Skip to content
/ istio Public
forked from istio/istio

Connect, secure, control, and observe services.

istio.io

License

Apache-2.0 license
0 stars 7.9k forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

yuri-lcy/istio

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18,685 Commits
.github
.github
 
 
bin
bin
 
 
centralized
centralized
 
 
cni
cni
 
 
common
common
 
 
docker
docker
 
 
istioctl
istioctl
 
 
licenses
licenses
 
 
logo
logo
 
 
manifests
manifests
 
 
operator
operator
 
 
pilot
pilot
 
 
pkg
pkg
 
 
prow
prow
 
 
release
release
 
 
releasenotes
releasenotes
 
 
samples
samples
 
 
security
security
 
 
tests
tests
 
 
tools
tools
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
BUGS-AND-FEATURE-REQUESTS.md
BUGS-AND-FEATURE-REQUESTS.md
 
 
CODEOWNERS
CODEOWNERS
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
Makefile.core.mk
Makefile.core.mk
 
 
Makefile.overrides.mk
Makefile.overrides.mk
 
 
README.md
README.md
 
 
RELEASE_BRANCHES.md
RELEASE_BRANCHES.md
 
 
SUPPORT.md
SUPPORT.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
istio.deps
istio.deps
 
 

Repository files navigation

Table of Contents

Introduction

The east-west traffic in Istio is carried by envoy sidecars, which are deployed in every pod together with the application containers. Sidecars provide the functions of secure service-to-service communication, load balancing for various protocols, flexible traffic control and policy, and complete tracing.

However, there are also a few disadvantages of sidecars. First of all, deploying one sidecar to every pod can be resource-consuming and introduce complexity, especially when the number of pods is huge. Not only must those resources be provisioned to the sidecars, but also the control plane to manage the sidecar and to push configurations can be demanding. Second, a query needs to go through two sidecars, one in the source pod and the other one in the destination pod, in order to reach the destination. For delay-sensitive applications, sometimes, the extra time spent in the sidecars is not acceptable.

We noted that, for the majority of our HTTP applications, many of the rich features in sidecars are unused. That's why we want to propose a light-weighted way to serve east-west traffic without the drawbacks mentioned in the previous paragraph. Our focus is on the HTTP applications that do not require advanced security features, like mTLS.

We propose the centralized east-west traffic gateway, which moves the sidecars and the functionalities they carry to nodes that are dedicated for sidecars, and no application container shares those nodes. This way, no modifications are required on the nodes, and we can save on the resources and the delay. In addition, we can decouple the network management from application management, and also avoid the resource competition between application and networking. However, because we move the sidecars out of the nodes of applications, we at the same time lose some of the security and tracing abilities provided by the original sidecars. Our observation is that the majority of our applications do not require those features.

Build

Build binary

make build

Build acmg docker image

make docker.acmg

Install

  1. Enter the directory ./out/$(arch)/
cd ./out/$(arch)/
  1. Install acmg profile
istioctl install --set profile=acmg

Uninstall

  1. Enter the directory ./out/$(arch)/
cd ./out/$(arch)/
  1. Uninstall acmg profile
istioctl uninstall --purge -y

Example

cd samples/helloworld-acmg

kubectl apply -f helloworld.yaml
kubectl apply -f helloworld-virtualservice.yaml

License

Apache License 2.0

About

Connect, secure, control, and observe services.

istio.io

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

275 tags

Packages

No packages published

Languages

  • Go 98.1%
  • Shell 1.2%
  • Makefile 0.5%
  • Python 0.1%
  • Smarty 0.1%
  • C++ 0.0%