This repo introduces how to run Istio on DC/OS or Mesos + Marathon environments. I added a new service registry based on Marathon event stream to pilot-discovery, using go-marathon as client. Istio components and Zipkin are running as Marathon applications, while workloads is running with a pilot-agent/envoy in the same Marathon Pod.
-
Deploy etcd, apiserver, pilot, zipkin in DC/OS. apiserver is used only for providing CustomResourceDefinitions like
virtualservice,destinationrule.You can deploy those app through UI, or using command-line.
dcos marathon app add install/etcd.json dcos marathon app add install/zipkin.json dcos marathon app add install/apiserver.json dcos marathon app add install/pilot.json -
Deploy the bookfinfo sample
The bookinfo is a sample application composed of four separate microservices used to demonstrate various Istio features.
dcos marathon pod add bookinfo/details.json dcos marathon pod add bookinfo/ratings.json dcos marathon pod add bookinfo/reviews-v1.json dcos marathon pod add bookinfo/reviews-v2.json dcos marathon pod add bookinfo/reviews-v3.json dcos marathon pod add bookinfo/productpage.json -
Visit the productpage and validate load-balancing by Envoy.
Visit
$HOST_IP_OF_PRODUCTPAGE:$HOST_PORT_OF_PRODUCTPAGEYou can refresh the page and find Book Reviews has three kinds of version. This is because the envoy proxy ofproductpagepod will do round-roubin load-balance to one of the 3reviewspods when there is NO routing rules applied. -
Use kubectl to apply routing rules. In the master or any agent node, setup kubectl first:
curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.7.3/bin/linux/amd64/kubectl && export PATH=$PATH:$PWD && chmod +x kubectl kubectl config set-context istio --cluster=istio kubectl config set-cluster istio --server=http://apiserver.marathon.autoip.dcos.thisdcos.directory:30080 kubectl config use-context istioBefore you can use Istio to control the Bookinfo version routing, you need to define the available versions, called subsets, in destination rules.
kubectl apply -f bookinfo/destination-rule-all.yaml -
Routing all traffics to v1
kubectl apply -f bookinfo/vs-all-v1.yamlNow you can visit
productpageagain and find thereviewsis always v1. -
Fault inject: delaying requests to
detailskubectl apply -f bookinfo/vs-delay-details.yamlNow you can login as
jasonand found the page loading is slow...# kubectl get virtualservice details apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: details spec: hosts: - details.marathon.l4lb.thisdcos.directory http: - match: - headers: end-user: exact: jason fault: delay: percent: 100 fixedDelay: 7s route: - destination: host: details.marathon.l4lb.thisdcos.directory subset: v1 - route: - destination: host: details.marathon.l4lb.thisdcos.directory subset: v1It inject 7s delay when routing to
detailsservice. -
Fault inject: aborting rules
kubectl apply -f bookinfo/vs-details-abort.yamlRefresh the
productpageand visitzipkin. You can find tracing information that the returnstatus codeofdetailsis500
WIP
https://github.com/harryge00/istio/tree/marathon-pilot/pilot/pkg/serviceregistry/mesos
-
How does envoy redirect traffics?
As you may know, DC/OS use
dcos-l4lbto do loadbalancing. In a pod with envoy proxy, we do not need l4lb since envoy will load-balance traffics to Pods.
In the example above, productpageis trying to accessreviews.marathon.l4lb.thisdcos.directory:9080. Theproductpage'senvoy has got IPs of the 3 different versions ofreviewsapplications(becausePilot-agentwill communicate withPilot-discoveryand got Pod's IP through cDS API and update envoy's config):outbound|9080|v1|reviews.marathon.l4lb.thisdcos.directory::9.0.1.1:9080 outbound|9080|v2|reviews.marathon.l4lb.thisdcos.directory::9.0.1.2:9080 outbound|9080|v3|reviews.marathon.l4lb.thisdcos.directory::9.0.1.3:9080So it will redirect traffics to one of the 3 IP:port, if no routing rules applied. After the upstream reviews Pod receives the traffics, it will check its inbound config and redirect traffics to corresponding listeners, which here is
127.0.0.1:9080.
