[[431019]]

引言

在Istio中提供了ServiceEntry的配置，將網格外的服務納入網格管理。將第三方注冊中心zookeeper、nacos等納入Istio網格可以通過ServiceEntry納入Istio的管理。這些如何注入的，流程是怎么樣，下面通過示例將整個流程竄起來。

一、ServiceEntry注入工作原理

ServiceEntry注入的流程圖

備注：注入流程如下

@1 將ServiceEntry注入到kube-apiserver中

@2 Istiod中通過kubeConfigController監(jiān)聽ServiceEntry配置的變化

@3 Istiod將ServiceEntry封裝成PushRequest發(fā)送給XDSServer

@4 XDSServer轉換為xDS格式下發(fā)給Envoy

二、Envoy中查看ServiceEntry

1.組織ServiceEntry配置

通過ServiceEntry配置baidu域名，將其作為網格服務的一部分serviceentry.yaml

--- 
apiVersion: networking.istio.io/v1alpha3 
kind: ServiceEntry 
metadata: 
  name: baidu-external 
spec: 
  hosts: 
    - www.baidu.com 
  ports: 
    - number: 80 
      name: HTTP 
      protocol: HTTP 
  resolution: DNS 
  location: MESH_INTERNAL 

2.部署ServiceEntry配置

通過下面命令部署到Kubernetes api server中

kubectl apply -f serviceentry.yaml -n default 
serviceentry.networking.istio.io/baidu-external created 

3.Istio中查看ServiceEntry信息

登陸istiod容器

kubectl -n istio-system exec -it istiod-5c4b9cb6b5-6n68m -- /bin/bash 

通過registryz命令查看，已經注入到istio中。

istio-proxy@istiod-5c4b9cb6b5-6n68m:/$ curl http://127.0.0.1:15014/debug/registryz 
[ 
  { 
    "Attributes": { 
      "ServiceRegistry": "External", 
      "Name": "www.baidu.com", 
      "Namespace": "default", 
      "Labels": null, 
      "UID": "", 
      "ExportTo": null, 
      "LabelSelectors": null, 
      "ClusterExternalAddresses": null, 
      "ClusterExternalPorts": null 
    }, 
    "ports": [ 
      { 
        "name": "HTTP", 
        "port": 80, 
        "protocol": "HTTP" 
      } 
    ], 
    "creationTime": "2021-10-14T03:01:24Z", 
    "hostname": "www.baidu.com", 
    "address": "0.0.0.0", 
    "autoAllocatedAddress": "240.240.0.5", 
    "Mutex": {}, 
    "Resolution": 1, 
    "MeshExternal": false 
  }, 
  // ... 
] 

4.在Envoy查看xDS信息

istioctl proxy-config route productpage-v1-6b746f74dc-2c55l -n default -o json 
[ 
  //... 
  { 
                  "name": "www.baidu.com:80", 
                  "domains": [ 
                      "www.baidu.com", 
                      "www.baidu.com:80" 
                  ], 
                  "routes": [ 
                      { 
                          "name": "default", 
                          "match": { 
                              "prefix": "/" 
                          }, 
                          "route": { 
                              "cluster": "outbound|80||www.baidu.com", 
                              "timeout": "0s", 
                              "retryPolicy": { 
                                  "retryOn": "connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes", 
                                  "numRetries": 2, 
                                  "retryHostPredicate": [ 
                                      { 
                                          "name": "envoy.retry_host_predicates.previous_hosts" 
                                      } 
                                  ], 
                                  "hostSelectionRetryMaxAttempts": "5", 
                                  "retriableStatusCodes": [ 
                                      503 
                                  ] 
                              }, 
                              "maxStreamDuration": { 
                                  "maxStreamDuration": "0s", 
                                  "grpcTimeoutHeaderMax": "0s" 
                              } 
                          }, 
                          "decorator": { 
                              "operation": "www.baidu.com:80/*" 
                          } 
                      } 
                  ], 
                  "includeRequestAttemptCount": true 
   } 
   // ...          
] 

小結：通過上面的命令追蹤，ServiceEntry的示例下發(fā)到了數據面Envoy中。