istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/archive/v0.1/docs/concepts/policy-and-control/mixer-aspect-config.html

41 lines
21 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html><html lang="en" itemscope itemtype="https://schema.org/WebPage" style="overflow-y: scroll;"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><meta name="title" content="Mixer Aspect Configuration"><meta name="og:title" content="Mixer Aspect Configuration"><meta name="og:image" content="/v0.1/img/logo.png"/><meta name="description" content="Explains how to configure a Mixer Aspect and its dependencies."><meta name="og:description" content="Explains how to configure a Mixer Aspect and its dependencies."><title>Istioldie 0.1 / Mixer Aspect Configuration</title><script> window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date; ga('create', 'UA-98480406-2', 'auto'); ga('send', 'pageview'); </script> <script async src='https://www.google-analytics.com/analytics.js'></script><link href='https://fonts.googleapis.com/css?family=Roboto:400,100,100italic,300,300italic,400italic,500,500italic,700,700italic,900,900italic' rel='stylesheet' type='text/css'><link rel="alternate" type="application/rss+xml" title="Istio Blog RSS" href="/v0.1/feed.xml"><link rel="apple-touch-icon" href="/v0.1/favicons/apple-touch-icon.png" sizes="180x180"><link rel="icon" type="image/png" href="/v0.1/favicons/android-chrome-96x96.png" sizes="96x96" ><link rel="icon" type="image/png" href="/v0.1/favicons/favicon-32x32.png" sizes="32x32"><link rel="icon" type="image/png" href="/v0.1/favicons/favicon-16x16.png" sizes="16x16"><link rel="manifest" href="/v0.1/favicons/manifest.json"><link rel="mask-icon" href="/v0.1/favicons/safari-pinned-tab.svg" color="#2DA6B0"><meta name="msapplication-TileColor" content="#ffffff"><meta name="msapplication-TileImage" content="/v0.1/favicons/mstile-150x150.png"><link href="//maxcdn.bootstrapcdn.com/bootstrap/3.3.1/css/bootstrap.min.css" rel="stylesheet"><link rel="stylesheet" href="/v0.1/css/all.css"><link rel="stylesheet" href="/v0.1/css/prism.css"><link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css"> <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script></head><body class="language-unknown"><div class="nav-hero-container" style="z-index: 200000;"><nav id="header-nav" class="navbar navbar-inverse" role="navigation"><div class="container"><div class="row"><div class="col-md-11 nofloat center-block "><div class="navbar-header"> <button type="button" class="hamburger navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar-collapse-1" aria-expanded="false"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="navbar-brand" href="/v0.1/"><div> <img src="/v0.1/img/logo.png" alt="Istio" width="36px" height="54px"/> <span class="brand-name">Istioldie 0.1</span></div></a></div><div class="collapse navbar-collapse" id="navbar-collapse-1"><ul class="nav navbar-nav navbar-right"><li><a href="/v0.1/about/" >About</a></li><li><a href="/v0.1/docs/" class='current'>Docs</a></li><li><a href="/v0.1/blog/" >Blog</a></li><li><a href="/v0.1/community/" >Community</a></li><li><a href="/v0.1/faq/" >FAQ</a></li><li class="dropdown"> <a class="dropdown-toggle" data-toggle="dropdown" href=""> <i class='fa fa-lg fa-cog'></i> <span class="caret"></span> </a><ul class="dropdown-menu"><h6 class="dropdown-header">Other versions of this site</h6><li> <a href="https://istio.io">Current Release</a></li><li> <a href="https://preliminary.istio.io">Next Release</a></li><li> <a href="https://archive.istio.io">Older Releases</a></li></ul></li><li><form name="cse" id="searchbox_demo" class="navbar-form navbar-right" role="search"> <input type="hidden" name="cx" value="013699703217164175118:iwwf17ikgf4" /> <input type="hidden" name="ie" value="utf-8" /> <input type="hidden" name="hl" value="en" /><div class="form-group"><div class="input-group"> <input name="q" class="form-control" type="text" size="30" /><div class="input-group-addon"> <span class="btn-search glyphicon glyphicon-search"></span></div></div></div></form> <script type="text/javascript" src="https://www.google.com/cse/brand?form=searchbox_demo"></script></li></ul></div></div></div></div></nav></div><div class="container"><div class="row"><div class="col-md-11 nofloat center-block" style="margin-top: 3px;"><ul class="col-sm-10 nav nav-tabs"><li role="presentation" ><a href="/v0.1/docs/index.html">Welcome</a></li><li role="presentation" class='active'><a href="/v0.1/docs/concepts/index.html">Concepts</a></li><li role="presentation" ><a href="/v0.1/docs/tasks/index.html">Tasks</a></li><li role="presentation" ><a href="/v0.1/docs/samples/index.html">Samples</a></li><li role="presentation" ><a href="/v0.1/docs/reference/index.html">Reference</a></li></ul></div></div></div><script src="/v0.1/js/navtree.js"></script><div class="container docs"><div class="row"><div class="col-md-11 nofloat center-block"><div class="row"><div id="sidebar-container" class="col-sm-3"><ul class="doc-side-nav"><li><h5 class='doc-side-nav-title'>Concepts</h5></li><script type="text/javascript"> var docs = []; docs.push({path: [ "index.md", ], url: "/docs/concepts/index.html", title: "Concepts", order: 10, overview: "Concepts help you learn about the different parts of the Istio system and the abstractions it uses."}); docs.push({path: [ "network-and-auth", "auth.md", ], url: "/docs/concepts/network-and-auth/auth.html", title: "Auth", order: 10, overview: "Architectural deep-dive into the design of Auth, which provides the secure communication channel and strong identity for Istio."}); docs.push({path: [ "network-and-auth", "index.md", ], url: "/docs/concepts/network-and-auth/index.html", title: "Network and Auth", order: 30, overview: "Introduces core network and authentication functionality."}); docs.push({path: [ "policy-and-control", "attributes.md", ], url: "/docs/concepts/policy-and-control/attributes.html", title: "Attributes", order: 10, overview: "Explains the important notion of attributes, which is a central mechanism for how policies and control are applied to services within the mesh."}); docs.push({path: [ "policy-and-control", "index.md", ], url: "/docs/concepts/policy-and-control/index.html", title: "Policies and Control", order: 40, overview: "Introduces the policy control mechanisms."}); docs.push({path: [ "policy-and-control", "mixer-aspect-config.md", ], url: "/docs/concepts/policy-and-control/mixer-aspect-config.html", title: "Mixer Aspect Configuration", order: 38, overview: "Explains how to configure a Mixer Aspect and its dependencies."}); docs.push({path: [ "policy-and-control", "mixer-config.md", ], url: "/docs/concepts/policy-and-control/mixer-config.html", title: "Mixer Configuration", order: 30, overview: "An overview of the key concepts used to configure Mixer."}); docs.push({path: [ "policy-and-control", "mixer.md", ], url: "/docs/concepts/policy-and-control/mixer.html", title: "Mixer", order: 20, overview: "Architectural deep-dive into the design of Mixer, which provides the policy and control mechanisms within the service mesh."}); docs.push({path: [ "traffic-management", "fault-injection.md", ], url: "/docs/concepts/traffic-management/fault-injection.html", title: "Fault Injection", order: 40, overview: "Introduces the idea of systematic fault injection that can be used to uncover conflicting failure recovery policies across services."}); docs.push({path: [ "traffic-management", "handling-failures.md", ], url: "/docs/concepts/traffic-management/handling-failures.html", title: "Handling Failures", order: 30, overview: "An overview of failure recovery capabilities in Envoy that can be leveraged by unmodified applications to improve robustness and prevent cascading failures."}); docs.push({path: [ "traffic-management", "index.md", ], url: "/docs/concepts/traffic-management/index.html", title: "Traffic Management", order: 20, overview: "Describes the various Istio features focused on traffic routing and control."}); docs.push({path: [ "traffic-management", "load-balancing.md", ], url: "/docs/concepts/traffic-management/load-balancing.html", title: "Discovery & Load Balancing", order: 25, overview: "Describes how traffic is load balanced across instances of a service in the mesh."}); docs.push({path: [ "traffic-management", "overview.md", ], url: "/docs/concepts/traffic-management/overview.html", title: "Overview", order: 0, overview: "Provides a conceptual overview of traffic management in Istio and the features it enables."}); docs.push({path: [ "traffic-management", "pilot.md", ], url: "/docs/concepts/traffic-management/pilot.html", title: "Pilot", order: 10, overview: "Introduces Pilot, the component responsible for managing a distributed deployment of Envoy proxies in the service mesh."}); docs.push({path: [ "traffic-management", "request-routing.md", ], url: "/docs/concepts/traffic-management/request-routing.html", title: "Request Routing", order: 20, overview: "Describes how requests are routed between services in an Istio service mesh."}); docs.push({path: [ "traffic-management", "rules-configuration.md", ], url: "/docs/concepts/traffic-management/rules-configuration.html", title: "Rules Configuration", order: 50, overview: "Provides a high-level overview of the domain-specific language used by Istio to configure traffic management rules in the service mesh."}); docs.push({path: [ "what-is-istio", "goals.md", ], url: "/docs/concepts/what-is-istio/goals.html", title: "Design Goals", order: 20, overview: "Describes the core principles that Istio's design adheres to."}); docs.push({path: [ "what-is-istio", "index.md", ], url: "/docs/concepts/what-is-istio/index.html", title: "What is Istio?", order: 10, overview: "A broad overview of the Istio system."}); docs.push({path: [ "what-is-istio", "overview.md", ], url: "/docs/concepts/what-is-istio/overview.html", title: "Overview", order: 15, overview: "Provides a conceptual introduction to Istio, including the problems it solves and its high-level architecture."}); genNavBarTree(docs) </script></ul></div><div id="tab-container" class="col-xs-1 tab-neg-margin pull-left"> <a id="sidebar-tab" class="glyphicon glyphicon-chevron-left" href="javascript:void 0;"></a></div><div id="content-container" class="thin-left-border col-sm-9 markdown"><div id="toc" class="toc"></div><div id="doc-content"><h1>Mixer Aspect Configuration</h1><p>Explains how to configure a Mixer <em>Aspect</em> and its dependencies.</p><h2 id="overview">Overview</h2><p>Mixer configuration expresses system behavior by specifying three key pieces of information: <strong>what</strong> action to take, <strong>how</strong> to take that action, and <strong>when</strong> to take that action.</p><ul><li><p><strong>What action to take:</strong> <a href="./mixer-config.html#Aspects"><em>Aspect</em></a> configuration defines <em>what</em> action to take. These actions include logging, metrics collection, list checks, quota enforcement and others. <a href="./mixer-config.html#Descriptors"><em>Descriptors</em></a> are named and re-usable parts of the aspect configuration. For example the <code>metrics</code> aspect defines the <a href="/v0.1/docs/reference/config/mixer/mixer-config.html#istio.mixer.v1.config.descriptor.MetricDescriptor"><code>MetricDescriptor</code></a> and refers to the MetricDescriptor instances by name.</p></li><li><p><strong>How to take that action:</strong> <a href="./mixer-config.html#Adapters"><em>Adapter</em></a> configuration defines <em>how</em> to take an action. The metrics adapter configuration includes details of the infrastructure backends.</p></li><li><p><strong>When to take that action:</strong> <a href="./mixer-config.html#Selectors"><em>Selectors</em></a> and <code>subjects</code> define <em>when</em> to take an action. Selectors are attribute-based expressions like <code>response.code == 200</code> and Subjects are hierarchical resource names like <code>myservice.namespace.svc.cluster.local</code>.</p></li></ul><h2 id="configuration-steps">Configuration steps</h2><p>Consider the following aspect configuration that <a href="/v0.1/docs/tasks/rate-limiting.html">enables rate limits</a>.</p><pre><code class="language-yaml">- aspects:
- kind: quotas
params:
quotas:
- descriptorName: RequestCount
maxAmount: 5
expiration: 1s
labels:
label1: target.service
</code></pre><p>It <em>uses</em> <code>RequestCount</code> to describe the quota. The following is an example of the <code>RequestCount</code> descriptor.</p><pre><code class="language-yaml">name: RequestCount
rate_limit: true
labels:
label1: 1 # STRING
</code></pre><p>In this example, <code>rate_limit</code> is <code>true</code>, hence the <code>aspect</code> must specify an <code>expiration</code>. Similarly, the <code>aspect</code> must supply one label of type <code>string</code>.</p><p>Mixer delegates the work of applying rate limits to an <code>adapter</code> that implements the <code>quotas</code> kind. <a href="https://github.com/istio/mixer/blob/master/testdata/configroot/scopes/global/adapters.yml">adapters.yml</a> defines this configuration.</p><pre><code class="language-yaml">- name: default
kind: quotas
impl: memQuota
params:
minDeduplicationDuration: 2s
</code></pre><p>The <code>memQuota</code> adapter in the above example takes one parameter. An operator may switch from <code>memQuota</code> to <code>redisQuota</code> by specifying an alternate <code>quotas</code> adapter.</p><pre><code class="language-yaml">- name: default
kind: quotas
impl: redisQuota
params:
redisServerUrl: redisHost:6379
minDeduplicationDuration: 2s
</code></pre><p>The following example shows how to use a <a href="./mixer-config.html#Selectors"><em>selector</em></a> to apply rate limits selectively.</p><pre><code class="language-yaml">- selector: source.labels["app"]=="reviews" &amp;&amp; source.labels["version"] == "v3"
aspects:
- kind: quotas
params:
quotas:
- descriptorName: RequestCount
maxAmount: 5
expiration: 1s
labels:
label1: target.service
</code></pre><h2 id="aspect-associations">Aspect associations</h2><p>The steps outlined in the previous section apply to all of Mixers aspects. Each aspect requires specific <code>desciptors</code> and <code>adapters</code>. The following table enumerates valid combinations of the <code>aspects</code>, the <code>descriptors</code> and the <code>adapters</code>.</p><table><thead><tr><th>Aspect</th><th>Descriptors</th><th>Adapters</th></tr></thead><tbody><tr><td><a href="/v0.1/docs/reference/config/mixer/aspects/quotas.html">Quota enforcement</a></td><td><a href="/v0.1/docs/reference/config/mixer/mixer-config.html#istio.mixer.v1.config.descriptor.QuotaDescriptor">QuotaDescriptor</a></td><td><a href="/v0.1/docs/reference/config/mixer/adapters/memQuota.html">memQuota</a>, <a href="/v0.1/docs/reference/config/mixer/adapters/redisquota.html">redisQuota</a></td></tr><tr><td><a href="/v0.1/docs/reference/config/mixer/aspects/metrics.html">Metrics collection</a></td><td><a href="/v0.1/docs/reference/config/mixer/mixer-config.html#metricdescriptor">MetricDescriptor</a></td><td><a href="/v0.1/docs/reference/config/mixer/adapters/prometheus.html">prometheus</a>,<a href="/v0.1/docs/reference/config/mixer/adapters/statsd.html">statsd</a></td></tr><tr><td><a href="/v0.1/docs/reference/config/mixer/aspects/lists.html">Whitelist/Blacklist</a></td><td>None</td><td><a href="/v0.1/docs/reference/config/mixer/adapters/genericListChecker.html">genericListChecker</a>,<a href="/v0.1/docs/reference/config/mixer/adapters/ipListChecker.html">ipListChecker</a></td></tr><tr><td><a href="/v0.1/docs/reference/config/mixer/aspects/accessLogs.html">Access logs</a></td><td><a href="/v0.1/docs/reference/config/mixer/mixer-config.html#logentrydescriptor">LogEntryDescriptor</a></td><td><a href="/v0.1/docs/reference/config/mixer/adapters/stdioLogger.html">stdioLogger</a></td></tr><tr><td><a href="/v0.1/docs/reference/config/mixer/aspects/applicationLogs.html">Application logs</a></td><td><a href="/v0.1/docs/reference/config/mixer/mixer-config.html#logentrydescriptor">LogEntryDescriptor</a></td><td><a href="/v0.1/docs/reference/config/mixer/adapters/stdioLogger.html">stdioLogger</a></td></tr><tr><td><a href="/v0.1/docs/reference/config/mixer/aspects/denials.html">Deny Request</a></td><td>None</td><td><a href="/v0.1/docs/reference/config/mixer/adapters/denyChecker.html">denyChecker</a></td></tr></tbody></table><p>Istio uses <a href="https://developers.google.com/protocol-buffers/"><code>protobufs</code></a> to define configuration schemas. The <a href="/v0.1/docs/reference/writing-config.html">Writing Configuration</a> document explains how to express <code>proto</code> definitions as <code>yaml</code>.</p><h2 id="organization-of-configuration">Organization of configuration</h2><p>Aspect configuration applies to a <code>subject</code>. A <code>Subject</code> is a resource in a hierarchy. Typically <code>subject</code> is the fully qualified name of a service, namespace or a cluster. An aspect configuration may apply to the <code>subject</code> resource and its sub-resources.</p><h2 id="pushing-configuration">Pushing configuration</h2><p><code>istioctl</code> pushes configuration changes to the API server. As of the alpha release, the API server supports pushing only aspect rules.</p><p>A temporary workaround allows you to push <code>adapters.yml</code> and <code>descriptors.yml</code> as follows.</p><ol><li>Find the Mixer pod FIXME<pre><code class="language-bash">kubectl get pods -l istio=mixer
</code></pre><p>The output is similar to this:</p><pre><code>NAME READY STATUS RESTARTS AGE
istio-mixer-2657627433-3r0nn 1/1 Running 0 2d
</code></pre></li><li>Fetch adapters.yml from Mixer<pre><code class="language-bash">kubectl cp istio-mixer-2657627433-3r0nn:/etc/opt/mixer/configroot/scopes/global/adapters.yml adapters.yml
</code></pre></li><li>Edit the file and push it back.<pre><code class="language-bash">kubectl cp adapters.yml istio-mixer-2657627433-3r0nn:/etc/opt/mixer/configroot/scopes/global/adapters.yml
</code></pre></li><li><p><code>/etc/opt/mixer/configroot/scopes/global/descriptors.yml</code> is similarly updated.</p></li><li>View Mixer logs to see validation errors since the above operation bypasses the API server.</li></ol><h2 id="default-configuration">Default configuration</h2><p>Mixer provides default definitions for commonly used <a href="https://github.com/istio/mixer/blob/master/testdata/configroot/scopes/global/descriptors.yml">descriptors</a> and <a href="https://github.com/istio/mixer/blob/master/testdata/configroot/scopes/global/adapters.yml">adapters</a>.</p><h2 id="whats-next">Whats next</h2><ul><li><p>Learn more about <a href="./mixer.html">Mixer</a> and <a href="./mixer-config.html">Mixer Config</a>.</p></li><li><p>Discover the full <a href="/v0.1/docs/reference/config/mixer/attribute-vocabulary.html">Attribute Vocabulary</a>.</p></li></ul></div></div></div></div></div></div><script src="/v0.1/js/sidemenu.js"></script><footer><div class="container"><div class="row"><div class="col-md-2"></div><div class="col-md-3 col-sm-4 col-xs-12 center-block"><ul class="toggle"><p class="header">Docs</p><li><a href="/v0.1/docs/">Welcome</a></li><li><a href="/v0.1/docs/concepts">Concepts</a></li><li><a href="/v0.1/docs/tasks">Tasks</a></li><li><a href="/v0.1/docs/samples">Samples</a></li><li><a href="/v0.1/docs/reference">Reference</a></li></ul></div><hr class="footer-sections" /><div class="col-md-3 col-sm-4 col-xs-12 center-block"><ul class="toggle"><p class="header">Resources</p><li><a href="/v0.1/faq">Frequently Asked Questions</a></li><li><a href="/v0.1/troubleshooting">Troubleshooting Guide</a></li><li><a href="/v0.1/bugs">Report a Bug</a></li><li><a href="https://github.com/istio/istio.github.io/issues/new?title=Issue with _docs/concepts/policy-and-control/mixer-aspect-config.md">Report a Doc Issue</a></li><li><a href="https://github.com/istio/istio.github.io/edit/master/_docs/concepts/policy-and-control/mixer-aspect-config.md">Edit This Page on GitHub</a></li></ul></div><hr class="footer-sections" /><div class="col-md-3 col-sm-4 col-xs-12 center-block"><ul class="toggle"><p class="header">Community</p><li><a href="https://groups.google.com/forum/#!forum/istio-users" target="_blank"><span class="group">User</span></a> | <a href="https://groups.google.com/forum/#!forum/istio-dev" target="_blank">Dev Mailing Lists</a></li><li><a href="https://twitter.com/IstioMesh" target="_blank"><span class="twitter">Twitter</span></a></li><li><a href="https://github.com/istio/istio" target="_blank"><span class="github">GitHub</span></a></li></ul></div><div class="col-md-1"></div></div><div class="row"><p class="description small text-center"> Copyright &copy; 2017 Istio Authors<br> Istio 0.1<br> Archived on 20-Jul-2017</p></div></div></footer><script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/jquery.validate.min.js"></script> <script src="/v0.1/js/jquery.form.min.js"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.1/js/bootstrap.min.js"></script> <script src="/v0.1/js/slick.min.js"></script> <script src="/v0.1/js/jquery.visible.min.js"></script> <script src="/v0.1/js/common.js" type="text/javascript" charset="utf-8"></script> <script src="/v0.1/js/buttons.js"></script> <script src="/v0.1/js/search.js"></script> <script src="/v0.1/js/prism.js"></script></body></html>
Reference in New Issue View Git Blame Copy Permalink