如何将 Istio 服务网格从 http 升级到 http2?
How to upgrade Istio Service Mesh from http to http2?
我们在 Kubernetes 上使用 Istio Service Mesh。目前,网关中有 HTTPS 的 SSL 终止。我在 istio-proxy 日志中看到 HTTP 协议是 HTTP 1.1。
我想将 HTTP 1.1 升级到 HTTP2,因为它有很多优点。客户应通过 SSL/TLS.
调用我们的服务 HTTP2
我正在使用此 blog 进行有关此主题的内部演示。
这些是瓶颈:
1) 我想提出一个改变最少的计划。我知道我需要从
更新网关
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: bookinfo-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 443
name: https
protocol: HTTPS
hosts:
- "*"
tls:
mode: SIMPLE
serverCertificate: /etc/certs/server.pem
privateKey: /etc/certs/privatekey.pem
到
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: bookinfo-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http2
protocol: HTTP2
hosts:
- "*"
tls:
mode: SIMPLE
serverCertificate: /etc/certs/server.pem
privateKey: /etc/certs/privatekey.pem
基于我在 Istio's Gateway documentation 中看到的示例。
我想知道:这是否允许来自浏览器的 HTTP2 over TLS 连接(仅支持此模式)?我可以像使用 HTTPS 一样提供 HTTP2 的 tls 详细信息吗?
2) 还有哪些其他 Istio 配置需要更新?
3) 此更改是否会破坏当前使用 http 协议的微服务?我该如何缓解这种情况?
4) 我正在阅读 DestinationRule 和 upgrade policy。这合适吗?
据我所知,istio documentation and istio feature stages(稳定阶段的 http2)
1) Will this allow HTTP2 over TLS connections from browsers (which support only this mode)? Can I provide tls details for HTTP2, like I did with HTTPS?
是的,它应该允许 http2。
2) What are some of the other Istio configurations to update?
您可以选择应用 http2 的地方:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: my-ingress
spec:
selector:
app: my-ingress-gateway
servers:
- port:
number: 80
name: **http2**
protocol: **HTTP2**
hosts:
- "*"
手动协议选择
Protocols can be specified manually by naming the Service port name: [-]. The following protocols are supported:
- grpc
- grpc
- 网络
- http
- http2
- https
- mongo
- mysql*
- redis*
- TCP
- tls
- udp
*These protocols are disabled by default to avoid accidentally enabling experimental features. To enable them, configure the corresponding Pilot environment variables.
kind: Service
metadata:
name: myservice
spec:
ports:
- number: 80
name: http2
3) Will this change be break Microservices which are using http protocol currently? How can I mitigate this?
4) I was reading about DestinationRule and upgrade policy. Is this a good fit?
我认为它应该很合适,您必须升级 h2UpgradePolicy 并将服务更改为 http2。
希望对您有所帮助。
我们在 Kubernetes 上使用 Istio Service Mesh。目前,网关中有 HTTPS 的 SSL 终止。我在 istio-proxy 日志中看到 HTTP 协议是 HTTP 1.1。
我想将 HTTP 1.1 升级到 HTTP2,因为它有很多优点。客户应通过 SSL/TLS.
调用我们的服务 HTTP2我正在使用此 blog 进行有关此主题的内部演示。
这些是瓶颈:
1) 我想提出一个改变最少的计划。我知道我需要从
更新网关apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: bookinfo-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 443
name: https
protocol: HTTPS
hosts:
- "*"
tls:
mode: SIMPLE
serverCertificate: /etc/certs/server.pem
privateKey: /etc/certs/privatekey.pem
到
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: bookinfo-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http2
protocol: HTTP2
hosts:
- "*"
tls:
mode: SIMPLE
serverCertificate: /etc/certs/server.pem
privateKey: /etc/certs/privatekey.pem
基于我在 Istio's Gateway documentation 中看到的示例。
我想知道:这是否允许来自浏览器的 HTTP2 over TLS 连接(仅支持此模式)?我可以像使用 HTTPS 一样提供 HTTP2 的 tls 详细信息吗?
2) 还有哪些其他 Istio 配置需要更新?
3) 此更改是否会破坏当前使用 http 协议的微服务?我该如何缓解这种情况?
4) 我正在阅读 DestinationRule 和 upgrade policy。这合适吗?
据我所知,istio documentation and istio feature stages(稳定阶段的 http2)
1) Will this allow HTTP2 over TLS connections from browsers (which support only this mode)? Can I provide tls details for HTTP2, like I did with HTTPS?
是的,它应该允许 http2。
2) What are some of the other Istio configurations to update?
您可以选择应用 http2 的地方:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: my-ingress
spec:
selector:
app: my-ingress-gateway
servers:
- port:
number: 80
name: **http2**
protocol: **HTTP2**
hosts:
- "*"
手动协议选择
Protocols can be specified manually by naming the Service port name: [-]. The following protocols are supported:
- grpc
- grpc
- 网络
- http
- http2
- https
- mongo
- mysql*
- redis*
- TCP
- tls
- udp
*These protocols are disabled by default to avoid accidentally enabling experimental features. To enable them, configure the corresponding Pilot environment variables.
kind: Service
metadata:
name: myservice
spec:
ports:
- number: 80
name: http2
3) Will this change be break Microservices which are using http protocol currently? How can I mitigate this?
4) I was reading about DestinationRule and upgrade policy. Is this a good fit?
我认为它应该很合适,您必须升级 h2UpgradePolicy 并将服务更改为 http2。
希望对您有所帮助。