Cloud - IT

Kubernetes "converts" its services and pods/endpoints into a ServiceEntry through Istio .   A service with two pods and two endpoints -  10.244.3.1, 10.244.3.2 -,  will be mapped to a ServiceEntry - host / IP address endpoint -. Endpoints  represent the IP addresses that a service sends its requests to. The "hosts" in the  ServiceEntry   Yaml file are associated with the service. A ServiceEntry adds newly added services to the service registry - database of existing services in Istio -, this allows existing services to be able to access these newly deployed ones. Below is an example of a service its endpoint and the resulting service entry : We have two nginx pods and the service entry that allows access through the host " service1.default.svc.cluster.local " to  the nginx applications.

We have the below destination rule for routing traffic to the containerized application " application1"  : We create VirtualService so that all the traffic goes to our application " application1 ": In the above  VirtualService all traffic goes to " application1 ". The below DestinationRule has an effect on " application1 " and all its traffic. To avoid having lot of requests going to our pods and slowing down the application running inside, we set a circuit breaker that will stop requests when a pod is handling more than two requests at the same time -   http1MaxPendingRequests -. We can create a circuit breaker for our service using a destination rule as follows: Above is the configuration file for a circuit breaker for any client applications making  a request to the " application1 "  of the " svc1.ns1.svc.cluster.local " service.  We are putting a cap on the number of connections and number of pending requests to ...

Istio provides loadbalancing for kubernetes . It also supports retries for failing pods and circuit breaking to reject requests for pods with a " degraded " service. It also provides it with " pool ejection ", which stops pods and removes them as a destination for the loadbalancer . Below is an example of kubernetes without Istio: The below diagram shows kubernetes with Istio : Some of the functions of the the proxy sidecar include: packet forwarding. routing. caching. loadbalancing. Below is a basic " RANDOM " loadbalancing rules for our service: We could use the VirtualService to implement a timeout for our service in case it fails, so the client application would just sit around waiting for a service that has failed: We could use the retry feature of Istio to can make more attempts to try to connect to an unresponsive service. Using a VirtualService , we could specify the " retry " parameter: The above  VirtualService  make " 5 " at...

Istio allows us to set routing rules that dictated how traffic flows to our pods . For that purpose Istio uses DestinationRules and VirtualServices . The below destination rules divides our pods into subsets - application-1, application-2 - of the service " example_service.svc.cluster.local ": Below is a VirtualService that forwards traffic using the above subsets, it  also   uses a weighting factor that determines the percentage of traffic that will be forwarded to each subset : The above VirtualService definition tells Istio that 80% of the traffic destined to the " example_service.svc.cluster.local " service will get forwarded to the pods with the label " app: v1 " and the rest will go to the  pods that have the " app: v2 " label.