Istio 与大使 API 网关集成的问题
我已在 AWS EKS 集群上安装了大使 Api 网关。它按预期工作。 现在我想集成 Istio 服务网格。
我正在按照大使官方文件中给出的步骤进行操作。 https://www.getambassador.io/docs /edge-stack/latest/howtos/istio/#istio-integration。
但在集成 Istio 后,一些大使 Pod 不断崩溃。 一次,3 个 pod 中只有 1 个显示健康。
注意:Istio side car 已成功集成到所有大使 pod 中。我尝试过大使 2.1.1 & 2.1.2.但两者都有同样的问题。我无法让所有大使都保持健康。 我的 EKS 版本是 v1.19.13-eks
以下是错误:
time="2022-03-02 12:30:17.0687" level=error msg="Post \"http://localhost:8500/_internal/v0/watt?url=http%3A%2F%2Flocalhost%3A9696%2Fsnapshot\": dial tcp 127.0.0.1:8500: connect: connection refused" func=github.com/datawire/ambassador/v2/cmd/entrypoint.notifyWebhookUrl file="/go/cmd/entrypoint/notify.go:124" CMD=entrypoint PID=1 THREAD=/watcher
如果上述文档不足以将 Istio 与 AWS EKS 上的大使集成,请告诉我
编辑 1:在进一步调查中,我发现当我尝试集成时出现问题Istio 具有 PeerAuthentication STRICT 模式。默认(宽容)模式不存在此类问题。
但是启用STRICT模式后又出现了另一个问题,现在无法连接redis服务
I have Installed Ambassador Api gateway on AWS EKS cluster. It's working as expected.
Now I'd like to integrate Istio service mesh.
I'm following the steps given in the ambassador's official documentation.
https://www.getambassador.io/docs/edge-stack/latest/howtos/istio/#istio-integration.
But after Istio integration some ambassador pods are keep crashing.
At a time only 1 pod shows healthy out of 3.
Note: Istio side car are integrated successfully in all ambassador pods. and I have tried with Ambassador 2.1.1 & 2.1.2. But both has same issue. I'm not able to keep all ambassador pod healthy.
My EKS version is v1.19.13-eks
Below are the error:
time="2022-03-02 12:30:17.0687" level=error msg="Post \"http://localhost:8500/_internal/v0/watt?url=http%3A%2F%2Flocalhost%3A9696%2Fsnapshot\": dial tcp 127.0.0.1:8500: connect: connection refused" func=github.com/datawire/ambassador/v2/cmd/entrypoint.notifyWebhookUrl file="/go/cmd/entrypoint/notify.go:124" CMD=entrypoint PID=1 THREAD=/watcher
Please do let me know if the above documentation is not sufficient for Istio integration with Ambassador on AWS EKS
Edit 1: In further investigation I found the issue comes when I tried to integrate Istio with PeerAuthentication STRICT mode. There is no such issue with default (permissive) mode.
But another issue comes when enable the STRICT mode, and now it's failing to connect with redis service
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
经过一些调查和测试,我找到了使用 PeerAuthentication STRICT 模式将 Istio 与大使集成的方法。
修复:
将 REDIS_URL 环境变量更新为 https
from:
to
After some investigation and testing I find out the way to integrate Istio with Ambassador with PeerAuthentication STRICT mode.
the fix :
update the REDIS_URL env variable with https
from:
to