Tuesday, March 29, 2022

Istio executed analyzers by default when it is enabled.

annotations.K8sAnalyzer,

auth.AuthorizationPoliciesAnalyzer,

deployment.MultiServiceAnalyzer,

applicationUID.Analyzer,

deprecation.DeprecationAnalyzer,

gateway.IngressGatewayPortAnalyzer,

gateway.CertificateAnalyzer,

gateway.SecretAnalyzer,

gateway.ConflictingGatewayAnalyzer,

injection.Analyzer,

injection.ImageAnalyzer,

injection.ImageAutoAnalyzer,

meshnetworks.MeshNetworksAnalyzer,

service.PortNameAnalyzer,

sidecar.DefaultSelectorAnalyzer,

sidecar.SelectorAnalyzer,

virtualservice.ConflictingMeshGatewayHostsAnalyzer,

virtualservice.DestinationHostAnalyzer,

virtualservice.DestinationRuleAnalyzer,

virtualservice.GatewayAnalyzer,

virtualservice.JWTClaimRouteAnalyzer,

virtualservice.RegexAnalyzer,

destinationrule.CaCertificateAnalyzer,

serviceentry.Analyzer,

webhook.Analyzer,

schema.ValidationAnalyzer.WasmPlugin,

schema.ValidationAnalyzer.MeshConfig,

schema.ValidationAnalyzer.MeshNetworks,

schema.ValidationAnalyzer.DestinationRule,

schema.ValidationAnalyzer.EnvoyFilter,

schema.ValidationAnalyzer.Gateway,

schema.ValidationAnalyzer.ServiceEntry,

schema.ValidationAnalyzer.Sidecar,

schema.ValidationAnalyzer.VirtualService,

schema.ValidationAnalyzer.WorkloadEntry,

schema.ValidationAnalyzer.WorkloadGroup,

schema.ValidationAnalyzer.ProxyConfig,

schema.ValidationAnalyzer.AuthorizationPolicy,

schema.ValidationAnalyzer.PeerAuthentication,

schema.ValidationAnalyzer.RequestAuthentication,

schema.ValidationAnalyzer.Telemetry

Posted by at No comments:

Wednesday, March 16, 2022

Develop Istio and its operator locally

 To develop Istio locally on your machine can be problematic since Istiod deployment requires Istio pilot image to be available from a container image repository, this can be difficult since as a developer you are making changes to the container which is not in any repo yet. This process will let a developer to do this locally without using any container repo.


1. Build istio using your own version, for example, 

  export VERSION=1.20-dev
  export TAG=$VERSION
  export HUB=istio
  export DEBUG=1 (optional)
   
 make istioctl docker.pilot docker.proxyv2 docker.operator 

Istio source directory has a file named Makefile.core.mk which should have a environment variable named VERSION defined,  the value should be something like 1.13-dev, 1.14-dev etc depends on which branch you may have. You can use the above example to set up an Istio version yourself to something in your like. 

Alternatively, you can add export

2. Once your istiod, proxyv2, operator images are built, you can now run this script to upload these images to your kind cluster.

3. Then you use the newly built istioctl cli to deploy istio onto your cluster, this way, your kind cluster will have your local image available and running, you then can look at the logs from istiod, or proxyv2 to find issues or test features.

Posted by at No comments:

Monday, March 14, 2022

More git things

1. Get all the tags (releases most likely) 

     git fetch --all --tags 

2. Then checkout a specific tag

     git checkout tags/1.12.5 -b my1.12.5 

 3. Check you are indeed on the branch

     git branch

 

============

To sync with upstream master branch

1. Fetch upstream branch, for example

    git fetch upstream master

2. Switch to the local branch that you like to sync with the upstream branch

    git rebase upstream/master

 

3. Doing the above may produce conflict, then you will need to resolve the conflicts, then run the following command:

   git rebase --continue

 

4. Most likely you will need to do the following to get your branch pushed to your own remote repo.

   git push -f origin master

============

To get someone else's pull request for build or test purpose, assume that your local repo is the clone of your own repository, and upstream is the upstream repo. then do the following:

1.  git fetch upstream pull/$ID/head:$BRANCHNAME

2. git checkout $BRANCHNAME

Where $ID should be the pull request id which is normally found at the very end of the PR url. $BRANCHNAME should be just a name. Once the fetch command succeeded, you can use git checkout to switch to that branch and do whatever you need to do.

Posted by at No comments:

Wednesday, March 9, 2022

Analyzing Istio Performance

Based on the instruction from this link. One can find some performance information, the following two things one can do to help when running the tool in a server which does not have browser. 1. Specify an IP address which can be reached from outside of the machine, for example, the original command looks like this 
go tool pprof -http=:8888 localhost:8080/debug/pprof/heap
One can use a specific IP address to allow access from outside of the machine which is running the tool 
go tool pprof -http=192.168.56.32:8888 localhost:8080/debug/pprof/heap
2. When running in the server env. -no_browser option probably will be nice to avoid the warning messages from the process. 
go tool pprof -no_browser -http=192.168.56.32:8888 localhost:8080/debug/pprof/heap
Posted by at No comments:
Subscribe to: Posts (Atom)