: 32\nlistener_manager.total_listeners_draining: 0\nlistener_manager.total_listeners_warming: 0\nlistener_manager.workers_started: 1\nreporter=.=destination;.;source_workload=.=istio-ingressgateway;.;source_workload_namespace=.=istio-system;.;source_principal=.=spiffe://cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account;.;source_app=.=istio-ingressgateway;.;source_version=.=unknown;.;source_canonical_service=.=istio-ingressgateway;.;source_canonical_revision=.=latest;.;destination_workload=.=productpage-v1;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;destination_app=.=productpage;.;destination_version=.=v1;.;destination_service=.=productpage.default.svc.cluster.local;.;destination_service_name=.=productpage;.;destination_service_namespace=.=default;.;destination_canonical_service=.=productpage;.;destination_canonical_revision=.=v1;.;request_protocol=.=http;.;response_code=.=0;.;grpc_response_status=.=;.;response_flags=.=DC;.;connection_security_policy=.=mutual_tls;.;_istio_requests_total: 1\nreporter=.=destination;.;source_workload=.=istio-ingressgateway;.;source_workload_namespace=.=istio-system;.;source_principal=.=spiffe://cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account;.;source_app=.=istio-ingressgateway;.;source_version=.=unknown;.;source_canonical_service=.=istio-ingressgateway;.;source_canonical_revision=.=latest;.;destination_workload=.=productpage-v1;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;destination_app=.=productpage;.;destination_version=.=v1;.;destination_service=.=productpage.default.svc.cluster.local;.;destination_service_name=.=productpage;.;destination_service_namespace=.=default;.;destination_canonical_service=.=productpage;.;destination_canonical_revision=.=v1;.;request_protocol=.=http;.;response_code=.=200;.;grpc_response_status=.=;.;response_flags=.=-;.;connection_security_policy=.=mutual_tls;.;_istio_requests_total: 86\nreporter=.=destination;.;source_workload=.=ratings-v1;.;source_workload_namespace=.=default;.;source_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-ratings;.;source_app=.=ratings;.;source_version=.=v1;.;source_canonical_service=.=ratings;.;source_canonical_revision=.=v1;.;destination_workload=.=productpage-v1;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;destination_app=.=productpage;.;destination_version=.=v1;.;destination_service=.=productpage.default.svc.cluster.local;.;destination_service_name=.=productpage;.;destination_service_namespace=.=default;.;destination_canonical_service=.=productpage;.;destination_canonical_revision=.=v1;.;request_protocol=.=http;.;response_code=.=200;.;grpc_response_status=.=;.;response_flags=.=-;.;connection_security_policy=.=mutual_tls;.;_istio_requests_total: 1\nreporter=.=source;.;source_workload=.=productpage-v1;.;source_workload_namespace=.=default;.;source_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;source_app=.=productpage;.;source_version=.=v1;.;source_canonical_service=.=productpage;.;source_canonical_revision=.=v1;.;destination_workload=.=details-v1;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-details;.;destination_app=.=details;.;destination_version=.=v1;.;destination_service=.=details.default.svc.cluster.local;.;destination_service_name=.=details;.;destination_service_namespace=.=default;.;destination_canonical_service=.=details;.;destination_canonical_revision=.=v1;.;request_protocol=.=http;.;response_code=.=200;.;grpc_response_status=.=;.;response_flags=.=-;.;connection_security_policy=.=unknown;.;_istio_requests_total: 77\nreporter=.=source;.;source_workload=.=productpage-v1;.;source_workload_namespace=.=default;.;source_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;source_app=.=productpage;.;source_version=.=v1;.;source_canonical_service=.=productpage;.;source_canonical_revision=.=v1;.;destination_workload=.=reviews-v1;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-reviews;.;destination_app=.=reviews;.;destination_version=.=v1;.;destination_service=.=reviews.default.svc.cluster.local;.;destination_service_name=.=reviews;.;destination_service_namespace=.=default;.;destination_canonical_service=.=reviews;.;destination_canonical_revision=.=v1;.;request_protocol=.=http;.;response_code=.=200;.;grpc_response_status=.=;.;response_flags=.=-;.;connection_security_policy=.=unknown;.;_istio_requests_total: 26\nreporter=.=source;.;source_workload=.=productpage-v1;.;source_workload_namespace=.=default;.;source_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;source_app=.=productpage;.;source_version=.=v1;.;source_canonical_service=.=productpage;.;source_canonical_revision=.=v1;.;destination_workload=.=reviews-v2;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-reviews;.;destination_app=.=reviews;.;destination_version=.=v2;.;destination_service=.=reviews.default.svc.cluster.local;.;destination_service_name=.=reviews;.;destination_service_namespace=.=default;.;destination_canonical_service=.=reviews;.;destination_canonical_revision=.=v2;.;request_protocol=.=http;.;response_code=.=200;.;grpc_response_status=.=;.;response_flags=.=-;.;connection_security_policy=.=unknown;.;_istio_requests_total: 26\nreporter=.=source;.;source_workload=.=productpage-v1;.;source_workload_namespace=.=default;.;source_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;source_app=.=productpage;.;source_version=.=v1;.;source_canonical_service=.=productpage;.;source_canonical_revision=.=v1;.;destination_workload=.=reviews-v3;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-reviews;.;destination_app=.=reviews;.;destination_version=.=v3;.;destination_service=.=reviews.default.svc.cluster.local;.;destination_service_name=.=reviews;.;destination_service_namespace=.=default;.;destination_canonical_service=.=reviews;.;destination_canonical_revision=.=v3;.;request_protocol=.=http;.;response_code=.=200;.;grpc_response_status=.=;.;response_flags=.=-;.;connection_security_policy=.=unknown;.;_istio_requests_total: 25\nserver.concurrency: 2\nserver.days_until_first_cert_expiring: 0\nserver.debug_assertion_failures: 0\nserver.dynamic_unknown_fields: 0\nserver.envoy_bug_failures: 0\nserver.hot_restart_epoch: 0\nserver.hot_restart_generation: 1\nserver.live: 1\nserver.main_thread.watchdog_mega_miss: 0\nserver.main_thread.watchdog_miss: 0\nserver.memory_allocated: 13913728\nserver.memory_heap_size: 20971520\nserver.memory_physical_size: 23592960\nserver.parent_connections: 0\nserver.state: 0\nserver.static_unknown_fields: 0\nserver.stats_recent_lookups: 148952\nserver.total_connections: 1\nserver.uptime: 513410\nserver.version: 2499155\nserver.watchdog_mega_miss: 0\nserver.watchdog_miss: 0\nserver.worker_0.watchdog_mega_miss: 0\nserver.worker_0.watchdog_miss: 0\nserver.worker_1.watchdog_mega_miss: 0\nserver.worker_1.watchdog_miss: 0\nwasm.envoy.wasm.runtime.null.active: 20\nwasm.envoy.wasm.runtime.null.created: 25\nwasm_filter.stats_filter.cache.hit.metric_cache_count: 100\nwasm_filter.stats_filter.cache.miss.metric_cache_count: 11\nwasm_vm.null.active: 20\nwasm_vm.null.cloned: 0\nwasm_vm.null.created: 25\ncluster.xds-grpc.upstream_cx_connect_ms: P0(nan,1.0) P25(nan,1.0378989361702127) P50(nan,1.0757978723404256) P75(nan,2.0953703703703703) P90(nan,5.010869565217392) P95(nan,5.072826086956522) P99(nan,7.038333333333332) P99.5(nan,7.0858333333333325) P99.9(nan,9.071499999999997) P100(nan,9.1)\ncluster.xds-grpc.upstream_cx_length_ms: P0(nan,1600000.0) P25(nan,1708860.759493671) P50(nan,1798734.17721519) P75(nan,1900000.0) P90(nan,1960000.0) P95(nan,1980000.0) P99(nan,1996000.0) P99.5(nan,1998000.0) P99.9(nan,1999600.0) P100(nan,2000000.0)\nreporter=.=destination;.;source_workload=.=istio-ingressgateway;.;source_workload_namespace=.=istio-system;.;source_principal=.=spiffe://cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account;.;source_app=.=istio-ingressgateway;.;source_version=.=unknown;.;source_canonical_service=.=istio-ingressgateway;.;source_canonical_revision=.=latest;.;destination_workload=.=productpage-v1;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;destination_app=.=productpage;.;destination_version=.=v1;.;destination_service=.=productpage.default.svc.cluster.local;.;destination_service_name=.=productpage;.;destination_service_namespace=.=default;.;destination_canonical_service=.=productpage;.;destination_canonical_revision=.=v1;.;request_protocol=.=http;.;response_code=.=0;.;grpc_response_status=.=;.;response_flags=.=DC;.;connection_security_policy=.=mutual_tls;.;_istio_request_bytes: P0(nan,1100.0) P25(nan,1125.0) P50(nan,1150.0) P75(nan,1175.0) P90(nan,1190.0) P95(nan,1195.0) P99(nan,1199.0) P99.5(nan,1199.5) P99.9(nan,1199.9) P100(nan,1200.0)\nreporter=.=destination;.;source_workload=.=istio-ingressgateway;.;source_workload_namespace=.=istio-system;.;source_principal=.=spiffe://cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account;.;source_app=.=istio-ingressgateway;.;source_version=.=unknown;.;source_canonical_service=.=istio-ingressgateway;.;source_canonical_revision=.=latest;.;destination_workload=.=productpage-v1;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;destination_app=.=productpage;.;destination_version=.=v1;.;destination_service=.=productpage.default.svc.cluster.local;.;destination_service_name=.=productpage;.;destination_service_namespace=.=default;.;destination_canonical_service=.=productpage;.;destination_canonical_revision=.=v1;.;request_protocol=.=http;.;response_code=.=0;.;grpc_response_status=.=;.;response_flags=.=DC;.;connection_security_policy=.=mutual_tls;.;_istio_request_duration_milliseconds: P0(nan,0.0) P25(nan,0.0) P50(nan,0.0) P75(nan,0.0) P90(nan,0.0) P95(nan,0.0) P99(nan,0.0) P99.5(nan,0.0) P99.9(nan,0.0) P100(nan,0.0)\nreporter=.=destination;.;source_workload=.=istio-ingressgateway;.;source_workload_namespace=.=istio-system;.;source_principal=.=spiffe://cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account;.;source_app=.=istio-ingressgateway;.;source_version=.=unknown;.;source_canonical_service=.=istio-ingressgateway;.;source_canonical_revision=.=latest;.;destination_workload=.=productpage-v1;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;destination_app=.=productpage;.;destination_version=.=v1;.;destination_service=.=productpage.default.svc.cluster.local;.;destination_service_name=.=productpage;.;destination_service_namespace=.=default;.;destination_canonical_service=.=productpage;.;destination_canonical_revision=.=v1;.;request_protocol=.=http;.;response_code=.=0;.;grpc_response_status=.=;.;response_flags=.=DC;.;connection_security_policy=.=mutual_tls;.;_istio_response_bytes: P0(nan,0.0) P25(nan,0.0) P50(nan,0.0) P75(nan,0.0) P90(nan,0.0) P95(nan,0.0) P99(nan,0.0) P99.5(nan,0.0) P99.9(nan,0.0) P100(nan,0.0)\nreporter=.=destination;.;source_workload=.=istio-ingressgateway;.;source_workload_namespace=.=istio-system;.;source_principal=.=spiffe://cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account;.;source_app=.=istio-ingressgateway;.;source_version=.=unknown;.;source_canonical_service=.=istio-ingressgateway;.;source_canonical_revision=.=latest;.;destination_workload=.=productpage-v1;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;destination_app=.=productpage;.;destination_version=.=v1;.;destination_service=.=productpage.default.svc.cluster.local;.;destination_service_name=.=productpage;.;destination_service_namespace=.=default;.;destination_canonical_service=.=productpage;.;destination_canonical_revision=.=v1;.;request_protocol=.=http;.;response_code=.=200;.;grpc_response_status=.=;.;response_flags=.=-;.;connection_security_policy=.=mutual_tls;.;_istio_request_bytes: P0(nan,610.0) P25(nan,1110.4166666666667) P50(nan,1140.2777777777778) P75(nan,1170.138888888889) P90(nan,1188.0555555555557) P95(nan,1194.0277777777778) P99(nan,1198.8055555555557) P99.5(nan,1199.4027777777778) P99.9(nan,1199.8805555555555) P100(nan,1200.0)\nreporter=.=destination;.;source_workload=.=istio-ingressgateway;.;source_workload_namespace=.=istio-system;.;source_principal=.=spiffe://cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account;.;source_app=.=istio-ingressgateway;.;source_version=.=unknown;.;source_canonical_service=.=istio-ingressgateway;.;source_canonical_revision=.=latest;.;destination_workload=.=productpage-v1;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;destination_app=.=productpage;.;destination_version=.=v1;.;destination_service=.=productpage.default.svc.cluster.local;.;destination_service_name=.=productpage;.;destination_service_namespace=.=default;.;destination_canonical_service=.=productpage;.;destination_canonical_revision=.=v1;.;request_protocol=.=http;.;response_code=.=200;.;grpc_response_status=.=;.;response_flags=.=-;.;connection_security_policy=.=mutual_tls;.;_istio_request_duration_milliseconds: P0(nan,1.0) P25(nan,13.85) P50(nan,26.125) P75(nan,30.75) P90(nan,38.7) P95(nan,59.7) P99(nan,791.4) P99.5(nan,795.6999999999999) P99.9(nan,799.14) P100(nan,800.0)\nreporter=.=destination;.;source_workload=.=istio-ingressgateway;.;source_workload_namespace=.=istio-system;.;source_principal=.=spiffe://cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account;.;source_app=.=istio-ingressgateway;.;source_version=.=unknown;.;source_canonical_service=.=istio-ingressgateway;.;source_canonical_revision=.=latest;.;destination_workload=.=productpage-v1;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;destination_app=.=productpage;.;destination_version=.=v1;.;destination_service=.=productpage.default.svc.cluster.local;.;destination_service_name=.=productpage;.;destination_service_namespace=.=default;.;destination_canonical_service=.=productpage;.;destination_canonical_revision=.=v1;.;request_protocol=.=http;.;response_code=.=200;.;grpc_response_status=.=;.;response_flags=.=-;.;connection_security_policy=.=mutual_tls;.;_istio_response_bytes: P0(nan,5200.0) P25(nan,5282.692307692308) P50(nan,6234.0) P75(nan,6277.0) P90(nan,19700.000000000004) P95(nan,38850.0) P99(nan,125700.0) P99.5(nan,127849.99999999997) P99.9(nan,129570.0) P100(nan,130000.0)\nreporter=.=destination;.;source_workload=.=ratings-v1;.;source_workload_namespace=.=default;.;source_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-ratings;.;source_app=.=ratings;.;source_version=.=v1;.;source_canonical_service=.=ratings;.;source_canonical_revision=.=v1;.;destination_workload=.=productpage-v1;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;destination_app=.=productpage;.;destination_version=.=v1;.;destination_service=.=productpage.default.svc.cluster.local;.;destination_service_name=.=productpage;.;destination_service_namespace=.=default;.;destination_canonical_service=.=productpage;.;destination_canonical_revision=.=v1;.;request_protocol=.=http;.;response_code=.=200;.;grpc_response_status=.=;.;response_flags=.=-;.;connection_security_policy=.=mutual_tls;.;_istio_request_bytes: P0(nan,530.0) P25(nan,532.5) P50(nan,535.0) P75(nan,537.5) P90(nan,539.0) P95(nan,539.5) P99(nan,539.9) P99.5(nan,539.95) P99.9(nan,539.99) P100(nan,540.0)\nreporter=.=destination;.;source_workload=.=ratings-v1;.;source_workload_namespace=.=default;.;source_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-ratings;.;source_app=.=ratings;.;source_version=.=v1;.;source_canonical_service=.=ratings;.;source_canonical_revision=.=v1;.;destination_workload=.=productpage-v1;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;destination_app=.=productpage;.;destination_version=.=v1;.;destination_service=.=productpage.default.svc.cluster.local;.;destination_service_name=.=productpage;.;destination_service_namespace=.=default;.;destination_canonical_service=.=productpage;.;destination_canonical_revision=.=v1;.;request_protocol=.=http;.;response_code=.=200;.;grpc_response_status=.=;.;response_flags=.=-;.;connection_security_policy=.=mutual_tls;.;_istio_request_duration_milliseconds: P0(nan,919.9999999999999) P25(nan,922.4999999999999) P50(nan,924.9999999999999) P75(nan,927.4999999999999) P90(nan,928.9999999999999) P95(nan,929.4999999999999) P99(nan,929.8999999999999) P99.5(nan,929.9499999999999) P99.9(nan,929.9899999999999) P100(nan,929.9999999999999)\nreporter=.=destination;.;source_workload=.=ratings-v1;.;source_workload_namespace=.=default;.;source_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-ratings;.;source_app=.=ratings;.;source_version=.=v1;.;source_canonical_service=.=ratings;.;source_canonical_revision=.=v1;.;destination_workload=.=productpage-v1;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;destination_app=.=productpage;.;destination_version=.=v1;.;destination_service=.=productpage.default.svc.cluster.local;.;destination_service_name=.=productpage;.;destination_service_namespace=.=default;.;destination_canonical_service=.=productpage;.;destination_canonical_revision=.=v1;.;request_protocol=.=http;.;response_code=.=200;.;grpc_response_status=.=;.;response_flags=.=-;.;connection_security_policy=.=mutual_tls;.;_istio_response_bytes: P0(nan,6200.0) P25(nan,6225.0) P50(nan,6250.0) P75(nan,6275.0) P90(nan,6290.0) P95(nan,6295.0) P99(nan,6299.0) P99.5(nan,6299.5) P99.9(nan,6299.9) P100(nan,6300.0)\nreporter=.=source;.;source_workload=.=productpage-v1;.;source_workload_namespace=.=default;.;source_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;source_app=.=productpage;.;source_version=.=v1;.;source_canonical_service=.=productpage;.;source_canonical_revision=.=v1;.;destination_workload=.=details-v1;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-details;.;destination_app=.=details;.;destination_version=.=v1;.;destination_service=.=details.default.svc.cluster.local;.;destination_service_name=.=details;.;destination_service_namespace=.=default;.;destination_canonical_service=.=details;.;destination_canonical_revision=.=v1;.;request_protocol=.=http;.;response_code=.=200;.;grpc_response_status=.=;.;response_flags=.=-;.;connection_security_policy=.=unknown;.;_istio_request_bytes: P0(nan,1200.0) P25(nan,1321.9594594594594) P50(nan,1347.972972972973) P75(nan,1373.9864864864865) P90(nan,1389.5945945945946) P95(nan,1394.7972972972973) P99(nan,1398.9594594594594) P99.5(nan,1399.4797297297298) P99.9(nan,1399.8959459459459) P100(nan,1400.0)\nreporter=.=source;.;source_workload=.=productpage-v1;.;source_workload_namespace=.=default;.;source_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;source_app=.=productpage;.;source_version=.=v1;.;source_canonical_service=.=productpage;.;source_canonical_revision=.=v1;.;destination_workload=.=details-v1;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-details;.;destination_app=.=details;.;destination_version=.=v1;.;destination_service=.=details.default.svc.cluster.local;.;destination_service_name=.=details;.;destination_service_namespace=.=default;.;destination_canonical_service=.=details;.;destination_canonical_revision=.=v1;.;request_protocol=.=http;.;response_code=.=200;.;grpc_response_status=.=;.;response_flags=.=-;.;connection_security_policy=.=unknown;.;_istio_request_duration_milliseconds: P0(nan,1.0) P25(nan,1.030078125) P50(nan,1.06015625) P75(nan,1.090234375) P90(nan,2.0757142857142856) P95(nan,5.014999999999999) P99(nan,20.230000000000004) P99.5(nan,20.614999999999995) P99.9(nan,20.923000000000002) P100(nan,21.0)\nreporter=.=source;.;source_workload=.=productpage-v1;.;source_workload_namespace=.=default;.;source_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;source_app=.=productpage;.;source_version=.=v1;.;source_canonical_service=.=productpage;.;source_canonical_revision=.=v1;.;destination_workload=.=details-v1;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-details;.;destination_app=.=details;.;destination_version=.=v1;.;destination_service=.=details.default.svc.cluster.local;.;destination_service_name=.=details;.;destination_service_namespace=.=default;.;destination_canonical_service=.=details;.;destination_canonical_revision=.=v1;.;request_protocol=.=http;.;response_code=.=200;.;grpc_response_status=.=;.;response_flags=.=-;.;connection_security_policy=.=unknown;.;_istio_response_bytes: P0(nan,300.0) P25(nan,302.5) P50(nan,305.0) P75(nan,307.5) P90(nan,309.0) P95(nan,309.5) P99(nan,309.9) P99.5(nan,309.95) P99.9(nan,309.99) P100(nan,310.0)\nreporter=.=source;.;source_workload=.=productpage-v1;.;source_workload_namespace=.=default;.;source_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;source_app=.=productpage;.;source_version=.=v1;.;source_canonical_service=.=productpage;.;source_canonical_revision=.=v1;.;destination_workload=.=reviews-v1;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-reviews;.;destination_app=.=reviews;.;destination_version=.=v1;.;destination_service=.=reviews.default.svc.cluster.local;.;destination_service_name=.=reviews;.;destination_service_namespace=.=default;.;destination_canonical_service=.=reviews;.;destination_canonical_revision=.=v1;.;request_protocol=.=http;.;response_code=.=200;.;grpc_response_status=.=;.;response_flags=.=-;.;connection_security_policy=.=unknown;.;_istio_request_bytes: P0(nan,1200.0) P25(nan,1322.0) P50(nan,1348.0) P75(nan,1374.0) P90(nan,1389.6) P95(nan,1394.8) P99(nan,1398.96) P99.5(nan,1399.48) P99.9(nan,1399.896) P100(nan,1400.0)\nreporter=.=source;.;source_workload=.=productpage-v1;.;source_workload_namespace=.=default;.;source_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;source_app=.=productpage;.;source_version=.=v1;.;source_canonical_service=.=productpage;.;source_canonical_revision=.=v1;.;destination_workload=.=reviews-v1;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-reviews;.;destination_app=.=reviews;.;destination_version=.=v1;.;destination_service=.=reviews.default.svc.cluster.local;.;destination_service_name=.=reviews;.;destination_service_namespace=.=default;.;destination_canonical_service=.=reviews;.;destination_canonical_revision=.=v1;.;request_protocol=.=http;.;response_code=.=200;.;grpc_response_status=.=;.;response_flags=.=-;.;connection_security_policy=.=unknown;.;_istio_request_duration_milliseconds: P0(nan,3.0) P25(nan,4.013636363636364) P50(nan,4.072727272727272) P75(nan,5.0875) P90(nan,6.085) P95(nan,10.7) P99(nan,577.4) P99.5(nan,578.7) P99.9(nan,579.74) P100(nan,580.0)\nreporter=.=source;.;source_workload=.=productpage-v1;.;source_workload_namespace=.=default;.;source_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;source_app=.=productpage;.;source_version=.=v1;.;source_canonical_service=.=productpage;.;source_canonical_revision=.=v1;.;destination_workload=.=reviews-v1;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-reviews;.;destination_app=.=reviews;.;destination_version=.=v1;.;destination_service=.=reviews.default.svc.cluster.local;.;destination_service_name=.=reviews;.;destination_service_namespace=.=default;.;destination_canonical_service=.=reviews;.;destination_canonical_revision=.=v1;.;request_protocol=.=http;.;response_code=.=200;.;grpc_response_status=.=;.;response_flags=.=-;.;connection_security_policy=.=unknown;.;_istio_response_bytes: P0(nan,459.99999999999994) P25(nan,462.59999999999997) P50(nan,465.19999999999993) P75(nan,467.79999999999995) P90(nan,469.35999999999996) P95(nan,469.87999999999994) P99(nan,477.4) P99.5(nan,478.7) P99.9(nan,479.74) P100(nan,480.0)\nreporter=.=source;.;source_workload=.=productpage-v1;.;source_workload_namespace=.=default;.;source_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;source_app=.=productpage;.;source_version=.=v1;.;source_canonical_service=.=productpage;.;source_canonical_revision=.=v1;.;destination_workload=.=reviews-v2;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-reviews;.;destination_app=.=reviews;.;destination_version=.=v2;.;destination_service=.=reviews.default.svc.cluster.local;.;destination_service_name=.=reviews;.;destination_service_namespace=.=default;.;destination_canonical_service=.=reviews;.;destination_canonical_revision=.=v2;.;request_protocol=.=http;.;response_code=.=200;.;grpc_response_status=.=;.;response_flags=.=-;.;connection_security_policy=.=unknown;.;_istio_request_bytes: P0(nan,1200.0) P25(nan,1322.0) P50(nan,1348.0) P75(nan,1374.0) P90(nan,1389.6) P95(nan,1394.8) P99(nan,1398.96) P99.5(nan,1399.48) P99.9(nan,1399.896) P100(nan,1400.0)\nreporter=.=source;.;source_workload=.=productpage-v1;.;source_workload_namespace=.=default;.;source_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;source_app=.=productpage;.;source_version=.=v1;.;source_canonical_service=.=productpage;.;source_canonical_revision=.=v1;.;destination_workload=.=reviews-v2;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-reviews;.;destination_app=.=reviews;.;destination_version=.=v2;.;destination_service=.=reviews.default.svc.cluster.local;.;destination_service_name=.=reviews;.;destination_service_namespace=.=default;.;destination_canonical_service=.=reviews;.;destination_canonical_revision=.=v2;.;request_protocol=.=http;.;response_code=.=200;.;grpc_response_status=.=;.;response_flags=.=-;.;connection_security_policy=.=unknown;.;_istio_request_duration_milliseconds: P0(nan,15.0) P25(nan,17.75) P50(nan,20.0) P75(nan,27.166666666666668) P90(nan,43.400000000000006) P95(nan,47.7) P99(nan,777.4) P99.5(nan,778.7) P99.9(nan,779.74) P100(nan,780.0)\nreporter=.=source;.;source_workload=.=productpage-v1;.;source_workload_namespace=.=default;.;source_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;source_app=.=productpage;.;source_version=.=v1;.;source_canonical_service=.=productpage;.;source_canonical_revision=.=v1;.;destination_workload=.=reviews-v2;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-reviews;.;destination_app=.=reviews;.;destination_version=.=v2;.;destination_service=.=reviews.default.svc.cluster.local;.;destination_service_name=.=reviews;.;destination_service_namespace=.=default;.;destination_canonical_service=.=reviews;.;destination_canonical_revision=.=v2;.;request_protocol=.=http;.;response_code=.=200;.;grpc_response_status=.=;.;response_flags=.=-;.;connection_security_policy=.=unknown;.;_istio_response_bytes: P0(nan,550.0) P25(nan,552.5) P50(nan,555.0) P75(nan,557.5) P90(nan,559.0) P95(nan,559.5) P99(nan,559.9) P99.5(nan,559.95) P99.9(nan,559.99) P100(nan,560.0)\nreporter=.=source;.;source_workload=.=productpage-v1;.;source_workload_namespace=.=default;.;source_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;source_app=.=productpage;.;source_version=.=v1;.;source_canonical_service=.=productpage;.;source_canonical_revision=.=v1;.;destination_workload=.=reviews-v3;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-reviews;.;destination_app=.=reviews;.;destination_version=.=v3;.;destination_service=.=reviews.default.svc.cluster.local;.;destination_service_name=.=reviews;.;destination_service_namespace=.=default;.;destination_canonical_service=.=reviews;.;destination_canonical_revision=.=v3;.;request_protocol=.=http;.;response_code=.=200;.;grpc_response_status=.=;.;response_flags=.=-;.;connection_security_policy=.=unknown;.;_istio_request_bytes: P0(nan,1200.0) P25(nan,1321.875) P50(nan,1347.9166666666667) P75(nan,1373.9583333333333) P90(nan,1389.5833333333333) P95(nan,1394.7916666666667) P99(nan,1398.9583333333333) P99.5(nan,1399.4791666666667) P99.9(nan,1399.8958333333333) P100(nan,1400.0)\nreporter=.=source;.;source_workload=.=productpage-v1;.;source_workload_namespace=.=default;.;source_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;source_app=.=productpage;.;source_version=.=v1;.;source_canonical_service=.=productpage;.;source_canonical_revision=.=v1;.;destination_workload=.=reviews-v3;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-reviews;.;destination_app=.=reviews;.;destination_version=.=v3;.;destination_service=.=reviews.default.svc.cluster.local;.;destination_service_name=.=reviews;.;destination_service_namespace=.=default;.;destination_canonical_service=.=reviews;.;destination_canonical_revision=.=v3;.;request_protocol=.=http;.;response_code=.=200;.;grpc_response_status=.=;.;response_flags=.=-;.;connection_security_policy=.=unknown;.;_istio_request_duration_milliseconds: P0(nan,16.0) P25(nan,17.8125) P50(nan,19.833333333333332) P75(nan,22.75) P90(nan,25.833333333333332) P95(nan,43.75) P99(nan,847.5) P99.5(nan,848.75) P99.9(nan,849.75) P100(nan,850.0)\nreporter=.=source;.;source_workload=.=productpage-v1;.;source_workload_namespace=.=default;.;source_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-productpage;.;source_app=.=productpage;.;source_version=.=v1;.;source_canonical_service=.=productpage;.;source_canonical_revision=.=v1;.;destination_workload=.=reviews-v3;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/bookinfo-reviews;.;destination_app=.=reviews;.;destination_version=.=v3;.;destination_service=.=reviews.default.svc.cluster.local;.;destination_service_name=.=reviews;.;destination_service_namespace=.=default;.;destination_canonical_service=.=reviews;.;destination_canonical_revision=.=v3;.;request_protocol=.=http;.;response_code=.=200;.;grpc_response_status=.=;.;response_flags=.=-;.;connection_security_policy=.=unknown;.;_istio_response_bytes: P0(nan,540.0) P25(nan,542.6041666666666) P50(nan,545.2083333333334) P75(nan,547.8125) P90(nan,549.375) P95(nan,549.8958333333334) P99(nan,557.5) P99.5(nan,558.75) P99.9(nan,559.75) P100(nan,560.0)\nserver.initialization_time_ms: P0(nan,14000.0) P25(nan,14250.0) P50(nan,14500.0) P75(nan,14750.0) P90(nan,14900.0) P95(nan,14950.0) P99(nan,14990.0) P99.5(nan,14995.0) P99.9(nan,14999.0) P100(nan,15000.0)\n```\n\n## 一些常用的运维命令\n\n```text\n\n//查看里面的为服务\nistio ps\n\n//查看端口的一些fliter\nistioctl pc l productpage-v1-65576bb7bf-qlqfh.default --port 80 -o json\n\n//查看网关下面的virtualhost RDS\n[devops_root@ali-tekton-CI-devops-dev-01 ~]$ istioctl pc r istio-ingressgateway-58649bfdf4-p84z4.istio-system --name http.80 -o json\n[\n {\n \"name\": \"http.80\",\n \"virtualHosts\": [\n {\n \"name\": \"*:80\",\n \"domains\": [\n \"*\"\n ],\n \"routes\": [\n {\n \"match\": {\n \"path\": \"/productpage\",\n \"caseSensitive\": true\n },\n \"route\": {\n \"cluster\": \"outbound|9080||productpage.default.svc.cluster.local\",\n \"timeout\": \"0s\",\n \"retryPolicy\": {\n \"retryOn\": \"connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes\",\n \"numRetries\": 2,\n \"retryHostPredicate\": [\n {\n \"name\": \"envoy.retry_host_predicates.previous_hosts\"\n }\n ],\n \"hostSelectionRetryMaxAttempts\": \"5\",\n \"retriableStatusCodes\": [\n 503\n ]\n },\n \"maxGrpcTimeout\": \"0s\"\n },\n \"metadata\": {\n \"filterMetadata\": {\n \"istio\": {\n \"config\": \"/apis/networking.istio.io/v1alpha3/namespaces/default/virtual-service/bookinfo\"\n }\n }\n },\n \"decorator\": {\n \"operation\": \"productpage.default.svc.cluster.local:9080/productpage\"\n }\n },\n {\n \"match\": {\n \"prefix\": \"/static\",\n \"caseSensitive\": true\n },\n \"route\": {\n \"cluster\": \"outbound|9080||productpage.default.svc.cluster.local\",\n \"timeout\": \"0s\",\n \"retryPolicy\": {\n \"retryOn\": \"connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes\",\n \"numRetries\": 2,\n \"retryHostPredicate\": [\n {\n \"name\": \"envoy.retry_host_predicates.previous_hosts\"\n }\n ],\n \"hostSelectionRetryMaxAttempts\": \"5\",\n \"retriableStatusCodes\": [\n 503\n ]\n },\n \"maxGrpcTimeout\": \"0s\"\n },\n \"metadata\": {\n \"filterMetadata\": {\n \"istio\": {\n \"config\": \"/apis/networking.istio.io/v1alpha3/namespaces/default/virtual-service/bookinfo\"\n }\n }\n },\n \"decorator\": {\n \"operation\": \"productpage.default.svc.cluster.local:9080/static*\"\n }\n },\n {\n \"match\": {\n \"path\": \"/login\",\n \"caseSensitive\": true\n },\n \"route\": {\n \"cluster\": \"outbound|9080||productpage.default.svc.cluster.local\",\n \"timeout\": \"0s\",\n \"retryPolicy\": {\n \"retryOn\": \"connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes\",\n \"numRetries\": 2,\n \"retryHostPredicate\": [\n {\n \"name\": \"envoy.retry_host_predicates.previous_hosts\"\n }\n ],\n \"hostSelectionRetryMaxAttempts\": \"5\",\n \"retriableStatusCodes\": [\n 503\n ]\n },\n \"maxGrpcTimeout\": \"0s\"\n },\n \"metadata\": {\n \"filterMetadata\": {\n \"istio\": {\n \"config\": \"/apis/networking.istio.io/v1alpha3/namespaces/default/virtual-service/bookinfo\"\n }\n }\n },\n \"decorator\": {\n \"operation\": \"productpage.default.svc.cluster.local:9080/login\"\n }\n },\n {\n \"match\": {\n \"path\": \"/logout\",\n \"caseSensitive\": true\n },\n \"route\": {\n \"cluster\": \"outbound|9080||productpage.default.svc.cluster.local\",\n \"timeout\": \"0s\",\n \"retryPolicy\": {\n \"retryOn\": \"connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes\",\n \"numRetries\": 2,\n \"retryHostPredicate\": [\n {\n \"name\": \"envoy.retry_host_predicates.previous_hosts\"\n }\n ],\n \"hostSelectionRetryMaxAttempts\": \"5\",\n \"retriableStatusCodes\": [\n 503\n ]\n },\n \"maxGrpcTimeout\": \"0s\"\n },\n \"metadata\": {\n \"filterMetadata\": {\n \"istio\": {\n \"config\": \"/apis/networking.istio.io/v1alpha3/namespaces/default/virtual-service/bookinfo\"\n }\n }\n },\n \"decorator\": {\n \"operation\": \"productpage.default.svc.cluster.local:9080/logout\"\n }\n },\n {\n \"match\": {\n \"prefix\": \"/api/v1/products\",\n \"caseSensitive\": true\n },\n \"route\": {\n \"cluster\": \"outbound|9080||productpage.default.svc.cluster.local\",\n \"timeout\": \"0s\",\n \"retryPolicy\": {\n \"retryOn\": \"connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes\",\n \"numRetries\": 2,\n \"retryHostPredicate\": [\n {\n \"name\": \"envoy.retry_host_predicates.previous_hosts\"\n }\n ],\n \"hostSelectionRetryMaxAttempts\": \"5\",\n \"retriableStatusCodes\": [\n 503\n ]\n },\n \"maxGrpcTimeout\": \"0s\"\n },\n \"metadata\": {\n \"filterMetadata\": {\n \"istio\": {\n \"config\": \"/apis/networking.istio.io/v1alpha3/namespaces/default/virtual-service/bookinfo\"\n }\n }\n },\n \"decorator\": {\n \"operation\": \"productpage.default.svc.cluster.local:9080/api/v1/products*\"\n }\n }\n ],\n \"includeRequestAttemptCount\": true\n }\n ],\n \"validateClusters\": false\n }\n]\n\n\n//然后再到CDS\n[devops_root@ali-tekton-CI-devops-dev-01 ~]$ istioctl pc c istio-ingressgateway-58649bfdf4-p84z4.istio-system | grep productpage.default.svc.cluster.local\noutbound_.9080_._.productpage.default.svc.cluster.local - - - EDS productpage.default\noutbound_.9080_.v1_.productpage.default.svc.cluster.local - - - EDS productpage.default\nproductpage.default.svc.cluster.local 9080 - outbound EDS productpage.default\nproductpage.default.svc.cluster.local 9080 v1 outbound EDS productpage.default\n\n\n[devops_root@ali-tekton-CI-devops-dev-01 ~]$ istioctl pc c istio-ingressgateway-58649bfdf4-p84z4.istio-system --fqdn productpage.default.svc.cluster.local -o json\n[\n {\n \"name\": \"outbound_.9080_._.productpage.default.svc.cluster.local\",\n \"type\": \"EDS\",\n \"edsClusterConfig\": {\n \"edsConfig\": {\n \"ads\": {},\n \"resourceApiVersion\": \"V3\"\n },\n \"serviceName\": \"outbound_.9080_._.productpage.default.svc.cluster.local\"\n },\n \"connectTimeout\": \"10s\",\n \"circuitBreakers\": {\n \"thresholds\": [\n {\n \"maxConnections\": 4294967295,\n \"maxPendingRequests\": 4294967295,\n \"maxRequests\": 4294967295,\n \"maxRetries\": 4294967295\n }\n ]\n },\n \"metadata\": {\n \"filterMetadata\": {\n \"istio\": {\n \"config\": \"/apis/networking.istio.io/v1alpha3/namespaces/default/destination-rule/productpage\"\n }\n }\n },\n \"filters\": [\n {\n \"name\": \"istio.metadata_exchange\",\n \"typedConfig\": {\n \"@type\": \"type.googleapis.com/udpa.type.v1.TypedStruct\",\n \"typeUrl\": \"type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange\",\n \"value\": {\n \"protocol\": \"istio-peer-exchange\"\n }\n }\n }\n ]\n },\n {\n \"name\": \"outbound_.9080_.v1_.productpage.default.svc.cluster.local\",\n \"type\": \"EDS\",\n \"edsClusterConfig\": {\n \"edsConfig\": {\n \"ads\": {},\n \"resourceApiVersion\": \"V3\"\n },\n \"serviceName\": \"outbound_.9080_.v1_.productpage.default.svc.cluster.local\"\n },\n \"connectTimeout\": \"10s\",\n \"circuitBreakers\": {\n \"thresholds\": [\n {\n \"maxConnections\": 4294967295,\n \"maxPendingRequests\": 4294967295,\n \"maxRequests\": 4294967295,\n \"maxRetries\": 4294967295\n }\n ]\n },\n \"metadata\": {\n \"filterMetadata\": {\n \"istio\": {\n \"config\": \"/apis/networking.istio.io/v1alpha3/namespaces/default/destination-rule/productpage\",\n \"subset\": \"v1\"\n }\n }\n },\n \"filters\": [\n {\n \"name\": \"istio.metadata_exchange\",\n \"typedConfig\": {\n \"@type\": \"type.googleapis.com/udpa.type.v1.TypedStruct\",\n \"typeUrl\": \"type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange\",\n \"value\": {\n \"protocol\": \"istio-peer-exchange\"\n }\n }\n }\n ]\n },\n {\n \"transportSocketMatches\": [\n {\n \"name\": \"tlsMode-istio\",\n \"match\": {\n \"tlsMode\": \"istio\"\n },\n \"transportSocket\": {\n \"name\": \"envoy.transport_sockets.tls\",\n \"typedConfig\": {\n \"@type\": \"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext\",\n \"commonTlsContext\": {\n \"tlsCertificateSdsSecretConfigs\": [\n {\n \"name\": \"default\",\n \"sdsConfig\": {\n \"apiConfigSource\": {\n \"apiType\": \"GRPC\",\n \"transportApiVersion\": \"V3\",\n \"grpcServices\": [\n {\n \"envoyGrpc\": {\n \"clusterName\": \"sds-grpc\"\n }\n }\n ]\n },\n \"initialFetchTimeout\": \"0s\",\n \"resourceApiVersion\": \"V3\"\n }\n }\n ],\n \"combinedValidationContext\": {\n \"defaultValidationContext\": {\n \"matchSubjectAltNames\": [\n {\n \"exact\": \"spiffe://cluster.local/ns/default/sa/bookinfo-productpage\"\n }\n ]\n },\n \"validationContextSdsSecretConfig\": {\n \"name\": \"ROOTCA\",\n \"sdsConfig\": {\n \"apiConfigSource\": {\n \"apiType\": \"GRPC\",\n \"transportApiVersion\": \"V3\",\n \"grpcServices\": [\n {\n \"envoyGrpc\": {\n \"clusterName\": \"sds-grpc\"\n }\n }\n ]\n },\n \"initialFetchTimeout\": \"0s\",\n \"resourceApiVersion\": \"V3\"\n }\n }\n },\n \"alpnProtocols\": [\n \"istio-peer-exchange\",\n \"istio\"\n ]\n },\n \"sni\": \"outbound_.9080_._.productpage.default.svc.cluster.local\"\n }\n }\n },\n {\n \"name\": \"tlsMode-disabled\",\n \"match\": {},\n \"transportSocket\": {\n \"name\": \"envoy.transport_sockets.raw_buffer\"\n }\n }\n ],\n \"name\": \"outbound|9080||productpage.default.svc.cluster.local\",\n \"type\": \"EDS\",\n \"edsClusterConfig\": {\n \"edsConfig\": {\n \"ads\": {},\n \"resourceApiVersion\": \"V3\"\n },\n \"serviceName\": \"outbound|9080||productpage.default.svc.cluster.local\"\n },\n \"connectTimeout\": \"10s\",\n \"circuitBreakers\": {\n \"thresholds\": [\n {\n \"maxConnections\": 4294967295,\n \"maxPendingRequests\": 4294967295,\n \"maxRequests\": 4294967295,\n \"maxRetries\": 4294967295\n }\n ]\n },\n \"metadata\": {\n \"filterMetadata\": {\n \"istio\": {\n \"config\": \"/apis/networking.istio.io/v1alpha3/namespaces/default/destination-rule/productpage\"\n }\n }\n },\n \"filters\": [\n {\n \"name\": \"istio.metadata_exchange\",\n \"typedConfig\": {\n \"@type\": \"type.googleapis.com/udpa.type.v1.TypedStruct\",\n \"typeUrl\": \"type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange\",\n \"value\": {\n \"protocol\": \"istio-peer-exchange\"\n }\n }\n }\n ]\n },\n {\n \"transportSocketMatches\": [\n {\n \"name\": \"tlsMode-istio\",\n \"match\": {\n \"tlsMode\": \"istio\"\n },\n \"transportSocket\": {\n \"name\": \"envoy.transport_sockets.tls\",\n \"typedConfig\": {\n \"@type\": \"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext\",\n \"commonTlsContext\": {\n \"tlsCertificateSdsSecretConfigs\": [\n {\n \"name\": \"default\",\n \"sdsConfig\": {\n \"apiConfigSource\": {\n \"apiType\": \"GRPC\",\n \"transportApiVersion\": \"V3\",\n \"grpcServices\": [\n {\n \"envoyGrpc\": {\n \"clusterName\": \"sds-grpc\"\n }\n }\n ]\n },\n \"initialFetchTimeout\": \"0s\",\n \"resourceApiVersion\": \"V3\"\n }\n }\n ],\n \"combinedValidationContext\": {\n \"defaultValidationContext\": {\n \"matchSubjectAltNames\": [\n {\n \"exact\": \"spiffe://cluster.local/ns/default/sa/bookinfo-productpage\"\n }\n ]\n },\n \"validationContextSdsSecretConfig\": {\n \"name\": \"ROOTCA\",\n \"sdsConfig\": {\n \"apiConfigSource\": {\n \"apiType\": \"GRPC\",\n \"transportApiVersion\": \"V3\",\n \"grpcServices\": [\n {\n \"envoyGrpc\": {\n \"clusterName\": \"sds-grpc\"\n }\n }\n ]\n },\n \"initialFetchTimeout\": \"0s\",\n \"resourceApiVersion\": \"V3\"\n }\n }\n },\n \"alpnProtocols\": [\n \"istio-peer-exchange\",\n \"istio\"\n ]\n },\n \"sni\": \"outbound_.9080_.v1_.productpage.default.svc.cluster.local\"\n }\n }\n },\n {\n \"name\": \"tlsMode-disabled\",\n \"match\": {},\n \"transportSocket\": {\n \"name\": \"envoy.transport_sockets.raw_buffer\"\n }\n }\n ],\n \"name\": \"outbound|9080|v1|productpage.default.svc.cluster.local\",\n \"type\": \"EDS\",\n \"edsClusterConfig\": {\n \"edsConfig\": {\n \"ads\": {},\n \"resourceApiVersion\": \"V3\"\n },\n \"serviceName\": \"outbound|9080|v1|productpage.default.svc.cluster.local\"\n },\n \"connectTimeout\": \"10s\",\n \"circuitBreakers\": {\n \"thresholds\": [\n {\n \"maxConnections\": 4294967295,\n \"maxPendingRequests\": 4294967295,\n \"maxRequests\": 4294967295,\n \"maxRetries\": 4294967295\n }\n ]\n },\n \"metadata\": {\n \"filterMetadata\": {\n \"istio\": {\n \"config\": \"/apis/networking.istio.io/v1alpha3/namespaces/default/destination-rule/productpage\",\n \"subset\": \"v1\"\n }\n }\n },\n \"filters\": [\n {\n \"name\": \"istio.metadata_exchange\",\n \"typedConfig\": {\n \"@type\": \"type.googleapis.com/udpa.type.v1.TypedStruct\",\n \"typeUrl\": \"type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange\",\n \"value\": {\n \"protocol\": \"istio-peer-exchange\"\n }\n }\n }\n ]\n }\n]\n\n\n//最后到EDS\n[devops_root@ali-tekton-CI-devops-dev-01 ~]$ istioctl pc endpoint istio-ingressgateway-58649bfdf4-p84z4.istio-system |grep productpage.default.svc.cluster.local\n10.16.0.112:9080 HEALTHY OK outbound_.9080_._.productpage.default.svc.cluster.local\n10.16.0.112:9080 HEALTHY OK outbound_.9080_.v1_.productpage.default.svc.cluster.local\n10.16.0.112:9080 HEALTHY OK outbound|9080|v1|productpage.default.svc.cluster.local\n10.16.0.112:9080 HEALTHY OK outbound|9080||productpage.default.svc.cluster.local\n\n\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwithlin%2Fistio-demo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwithlin%2Fistio-demo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwithlin%2Fistio-demo/lists"}