public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-05-25 14:18:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Istio

Browse Source
This commit is contained in:
loganhz
2019-06-04 21:15:50 +08:00
parent 5ef49a5397
commit 5001476ef2
3 changed files with 183 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/rancher/v2.x/en/cluster-admin/tools/service-mesh/_index.md
+46
View File
@@ -0,0 +1,46 @@
---
title: Service Mesh
weight: 5
---
_Available as of v2.3.0-alpha_
Using Rancher, you can connect, secure, control, and observe services through integration with [Istio](https://istio.io/), a leading open-source service mesh solution. Istio provides behavioral insights and operational control over the service mesh as a whole, offering a complete solution to satisfy the diverse requirements of microservice applications.
## Enabling Service Mesh
As an [administrator]({{< baseurl >}}/rancher/v2.x/en/admin-settings/rbac/global-permissions/) or [cluster owner]({{< baseurl >}}/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/#cluster-roles), you can configure Rancher to deploy Istio to your Kubernetes cluster.
1. From the **Global** view, navigate to the cluster that you want to configure service mesh.
1. Select **Tools > Service Mesh** in the navigation bar.
1. Select **Enable** to show the [Service mesh configuration options]({{< baseurl >}}/rancher/v2.x/en/cluster-admin/tools/service-mesh/istio/). Ensure you have enough resources for service mesh and on your worker nodes to enable service mesh. Enter in your desired configuration options.
1. Click **Save**.
**Result:** The istio will be deployed as well as an application. The istio application, `cluster-istio`, is added as an [application]({{< baseurl >}}/rancher/v2.x/en/catalog/apps/) to the cluster's `system` project. After the application is `active`, you can start using Istio.
> **Note:** When enabling service mesh, you need to ensure your worker nodes and Istio pod have enough resources. In larger deployments, it is strongly advised that the service mesh infrastructure be placed on dedicated nodes in the cluster.
## Using Service Mesh
Once the service mesh is `active`, you can:
1. Access [Kiali UI](https://www.kiali.io/) by clicking Kiali UI icon in service mesh page.
1. Access [Jaeger UI](https://www.jaegertracing.io/) by clicking Jaeger UI icon in service mesh page.
1. Access [Grafana UI](https://grafana.com/) by clicking Grafana UI icon in service mesh page.
1. Access [Prometheus UI](https://prometheus.io/) by clicking Prometheus UI icon in service mesh page.
1. Go to project to [view traffic graph, traffic metrics and manage traffic]({{< baseurl >}}/rancher/v2.x/en/project-admin/service-mesh/).
## Disabling Service Mesh
To disable the service mesh:
1. From the **Global** view, navigate to the cluster that you want to disable service mesh.
1. Select **Tools > Service Mesh** in the navigation bar.
1. Click **Disable Istio**, then click the red button again to confirm the disable action.
**Result:** The `cluster-istio` application in the cluster's `system` project gets removed.
content/rancher/v2.x/en/cluster-admin/tools/service-mesh/istio/_index.md
+89
View File
@@ -0,0 +1,89 @@
---
title: Service Mesh Configuration
weight: 1
---
_Available as of v2.3.0-alpha_
While configuring service mesh, there are multiple options that can be configured.
## PILOT
Option | Description
-------|-------------
Pilot CPU Limit | CPU resource limit for the istio-pilot pod.
Pilot CPU Reservation | CPU reservation for the istio-pilot pod.
Pilot Memory Limit | Memory resource limit for the istio-pilot pod.
Pilot Memory Reservation | Memory resource requests for the istio-pilot pod.
Trace sampling Percentage | [Trace sampling percentage](https://istio.io/docs/tasks/telemetry/distributed-tracing/overview/#trace-sampling)
Pilot Selector | Ability to select the nodes in which istio-pilot pod is deployed to. To use this option, the nodes must have labels.
## TELEMETRY
Option | Description
-------|-------------
Telemetry CPU Limit | CPU resource limit for the istio-telemetry pod.
Telemetry CPU Reservation | CPU reservation for the istio-telemetry pod.
Telemetry Memory Limit | Memory resource limit for the istio-telemetry pod.
Telemetry Memory Reservation | Memory resource requests for the istio-telemetry pod.
Telemetry Selector | Ability to select the nodes in which istio-telemetry pod is deployed to. To use this option, the nodes must have labels.
## POLICY
Option | Description
-------|-------------
Enable Policy | Whether or not to deploy the istio-policy.
Policy CPU Limit | CPU resource limit for the istio-policy pod.
Policy CPU Reservation | CPU reservation for the istio-policy pod.
Policy Memory Limit | Memory resource limit for the istio-policy pod.
Policy Memory Reservation | Memory resource requests for the istio-policy pod.
Policy Selector | Ability to select the nodes in which istio-policy pod is deployed to. To use this option, the nodes must have labels.
## PROMETHEUS
Option | Description
-------|-------------
Prometheus CPU Limit | CPU resource limit for the Prometheus pod.
Prometheus CPU Reservation | CPU reservation for the Prometheus pod.
Prometheus Memory Limit | Memory resource limit for the Prometheus pod.
Prometheus Memory Reservation | Memory resource requests for the Prometheus pod.
Retention for Prometheus | How long your Prometheus instance retains data
Prometheus Selector | Ability to select the nodes in which Prometheus pod is deployed to. To use this option, the nodes must have labels.
## GRAFANA
Option | Description
-------|-------------
Enable Grafana | Whether or not to deploy the Grafana.
Grafana CPU Limit | CPU resource limit for the Grafana pod.
Grafana CPU Reservation | CPU reservation for the Grafana pod.
Grafana Memory Limit | Memory resource limit for the Grafana pod.
Grafana Memory Reservation | Memory resource requests for the Grafana pod.
Grafana Selector | Ability to select the nodes in which Grafana pod is deployed to. To use this option, the nodes must have labels.
## TRACING
Option | Description
-------|-------------
Enable Tracing | Whether or not to deploy the istio-tracing.
Tracing CPU Limit | CPU resource limit for the istio-tracing pod.
Tracing CPU Reservation | CPU reservation for the istio-tracing pod.
Tracing Memory Limit | Memory resource limit for the istio-tracing pod.
Tracing Memory Reservation | Memory resource requests for the istio-tracing pod.
Tracing Selector | Ability to select the nodes in which tracing pod is deployed to. To use this option, the nodes must have labels.
## GATEWAY
Option | Description
-------|-------------
Enable Gateway | Whether or not to deploy the istio-ingressgateway.
Service Type of Istio Ingress Gateway | How to expose the gateway. You can choose NodePort or Loadbalancer
Http2 Port | The NodePort for http2 requests
Https Port | The NodePort for https requests
Load Balancer IP | Ingress Gateway Load Balancer IP
Load Balancer Source Ranges | Ingress Gateway Load Balancer Source Ranges
Gateway CPU Limit | CPU resource limit for the istio-ingressgateway pod.
Gateway CPU Reservation | CPU reservation for the istio-ingressgateway pod.
Gateway Memory Limit | Memory resource limit for the istio-ingressgateway pod.
Gateway Memory Reservation | Memory resource requests for the istio-ingressgateway pod.
Gateway Selector | Ability to select the nodes in which istio-ingressgateway pod is deployed to. To use this option, the nodes must have labels.
content/rancher/v2.x/en/project-admin/service-mesh/_index.md
+48
View File
@@ -0,0 +1,48 @@
---
title: Service Mesh
weight: 3528
---
_Available as of v2.3.0-alpha_
Using Rancher, you can connect, secure, control, and observe services through integration with [Istio](https://istio.io/), a leading open-source service mesh solution. Istio provides behavioral insights and operational control over the service mesh as a whole, offering a complete solution to satisfy the diverse requirements of microservice applications.
>**Prerequisites:**
>
>- [Service Mesh]({{< baseurl >}}/rancher/v2.x/en/cluster-admin/tools/service-mesh/) must be enabled in cluster level.
>- To be a part of an Istio service mesh, pods and services in a Kubernetes cluster must satisfy the [Istio Pods and Services Requirements](https://istio.io/docs/setup/kubernetes/prepare/requirements/)
## Istio sidecar auto injection
In create and edit namespace page, you can enable or disable [Istio sidecar auto injection](https://istio.io/blog/2019/data-plane-setup/#automatic-injection). When you enable it, Rancher will add `istio-injection=enabled` label to the namespace automatically.
## View Traffic Graph
Rancher integrates Kiali Graph into Rancher UI. The Kiali graph provides a powerful way to visualize the topology of your service mesh. It shows you which services communicate with each other.
To see the traffic graph for a particular namespace:
1. From the **Global** view, navigate to the project that you want to view traffic graph.
1. Select **Service Mesh** in the navigation bar.
1. Select **Traffic Graph** in the navigation bar.
1. Select the namespace. Note: It only shows the namespaces which has `istio-injection=enabled` label
## View Traffic Metrics
With Istios monitoring features, it provides visibility into the performance of all your services.
To see the Success Rate, Request Volume, 4xx Request Count, Project 5xx Request Count and Request Duration metrics:
1. From the **Global** view, navigate to the project that you want to view traffic metrics.
1. Select **Service Mesh** in the navigation bar.
1. Select **Traffic Metrics** in the navigation bar.
## Other Istio Features
As Istio has been deployed in your cluster, you can use all [Istio Features](https://istio.io/docs/concepts/what-is-istio/#core-features) in the cluster.