istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/archive/v1.8/faq/applications/index.html

100 lines
20 KiB
HTML
Raw Permalink Blame History

<!doctype html><html lang=en itemscope itemtype=https://schema.org/WebPage><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=theme-color content="#466BB0"><meta name=title content="Applications FAQ"><meta name=description content="Application Specific Q & A."><meta name=keywords content="microservices,services,mesh"><meta property="og:title" content="Applications FAQ"><meta property="og:type" content="website"><meta property="og:description" content="Application Specific Q & A."><meta property="og:url" content="/v1.8/faq/applications/"><meta property="og:image" content="/v1.8/img/istio-whitelogo-bluebackground-framed.svg"><meta property="og:image:alt" content="Istio Logo"><meta property="og:image:width" content="112"><meta property="og:image:height" content="150"><meta property="og:site_name" content="Istio"><meta name=twitter:card content="summary"><meta name=twitter:site content="@IstioMesh"><title>Istioldie 1.8 / Applications FAQ</title><script async src="https://www.googletagmanager.com/gtag/js?id=UA-98480406-2"></script><script>window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments);}
gtag('js',new Date());gtag('config','UA-98480406-2');</script><link rel=alternate type=application/rss+xml title="Istio Blog" href=/v1.8/blog/feed.xml><link rel=alternate type=application/rss+xml title="Istio News" href=/v1.8/news/feed.xml><link rel=alternate type=application/rss+xml title="Istio Blog and News" href=/v1.8/feed.xml><link rel="shortcut icon" href=/v1.8/favicons/favicon.ico><link rel=apple-touch-icon href=/v1.8/favicons/apple-touch-icon-180x180.png sizes=180x180><link rel=icon type=image/png href=/v1.8/favicons/favicon-16x16.png sizes=16x16><link rel=icon type=image/png href=/v1.8/favicons/favicon-32x32.png sizes=32x32><link rel=icon type=image/png href=/v1.8/favicons/android-36x36.png sizes=36x36><link rel=icon type=image/png href=/v1.8/favicons/android-48x48.png sizes=48x48><link rel=icon type=image/png href=/v1.8/favicons/android-72x72.png sizes=72x72><link rel=icon type=image/png href=/v1.8/favicons/android-96x96.png sizes=96xW96><link rel=icon type=image/png href=/v1.8/favicons/android-144x144.png sizes=144x144><link rel=icon type=image/png href=/v1.8/favicons/android-192x192.png sizes=192x192><link rel=manifest href=/v1.8/manifest.json><meta name=apple-mobile-web-app-title content="Istio"><meta name=application-name content="Istio"><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Work+Sans:400|Chivo:400|Work+Sans:500,300,600,300italic,400italic,500italic,600italic|Chivo:500,300,600,300italic,400italic,500italic,600italic"><link rel=stylesheet href=/v1.8/css/all.css><script src=/v1.8/js/themes_init.min.js></script></head><body class="language-unknown archive-site"><script>const branchName="release-1.8";const docTitle="Applications FAQ";const iconFile="\/v1.8/img/icons.svg";const buttonCopy='Copy to clipboard';const buttonPrint='Print';const buttonDownload='Download';</script><script src="https://www.google.com/cse/brand?form=search-form" defer></script><script src=/v1.8/js/all.min.js data-manual defer></script><header><nav><a id=brand href=/v1.8/><span class=logo><svg viewBox="0 0 300 300"><circle cx="150" cy="150" r="146" stroke-width="2"/><polygon points="65 240 225 240 125 270"/><polygon points="65 230 125 220 125 110"/><polygon points="135 220 225 230 135 30"/></svg></span><span class=name>Istioldie 1.8</span></a><div id=hamburger><svg class="icon hamburger"><use xlink:href="/v1.8/img/icons.svg#hamburger"/></svg></div><div id=header-links><a title="Learn how to deploy, use, and operate Istio." href=/v1.8/docs/>Docs</a>
<a title="Posts about using Istio." href=/v1.8/blog/2020/>Blog<i class=dot data-prefix=/blog></i></a>
<a title="Timely news about the Istio project." href=/v1.8/news/>News<i class=dot data-prefix=/news></i></a>
<a class=current title="Frequently Asked Questions about Istio." href=/v1.8/faq/>FAQ</a>
<a title="Get a bit more in-depth info about the Istio project." href=/v1.8/about/>About</a><div class=menu><button id=gearDropdownButton class=menu-trigger title="Options and settings" aria-label="Options and Settings" aria-controls=gearDropdownContent><svg class="icon gear"><use xlink:href="/v1.8/img/icons.svg#gear"/></svg></button><div id=gearDropdownContent class=menu-content aria-labelledby=gearDropdownButton role=menu><a tabindex=-1 role=menuitem lang=en id=switch-lang-en class=active>English</a>
<a tabindex=-1 role=menuitem lang=zh id=switch-lang-zh>中文</a><div role=separator></div><a tabindex=-1 role=menuitem class=active id=light-theme-item>Light Theme</a>
<a tabindex=-1 role=menuitem id=dark-theme-item>Dark Theme</a><div role=separator></div><a tabindex=-1 role=menuitem id=syntax-coloring-item>Color Examples</a><div role=separator></div><h6>Other versions of this site</h6><a tabindex=-1 role=menuitem onclick="navigateToUrlOrRoot('https://istio.io/faq\/applications\/');return false;">Current Release</a>
<a tabindex=-1 role=menuitem onclick="navigateToUrlOrRoot('https://preliminary.istio.io/faq\/applications\/');return false;">Next Release</a>
<a tabindex=-1 role=menuitem href=https://istio.io/archive>Older Releases</a></div></div><button id=search-show title="Search this site" aria-label=Search><svg class="icon magnifier"><use xlink:href="/v1.8/img/icons.svg#magnifier"/></svg></button></div><form id=search-form name=cse role=search><input type=hidden name=cx value=002184991200833970123:iwwf17ikgf4>
<input type=hidden name=ie value=utf-8>
<input type=hidden name=hl value=en>
<input type=hidden id=search-page-url value=/v1.8/search>
<input id=search-textbox class=form-control name=q type=search aria-label="Search this site">
<button id=search-close title="Cancel search" type=reset aria-label="Cancel search"><svg class="icon cancel-x"><use xlink:href="/v1.8/img/icons.svg#cancel-x"/></svg></button></form></nav></header><div class=banner-container></div><main class="primary notoc"><div id=sidebar-container class="sidebar-container sidebar-offcanvas"><nav id=sidebar aria-label="Section Navigation"><div class=directory><div class=card><div id=header0 class=header title="Frequently Asked Questions about Istio."><svg class="icon faq"><use xlink:href="/v1.8/img/icons.svg#faq"/></svg>FAQ</div><div class="body default" aria-labelledby=header0><ul role=tree aria-expanded=true class=leaf-section aria-labelledby=header0><li role=none><a role=treeitem title="General Q & A." href=/v1.8/faq/general/>General</a></li><li role=none><a role=treeitem title="Setup Q & A." href=/v1.8/faq/setup/>Setup</a></li><li role=none><span role=treeitem class=current title="Application Specific Q & A.">Applications</span></li><li role=none><a role=treeitem title="Security Q & A." href=/v1.8/faq/security/>Security</a></li><li role=none><a role=treeitem title="Metrics and Logs Q & A." href=/v1.8/faq/metrics-and-logs/>Metrics and Logs</a></li><li role=none><a role=treeitem title="Distributed Tracing Q & A." href=/v1.8/faq/distributed-tracing/>Distributed Tracing</a></li><li role=none><a role=treeitem title="Traffic Management Q & A." href=/v1.8/faq/traffic-management/>Traffic Management</a></li></ul></div></div></div></nav></div><div class=article-container><nav aria-label=Breadcrumb><ol><li><a href=/v1.8/ title="Connect, secure, control, and observe services.">Istio</a></li><li><a href=/v1.8/faq/ title="Frequently Asked Questions about Istio.">FAQ</a></li><li>Applications</li></ol></nav><article aria-labelledby=title><div class=title-area><i class=title-icon><svg class="icon faq"><use xlink:href="/v1.8/img/icons.svg#faq"/></svg></i><div style=width:100%><h1 id=title>Applications FAQ</h1></div></div><nav class="toc-inlined toc-forced"><hr><div class=directory role=directory><nav id=InlineTableOfContents><ol><li role=none aria-label="Can I run Apache NiFi inside an Istio mesh?"><a href=#nifi>Can I run Apache NiFi inside an Istio mesh?</a></li><li role=none aria-label="Can I run Cassandra inside an Istio mesh?"><a href=#cassandra>Can I run Cassandra inside an Istio mesh?</a></li><li role=none aria-label="Can I run Elasticsearch inside an Istio mesh?"><a href=#elasticsearch>Can I run Elasticsearch inside an Istio mesh?</a></li><li role=none aria-label="Can I run Redis inside an Istio mesh?"><a href=#redis>Can I run Redis inside an Istio mesh?</a></li><li role=none aria-label="Can I run Zookeeper inside an Istio mesh?"><a href=#zookeeper>Can I run Zookeeper inside an Istio mesh?</a></li></ol></nav></div><hr></nav><div class=faq><h5 id=nifi class=question>Can I run Apache NiFi inside an Istio mesh?</h5><div class=answer><p><a href=https://nifi.apache.org>Apache NiFi</a> poses some challenges to get it running on Istio. These challenges come from the clustering
requirements it has. For example, there is a requirement that cluster components must be uniquely addressable using cluster-wide
host names. This requirement conflicts with Istio&rsquo;s requirement that workloads bind and listen on <code>localhost</code> / <code>127.0.0.1</code> within
the pod.</p><p>There are different ways to work around these issues based on your configuration requirements for your NiFi deployment. NiFi has
at least three ways to specify what hostname should be used for cluster networking:</p><ul><li><p><a href=https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#site_to_site_properties><code>nifi.remote.input.host</code></a> -
the host name that will be given out to clients to connect to this NiFi instance for Site-to-Site communication. By default, it is
the value from <code>InetAddress.getLocalHost().getHostName()</code>. On UNIX-like operating systems, this is typically the output from the
hostname command.</p></li><li><p><a href=https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#web-properties><code>nifi.web.https.host</code></a> - The HTTPS host.
It is blank by default. The jetty server will run on this hostname and it needs to be addressable across the cluster for replication
with other nodes.</p></li><li><p><a href=https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#cluster_node_properties><code>nifi.cluster.node.address</code></a> - The
fully qualified address of the node. It is blank by default. This is used for cluster coordination as well and needs to be uniquely
addressable within the cluster.</p></li></ul><p>Some considerations:</p><ul><li>Using a blank or <code>localhost</code> setting for <code>nifi.web.https.host</code> doesn&rsquo;t work in this case because of the networking requirements for
unique addressing mentioned above.</li><li>Unless you&rsquo;re okay with all of your users having all access roles in your NiFi deployment, HTTP is not a viable solution as <a href=https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user_authentication>NiFi does not
perform user authentication over HTTP</a>.</li><li>Explicitly specifying the networking interfaces that NiFi should use can help work around the issues and allow NiFi to work:
Modify <code>nifi.properties</code> where <code>xxx</code> is the network interface that corresponds with the worker IP (differs based on environment/cloud provider)
and <code>yyy</code> was the loopback interface (I.e <code>lo</code>) for the container/pod:</li></ul><pre><code class=language-plain data-expandlinks=true data-repo=istio>nifi.web.https.network.interface.default=xxx
nifi.web.https.network.interface.lo=yyy
</code></pre><p>A real-world example (valid for IBM Cloud, maybe others) would look like this:</p><pre><code class=language-plain data-expandlinks=true data-repo=istio>nifi.web.https.network.interface.default=eth0
nifi.web.https.network.interface.lo=lo
</code></pre></div><h5 id=cassandra class=question>Can I run Cassandra inside an Istio mesh?</h5><div class=answer><p>By default, Cassandra broadcasts the address it uses for binding
(accepting connections) to other Cassandra nodes as its address. This
is usually the pod IP address and works fine without a service
mesh. However, with a service mesh this configuration does not
work. Istio and other service meshes require <code>localhost</code>
(<code>127.0.0.1</code>) to be the address for binding.</p><p>There are two configuration parameters to pay attention to:
<a href="http://cassandra.apache.org/doc/latest/configuration/cassandra_config_file.html?highlight=listen_address#listen-address"><code>listen_address</code></a>
and
<a href="http://cassandra.apache.org/doc/latest/configuration/cassandra_config_file.html?highlight=listen_address#broadcast-address"><code>broadcast_address</code></a>. For
running Cassandra in an Istio mesh,
the <code>listen_address</code> parameter should be set to <code>127.0.0.1</code> and the
<code>broadcast_address</code> parameter should be set to the pod IP address.</p><p>These configuration parameters are defined in <code>cassandra.yaml</code> in the
Cassandra configuration directory (e.g. <code>/etc/cassandra</code>). There are
various startup scripts (and yaml files) used for starting Cassandra
and care should be given to how these parameters are set by these
scripts. For example, some scripts used to configure and start
Cassandra use the value of the environment variable
<code>CASSANDRA_LISTEN_ADDRESS</code> for setting <code>listen_address</code>.</p></div><h5 id=elasticsearch class=question>Can I run Elasticsearch inside an Istio mesh?</h5><div class=answer><p>There are two Elasticsearch configuration parameters that need to be
set appropriately to run Elasticsearch with Istio:
<code>network.bind_host</code> and <code>network.publish_host</code>. By default, these
parameters are set to the <code>network.host</code> parameter. If <code>network.host</code>
is set to <code>0.0.0.0</code>, Elasticsearch will most likely pick up the pod IP
as the publishing address and no further configuration will be
needed.</p><p>If the default configuration does not work, you can set the
<code>network.bind_host</code> to <code>0.0.0.0</code> or <code>localhost</code> (<code>127.0.0.1</code>) and
<code>network.publish_host</code> to the pod IP. For example:</p><pre><code class=language-yaml data-expandlinks=true data-repo=istio>...
containers:
- name: elasticsearch
image: docker.elastic.co/elasticsearch/elasticsearch:7.2.0
env:
- name: network.bind_host
value: 127.0.0.1
- name: network.publish_host
valueFrom:
fieldRef:
fieldPath: status.podIP
...
</code></pre><p>Refer to <a href=https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html#modules-network>Network Settings for Elasticsearch</a>
for more information.</p></div><h5 id=redis class=question>Can I run Redis inside an Istio mesh?</h5><div class=answer><p>Similar to other services deployed in an Istio service mesh, Redis instances
need to listen on <code>localhost</code> (<code>127.0.0.1</code>). However, each Redis slave instance
should announce an address that can be used by master to reach it, which cannot
also be <code>localhost</code> (<code>127.0.0.1</code>).</p><p>Use the Redis configuration parameter <code>replica-announce-ip</code> to announce the
correct address. For example, set <code>replica-announce-ip</code> to the IP address of
each Redis slave instance using these steps:</p><p>Pass the pod IP address through an environment variable in the <code>env</code> subsection
of the slave <code>StatefulSet</code> definition:</p><pre><code class=language-yaml data-expandlinks=true data-repo=istio>- name: &#34;POD_IP&#34;
valueFrom:
fieldRef:
fieldPath: status.podIP
</code></pre><p>Also, add the following under the <code>command</code> subsection:</p><pre><code class=language-yaml data-expandlinks=true data-repo=istio>echo &#34;&#34; &gt;&gt; /opt/bitnami/redis/etc/replica.conf
echo &#34;replica-announce-ip $POD_IP&#34; &gt;&gt; /opt/bitnami/redis/etc/replica.conf
</code></pre></div><h5 id=zookeeper class=question>Can I run Zookeeper inside an Istio mesh?</h5><div class=answer><p>By default, Zookeeper listens on the pod IP address for communication
between servers. Istio and other service meshes require <code>localhost</code>
(<code>127.0.0.1</code>) to be the address to listen on.</p><p>There is a configuration parameter that can be used to change this
default behavior:
<a href=https://zookeeper.apache.org/doc/r3.5.7/zookeeperAdmin.html><code>quorumListenOnAllIPs</code></a>.
This option allows Zookeeper to listen on all addresses including the
<code>localhost</code>. Set this parameter to <code>true</code> by using the
following command where <code>$ZK_CONFIG_FILE</code> is your Zookeeper
configuration file.</p><pre><code class=language-bash data-expandlinks=true data-repo=istio>$ echo &#34;quorumListenOnAllIPs=true&#34; &gt;&gt; $ZK_CONFIG_FILE
</code></pre></div></div></article><nav class=pagenav><div class=left><a title="Setup Q & A." href=/v1.8/faq/setup/><svg class="icon left-arrow"><use xlink:href="/v1.8/img/icons.svg#left-arrow"/></svg>Setup</a></div><div class=right><a title="Security Q & A." href=/v1.8/faq/security/>Security<svg class="icon right-arrow"><use xlink:href="/v1.8/img/icons.svg#right-arrow"/></svg></a></div></nav><div id=endnotes-container aria-hidden=true><h2>Links</h2><ol id=endnotes></ol></div></div></main><footer><div class=user-links><a class=channel title="Go download Istio 1.8.3 now" href=/v1.8/docs/setup/getting-started/#download aria-label="Download Istio"><span>download</span><svg class="icon download"><use xlink:href="/v1.8/img/icons.svg#download"/></svg>
</a><a class=channel title="Join the Istio discussion board to participate in discussions and get help troubleshooting problems" href=https://discuss.istio.io aria-label="Istio discussion board"><span>discuss</span><svg class="icon discourse"><use xlink:href="/v1.8/img/icons.svg#discourse"/></svg></a>
<a class=channel title="Stack Overflow is where you can ask questions and find curated answers on deploying, configuring, and using Istio" href=https://stackoverflow.com/questions/tagged/istio aria-label="Stack Overflow"><span>stack overflow</span><svg class="icon stackoverflow"><use xlink:href="/v1.8/img/icons.svg#stackoverflow"/></svg></a>
<a class=channel title="Interactively discuss issues with the Istio community on Slack" href=https://slack.istio.io aria-label=slack><span>slack</span><svg class="icon slack"><use xlink:href="/v1.8/img/icons.svg#slack"/></svg></a>
<a class=channel title="Follow us on Twitter to get the latest news" href=https://twitter.com/IstioMesh aria-label=Twitter><span>twitter</span><svg class="icon twitter"><use xlink:href="/v1.8/img/icons.svg#twitter"/></svg></a><div class=tag>for everyone</div></div><div class=info><p class=copyright>Istio Archive
1.8.3<br>&copy; 2020 Istio Authors, <a href=https://policies.google.com/privacy>Privacy Policy</a><br>Archived on February 9, 2021</p></div><div class=dev-links><a class=channel title="GitHub is where development takes place on Istio code" href=https://github.com/istio/community aria-label=GitHub><span>github</span><svg class="icon github"><use xlink:href="/v1.8/img/icons.svg#github"/></svg></a>
<a class=channel title="Access our team drive if you'd like to take a look at the Istio technical design documents" href=https://groups.google.com/forum/#!forum/istio-team-drive-access aria-label="team drive"><span>drive</span><svg class="icon drive"><use xlink:href="/v1.8/img/icons.svg#drive"/></svg></a>
<a class=channel title="If you'd like to contribute to the Istio project, consider participating in our working groups" href=https://github.com/istio/community/blob/master/WORKING-GROUPS.md aria-label="working groups"><span>working groups</span><svg class="icon working-groups"><use xlink:href="/v1.8/img/icons.svg#working-groups"/></svg></a><div class=tag>for developers</div></div></footer><div id=scroll-to-top-container aria-hidden=true><button id=scroll-to-top title="Back to top"><svg class="icon top"><use xlink:href="/v1.8/img/icons.svg#top"/></svg></button></div></body></html>
Reference in New Issue View Git Blame Copy Permalink