Previously:
What exactly does ServiceMesh Solve?
What is Istio anyway?
Istio Hierarchical Architecture Design?
In Istio architecture, Traffic Management is implemented by Envoy Proxy of data plane, but the core of the whole architecture actually lies in Pilot of control plane.
The grayscale publishing process has been described in Istio, Grayscale Publishing. Today we will focus on the interaction flow and internal structure of Pilot and Envoy.
I. General interaction process
Here is:
-
Gray circle, for business service
-
Purple hexagon, Envoy
The two go hand in hand.
Initially, upstream caller ServiceA accesses downstream service provider ServiceB version V1. After ServiceB version V2 is deployed, how does the caller know the instruction that SvcA splits 1% of the traffic to SvcB version V2?
The whole process is mainly divided into three steps:
(1) The user modifies the routing policy (label 1) from A to B through the Pilot API in the background of the control plane;
(2) Pilot solidifies the routing policy and stores it so that the newly registered caller A can know the latest routing policy in the future; For an existing caller A, Pilot actively notifies the Envoy (labeled 2) corresponding to caller A;
(3) Enacting the latest routing strategy (labeled 3) as the data plane, in this case, enacting 1% of the traffic to the grayscale version Bv2;
Service discovery and load balancing
The general flow control strategy implementation process is described, while service discovery and load balancing are just a special case of strategy implementation:
(1) Add a Pod (Label 1) to the SvcB that provides services;
(2) Modify the cluster configuration of SvcB (label 2) in the Pilot background;
(3) Pilot synchronizes the latest SvcB information to the subscriber (label 3) of this configuration, that is, the Proxy corresponding to the SvcA of the caller of SvcB.
(4) Add the link between SvcA Proxy and SvcB (label 4) and implement load balancing;
Voiceover: It is actually linked to the Proxy corresponding to the SvcB.
The entire process is similar to implementing service discovery using a configuration center.
Requested entry and exit
At the core of ServiceMesh is the decoupling of technical infrastructure from business services. Service A calls service B. Again:
-
A service in a container Pod, the service process (SrvA/SrvB) and the sidecar process (Proxy) are co-existing, and their interaction is local (label 1).
-
Remote calls between pods across containers must be made through Proxy (label 2)
By implication, service A calls service B, and the request flows as follows:
SvcA -> SvcA Proxy -> SvcB Proxy -> SvcB
The response flow is reversed:
SvcB -> SvcB Proxy -> SvcA Proxy -> SvcA
Call across the network, request entry and exit, are proxies.
Four, Pilot internal structure
Pilot’s internal structure is not complicated:
(1) The core of Pilot is the Abstract Model for the maintenance of various flow control strategies;
(2) Inevitably, the Pilot needs to provide interfaces for users to add, delete, check and change these policies, Rules API;
(3) On the one hand, Pilot needs to maintain the compatibility of all kinds of underlying infrastructure, Platform Adapter;
(4) On the other hand, Pilot needs to maintain compatibility of different Proxy real interfaces, Envoy API;
The benefits of this design are:
-
Istio has been designed with a heterogeneous infrastructure in mind, compatible regardless of whether the underlying architecture is K8s or other architectures
-
Any third party can implement its own proxy and integrate with Pilot as long as it complies with relevant API standards
The interaction of Pilot and Envoy, at the heart of Istio, so that:
-
Service Discovery
-
Load balancing
-
Failure Recovery
-
Service Metrics
-
Service Monitoring
-
A/B testing
-
Grayscale publishing (Canary Rollouts)
-
Rate limiting
And many other capabilities can be implemented.
MerviceMesh is not as complicated as you might think.
Thinking is more important than conclusion.
The architect’s Path– Share technical ideas