istio

module
v0.0.0-...-1a56975 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 23, 2019 License: Apache-2.0

README

Istio

CircleCI Go Report Card GoDoc codecov.io GolangCI

An open platform to connect, manage, and secure microservices.

In addition, here are some other documents you may wish to read:

You'll find many other useful documents on our Wiki.

Introduction

Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio's control plane provides an abstraction layer over the underlying cluster management platform, such as Kubernetes, Mesos, etc.

Visit istio.io for in-depth information about using Istio.

Istio is composed of these components:

  • Envoy - Sidecar proxies per microservice to handle ingress/egress traffic between services in the cluster and from a service to external services. The proxies form a secure microservice mesh providing a rich set of functions like discovery, rich layer-7 routing, circuit breakers, policy enforcement and telemetry recording/reporting functions.

    Note: The service mesh is not an overlay network. It simplifies and enhances how microservices in an application talk to each other over the network provided by the underlying platform.

  • Mixer - Central component that is leveraged by the proxies and microservices to enforce policies such as authorization, rate limits, quotas, authentication, request tracing and telemetry collection.

  • Pilot - A component responsible for configuring the proxies at runtime.

  • Citadel - A centralized component responsible for certificate issuance and rotation.

  • Citadel Agent - A per-node component responsible for certificate issuance and rotation.

  • Galley- Central component for validating, ingesting, aggregating, transforming and distributing config within Istio.

Istio currently supports Kubernetes and Consul-based environments. We plan support for additional platforms such as Cloud Foundry, and Mesos in the near future.

Repositories

The Istio project is divided across a few GitHub repositories.

  • istio/istio. This is the main repository that you are currently looking at. It hosts Istio's core components and also the sample programs and the various documents that govern the Istio open source project. It includes:

    • security. This directory contains security related code, including Citadel (acting as Certificate Authority), citadel agent, etc.
    • pilot. This directory contains platform-specific code to populate the abstract service model, dynamically reconfigure the proxies when the application topology changes, as well as translate routing rules into proxy specific configuration.
    • istioctl. This directory contains code for the istioctl command line utility.
    • mixer. This directory contains code to enforce various policies for traffic passing through the proxies, and collect telemetry data from proxies and services. There are plugins for interfacing with various cloud platforms, policy management services, and monitoring services.
  • istio/api. This repository defines component-level APIs and common configuration formats for the Istio platform.

  • istio/proxy. The Istio proxy contains extensions to the Envoy proxy (in the form of Envoy filters), that allow the proxy to delegate policy enforcement decisions to Mixer.

Issue management

We use GitHub combined with ZenHub to track all of our bugs and feature requests. Each issue we track has a variety of metadata:

  • Epic. An epic represents a feature area for Istio as a whole. Epics are fairly broad in scope and are basically product-level things. Each issue is ultimately part of an epic.

  • Milestone. Each issue is assigned a milestone. This is 0.1, 0.2, ..., or 'Nebulous Future'. The milestone indicates when we think the issue should get addressed.

  • Priority/Pipeline. Each issue has a priority which is represented by the Pipeline field within GitHub. Priority can be one of P0, P1, P2, or >P2. The priority indicates how important it is to address the issue within the milestone. P0 says that the milestone cannot be considered achieved if the issue isn't resolved.

We don't annotate issues with Releases; Milestones are used instead. We don't use GitHub projects at all, that support is disabled for our organization.

Directories

Path Synopsis
bin
galley
pkg/authplugins/google
Package google is a Galley auth plugin that uses Google application default credentials.
Package google is a Galley auth plugin that uses Google application default credentials.
pkg/authplugins/none
Package none is a Galley auth plugin that returns an empty auth DialOption.
Package none is a Galley auth plugin that returns an empty auth DialOption.
pkg/runtime/resource
Package resource contains core abstract types for representing configuration resources.
Package resource contains core abstract types for representing configuration resources.
istioctl
cmd/istioctl
Command istioctl is a Istio configuration command line utility.
Command istioctl is a Istio configuration command line utility.
mixer
adapter
Package adapter contains the inventory for all Mixer adapters that are compiled into a specific Mixer binary.
Package adapter contains the inventory for all Mixer adapters that are compiled into a specific Mixer binary.
adapter/denier
Package denier provides an adapter that will return a status code (typically FAILED_PRECONDITION) for all calls.
Package denier provides an adapter that will return a status code (typically FAILED_PRECONDITION) for all calls.
adapter/fluentd
Package fluentd adapter for Mixer.
Package fluentd adapter for Mixer.
adapter/kubernetesenv
Package kubernetesenv provides functionality to adapt mixer behavior to the kubernetes environment.
Package kubernetesenv provides functionality to adapt mixer behavior to the kubernetes environment.
adapter/list
Package list provides an adapter that implements the listEntry template to enable blacklist / whitelist checking of values.
Package list provides an adapter that implements the listEntry template to enable blacklist / whitelist checking of values.
adapter/memquota
Package memquota provides a simple in-memory quota implementation.
Package memquota provides a simple in-memory quota implementation.
adapter/prometheus
Package prometheus publishes metric values collected by Mixer for ingestion by prometheus.
Package prometheus publishes metric values collected by Mixer for ingestion by prometheus.
adapter/rbac
Package rbac is deprecated by native RBAC implemented in Envoy proxy.
Package rbac is deprecated by native RBAC implemented in Envoy proxy.
adapter/redisquota
Package redisquota provides a quota implementation with redis as backend.
Package redisquota provides a quota implementation with redis as backend.
adapter/solarwinds
Package solarwinds publishes metric and log values collected by Mixer to appoptics and papertrail respectively.
Package solarwinds publishes metric and log values collected by Mixer to appoptics and papertrail respectively.
adapter/stackdriver
Package stackdriver provides an adapter that implements the logEntry and metrics templates to serialize generated values to Stackdriver.
Package stackdriver provides an adapter that implements the logEntry and metrics templates to serialize generated values to Stackdriver.
adapter/stackdriver/contextgraph
Package contextgraph adapter for Stackdriver Context API.
Package contextgraph adapter for Stackdriver Context API.
adapter/stackdriver/trace
Package trace contains a tracespan adapter for Stackdriver trace.
Package trace contains a tracespan adapter for Stackdriver trace.
adapter/statsd
Package statsd provides an adapter that implements the metrics template to serialize generated metric values to a statsd backend.
Package statsd provides an adapter that implements the metrics template to serialize generated metric values to a statsd backend.
adapter/stdio
Package stdio provides an adapter that implements the logEntry and metrics templates to serialize generated logs and metrics to stdout, stderr, or files.
Package stdio provides an adapter that implements the logEntry and metrics templates to serialize generated logs and metrics to stdout, stderr, or files.
adapter/zipkin
Package zipkin contains a tracespan adapter for Zipkin (https://zipkin.io/).
Package zipkin contains a tracespan adapter for Zipkin (https://zipkin.io/).
cmd/shared
Package shared contains types and functions that are used across the full set of mixer commands.
Package shared contains types and functions that are used across the full set of mixer commands.
pkg/adapter
Package adapter defines the types consumed by adapter implementations to interface with Mixer.
Package adapter defines the types consumed by adapter implementations to interface with Mixer.
pkg/adapter/opencensus
Package opencensus contains support code for writing adapters that use OpenCensus.
Package opencensus contains support code for writing adapters that use OpenCensus.
pkg/attribute
Package attribute is focused on enabling efficient handling and tracking of attribute usage within Mixer.
Package attribute is focused on enabling efficient handling and tracking of attribute usage within Mixer.
pkg/checkcache
Package checkcache provides a scalable cache to hold results of Mixer.Check operations.
Package checkcache provides a scalable cache to hold results of Mixer.Check operations.
pkg/config/crd
Package crd provides the store interface to config resources stored as kubernetes custom resource definitions (CRDs).
Package crd provides the store interface to config resources stored as kubernetes custom resource definitions (CRDs).
pkg/config/storetest
Package storetest provides the utility functions of config store for testing.
Package storetest provides the utility functions of config store for testing.
pkg/il
Package il implements the intermediate-language for the config-language interpreter of Mixer.
Package il implements the intermediate-language for the config-language interpreter of Mixer.
pkg/il/interpreter
Package interpreter implements an interpreter based runtime for the Mixer IL.
Package interpreter implements an interpreter based runtime for the Mixer IL.
pkg/lang/compiler
Package compiler implements a compiler that converts Mixer's expression language into a Mixer IL-based program that can be executed via an interpreter.
Package compiler implements a compiler that converts Mixer's expression language into a Mixer IL-based program that can be executed via an interpreter.
pkg/mockapi
Package mockapi supplies a fake Mixer server for use in testing.
Package mockapi supplies a fake Mixer server for use in testing.
pkg/perf
Package perf is a helper library for writing Mixer perf tests.
Package perf is a helper library for writing Mixer perf tests.
pkg/pool
Package pool provides access to a mixer-global pool of buffers, a pool of goroutines, and a string interning table.
Package pool provides access to a mixer-global pool of buffers, a pool of goroutines, and a string interning table.
pkg/protobuf/yaml/wire
Package wire parses and formats the protobuf wire encoding.
Package wire parses and formats the protobuf wire encoding.
pkg/runtime/config
Package config is designed to listen to the config changes through the store and create a fully-resolved configuration state that can be used by the rest of the runtime code.
Package config is designed to listen to the config changes through the store and create a fully-resolved configuration state that can be used by the rest of the runtime code.
pkg/runtime/dispatcher
Package dispatcher is used to dispatch incoming requests to one or more handlers.
Package dispatcher is used to dispatch incoming requests to one or more handlers.
pkg/runtime/lang
Package lang chooses a language runtime for expressions.
Package lang chooses a language runtime for expressions.
pkg/runtime/routing
Package routing implements a routing table for resolving incoming requests to handlers.
Package routing implements a routing table for resolving incoming requests to handlers.
pkg/status
Package status provides utility functions for google_rpc status objects.
Package status provides utility functions for google_rpc status objects.
template
Package template provides runtime descriptors of the templates known to Mixer at compile-time.
Package template provides runtime descriptors of the templates known to Mixer at compile-time.
template/sample
Package sample provides a set of templates for internal testing of Mixer.
Package sample provides a set of templates for internal testing of Mixer.
test/client/check_cache
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/check_cache_hit
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/check_report
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/check_report_disable
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/check_report_large_post_request
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/disable_check_cache
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/disable_tcp_check_calls
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/dynamic_attribute
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/dynamic_listener
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/failed_request
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/fault_inject
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/global_dictionary
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/istio_authn_origin_jwt_bound_origin
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/istio_authn_origin_jwt_bound_peer
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/istio_authn_origin_reject_no_jwt
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/istio_authn_peer_jwt_bound_origin
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/istio_authn_peer_jwt_bound_peer
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/istio_authn_peer_reject_no_jwt
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/istio_authn_peer_reject_no_mtls
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/istio_authn_peer_reject_no_tls
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/mixer_internal_fail
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/network_policy
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/pilotplugin
Package client contains an integration test for istio proxy and pilot plugin for mixer HTTP filter.
Package client contains an integration test for istio proxy and pilot plugin for mixer HTTP filter.
test/client/pilotplugin_mtls
Package client contains an integration test for istio proxy and pilot plugin for mixer HTTP filter over mTLS.
Package client contains an integration test for istio proxy and pilot plugin for mixer HTTP filter over mTLS.
test/client/pilotplugin_tcp
Package client contains an integration test for istio proxy and pilot plugin for mixer TCP filter.
Package client contains an integration test for istio proxy and pilot plugin for mixer TCP filter.
test/client/quota
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/quota_cache
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/rbac_permissive_global
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/rbac_permissive_policy
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/report_batch
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/route_directive
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/tcp_filter
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/client/tcp_filter_periodical_report
Package client contains an integration test for istio proxy.
Package client contains an integration test for istio proxy.
test/keyval
Package keyval contains the sources for a demo route directive adapter.
Package keyval contains the sources for a demo route directive adapter.
test/perf/perfclient
Package test supplies a fake Mixer server for use in testing.
Package test supplies a fake Mixer server for use in testing.
test/spyAdapter
Package spyadapter is intended for Mixer testing *ONLY*.
Package spyadapter is intended for Mixer testing *ONLY*.
test/spyAdapter/template
Package template contains generated code for the spy adapter testing.
Package template contains generated code for the spy adapter testing.
tools/codegen/pkg/inventory
Package inventory is used to generate the mixer adapter inventory source file.
Package inventory is used to generate the mixer adapter inventory source file.
pilot
cmd
pkg/config/aggregate
Package aggregate implements a read-only aggregator for config stores.
Package aggregate implements a read-only aggregator for config stores.
pkg/config/aggregate/fakes
Code generated by counterfeiter.
Code generated by counterfeiter.
pkg/config/kube/crd
Package crd provides an implementation of the config store and cache using Kubernetes Custom Resources and the informer framework from Kubernetes
Package crd provides an implementation of the config store and cache using Kubernetes Custom Resources and the informer framework from Kubernetes
pkg/config/kube/ingress
Package ingress provides a read-only view of Kubernetes ingress resources as an ingress rule configuration type store
Package ingress provides a read-only view of Kubernetes ingress resources as an ingress rule configuration type store
pkg/config/memory
Package memory provides an in-memory volatile config store implementation
Package memory provides an in-memory volatile config store implementation
pkg/kube/inject
Package inject implements kube-inject or webhoook autoinject feature to inject sidecar.
Package inject implements kube-inject or webhoook autoinject feature to inject sidecar.
pkg/model/test
Package test is a generated protocol buffer package.
Package test is a generated protocol buffer package.
pkg/networking/core/v1alpha3/fakes
Code generated by counterfeiter.
Code generated by counterfeiter.
pkg/networking/core/v1alpha3/loadbalancer
packages used for load balancer setting
packages used for load balancer setting
pkg/networking/plugin/authz
Package authz converts Istio RBAC (role-based-access-control) policies (ServiceRole and ServiceRoleBinding) to corresponding filter config that is used by the envoy RBAC filter to enforce access control to the service co-located with envoy.
Package authz converts Istio RBAC (role-based-access-control) policies (ServiceRole and ServiceRoleBinding) to corresponding filter config that is used by the envoy RBAC filter to enforce access control to the service co-located with envoy.
pkg/networking/plugin/registry
Package registry represents a registry of plugins that can be used by a config generator.
Package registry represents a registry of plugins that can be used by a config generator.
pkg/serviceregistry/kube
Package kube implements the shared and reusable library for Kubernetes
Package kube implements the shared and reusable library for Kubernetes
tools
Tool to generate pilot/pkg/config/kube/types.go Example run command: go run pilot/tools/generate_config_crd_types.go --template pilot/tools/types.go.tmpl --output pilot/pkg/config/kube/crd/types.go
Tool to generate pilot/pkg/config/kube/types.go Example run command: go run pilot/tools/generate_config_crd_types.go --template pilot/tools/types.go.tmpl --output pilot/pkg/config/kube/crd/types.go
pkg
annotations
Package annotations makes it possible to track use of resource annotations within a procress in order to generate documentation for these uses.
Package annotations makes it possible to track use of resource annotations within a procress in order to generate documentation for these uses.
cache
Package cache provides general-purpose in-memory caches.
Package cache provides general-purpose in-memory caches.
cmd
config
Package config is a common, top-level folder for aggregating Istio-wide config related libraries and utilities.
Package config is a common, top-level folder for aggregating Istio-wide config related libraries and utilities.
ctrlz
Package ctrlz implements Istio's introspection facility.
Package ctrlz implements Istio's introspection facility.
ctrlz/topics
Package topics defines several canonical ControlZ topics.
Package topics defines several canonical ControlZ topics.
env
Package env makes it possible to track use of environment variables within a procress in order to generate documentation for these uses.
Package env makes it possible to track use of environment variables within a procress in order to generate documentation for these uses.
log
Package log provides the canonical logging functionality used by Go-based Istio components.
Package log provides the canonical logging functionality used by Go-based Istio components.
probe
Package probe provides liveness / readiness probe.
Package probe provides liveness / readiness probe.
test/fakes/policy
Package policy is a generated protocol buffer package.
Package policy is a generated protocol buffer package.
tracing
Package tracing provides the canonical tracing functionality used by Go-based Istio components.
Package tracing provides the canonical tracing functionality used by Go-based Istio components.
version
Package version provides build version information.
Package version provides build version information.
samples
security
pkg/adapter/vault
Package vault provides adapter to connect to vault server.
Package vault provides adapter to connect to vault server.
pkg/caclient/protocol
Package protocol defines the interface of CA client protocol.
Package protocol defines the interface of CA client protocol.
pkg/nodeagent/cache
Package cache is the in-memory secret store.
Package cache is the in-memory secret store.
pkg/nodeagent/model
Package model contains data models for nodeagent.
Package model contains data models for nodeagent.
pkg/nodeagent/plugin/providers/google/stsclient
Package stsclient is for oauth token exchange integration.
Package stsclient is for oauth token exchange integration.
pkg/nodeagent/sds
Package sds implements secret discovery service in NodeAgent.
Package sds implements secret discovery service in NodeAgent.
proto
Package istio_v1_auth is a generated protocol buffer package.
Package istio_v1_auth is a generated protocol buffer package.
proto/providers/google
Package google_security_istioca_v1alpha1 is a generated protocol buffer package.
Package google_security_istioca_v1alpha1 is a generated protocol buffer package.
tests
tools
license
Binary get_dep_licenses outputs aggrerate license information for all transitive Istio dependencies.
Binary get_dep_licenses outputs aggrerate license information for all transitive Istio dependencies.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL