Let's talk about viewing ServiceEntry injection information in Envoy

  [[431019]]

introduction

Istio provides ServiceEntry configuration to include services outside the mesh into mesh management. Third-party registration centers such as Zookeeper and Nacos can be included in the Istio mesh and managed by Istio through ServiceEntry. How to inject these and what is the process? The following example shows the entire process.

1. How ServiceEntry injection works

Flowchart of ServiceEntry injection

Note: The injection process is as follows

@1 Inject ServiceEntry into kube-apiserver

@2 Istiod monitors ServiceEntry configuration changes through kubeConfigController

@3 Istiod encapsulates ServiceEntry into PushRequest and sends it to XDSServer

@4 XDSServer converts to xDS format and sends it to Envoy

2. View ServiceEntry in Envoy

1. Organize ServiceEntry configuration

Configure the Baidu domain name through ServiceEntry and make it part of the grid service serviceentry.yaml

 ---
 apiVersion: networking.istio.io/v1alpha3
 kind: ServiceEntry
 metadata:
 name : baidu-external
 spec:
 hosts:
 - www.baidu.com
 ports:
 - number: 80
 name : HTTP
 protocol: HTTP
 resolution: DNS
 location: MESH_INTERNAL

2. Deploy ServiceEntry configuration

Deploy to the Kubernetes api server using the following command

 kubectl apply -f serviceentry.yaml -n default
 serviceentry.networking.istio.io/baidu-external created

3. View ServiceEntry information in Istio

Log in to the istiod container

 kubectl -n istio-system exec -it istiod-5c4b9cb6b5-6n68m -- /bin/bash

Check with the registryz command and you will see that it has been injected into istio.

 istio-proxy@istiod-5c4b9cb6b5-6n68m:/$ curl http://127.0.0.1:15014/debug/registryz
 [
 {
 "Attributes" : {
 "ServiceRegistry" : "External" ,
 "Name" : "www.baidu.com" ,
 "Namespace" : "default" ,
 "Labels" : null ,
 "UID" : "" ,
 "ExportTo" : null ,
 "LabelSelectors" : null ,
 "ClusterExternalAddresses" : null ,
 "ClusterExternalPorts" : null
 },
 "ports" : [
 {
 "name" : "HTTP" ,
 "port" : 80,
 "protocol" : "HTTP"
 }
 ],
 "creationTime" : "2021-10-14T03:01:24Z" ,
 "hostname" : "www.baidu.com" ,
 "address" : "0.0.0.0" ,
 "autoAllocatedAddress" : "240.240.0.5" ,
 "Mutex" : {},
 "Resolution" : 1,
 "MeshExternal" : false
 },
 // ...
 ]

4. View xDS information in Envoy

 istioctl proxy-config route productpage-v1-6b746f74dc-2c55l -n default -o json
 [
 //...
 {
 "name" : "www.baidu.com:80" ,
 "domains" : [
 "www.baidu.com" ,
 "www.baidu.com:80"
 ],
 "routes" : [
 {
 "name" : "default" ,
 "match" : {
 "prefix" : "/"
 },
 "route" : {
 "cluster" : "outbound|80||www.baidu.com" ,
 "timeout" : "0s" ,
 "retryPolicy" : {
 "retryOn" : "connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes" ,
 "numRetries" : 2,
 "retryHostPredicate" : [
                                      {
 "name" : "envoy.retry_host_predicates.previous_hosts"
                                      }
                                  ],
 "hostSelectionRetryMaxAttempts" : "5" ,
 "retriableStatusCodes" : [
                                      503
                                  ]
                              },
 "maxStreamDuration" : {
 "maxStreamDuration" : "0s" ,
 "grpcTimeoutHeaderMax" : "0s"
                              }
 },
 "decorator" : {
 "operation" : "www.baidu.com:80/*"
 }
 }
 ],
 "includeRequestAttemptCount" : true
 }
 // ...
 ]

Summary: Through the above command tracing, the ServiceEntry example is sent to the data plane Envoy.