Home ยป Notes

Service Mesh  sandbox 

What is a service mesh, and where to use one?
29.8.24 28.11.24 / Notes / 1 min
Table of Contents

What is a service mesh?

Examples

Istio

Uses Envoy
Sidecar or Ambient mode

https://istio.io/latest/docs/concepts/traffic-management/

Components

  • Virtual Service
  • Destination Rule
  • Gateway
  • Service Entry (can register external services)

Logging

Deploy this to enable access logging on a specific app. Ref

apiVersion: telemetry.istio.io/v1alpha1
kind: Telemetry
metadata:
  name: app-access-logs
  namespace: app-namespace
spec:
  selector:
    matchLabels:
      service.istio.io/canonical-name: app-name
  accessLogging:
    - providers:
      - name: envoy

Log response body for a particular app using lua http filters.

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: app-resp-log
  namespace: app-namespace
spec:
  workloadSelector:
    labels:
      service.istio.io/canonical-name: app-name
  configPatches:
  - applyTo: HTTP_FILTER
    match:
      context: ANY
      listener:
        filterChain:
          filter:
            name: envoy.filters.network.http_connection_manager
    patch:
      operation: INSERT_BEFORE
      value: 
       name: envoy.lua
       typed_config:
          "@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua"
          inlineCode: |
            function envoy_on_response(response_handle) 
                local body = response_handle:body()
                local jsonString = tostring(body:getBytes(0, body:length()))
                response_handle:logErr("Status: "..response_handle:headers():get(":status"))
                response_handle:logErr("BodyJSONString: "..jsonString)
            end

Modify log level on running containers. Ref

kubectl -n namespace exec -i -t pod/podname -c istio-proxy -- /bin/sh
$ curl -X POST http://localhost:15000/logging?level=debug