diff options
Diffstat (limited to 'docs/release/configguide/sdc_config_guide.rst')
-rw-r--r-- | docs/release/configguide/sdc_config_guide.rst | 52 |
1 files changed, 30 insertions, 22 deletions
diff --git a/docs/release/configguide/sdc_config_guide.rst b/docs/release/configguide/sdc_config_guide.rst index 9e523af..7b045ad 100644 --- a/docs/release/configguide/sdc_config_guide.rst +++ b/docs/release/configguide/sdc_config_guide.rst @@ -1,8 +1,9 @@ .. This work is licensed under a Creative Commons Attribution 4.0 International License. .. http://creativecommons.org/licenses/by/4.0 .. SPDX-License-Identifier CC-BY-4.0 -.. (c) optionally add copywriters name +.. (c) Authors of Clover +.. _sdc_config_guide: ======================================= Clover SDC Sample Configuration Guide @@ -11,17 +12,13 @@ Clover SDC Sample Configuration Guide This document provides a guide to use the Service Delivery Controller (SDC) sample, which is initially delivered in the Clover Fraser release. -.. contents:: - :depth: 3 - :local: - - Overview ========= -The SDC is a sample application that allows the flow of ingress HTTP traffic to be controlled -and inspected in an Istio service mesh. It provides the ability to demonstrate the Istio sandbox -including a service mesh and surrounding tools including tracing, monitoring, and logging. +The SDC is a sample set of web-oriented network services that allow the flow of ingress HTTP +traffic to be controlled and inspected in an Istio service mesh. It provides the ability to +demonstrate the Istio sandbox including a service mesh and surrounding tools including tracing, +monitoring, and logging. The SDC sample comprises the following services: @@ -31,17 +28,17 @@ The SDC sample comprises the following services: * **Load Balancer** - provides basic round-robin load balancing to other downstream services without Istio provisions. Istio features built-in load balancing to provide - request routing for canary and A/B scenarios. The sample application employs both tiers + request routing for canary and A/B scenarios. The SDC sample employs both tiers of load balancing to demonstrate how load balancing algorithms can be controlled to address both network and application requirements. - * **Intrusion Detection System** - used to detect web vulnerabilities using limited set of - rules/signatures and send security alerts to the proxy. + * **Intrusion Detection System** - used to detect web security vulnerabilities using limited + set of rules/signatures and send security alerts to the proxy. * **Server** - simple web servers used to terminate web requests from the load balancing - services for end-to-end traffic flow. + services to enable end-to-end traffic flow. -The table below shows key details of the sample application Kubernetes manifest for the services +The table below shows key details of the sample Kubernetes manifest for the services outlined above: +---------------------+----------------------+------------------------+-----------------------+ @@ -103,12 +100,14 @@ in round-robin fashion. A controlling agent that can reside inside or outside of the mesh can be used to modify the run-time configuration of the services, which is denoted in green. Python sample scripts that implement a GRPC client act as a control-agent and are used to reconfigure http-lb-v2 to load -balance across clover-server4/5 instead of servers 1/2/3. The sample application provides -additional examples of modifying run-time configurations such as adding user-defined rules -to the snort-ids service to trigger alerts on other network events. +balance across clover-server4/5 instead of servers 1/2/3. The sample provides additional examples +of modifying run-time configurations such as adding user-defined rules to the snort-ids service +to trigger alerts on other network events. -Deploying the sample app -======================== +Deploying the sample +==================== + +.. _sdc_prerequisites: Prerequisites ------------- @@ -123,6 +122,8 @@ The following assumptions must be met before continuing on to deployment: recommended to use flannel, as most development work employed this network add-on. * Installation of Istio and Istio client (istioctl) is in your PATH (for deploy from source) +.. _sdc_deploy_container: + Deploy with Clover container ---------------------------- @@ -226,6 +227,8 @@ The result of the Istio deployment must include the following pods: istio-system istio-mixer-7f4fd7dff-mjpr8 3/3 Running istio-system istio-pilot-5f5f76ddc8-cglxs 2/2 Running +.. _sdc_ingress_port: + Determining the ingress IP and port ----------------------------------- @@ -247,8 +250,8 @@ configured ingress rule, which defines a gateway for external traffic to enter the Istio service mesh. This makes the traffic management and policy features of Istio available for edge services. -Using the sample app -==================== +Using the sample +================ To confirm the scenario is running properly, HTTP GET requests can be made from an external host with a destination of the Kubernetes cluster. Requests can be invoked from the host OS @@ -266,6 +269,8 @@ is operating correctly. However, the visibility into what services were accessed the service mesh remains hidden. The next section `Exposing tracing and monitoring`_ shows how to inspect the internals of the Istio service mesh. +.. _sdc_view_container: + Exposing tracing and monitoring ------------------------------- @@ -317,9 +322,10 @@ Where node IP is an IP from one of the Kubernetes cluster node(s). :align: center :scale: 100% + The diagram above shows the Jaeger tracing UI after traces have been fetched for the proxy-access-control service. After executing an HTTP request using the simple curl/wget -commands outlined in `Using the sample app`_ , a list of SDC services will be displayed +commands outlined in `Using the sample`_ , a list of SDC services will be displayed in the top left drop-down box labelled ``Service``. Choose ``proxy-access-control`` in the drop-down and click the ``Find Traces`` button at the bottom of the left controls. The blue box denotes what should be displayed for the services that were involved in @@ -341,6 +347,8 @@ For this example, it is conducted from the host OS of a Kubernetes cluster node. **Note, the subsequent instructions assume the flannel network CNI plugin is installed. Other Kubernetes networking plugins may work but have not been validated.** +.. _sdc_modify_lb: + Modifying the http-lb server list ---------------------------------- |