cross-cluster-mesh-postcard | Cross k8s cluster mesh with Istio on EKS and GKE | Service Mesh library
kandi X-RAY | cross-cluster-mesh-postcard Summary
kandi X-RAY | cross-cluster-mesh-postcard Summary
Cross k8s cluster mesh with Istio on EKS and GKE
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of cross-cluster-mesh-postcard
cross-cluster-mesh-postcard Key Features
cross-cluster-mesh-postcard Examples and Code Snippets
Community Discussions
Trending Discussions on Service Mesh
QUESTION
This is the first time I have been trying to install managed Anthos into one of the clusters in GKE. I admit I do not fully understand the full process of installation and troubleshooting I have already done.
It looks like a managed service has failed to install. When I run:
...ANSWER
Answered 2022-Mar-23 at 17:04I created a new node pool with more CPU and more nodes as I was getting warning about not having enough CPU. Istio service mesh increases the need for CPU.
I migrated my deployment from old node pool to the new one.
I run
istioctl analyze -A
and found a few warnings aboutistio-injection
not being enabled in a few namespaces. I fixed that.I re run
asmcli install
command withoutCA
./asmcli install --project_id my-app --cluster_name my-cluster --cluster_location europe-west1-b --fleet_id my-app --output_dir anthos-service-mesh --enable_all
All or some of the above did the trick.
QUESTION
I'm trying to access my ETCD database from a K8s controller, but getting rpc error/EOF when trying to open ETCD client.
My setup:
- ETCD service is deployed in my K8s cluster and included in my Istio service mesh (its DNS record:
my-etcd-cluster.my-etcd-namespace.svc.cluster.local
) - I have a custom K8s controller developed with use of Kubebuilder framework and deployed in the same cluster, different namespace, but configured to be a part of the same Istio service mesh
- I'm trying to connect to ETCD database from the controller, using Go client SDK library for ETCD
Here's my affected Go code:
...ANSWER
Answered 2022-Mar-21 at 08:25Turned out to be version mismatch - my ETCD db is v3.5.2 and the clientv3 library that I used was v3.5.0. As seen in ETCD changelog (https://github.com/etcd-io/etcd/blob/main/CHANGELOG/CHANGELOG-3.5.md):
QUESTION
I have a spring boot application running in a Nomad cluster with Consul Connect enabled.
...ANSWER
Answered 2022-Feb-18 at 06:48Finally found it. Nomad has an option to expose a particular endpoint via sidecar proxy without mTLS authentication. The use case of this option is specifically for health check or metrics.
https://www.nomadproject.io/docs/job-specification/expose#expose-examples
The expose
stanza inside connect
stanza helps to achieve this.
QUESTION
I am trying to understand how we can create circuit breakers for cloud run services,Unlike in GKE we are using istio kind of service mesh how we implement same thing cloud Run ?
...ANSWER
Answered 2022-Jan-30 at 15:53On GKE you'd set up a circuit breaker to prevent overloading your legacy backend systems from a surge in requests.
To accomplish the same on Cloud Run or Cloud Functions, you can set a maximum number of instances. From that documentation:
Specifying maximum instances in Cloud Run allows you to limit the scaling of your service in response to incoming requests, although this maximum setting can be exceeded for a brief period due to circumstances such as traffic spikes. Use this setting as a way to control your costs or to limit the number of connections to a backing service, such as to a database.
QUESTION
I'm just learning service mesh using istio and I found a strange behavior.
To understand maxRequestsPerConnection
of Istio DestinationRule
CRD, I write the below manifest and apply it.
ANSWER
Answered 2021-Nov-03 at 09:35First things first: HTTP/1.1 does allow multiple request per connection with Keep-Alive
header. This is the default behavior (RFC 2616, Section 8.1).
The documentation is a bit unclear.
maxRequestsPerConnection description states:
Maximum number of requests per connection to a backend. Setting this parameter to 1 disables keep alive. Default 0, meaning “unlimited”, up to 2^29.
Setting maxRequestsPerConnection
to 1
disables Keep-Alive
. Setting it to any other value (value > 1) switches Keep-Alive
back on.
Setting this field to proper value (not too high, not too low) is the hard part of configuring Istio, and is dependent on your application needs and traffic.
QUESTION
I'm in the process of vetting a move to service mesh. While Istio
and Consul Connect
are certainly still in the cards, I'm leaning towards building up from a bit lower level with Linkerd
and SPIFFE/SPIRE
.
I want to build a 'hello world' mesh to test this architecture out. In this hello world mesh, I'd like to be able to issue certificates from SPIFFE/SPIRE
that encode some kind of role. As you can probably tell, I'm new to service meshes. How would I implement roles? Are there any guides out there to help get me started?
ANSWER
Answered 2021-Sep-23 at 16:25So there isn't any kind of integration with Linkerd and SPIFFE/SPIRE. As of right now there isn't any particular plan for an integration but you can see the existing issue for more details. The next release of Linkerd, 2.11, will include the ability to create server side policy but current versions don't enforce any kind of policy settings.
QUESTION
getting error curl: (56) response reading failed
while trying to send email via smtp using curl. checked the isto-proxy logs of sidecar but don't see any error
logs related to this host. Tried the solution mentioned in How to access external SMTP server from within Kubernetes cluster with Istio Service Mesh as well but didn't work.
service entry
...ANSWER
Answered 2021-Sep-14 at 10:38Most probably port number is causing the error and if not, try deleting the mesh policies
Also please validate based on below points:
1.If you recently updated istio try downgrading it. 2.Look again in Sidecar logs for any conflicts or try disabling it. 3.When it comes to curl 56 error packet transmission; limit could be the problem.
QUESTION
Can someone help me to understand if service mesh itself is a type of ingress or if there is any difference between service mesh and ingress?
...ANSWER
Answered 2021-Aug-31 at 10:45An "Ingress" is responsible for Routing Traffic into your Cluster (from the Docs: An API object that manages external access to the services in a cluster, typically HTTP.)
On the other side, a Service-Mesh is a tool that adds proxy-Containers as Sidecars to your Pods and Routs traffic between your Pods through those proxy-Containers.
use-Cases for Service-Meshes are i.E.
- distributed tracing
- secure (SSL) connections between pods
- resilience (service-mesh can reroute traffic from failed requests)
- network-performance-monitoring
QUESTION
I deployed Istio using the operator and added a custom ingress gateway which is only accessible from a certain source range (our VPN).
...ANSWER
Answered 2021-Aug-19 at 07:33You can create an ingress class that references the ingress controller that is deployed by default in the istio-system namespace. This configuration with ingress will work, however to my current knowledge, this is only used for backwards compatibility. If you want to use istio ingress controller functionality, you should use istio gateway and virtual service instead:
Using the Istio Gateway, rather than Ingress, is recommended to make use of the full feature set that Istio offers, such as rich traffic management and security features.
If this solution is not optimal for you, you should use e.g. nginx ingress controller and you can still bind it with annotations (deprecated) or using IngressClass
. To my present knowledge it is not possible to bind this ingress class with an additional ingress controller. If you need an explanation, documentation, you should create an issue on github.
Summary: The recommended option is to use the gateway with virtual service. Another possibility is to use nginx alone ingress with different classes and an ingress resource for them.
QUESTION
So i created an AWS EKS
cluster & proceeded with trying to created a service mesh using AWS App Mesh
on AWS EKS
using EKS workshop
& AWS App Mesh user guide. The appmesh controller installs.
kubectl get pods
confirms it.
ANSWER
Answered 2021-Aug-12 at 14:55Apparently, it was a stupid mistake of missing out serviceAccountName
in the deployment template spec.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install cross-cluster-mesh-postcard
AWS CLI / AWS credentials
(optional) gcloud / gcloud authorization
kubectl
tmux
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page