Why does Istio require Pods belong to at least one Service in Kubernetes?
Question
Istio's deployment requirements state that a Pod must belong to at least one Kubernetes Service in order to form part of an Istio mesh. One of the reasons for this as I understand it is to create an entry to refer to the Pod (or group of Pods) in configuration rules (eg <serviceName>.<namespace>.svc.cluster.local ).
Are there any other reasons?
1 answers
solution1
1 2020-01-10 13:29:29
Many of Istio's features (policy enforcement, distributed tracing, cross-service metrics) depend on knowing what service a request is coming from . Ordinarily you only need to create Kubernetes services to route inbound requests to specific pods, but Istio uses them more generally to associate pods with abstract "services".
Say pod A is calling pod B. Even in plain Kubernetes you need a service for B, and the request from A would target the service rather than the pod directly. If you set up, for example, metrics in Istio (maybe using its built-in Prometheus), then Istio also tries to look up a service for A. If it finds it then you'll see metrics like istio_requests_total(source_service="A", destination_service="B") . If it doesn't the source will just show up as "unknown".
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.