istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/archive/v1.14/blog/2021/statefulsets-made-easier/index.html

151 lines
32 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html><html lang=en itemscope itemtype=https://schema.org/WebPage><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=theme-color content="#466BB0"><meta name=title content="StatefulSets Made Easier With Istio 1.10"><meta name=description content="Learn how to easily deploy StatefulSets with Istio 1.10."><meta name=author content="Lin Sun (Solo.io), Christian Posta (Solo.io), John Howard (Google), Zhonghu Xu (Huawei)"><meta name=keywords content="microservices,services,mesh,statefulset,Istio,networking,localhost,loopback,eth0"><meta property="og:title" content="StatefulSets Made Easier With Istio 1.10"><meta property="og:type" content="website"><meta property="og:description" content="Learn how to easily deploy StatefulSets with Istio 1.10."><meta property="og:url" content="/v1.14/blog/2021/statefulsets-made-easier/"><meta property="og:image" content="https://raw.githubusercontent.com/istio/istio.io/master/static/img/istio-whitelogo-bluebackground-framed.svg"><meta property="og:image:alt" content="Istio Logo"><meta property="og:image:width" content="1024"><meta property="og:image:height" content="1024"><meta property="og:site_name" content="Istio"><meta name=twitter:card content="summary"><meta name=twitter:site content="@IstioMesh"><title>Istioldie 1.14 / StatefulSets Made Easier With Istio 1.10</title><script async src="https://www.googletagmanager.com/gtag/js?id=UA-98480406-2"></script>
<script>window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}gtag("js",new Date),gtag("config","UA-98480406-2")</script><link rel=alternate type=application/rss+xml title="Istio Blog" href=/v1.14/blog/feed.xml><link rel=alternate type=application/rss+xml title="Istio News" href=/v1.14/news/feed.xml><link rel=alternate type=application/rss+xml title="Istio Blog and News" href=/v1.14/feed.xml><link rel="shortcut icon" href=/v1.14/favicons/favicon.ico><link rel=apple-touch-icon href=/v1.14/favicons/apple-touch-icon-180x180.png sizes=180x180><link rel=icon type=image/png href=/v1.14/favicons/favicon-16x16.png sizes=16x16><link rel=icon type=image/png href=/v1.14/favicons/favicon-32x32.png sizes=32x32><link rel=icon type=image/png href=/v1.14/favicons/android-36x36.png sizes=36x36><link rel=icon type=image/png href=/v1.14/favicons/android-48x48.png sizes=48x48><link rel=icon type=image/png href=/v1.14/favicons/android-72x72.png sizes=72x72><link rel=icon type=image/png href=/v1.14/favicons/android-96x96.png sizes=96xW96><link rel=icon type=image/png href=/v1.14/favicons/android-144x144.png sizes=144x144><link rel=icon type=image/png href=/v1.14/favicons/android-192x192.png sizes=192x192><link rel=icon type=image/svg+xml href=/v1.14/favicons/favicon.svg><link rel=icon type=image/png href=/v1.14/favicons/favicon.png><link rel=mask-icon href=/v1.14/favicons/safari-pinned-tab.svg color=#466bb0><link rel=manifest href=/v1.14/manifest.json><meta name=apple-mobile-web-app-title content="Istio"><meta name=application-name content="Istio"><meta name=msapplication-config content="/browserconfig.xml"><meta name=msapplication-TileColor content="#466BB0"><meta name=theme-color content="#466BB0"><link rel=stylesheet href=/v1.14/css/all.css><link rel=preconnect href=https://fonts.gstatic.com><link rel=stylesheet href="https://fonts.googleapis.com/css2?family=Barlow:ital,wght@0,400;0,500;0,600;0,700;1,400;1,600&display=swap"><script src=/v1.14/js/themes_init.min.js></script></head><body class="language-unknown archive-site"><script>const branchName="release-1.14",docTitle="StatefulSets Made Easier With Istio 1.10",iconFile="/v1.14/img/icons.svg",buttonCopy="Copy to clipboard",buttonPrint="Print",buttonDownload="Download"</script><script src="https://www.google.com/cse/brand?form=search-form" defer></script>
<script src=/v1.14/js/all.min.js data-manual defer></script><header class=main-navigation><nav class="main-navigation-wrapper container-l"><div class=main-navigation-header><a id=brand href=/v1.14/ aria-label=logotype><span class=logo><svg xmlns="http://www.w3.org/2000/svg" width="128" height="60" viewBox="0 0 128 60"><path d="M58.434 48.823A.441.441.0 0158.3 48.497V22.583a.444.444.0 01.134-.326.446.446.0 01.327-.134h3.527a.447.447.0 01.325.134.447.447.0 01.134.326v25.914a.443.443.0 01-.134.326.444.444.0 01-.325.134h-3.527a.444.444.0 01-.327-.134z"/><path d="m70.969 48.477a6.556 6.556.0 01-2.818-1.955 4.338 4.338.0 01-1-2.78v-.345a.443.443.0 01.134-.326.444.444.0 01.326-.135h3.374a.444.444.0 01.326.135.445.445.0 01.134.326v.077a2.014 2.014.0 001.054 1.667 4.672 4.672.0 002.664.709 4.446 4.446.0 002.492-.633 1.862 1.862.0 00.958-1.591 1.426 1.426.0 00-.786-1.322 12.7 12.7.0 00-2.549-.939l-1.457-.46a21.526 21.526.0 01-3.3-1.227 6.57 6.57.0 01-2.262-1.783 4.435 4.435.0 01-.92-2.894 5.081 5.081.0 012.109-4.275 8.993 8.993.0 015.558-1.591 10.445 10.445.0 014.1.748 6.3 6.3.0 012.722 2.07 5 5 0 01.958 3.009.441.441.0 01-.134.326.441.441.0 01-.325.134h-3.258a.441.441.0 01-.326-.134.443.443.0 01-.134-.326 1.974 1.974.0 00-.978-1.667 4.647 4.647.0 00-2.665-.671 4.741 4.741.0 00-2.435.556 1.724 1.724.0 00-.938 1.553 1.512 1.512.0 00.9 1.4 15.875 15.875.0 003.01 1.055l.843.229a27.368 27.368.0 013.412 1.246 6.67 6.67.0 012.338 1.763 4.387 4.387.0 01.958 2.933 4.988 4.988.0 01-2.146 4.275 9.543 9.543.0 01-5.712 1.552 11.626 11.626.0 01-4.227-.709z"/><path d="m97.039 32.837a.443.443.0 01-.326.135h-3.911a.169.169.0 00-.191.192v9.239a2.951 2.951.0 00.632 2.108 2.7 2.7.0 002.013.652h1.15a.444.444.0 01.325.134.441.441.0 01.134.326v2.875a.471.471.0 01-.459.5l-1.994.039a8 8 0 01-4.524-1.035q-1.495-1.035-1.533-3.91V33.166A.17.17.0 0088.164 32.974H85.978A.441.441.0 0185.652 32.839.441.441.0 0185.518 32.513V29.83a.441.441.0 01.134-.326.444.444.0 01.326-.135h2.186a.169.169.0 00.191-.192v-4.485a.438.438.0 01.134-.326.44.44.0 01.325-.134h3.336a.443.443.0 01.325.134.442.442.0 01.135.326v4.485a.169.169.0 00.191.192h3.911a.446.446.0 01.326.135.446.446.0 01.134.326v2.683a.446.446.0 01-.133.324z"/><path d="m101.694 25.917a2.645 2.645.0 01-.767-1.955 2.65 2.65.0 01.767-1.955 2.65 2.65.0 011.955-.767 2.65 2.65.0 011.955.767 2.652 2.652.0 01.767 1.955 2.647 2.647.0 01-.767 1.955 2.646 2.646.0 01-1.955.767 2.645 2.645.0 01-1.955-.767zm-.211 22.906a.441.441.0 01-.134-.326V29.79a.444.444.0 01.134-.326.446.446.0 01.326-.134h3.527a.446.446.0 01.326.134.445.445.0 01.134.326v18.707a.443.443.0 01-.134.326.443.443.0 01-.326.134h-3.527a.443.443.0 01-.326-.134z"/><path d="m114.019 47.734a8.1 8.1.0 01-3.047-4.255 14.439 14.439.0 01-.652-4.37 14.3 14.3.0 01.614-4.371A7.869 7.869.0 01114 30.56a9.072 9.072.0 015.252-1.5 8.543 8.543.0 015.041 1.5 7.985 7.985.0 013.009 4.14 12.439 12.439.0 01.69 4.37 13.793 13.793.0 01-.651 4.37 8.255 8.255.0 01-3.028 4.275 8.475 8.475.0 01-5.1 1.553 8.754 8.754.0 01-5.194-1.534zm7.629-3.1a4.536 4.536.0 001.476-2.262 11.335 11.335.0 00.383-3.221 10.618 10.618.0 00-.383-3.22 4.169 4.169.0 00-1.457-2.243 4.066 4.066.0 00-2.531-.785 3.942 3.942.0 00-2.453.785 4.376 4.376.0 00-1.5 2.243 11.839 11.839.0 00-.383 3.22 11.84 11.84.0 00.383 3.221 4.222 4.222.0 001.476 2.262 4.075 4.075.0 002.549.8 3.8 3.8.0 002.44-.809z"/><path d="m15.105 32.057v15.565a.059.059.0 01-.049.059L.069 50.25A.06.06.0 01.005 50.167l14.987-33.47a.06.06.0 01.114.025z"/><path d="m17.631 23.087v24.6a.06.06.0 00.053.059l22.449 2.507a.06.06.0 00.061-.084L17.745.032a.06.06.0 00-.114.024z"/><path d="m39.961 52.548-24.833 7.45a.062.062.0 01-.043.0L.079 52.548a.059.059.0 01.026-.113h39.839a.06.06.0 01.017.113z"/></svg></span></a><button id=hamburger class=main-navigation-toggle aria-label="Open navigation"><svg class="icon menu-hamburger"><use xlink:href="/v1.14/img/icons.svg#menu-hamburger"/></svg></button>
<button id=menu-close class=main-navigation-toggle aria-label="Close navigation"><svg class="icon menu-close"><use xlink:href="/v1.14/img/icons.svg#menu-close"/></svg></button></div><div id=header-links class=main-navigation-links-wrapper><ul class=main-navigation-links><li class=main-navigation-links-item><a class="main-navigation-links-link has-dropdown"><span>About</span><svg class="icon dropdown-arrow"><use xlink:href="/v1.14/img/icons.svg#dropdown-arrow"/></svg></a><ul class=main-navigation-links-dropdown><li class=main-navigation-links-dropdown-item><a href=/v1.14/about/service-mesh class=main-navigation-links-link>Service mesh</a></li><li class=main-navigation-links-dropdown-item><a href=/v1.14/about/solutions class=main-navigation-links-link>Solutions</a></li><li class=main-navigation-links-dropdown-item><a href=/v1.14/about/case-studies class=main-navigation-links-link>Case studies</a></li><li class=main-navigation-links-dropdown-item><a href=/v1.14/about/ecosystem class=main-navigation-links-link>Ecosystem</a></li><li class=main-navigation-links-dropdown-item><a href=/v1.14/about/deployment class=main-navigation-links-link>Deployment</a></li><li class=main-navigation-links-dropdown-item><a href=/v1.14/about/faq class=main-navigation-links-link>FAQ</a></li></ul></li><li class=main-navigation-links-item><a href=/v1.14/blog/ class=main-navigation-links-link><span>Blog</span></a></li><li class=main-navigation-links-item><a href=/v1.14/news/ class=main-navigation-links-link><span>News</span></a></li><li class=main-navigation-links-item><a href=/v1.14/get-involved/ class=main-navigation-links-link><span>Get involved</span></a></li><li class=main-navigation-links-item><a href=/v1.14/docs/ class=main-navigation-links-link><span>Documentation</span></a></li></ul><div class=main-navigation-footer><button id=search-show class=search-show title="Search this site" aria-label=Search><svg class="icon magnifier"><use xlink:href="/v1.14/img/icons.svg#magnifier"/></svg></button>
<a href=/v1.14/docs/setup/getting-started class="btn btn--primary" id=try-istio>Try Istio</a></div></div><form id=search-form class=search name=cse role=search><input type=hidden name=cx value=002184991200833970123:iwwf17ikgf4>
<input type=hidden name=ie value=utf-8>
<input type=hidden name=hl value=en>
<input type=hidden id=search-page-url value=/search>
<input id=search-textbox class="search-textbox form-control" name=q type=search aria-label="Search this site" placeholder=Search>
<button id=search-close title="Cancel search" type=reset aria-label="Cancel search"><svg class="icon menu-close"><use xlink:href="/v1.14/img/icons.svg#menu-close"/></svg></button></form></nav></header><div class=banner-container></div><article class=post itemscope itemtype=http://schema.org/BlogPosting><div class=header-content><h1>StatefulSets Made Easier With Istio 1.10</h1><p>Learn how to easily deploy StatefulSets with Istio 1.10.</p></div><p class=post-author>May 19, 2021 <span>|</span> By Lin Sun - Solo.io, Christian Posta - Solo.io, John Howard - Google, Zhonghu Xu - Huawei</p><div><p>Kubernetes <a href=https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/><code>StatefulSets</code></a> are commonly used to manage stateful applications. In addition to managing the deployment and scaling of a set of <code>Pods</code>, <code>StatefulSets</code> provide guarantees about the ordering and uniqueness of those <code>Pods</code>. Common applications used with <code>StatefulSets</code> include ZooKeeper, Cassandra, Elasticsearch, Redis and NiFi.</p><p>The Istio community has been making gradual progress towards zero-configuration support for <code>StatefulSets</code>; from automatic mTLS, to eliminating the need to create <code>DestinationRule</code> or <code>ServiceEntry</code> resources, to the most recent <a href=/v1.14/blog/2021/upcoming-networking-changes/>pod networking changes in Istio 1.10</a>.</p><p>What is unique about using a <code>StatefulSet</code> with a service mesh? The <code>StatefulSet</code> pods are created from the same spec, but are not interchangeable: each has a persistent identifier that it maintains across any rescheduling. The kind of apps that run in a <code>StatefulSet</code> are often those that need to communicate among their pods, and, as they come from a world of hard-coded IP addresses, may listen on the pod IP only, instead of <code>0.0.0.0</code>.</p><p>ZooKeeper, for example, is configured by default to not listen on all IPs for quorum communication:</p><pre><code class=language-plain data-expandlinks=true data-repo=istio>quorumListenOnAllIPs=false
</code></pre><p>Over the last few releases, the Istio community has <a href=https://github.com/istio/istio/issues/10659>reported many issues</a> around support for applications running in <code>StatefulSets</code>.</p><h2 id=statefulsets-in-action-prior-to-istio-1-10><code>StatefulSets</code> in action, prior to Istio 1.10</h2><p>In a GKE cluster running Kubernetes 1.19, we have Istio 1.9.5 installed. We enabled automatic sidecar injection in the <code>default</code> namespace, then we installed ZooKeeper using the <a href=https://artifacthub.io/packages/helm/bitnami/zookeeper>Helm charts provided by Bitnami</a>, along with the Istio <code>sleep</code> pod for interactive debugging:</p><pre><code class=language-bash data-expandlinks=true data-repo=istio>$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm install my-release bitnami/zookeeper --set replicaCount=3
$ kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.14/samples/sleep/sleep.yaml
</code></pre><p>After a few minutes, all pods come up nicely with sidecar proxies:</p><pre><code class=language-bash data-expandlinks=true data-outputis=yaml data-repo=istio>$ kubectl get pods,svc
NAME READY STATUS RESTARTS AGE
my-release-zookeeper-0 2/2 Running 0 3h4m
my-release-zookeeper-1 2/2 Running 0 3h4m
my-release-zookeeper-2 2/2 Running 0 3h5m
pod/sleep-8f795f47d-qkgh4 2/2 Running 0 3h8m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
my-release-zookeeper ClusterIP 10.100.1.113 &lt;none&gt; 2181/TCP,2888/TCP,3888/TCP 3h
my-release-zookeeper-headless ClusterIP None &lt;none&gt; 2181/TCP,2888/TCP,3888/TCP 3h
service/sleep ClusterIP 10.100.9.26 &lt;none&gt; 80/TCP 3h
</code></pre><p>Are our ZooKeeper services working and is the status <code>Running</code>? Lets find out! ZooKeeper listens on 3 ports:</p><ul><li>Port 2181 is the TCP port for clients to connect to the ZooKeeper service</li><li>Port 2888 is the TCP port for peers to connect to other peers</li><li>Port 3888 is the dedicated TCP port for leader election</li></ul><p>By default, the ZooKeeper installation configures port 2181 to listen on <code>0.0.0.0</code> but ports 2888 and 3888 only listen on the pod IP. Lets check out the network status on each of these ports from one of the ZooKeeper pods:</p><pre><code class=language-bash data-expandlinks=true data-outputis=yaml data-repo=istio>$ kubectl exec my-release-zookeeper-1 -c istio-proxy -- netstat -na | grep -E &#39;(2181|2888|3888)&#39;
tcp 0 0 0.0.0.0:2181 0.0.0.0:* LISTEN
tcp 0 0 10.96.7.7:3888 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:2181 127.0.0.1:37412 TIME_WAIT
tcp 0 0 127.0.0.1:2181 127.0.0.1:37486 TIME_WAIT
tcp 0 0 127.0.0.1:2181 127.0.0.1:37456 TIME_WAIT
tcp 0 0 127.0.0.1:2181 127.0.0.1:37498 TIME_WAIT
tcp 0 0 127.0.0.1:2181 127.0.0.1:37384 TIME_WAIT
tcp 0 0 127.0.0.1:2181 127.0.0.1:37514 TIME_WAIT
tcp 0 0 127.0.0.1:2181 127.0.0.1:37402 TIME_WAIT
tcp 0 0 127.0.0.1:2181 127.0.0.1:37434 TIME_WAIT
tcp 0 0 127.0.0.1:2181 127.0.0.1:37526 TIME_WAIT
tcp 0 0 127.0.0.1:2181 127.0.0.1:37374 TIME_WAIT
tcp 0 0 127.0.0.1:2181 127.0.0.1:37442 TIME_WAIT
tcp 0 0 127.0.0.1:2181 127.0.0.1:37464 TIME_WAIT
</code></pre><p>There is nothing <code>ESTABLISHED</code> on port 2888 or 3888. Next, let us get the ZooKeeper server status:</p><pre><code class=language-bash data-expandlinks=true data-outputis=yaml data-repo=istio>$ kubectl exec my-release-zookeeper-1 -c zookeeper -- /opt/bitnami/zookeeper/bin/zkServer.sh status
/opt/bitnami/java/bin/java
ZooKeeper JMX enabled by default
Using config: /opt/bitnami/zookeeper/bin/../conf/zoo.cfg
Client port found: 2181. Client address: localhost. Client SSL: false.
Error contacting service. It is probably not running.
</code></pre><p>From the above output, you can see the ZooKeeper service is not functioning properly. Let us check the cluster configuration for one of the ZooKeeper pods:</p><pre><code class=language-bash data-expandlinks=true data-outputis=yaml data-repo=istio>$ istioctl proxy-config cluster my-release-zookeeper-1 --port 3888 --direction inbound -o json
[
{
&#34;name&#34;: &#34;inbound|3888||&#34;,
&#34;type&#34;: &#34;STATIC&#34;,
&#34;connectTimeout&#34;: &#34;10s&#34;,
&#34;loadAssignment&#34;: {
&#34;clusterName&#34;: &#34;inbound|3888||&#34;,
&#34;endpoints&#34;: [
{
&#34;lbEndpoints&#34;: [
{
&#34;endpoint&#34;: {
&#34;address&#34;: {
&#34;socketAddress&#34;: {
&#34;address&#34;: &#34;127.0.0.1&#34;,
&#34;portValue&#34;: 3888
}
}
}
}
]
}
]
},
...
</code></pre><p>What is interesting here is that the inbound on port 3888 has <code>127.0.0.1</code> as its endpoint. This is because the Envoy proxy, in versions of Istio prior to 1.10, redirects the inbound traffic to the <code>loopback</code> interface, as described in <a href=/v1.14/blog/2021/upcoming-networking-changes/>our blog post about the change</a>.</p><h2 id=statefulsets-in-action-with-istio-1-10><code>StatefulSets</code> in action with Istio 1.10</h2><p>Now, we have upgraded our cluster to Istio 1.10 and configured the <code>default</code> namespace to enable 1.10 sidecar injection. Lets rolling restart the ZooKeeper <code>StatefulSet</code> to update the pods to use the new version of the sidecar proxy:</p><pre><code class=language-bash data-expandlinks=true data-repo=istio>$ kubectl rollout restart statefulset my-release-zookeeper
</code></pre><p>Once the ZooKeeper pods reach the running status, lets check out the network connections for these 3 ports from any of the ZooKeeper pods:</p><pre><code class=language-bash data-expandlinks=true data-outputis=yaml data-repo=istio>$ kubectl exec my-release-zookeeper-1 -c istio-proxy -- netstat -na | grep -E &#39;(2181|2888|3888)&#39;
tcp 0 0 0.0.0.0:2181 0.0.0.0:* LISTEN
tcp 0 0 10.96.8.10:2888 0.0.0.0:* LISTEN
tcp 0 0 10.96.8.10:3888 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.6:42571 10.96.8.10:2888 ESTABLISHED
tcp 0 0 10.96.8.10:2888 127.0.0.6:42571 ESTABLISHED
tcp 0 0 127.0.0.6:42655 10.96.8.10:2888 ESTABLISHED
tcp 0 0 10.96.8.10:2888 127.0.0.6:42655 ESTABLISHED
tcp 0 0 10.96.8.10:37876 10.96.6.11:3888 ESTABLISHED
tcp 0 0 10.96.8.10:44872 10.96.7.10:3888 ESTABLISHED
tcp 0 0 10.96.8.10:37878 10.96.6.11:3888 ESTABLISHED
tcp 0 0 10.96.8.10:44870 10.96.7.10:3888 ESTABLISHED
tcp 0 0 127.0.0.1:2181 127.0.0.1:54508 TIME_WAIT
tcp 0 0 127.0.0.1:2181 127.0.0.1:54616 TIME_WAIT
tcp 0 0 127.0.0.1:2181 127.0.0.1:54664 TIME_WAIT
tcp 0 0 127.0.0.1:2181 127.0.0.1:54526 TIME_WAIT
tcp 0 0 127.0.0.1:2181 127.0.0.1:54532 TIME_WAIT
tcp 0 0 127.0.0.1:2181 127.0.0.1:54578 TIME_WAIT
tcp 0 0 127.0.0.1:2181 127.0.0.1:54634 TIME_WAIT
tcp 0 0 127.0.0.1:2181 127.0.0.1:54588 TIME_WAIT
tcp 0 0 127.0.0.1:2181 127.0.0.1:54610 TIME_WAIT
tcp 0 0 127.0.0.1:2181 127.0.0.1:54550 TIME_WAIT
tcp 0 0 127.0.0.1:2181 127.0.0.1:54560 TIME_WAIT
tcp 0 0 127.0.0.1:2181 127.0.0.1:54644 TIME_WAIT
</code></pre><p>There are <code>ESTABLISHED</code> connections on both port 2888 and 3888! Next, let us check out the ZooKeeper server status:</p><pre><code class=language-bash data-expandlinks=true data-outputis=yaml data-repo=istio>$ kubectl exec my-release-zookeeper-1 -c zookeeper -- /opt/bitnami/zookeeper/bin/zkServer.sh status
/opt/bitnami/java/bin/java
ZooKeeper JMX enabled by default
Using config: /opt/bitnami/zookeeper/bin/../conf/zoo.cfg
Client port found: 2181. Client address: localhost. Client SSL: false.
Mode: follower
</code></pre><p>The ZooKeeper service is now running!</p><p>We can connect to each of the ZooKeeper pods from the <code>sleep</code> pod and run the below command to discover the server status of each pod within the <code>StatefulSet</code>. Note that there is no need to create ServiceEntry resources for any of the ZooKeeper pods and we can call these pods directly using their DNS names (e.g. <code>my-release-zookeeper-0.my-release-zookeeper-headless</code>) from the <code>sleep</code> pod.</p><pre><code class=language-bash data-expandlinks=true data-outputis=yaml data-repo=istio>$ kubectl exec -it deploy/sleep -c sleep -- sh -c &#39;for x in my-release-zookeeper-0.my-release-zookeeper-headless my-release-zookeeper-1.my-release-zookeeper-headless my-release-zookeeper-2.my-release-zookeeper-headless; do echo $x; echo srvr|nc $x 2181; echo; done&#39;
my-release-zookeeper-0.my-release-zookeeper-headless
Zookeeper version: 3.7.0-e3704b390a6697bfdf4b0bef79e3da7a4f6bac4b, built on 2021-03-17 09:46 UTC
Latency min/avg/max: 1/7.5/20
Received: 3845
Sent: 3844
Connections: 1
Outstanding: 0
Zxid: 0x200000002
Mode: follower
Node count: 6
my-release-zookeeper-1.my-release-zookeeper-headless
Zookeeper version: 3.7.0-e3704b390a6697bfdf4b0bef79e3da7a4f6bac4b, built on 2021-03-17 09:46 UTC
Latency min/avg/max: 0/0.0/0
Received: 3856
Sent: 3855
Connections: 1
Outstanding: 0
Zxid: 0x200000002
Mode: follower
Node count: 6
my-release-zookeeper-2.my-release-zookeeper-headless
Zookeeper version: 3.7.0-e3704b390a6697bfdf4b0bef79e3da7a4f6bac4b, built on 2021-03-17 09:46 UTC
Latency min/avg/max: 0/0.0/0
Received: 3855
Sent: 3854
Connections: 1
Outstanding: 0
Zxid: 0x200000002
Mode: leader
Node count: 6
Proposal sizes last/min/max: 48/48/48
</code></pre><p>Now our ZooKeeper service is running, lets use Istio to secure all communication to our regular and headless services. Apply mutual TLS to the <code>default</code> namespace:</p><pre><code class=language-bash data-expandlinks=true data-repo=istio>$ kubectl apply -n default -f - &lt;&lt;EOF
apiVersion: &#34;security.istio.io/v1beta1&#34;
kind: &#34;PeerAuthentication&#34;
metadata:
name: &#34;default&#34;
spec:
mtls:
mode: STRICT
EOF
</code></pre><p>Continue sending some traffic from the <code>sleep</code> pod and bring up the Kiali dashboard to visualize the services in the <code>default</code> namespace:</p><figure style=width:100%><div class=wrapper-with-intrinsic-ratio style=padding-bottom:38.4204909284952%><a data-skipendnotes=true href=/v1.14/blog/2021/statefulsets-made-easier/view-zookeeper-from-kiali.png title="Visualize the ZooKeeper Services in Kiali"><img class=element-to-stretch src=/v1.14/blog/2021/statefulsets-made-easier/view-zookeeper-from-kiali.png alt="Visualize the ZooKeeper Services in Kiali"></a></div><figcaption>Visualize the ZooKeeper Services in Kiali</figcaption></figure><p>The padlock icons on the traffic flows indicate that the connections are secure.</p><h2 id=wrapping-up>Wrapping up</h2><p>With the new networking changes in Istio 1.10, a Kubernetes pod with a sidecar has the same networking behavior as a pod without a sidecar. This change enables stateful applications to function properly in Istio as we have shown you in this post. We believe this is a huge step towards Istios goal of providing transparent service mesh and zero-configuration Istio.</p></div><nav class=pagenav><div class=left><a title="Celebrating Istios 4th birthday." href=/v1.14/blog/2021/istio-4th-birthday/ class=next-link><svg class="icon left-arrow"><use xlink:href="/v1.14/img/icons.svg#left-arrow"/></svg>Happy Birthday, Istio!</a></div><div class=right><a title="The Product Security working group announces Patch Tuesdays, how 0-days and embargoes are handled, updates to the security best practices page and the notification of the early disclosure list." href=/v1.14/blog/2021/patch-tuesdays/ class=next-link>Updates to how Istio security releases are handled: Patch Tuesday, embargoes, and 0-days<svg class="icon right-arrow"><use xlink:href="/v1.14/img/icons.svg#right-arrow"/></svg></a></div></nav></article><footer class=footer><div class="footer-wrapper container-l"><div class="user-links footer-links"><a class=channel title="GitHub is where development takes place on Istio code" href=https://github.com/istio/community aria-label=GitHub><svg class="icon github"><use xlink:href="/v1.14/img/icons.svg#github"/></svg></a><a class=channel title="Access our team drive if you'd like to take a look at the Istio technical design documents" href=https://groups.google.com/forum/#!forum/istio-team-drive-access aria-label="team drive"><svg class="icon drive"><use xlink:href="/v1.14/img/icons.svg#drive"/></svg></a><a class=channel title="Interactively discuss issues with the Istio community on Slack" href=https://slack.istio.io aria-label=slack><svg class="icon slack"><use xlink:href="/v1.14/img/icons.svg#slack"/></svg></a><a class=channel title="Stack Overflow is where you can ask questions and find curated answers on deploying, configuring, and using Istio" href=https://stackoverflow.com/questions/tagged/istio aria-label="Stack Overflow"><svg class="icon stackoverflow"><use xlink:href="/v1.14/img/icons.svg#stackoverflow"/></svg></a><a class=channel title="Follow us on Twitter to get the latest news" href=https://twitter.com/IstioMesh aria-label=Twitter><svg class="icon twitter"><use xlink:href="/v1.14/img/icons.svg#twitter"/></svg></a></div><hr class=footer-separator role=separator><div class="info footer-info"><a class=logo href=/v1.14/ aria-label=logotype><svg xmlns="http://www.w3.org/2000/svg" width="128" height="60" viewBox="0 0 128 60"><path d="M58.434 48.823A.441.441.0 0158.3 48.497V22.583a.444.444.0 01.134-.326.446.446.0 01.327-.134h3.527a.447.447.0 01.325.134.447.447.0 01.134.326v25.914a.443.443.0 01-.134.326.444.444.0 01-.325.134h-3.527a.444.444.0 01-.327-.134z"/><path d="m70.969 48.477a6.556 6.556.0 01-2.818-1.955 4.338 4.338.0 01-1-2.78v-.345a.443.443.0 01.134-.326.444.444.0 01.326-.135h3.374a.444.444.0 01.326.135.445.445.0 01.134.326v.077a2.014 2.014.0 001.054 1.667 4.672 4.672.0 002.664.709 4.446 4.446.0 002.492-.633 1.862 1.862.0 00.958-1.591 1.426 1.426.0 00-.786-1.322 12.7 12.7.0 00-2.549-.939l-1.457-.46a21.526 21.526.0 01-3.3-1.227 6.57 6.57.0 01-2.262-1.783 4.435 4.435.0 01-.92-2.894 5.081 5.081.0 012.109-4.275 8.993 8.993.0 015.558-1.591 10.445 10.445.0 014.1.748 6.3 6.3.0 012.722 2.07 5 5 0 01.958 3.009.441.441.0 01-.134.326.441.441.0 01-.325.134h-3.258a.441.441.0 01-.326-.134.443.443.0 01-.134-.326 1.974 1.974.0 00-.978-1.667 4.647 4.647.0 00-2.665-.671 4.741 4.741.0 00-2.435.556 1.724 1.724.0 00-.938 1.553 1.512 1.512.0 00.9 1.4 15.875 15.875.0 003.01 1.055l.843.229a27.368 27.368.0 013.412 1.246 6.67 6.67.0 012.338 1.763 4.387 4.387.0 01.958 2.933 4.988 4.988.0 01-2.146 4.275 9.543 9.543.0 01-5.712 1.552 11.626 11.626.0 01-4.227-.709z"/><path d="m97.039 32.837a.443.443.0 01-.326.135h-3.911a.169.169.0 00-.191.192v9.239a2.951 2.951.0 00.632 2.108 2.7 2.7.0 002.013.652h1.15a.444.444.0 01.325.134.441.441.0 01.134.326v2.875a.471.471.0 01-.459.5l-1.994.039a8 8 0 01-4.524-1.035q-1.495-1.035-1.533-3.91V33.166A.17.17.0 0088.164 32.974H85.978A.441.441.0 0185.652 32.839.441.441.0 0185.518 32.513V29.83a.441.441.0 01.134-.326.444.444.0 01.326-.135h2.186a.169.169.0 00.191-.192v-4.485a.438.438.0 01.134-.326.44.44.0 01.325-.134h3.336a.443.443.0 01.325.134.442.442.0 01.135.326v4.485a.169.169.0 00.191.192h3.911a.446.446.0 01.326.135.446.446.0 01.134.326v2.683a.446.446.0 01-.133.324z"/><path d="m101.694 25.917a2.645 2.645.0 01-.767-1.955 2.65 2.65.0 01.767-1.955 2.65 2.65.0 011.955-.767 2.65 2.65.0 011.955.767 2.652 2.652.0 01.767 1.955 2.647 2.647.0 01-.767 1.955 2.646 2.646.0 01-1.955.767 2.645 2.645.0 01-1.955-.767zm-.211 22.906a.441.441.0 01-.134-.326V29.79a.444.444.0 01.134-.326.446.446.0 01.326-.134h3.527a.446.446.0 01.326.134.445.445.0 01.134.326v18.707a.443.443.0 01-.134.326.443.443.0 01-.326.134h-3.527a.443.443.0 01-.326-.134z"/><path d="m114.019 47.734a8.1 8.1.0 01-3.047-4.255 14.439 14.439.0 01-.652-4.37 14.3 14.3.0 01.614-4.371A7.869 7.869.0 01114 30.56a9.072 9.072.0 015.252-1.5 8.543 8.543.0 015.041 1.5 7.985 7.985.0 013.009 4.14 12.439 12.439.0 01.69 4.37 13.793 13.793.0 01-.651 4.37 8.255 8.255.0 01-3.028 4.275 8.475 8.475.0 01-5.1 1.553 8.754 8.754.0 01-5.194-1.534zm7.629-3.1a4.536 4.536.0 001.476-2.262 11.335 11.335.0 00.383-3.221 10.618 10.618.0 00-.383-3.22 4.169 4.169.0 00-1.457-2.243 4.066 4.066.0 00-2.531-.785 3.942 3.942.0 00-2.453.785 4.376 4.376.0 00-1.5 2.243 11.839 11.839.0 00-.383 3.22 11.84 11.84.0 00.383 3.221 4.222 4.222.0 001.476 2.262 4.075 4.075.0 002.549.8 3.8 3.8.0 002.44-.809z"/><path d="m15.105 32.057v15.565a.059.059.0 01-.049.059L.069 50.25A.06.06.0 01.005 50.167l14.987-33.47a.06.06.0 01.114.025z"/><path d="m17.631 23.087v24.6a.06.06.0 00.053.059l22.449 2.507a.06.06.0 00.061-.084L17.745.032a.06.06.0 00-.114.024z"/><path d="m39.961 52.548-24.833 7.45a.062.062.0 01-.043.0L.079 52.548a.059.059.0 01.026-.113h39.839a.06.06.0 01.017.113z"/></svg></a><div class=footer-languages><a tabindex=-1 lang=en id=switch-lang-en class="footer-languages-item active"><svg class="icon tick"><use xlink:href="/v1.14/img/icons.svg#tick"/></svg>English</a>
<a tabindex=-1 lang=zh id=switch-lang-zh class=footer-languages-item>中文</a></div></div><ul class=footer-policies><li class=footer-policies-item><a class=footer-policies-link href=https://policies.google.com/privacy>Privacy policy</a> |
<a class=footer-policies-link href=https://github.com/istio/istio.io/edit/release-1.14/content/en/blog/2021/statefulsets-made-easier/index.md>Edit this Page on GitHub</a></li></ul><div class=footer-base><span class=footer-base-copyright>&copy; 2022 Istio Authors.</span>
<span class=footer-base-version>Version
Archive
1.14.3</span><ul class=footer-base-releases><li class=footer-base-releases-item><a tabindex=-1 class=footer-base-releases-link onclick='return navigateToUrlOrRoot("https://istio.io/blog/2021/statefulsets-made-easier/"),!1'>current release</a></li><li class=footer-base-releases-item><a tabindex=-1 class=footer-base-releases-link onclick='return navigateToUrlOrRoot("https://preliminary.istio.io/blog/2021/statefulsets-made-easier/"),!1'>next release</a></li><li class=footer-base-releases-item><a tabindex=-1 class=footer-base-releases-link href=https://istio.io/archive>older releases</a></li></ul></div></div></footer><div id=scroll-to-top-container aria-hidden=true><button id=scroll-to-top title="Back to top" tabindex=-1><svg class="icon top"><use xlink:href="/v1.14/img/icons.svg#top"/></svg></button></div></body></html>
Reference in New Issue View Git Blame Copy Permalink