共计 8847 个字符,预计需要花费 23 分钟才能阅读完成。
本篇文章为大家展示了如何进行 Pilot-agent 作用及其源码的分析,内容简明扼要并且容易理解,绝对能使你眼前一亮,通过这篇文章的详细介绍希望你能有所收获。
丸趣 TV 小编使用的 Istio 源码是 release 1.5。
介绍
Sidecar 在注入的时候会注入 istio-init 和 istio-proxy 两个容器。Pilot-agent 就是启动 istio-proxy 的入口。通过 kubectl 命令我们可以看到启动命令:
[root@localhost ~]# kubectl exec -it details-v1-6c9f8bcbcb-shltm -c istio-proxy -- ps -efww
UID PID PPID C STIME TTY TIME CMD
istio-p+ 1 0 0 08:52 ? 00:00:13 /usr/local/bin/pilot-agent proxy sidecar --domain default.svc.cluster.local --configPath /etc/istio/proxy --binaryPath /usr/local/bin/envoy --serviceCluster details.default --drainDuration 45s --parentShutdownDuration 1m0s --discoveryAddress istiod.istio-system.svc:15012 --zipkinAddress zipkin.istio-system:9411 --proxyLogLevel=warning --proxyComponentLogLevel=misc:error --connectTimeout 10s --proxyAdminPort 15000 --concurrency 2 --controlPlaneAuthPolicy NONE --dnsRefreshRate 300s --statusPort 15020 --trust-domain=cluster.local --controlPlaneBootstrap=false
istio-p+ 18 1 0 08:52 ? 00:01:11 /usr/local/bin/envoy -c /etc/istio/proxy/envoy-rev0.json --restart-epoch 0 --drain-time-s 45 --parent-shutdown-time-s 60 --service-cluster details.default --service-node sidecar~172.20.0.14~details-v1-6c9f8bcbcb-shltm.default~default.svc.cluster.local --max-obj-name-len 189 --local-address-ip-version v4 --log-format [Envoy (Epoch 0)] [%Y-%m-%d %T.%e][%t][%l][%n] %v -l warning --component-log-level misc:error --concurrency 2Pilot-agent 除了启动 istio-proxy 以外还有以下能力:
生成 Envoy 的 Bootstrap 配置文件;
健康检查;
监视证书的变化,通知 Envoy 进程热重启,实现证书的热加载;
提供 Envoy 守护功能,当 Envoy 异常退出的时候重启 Envoy;
通知 Envoy 优雅退出;
代码执行流程分析
proxyCmd = cobra.Command{
Use: proxy ,
Short: Envoy proxy agent ,
FParseErrWhitelist: cobra.FParseErrWhitelist{
UnknownFlags: true,
RunE: func(c *cobra.Command, args []string) error {
// 用于设置默认配置文件的默认配置相关参数
proxyConfig := mesh.DefaultProxyConfig()
// set all flags
proxyConfig.CustomConfigFile = customConfigFile
proxyConfig.ProxyBootstrapTemplatePath = templateFile
proxyConfig.ConfigPath = configPath
proxyConfig.BinaryPath = binaryPath
proxyConfig.ServiceCluster = serviceCluster
proxyConfig.DrainDuration = types.DurationProto(drainDuration)
proxyConfig.ParentShutdownDuration = types.DurationProto(parentShutdownDuration)
proxyConfig.DiscoveryAddress = discoveryAddress
proxyConfig.ConnectTimeout = types.DurationProto(connectTimeout)
proxyConfig.StatsdUdpAddress = statsdUDPAddress
ctx, cancel := context.WithCancel(context.Background())
// 启动 status server
if statusPort 0 {
localHostAddr := localHostIPv4
if proxyIPv6 {
localHostAddr = localHostIPv6
prober := kubeAppProberNameVar.Get()
// 健康探测
statusServer, err := status.NewServer(status.Config{
LocalHostAddr: localHostAddr,
AdminPort: proxyAdminPort,
// 通过参数 --statusPort 15020 设置
StatusPort: statusPort,
KubeAppProbers: prober,
NodeType: role.Type,
if err != nil {cancel()
return err
go waitForCompletion(ctx, statusServer.Run)
}
...
// 构造 Proxy 实例, 包括配置,启动参数等
envoyProxy := envoy.NewProxy(envoy.ProxyConfig{
Config: proxyConfig,
Node: role.ServiceNode(),
LogLevel: proxyLogLevel,
ComponentLogLevel: proxyComponentLogLevel,
PilotSubjectAltName: pilotSAN,
MixerSubjectAltName: mixerSAN,
NodeIPs: role.IPAddresses,
DNSRefreshRate: dnsRefreshRate,
PodName: podName,
PodNamespace: podNamespace,
PodIP: podIP,
SDSUDSPath: sdsUDSPath,
SDSTokenPath: sdsTokenPath,
STSPort: stsPort,
ControlPlaneAuth: controlPlaneAuthEnabled,
DisableReportCalls: disableInternalTelemetry,
OutlierLogPath: outlierLogPath,
PilotCertProvider: pilotCertProvider,
// 构造 agent 实例,实现了 Agent 接口
agent := envoy.NewAgent(envoyProxy, features.TerminationDrainDuration())
if nodeAgentSDSEnabled {tlsCertsToWatch = []string{}
// 构造 watcher 实例
watcher := envoy.NewWatcher(tlsCertsToWatch, agent.Restart)
// 启动 watcher
go watcher.Run(ctx)
// 优雅退出
go cmd.WaitSignalFunc(cancel)
// 启动 agent
return agent.Run(ctx)
}执行流程大概分成这么几步:
用于设置默认配置文件的默认配置相关参数;
启动 status server 进行健康检测;
构造 Proxy 实例, 包括配置,启动参数,并构造构造 agent 实例;
构造 watcher 实例,并启动;
开启线程监听信号,进行优雅退出;
启动 agent;
默认配置相关参数
kubectl exec -it details-v1-6c9f8bcbcb-shltm -c istio-proxy -- /usr/local/bin/pilot-agent proxy --help
Envoy proxy agent
Usage:
pilot-agent proxy [flags]
Flags:
--binaryPath string Path to the proxy binary (default /usr/local/bin/envoy)
--concurrency int number of worker threads to run
--configPath string Path to the generated configuration file directory (default /etc/istio/proxy)
--connectTimeout duration Connection timeout used by Envoy for supporting services (default 1s)
--controlPlaneAuthPolicy string Control Plane Authentication Policy (default NONE)
--controlPlaneBootstrap Process bootstrap provided via templateFile to be used by control plane components. (default true)
--customConfigFile string Path to the custom configuration file
--datadogAgentAddress string Address of the Datadog Agent
--disableInternalTelemetry Disable internal telemetry
--discoveryAddress string Address of the discovery service exposing xDS (e.g. istio-pilot:8080) (default istio-pilot:15010)
--dnsRefreshRate string The dns_refresh_rate for bootstrap STRICT_DNS clusters (default 300s)
--domain string DNS domain suffix. If not provided uses ${POD_NAMESPACE}.svc.cluster.local
--drainDuration duration The time in seconds that Envoy will drain connections during a hot restart (default 45s)
--envoyAccessLogService string Settings of an Envoy gRPC Access Log Service API implementation
--envoyMetricsService string Settings of an Envoy gRPC Metrics Service API implementation
-h, --help help for proxy
--id string Proxy unique ID. If not provided uses ${POD_NAME}.${POD_NAMESPACE} from environment variables
--ip string Proxy IP address. If not provided uses ${INSTANCE_IP} environment variable.
--lightstepAccessToken string Access Token for LightStep Satellite pool
--lightstepAddress string Address of the LightStep Satellite pool
--lightstepCacertPath string Path to the trusted cacert used to authenticate the pool
--lightstepSecure Should connection to the LightStep Satellite pool be secure
--mixerIdentity string The identity used as the suffix for mixer s spiffe SAN. This would only be used by pilot all other proxy would get this value from pilot
--outlierLogPath string The log path for outlier detection
--parentShutdownDuration duration The time in seconds that Envoy will wait before shutting down the parent process during a hot restart (default 1m0s)
--pilotIdentity string The identity used as the suffix for pilot s spiffe SAN
--proxyAdminPort uint16 Port on which Envoy should listen for administrative commands (default 15000)
--proxyComponentLogLevel string The component log level used to start the Envoy proxy (default misc:error)
--proxyLogLevel string The log level used to start the Envoy proxy (choose from {trace, debug, info, warning, error, critical, off}) (default warning)
--serviceCluster string Service cluster (default istio-proxy)
--serviceregistry string Select the platform for service registry, options are {Kubernetes, Consul, Mock} (default Kubernetes)
--statsdUdpAddress string IP Address and Port of a statsd UDP listener (e.g. 10.75.241.127:9125)
--statusPort uint16 HTTP Port on which to serve pilot agent status. If zero, agent status will not be provided.
--stsPort int HTTP Port on which to serve Security Token Service (STS). If zero, STS service will not be provided.
--templateFile string Go template bootstrap config
--tokenManagerPlugin string Token provider specific plugin name. (default GoogleTokenExchange)
--trust-domain string The domain to use for identities
--zipkinAddress string Address of the Zipkin service (e.g. zipkin:9411)从上面输出我们也可以看到 proxy 参数的含义以及对应的默认值。
func DefaultProxyConfig() meshconfig.ProxyConfig {
return meshconfig.ProxyConfig{
ConfigPath: constants.ConfigPathDir,
BinaryPath: constants.BinaryPathFilename,
ServiceCluster: constants.ServiceClusterName,
DrainDuration: types.DurationProto(45 * time.Second),
ParentShutdownDuration: types.DurationProto(60 * time.Second),
DiscoveryAddress: constants.DiscoveryPlainAddress,
ConnectTimeout: types.DurationProto(1 * time.Second),
StatsdUdpAddress: ,
EnvoyMetricsService: meshconfig.RemoteService{Address: },
EnvoyAccessLogService: meshconfig.RemoteService{Address: },
ProxyAdminPort: 15000,
ControlPlaneAuthPolicy: meshconfig.AuthenticationPolicy_NONE,
CustomConfigFile: ,
Concurrency: 0,
StatNameLength: 189,
Tracing: nil,
}默认的启动参数都在 DefaultProxyConfig 方法中设置,默认的启动配置如下所示:
ConfigPath:/etc/istio/proxy
BinaryPath:/usr/local/bin/envoy
ServiceCluster:istio-proxy
DrainDuration:45s
ParentShutdownDuration:60s
DiscoveryAddress:istio-pilot:15010
ConnectTimeout:1s
StatsdUdpAddress:
EnvoyMetricsService:meshconfig.RemoteService
EnvoyAccessLogService:meshconfig.RemoteService
ProxyAdminPort:15000
ControlPlaneAuthPolicy:0
CustomConfigFile:
Concurrency:0
StatNameLength:189
Tracing:nil
status server 健康检查
初始化 status server:
func NewServer(config Config) (*Server, error) {
s := Server{
statusPort: config.StatusPort,
ready: ready.Probe{
LocalHostAddr: config.LocalHostAddr,
AdminPort: config.AdminPort,
NodeType: config.NodeType,
return s, nil
}初始化完成之后会开启一个线程调用 statusServer 的 Run 方法:
go waitForCompletion(ctx, statusServer.Run)
正文完
