个人中心
gpt4 book ai didi

kubernetes - ServiceEntry 与服务和端点

转载 作者:行者123 更新时间:2023-12-02 12:27:50 28 4
gpt4 key购买 nike

使用 ServiceEntry 的主要好处是什么?当我可以简单地创建 Service (如果此服务是一组外部 IP,则定义 Endpoints 而不是 selector )。在哪些情况下我不能依赖 Service ?

最佳答案

我想说 documentation 中提到了主要好处,您可以配置流量路由,定义重试、超时、故障注入(inject)等。

A service entry describes the properties of a service (DNS name, VIPs, ports, protocols, endpoints). These services could be external to the mesh (e.g., web APIs) or mesh-internal services that are not part of the platform’s service registry (e.g., a set of VMs talking to services in Kubernetes).



You use a service entry to add an entry to the service registry that Istio maintains internally. After you add the service entry, the Envoy proxies can send traffic to the service as if it was a service in your mesh. Configuring service entries allows you to manage traffic for services running outside of the mesh, including the following tasks:


  • 重定向和转发外部目的地的流量,例如 API
    从网络消费,或传统服务的流量
    基础设施。
  • 定义 retry , timeout , 和 fault injection对外政策
    目的地。
  • adding VMs to yourmesh. 在虚拟机 (VM) 中运行网格服务
  • 逻辑地将不同集群中的服务添加到网格中以
    配置multicluster Istio mesh在 Kubernetes 上。

    • You don’t need to add a service entry for every external service that you want your mesh services to use. By default, Istio configures the Envoy proxies to passthrough requests to unknown services. However, you can’t use Istio features to control the traffic to destinations that aren’t registered in the mesh.

    The following example mesh-external service entry adds the ext-svc.example.com external dependency to Istio’s service registry:


    apiVersion: networking.istio.io/v1alpha3
    kind: ServiceEntry
    metadata:
      name: svc-entry
    spec:
      hosts:
      - ext-svc.example.com
      ports:
      - number: 443
        name: https
        protocol: HTTPS
      location: MESH_EXTERNAL
      resolution: DNS

    You specify the external resource using the hosts field. You can qualify it fully or use a wildcard prefixed domain name.

    You can configure virtual services and destination rules to control traffic to a service entry in a more granular way, in the same way you configure traffic for any other service in the mesh. For example, the following destination rule configures the traffic route to use mutual TLS to secure the connection to the ext-svc.example.com external service that we configured using the service entry:


    apiVersion: networking.istio.io/v1alpha3
    kind: DestinationRule
    metadata:
      name: ext-res-dr
    spec:
      host: ext-svc.example.com
      trafficPolicy:
        tls:
          mode: MUTUAL
          clientCertificate: /etc/certs/myclientcert.pem
          privateKey: /etc/certs/client_private_key.pem
          caCertificates: /etc/certs/rootcacerts.pem

    See the Service Entry reference for more possible configuration options.

    关于kubernetes - ServiceEntry 与服务和端点,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61853610/

    28 4 0
    文章推荐: android - Kotlin 扩展函数来拆分大类
    文章推荐: java.lang.IllegalStateException : Neither BindingResult nor plain target object for bean name 'login' available as request attribute
    文章推荐: java - 如何处理我的 Recyclerview 的 onClick 项目
    文章推荐: kubernetes - 如何从 kubernetes 集群内提供的服务访问安装在 kubernetes 集群外的 kafka
    行者123
    个人简介

    我是一名优秀的程序员,十分优秀!

    滴滴打车优惠券免费领取
    滴滴打车优惠券
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com