Last active
October 13, 2022 02:53
-
-
Save howardjohn/95607bc10edf9c5123bebc57d1e5e61c to your computer and use it in GitHub Desktop.
An example of configuring aggregate cluster using EnvoyFilter. Currently needs patched Pilot with go-control-plane updated: gcr.io/howardjohn-istio/pilot:1575492376, and proxy from `master`
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# First define a basic deployment+service that will act as our local service | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: httpbin | |
namespace: default | |
spec: | |
selector: | |
matchLabels: | |
app: httpbin | |
template: | |
metadata: | |
labels: | |
app: httpbin | |
spec: | |
containers: | |
- name: httpbin | |
image: docker.io/kennethreitz/httpbin | |
resources: | |
limits: | |
memory: "128Mi" | |
cpu: "500m" | |
ports: | |
- containerPort: 80 | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: httpbin | |
namespace: default | |
spec: | |
selector: | |
app: httpbin | |
ports: | |
- name: http | |
port: 80 | |
targetPort: 80 | |
# Next, we define a ServiceEntry for our external service that we will fall back to | |
--- | |
apiVersion: networking.istio.io/v1alpha3 | |
kind: ServiceEntry | |
metadata: | |
name: fallback | |
namespace: default | |
spec: | |
hosts: | |
- httpbin.internal #does not have to be resolvable | |
location: MESH_INTERNAL | |
ports: | |
- number: 80 | |
name: http | |
protocol: HTTP | |
resolution: DNS | |
endpoints: | |
- address: httpbin.org | |
locality: external | |
--- | |
# Create a service entry just to get the proper routes set up. | |
# This is pretty much a hack | |
apiVersion: networking.istio.io/v1alpha3 | |
kind: ServiceEntry | |
metadata: | |
name: mixed-mode-service | |
namespace: default | |
spec: | |
hosts: | |
# has to be dns resolvable by app so that traffic exits app | |
# and reaches sidecar on port 80 | |
- httpbin.org | |
location: MESH_INTERNAL | |
ports: | |
- number: 80 | |
name: http | |
protocol: HTTP | |
resolution: NONE | |
--- | |
# Get the config patches set up | |
# We remove the original httpbin.org cluster with our new aggregate cluster | |
apiVersion: networking.istio.io/v1alpha3 | |
kind: EnvoyFilter | |
metadata: | |
name: aggregate-cluster | |
namespace: default | |
spec: | |
configPatches: | |
- applyTo: CLUSTER | |
match: | |
cluster: | |
name: "outbound|80||httpbin.org" | |
patch: | |
operation: REMOVE | |
- applyTo: CLUSTER | |
match: | |
context: SIDECAR_OUTBOUND # will match outbound listeners in all sidecars | |
cluster: | |
name: "PassthroughCluster" | |
patch: | |
operation: ADD | |
value: | |
name: "outbound|80||httpbin.org" | |
lb_policy: CLUSTER_PROVIDED | |
connect_timeout: 1s | |
cluster_type: | |
name: envoy.clusters.aggregate | |
typed_config: | |
"@type": type.googleapis.com/envoy.config.cluster.aggregate.v2alpha.ClusterConfig | |
clusters: | |
- outbound|80||httpbin.default.svc.cluster.local | |
- outbound|80||httpbin.internal | |
--- | |
# outlierDetection is needed in order to determine when to fail over | |
apiVersion: networking.istio.io/v1alpha3 | |
kind: DestinationRule | |
metadata: | |
name: outlier | |
namespace: default | |
spec: | |
host: "httpbin.default.svc.cluster.local" | |
trafficPolicy: | |
outlierDetection: | |
consecutiveErrors: 3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
thanks for your super prompt response!