置： ~]# kubectl edit svc -n istio-system istio-ingressgateway spec: externalIPs: - 192 … ~]# kubectl get svc -n istio-system | grep istio-ingressgateway NAME TYPE CLUSTER … 一： ~]# kubectl edit svc -n istio-system istio-ingressgateway spec: - name: http

--dport 15090 -j RETURN -A ISTIO_INBOUND -p tcp -m tcp … --dport 15021 -j RETURN -A ISTIO_INBOUND -p tcp -m tcp … 行代理。 -A ISTIO_OUTPUT -j ISTIO_REDIRECT # 剩下的

-started/ 下载Istio： curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1 … 面： ~]# kubectl label namespace default istio-injection=enabled namespace/default labeled … AGE LABELS default Active 202d istio-injection=enabled,kubernetes.io/metadata

到default上 apiVersion: networking.istio.io/v1beta1 kind: VirtualService … 条件 # demoapp apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata … .net" VirtualService： apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata

subset: v1 apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata … subset: v1 apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata … grayscale namespace: default spec: selector: istio: ingressgateway servers: - hosts: -

入的。 Sidecar： apiVersion: networking.istio.io/v1alpha3 kind: Sidecar metadata … : - "default/*" - hosts: - "istio-system/*" Sidecar： apiVersion: networking … 进入blackhole。 apiVersion: networking.istio.io/v1beta1 kind: Sidecar metadata

.com dr： apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata … instance-id: nginx01 apiVersion: networking.istio.io/v1beta1 kind: WorkloadEntry metadata … workloadEntry dr： apiVersion: networking.istio.io/v1beta1 kind: DestinationRule

name: egress namespace: istio-system spec: selector: app: istio-egressgateway servers: - … "*" vs： apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata … route: - destination: host: istio-egressgateway.istio-system.svc.cluster.local #

-it demoappv10-5c497c6f7c-76gs7 -c istio-proxy -- pilot-agent request GET … : # 在这配置 proxy.istio.io/config: |- proxyStatsMatcher: inclusionRegexps: - " … 用telemetry v2： apiVersion: install.istio.io/v1alpha1 kind: IstioOperator spec

-it demoappv10-5c497c6f7c-w25b2 -c istio-proxy -- pilot-agent request GET … -it demoappv10-5c497c6f7c-w25b2 -c istio-proxy -- pilot-agent request GET … -it demoappv10-5c497c6f7c-76gs7 -c istio-proxy -- pilot-agent request GET

: mode: DISABLE apiVersion: networking.istio.io/v1beta1 kind: Gateway metadata … -dashboard-gateway namespace: istio-system spec: selector: app: istio-ingressgateway servers: - … net" apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata

-dashboard-gateway namespace: istio-system spec: selector: app: istio-ingressgateway servers: - … : mode: PASSTHROUGH apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata … .ops.net" gateways: - istio-system/argocd-dashboard-gateway tls

立的服务，如istio中的mixer，每个 … 能差，所以在istio中一般不开

路器设置。在istio中这些机制

， 分别是SPIRE和Istio Citadel。 workload： Pod中的

改默认就行 istio: enabled: false proxy: port: 15001