我在 Azure 上有一个启用了虚拟节点的 AKS 集群 (virtual-kubelet/azure-aci v1.3.2),它工作正常(有点不稳定,但大部分工作正常)。我的问题是,一旦我在想要在虚拟节点上运行的任何部署上启用 istio side car 注入(inject),istio-proxy sidecar 将不会启动,从而阻止整个 pod 启动。我认为问题在于 virtual-kubelet/azure-aci 尚不支持 v1:status.podIP,而 istio sidecar 规范利用了它。
有人遇到过这个问题吗?我在 googlez 上找不到任何有关 istio + virtual kubelet 的信息。
我暂时正在解决这个问题,方法是在它所依赖的一个依赖项上使用 PERMISSIVE mtls 模式,以便能够进行 http 调用,并通过部署上的注释关闭 side car 注入(inject)。这并不理想。
谢谢
最佳答案
编辑:Istio CNI 插件可以作为一种解决方法。 还没有尝试过,但文档说:
For application pods in the Istio service mesh, all traffic to/from the pods needs to go through the sidecar proxies (istio-proxy containers). This istio-cni Container Network Interface (CNI) plugin will set up the pods' networking to fulfill this requirement in place of the current Istio injected pod
initContainersistio-initapproach.
引用:https://github.com/istio/istio/tree/master/cni
Istio 使用 init 容器来启动 istio 容器。但虚拟节点尚不支持 Init 容器。 这解释了为什么 Istio 没有在您的虚拟节点中启动。
Virtual Nodes functionality is heavily dependent on ACI's feature set. In addition to the quotas and limits for Azure Container Instances, the following scenarios are not yet supported with Virtual nodes:
- Using service principal to pull ACR images. Workaround is to use Kubernetes secrets
- Virtual Network Limitations including VNet peering, Kubernetes network policies, and outbound traffic to the internet with network security groups.
- Init containers
- Host aliases
- Arguments for exec in ACI
- DaemonSets will not deploy pods to the virtual nodes
- Virtual nodes support scheduling Linux pods. You can manually install the open source Virtual Kubelet ACI provider to schedule Windows Server containers to ACI.
- Virtual nodes require AKS clusters with Azure CNI networking.
- Using api server authorized ip ranges for AKS.
- Volume mounting Azure Files share support General-purpose V1. Follow the instructions for mounting a volume with Azure Files share
- Using IPv6 is not supported.
关于azure - 有没有办法在 azure 上的虚拟节点中运行 Istio sidecar?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/66181369/