Recently, xiaobian saw some questions about Service Mesh in the technology forum and communication group, but many people did not find the solution, even the technology god said it was difficult to solve!

  • When istio-Porxy fails, is there any way to connect directly?
  • What happens to the service if the Sidecar process fails?
  • Is there a way out? Can you fallback to direct mode?

This is undoubtedly a problem for developers. Istio is designed to enable service governance by allowing Sidecar to take over traffic. Traffic is hijacked by Sidecar before reaching the business. Therefore, whether the fallback can be lossless during Istio landing usually determines whether core services can access the Service Mesh.

To solve the above problems, SolarMesh added an important function in V1.7.1, that is, providing a direct connection mode for clusters on SolarcTL, reducing the loss caused by Sidecar failure, and providing an important guarantee for core services to access the Service Mesh.

SolarMesh Specifies how to use the direct connection mode

When the developer has deployed the BookInfo sample project and added sidecar to the BookInfo sample project service:

  • Visit the pre-deployed sample project Bookinfo page and refresh it a few more times, and you’ll find that without any policy intervention, the Book Reviews column on the page shows three states: red star, black star, and no star, with a probability of about 1:1:1.

  • The SolarMesh traffic view page is displayed to view the traffic topology.

  • At this point, the Reviews service has 3 versions with 3 states. First configure the version of the reviews on DestinationRule.

  • Create an HTTP policy on VirtualService and configure fault injection to inject fault code 500 into the Reviews service.

  • Revisit the bookinfo page for the sample project, and the reviews service has started reporting errors.

  • SolarMesh traffic view into the interface again, because the request has been system forced returns a 500 error, so will not arrive in real service, see is a productpage access reviews. The demo. SVC. Cluster. The local host, and the flow line is red.

  • If sidecar intercepts traffic, you can use the direct connection mode to ensure service continuity. Run the solarctl command to switch all pods in demo to the direct connection mode.

  • After the switchover, the POD does not restart, services are restored, and no traffic is detected in the traffic view. The traffic bypasses the Sidecar and directly reaches the service.

  • The direct connection mode is cancelled.

  • Refresh the page for the sample project Bookinfo, the fault occurs again, and sidecar starts working again.

  • Traffic views can re-identify their traffic.

The direct connection mode of SolarMeshv1.7.1 ensures service continuity even in extreme cases of Sidecar failure and improves enterprise R&D efficiency.