Last active
December 6, 2019 19:14
-
-
Save karthikt-yahoo/55b80f78b0d1c20cfd02a111fb7fff6c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Yahoo Implementation of Istio CNI: | |
| ----------------------------------- | |
| Yahoo didn't adopt the native method of running istio-cni-node Daemonset for the following reasons, | |
| 1. There could be a chance of race condition that a POD can be launched without istio-proxy sidecar, | |
| when the istiocni DS pod is shutting down as it remove the istio cni chained plugin configuration | |
| from CNI config file(/etc/cni/net.d/10-ptp.conflist). | |
| 2. Daemonset ISTIO-CNI-NODE conflicted the on-perm implementation of CNI config file Management. | |
| In-house kube-node bootstrap process will setup the following related to istio-cni, | |
| 1. istio-cni binary, istio-iptables.sh (use the same from istio-cni-node DS). | |
| 2. CNI configuration with chained istio-cni plugin. | |
| 3. kubeconfig, credentials need by istio-cni binary to communicate with kube-api. | |
| Any kube-node brought in to the cluster will have istio-cni and mandate the pod initializing passing istio-cni. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment