ideas.adoc

ISTIO Workspace Ideation

Related resources

• Related talk Using Istio for Developing Locally, OSCON 2018

• Mindmap

Open questions

• automatic sidecar injection not working on DeploymentConfig, manual istioctl kube-inject works with oc apply

Ideas

Options for routing

• Possible to piggyback on Tracing variables to avoid additional http header propagation?

• Subdomain as entrypoint vs http header?

  • Subdomain easy for user access

  • http header: js lib for the client to detect available versions and swap between them?

PR preview deployment

Report stats on PR

• error rate up 10%

• performance down 10%

Control type of deployment via PR commands

• "measure 10% shadow"

• "measure correctness"

• "expose"

Local Dev

cli-x proxy -n myapp servicex -strategy 'userauth:me'

• Modify VirtualService

• Clone existing service

• Set strategy

• Route to new service

• teleprecense new service

• start local

Reverse lookup service to source

cli-x start-work -n myapp servicex

• lookup servicex in myapp namespace

• lookup git-ref on service

• clone/checkout git-ref

Create special egress gateway for the dev route to external call inspection/debug

• feedback traffic to client, e.g. "external calls" window in IDE

Concepts

X

When a service is in 'observation'/dev mode

X Trace

The method of determining when a call is in an X 'session' and allow services/middlware to act accordingly

Shadow Proxy

Injected/Configured during X to control behavior of responses of calls to external/other services

MVP

Local run existing service from git repo based on service name

Service

https://istio.io/docs/tasks/traffic-management/request-routing/#route-based-on-user-identity + something gateway external DNS subdomain

Session CRD
    Field (Ref, ?)
    Status: (?)
Watching Session CRD
    Add (store state in Status)
        Find/Clone D/DC
        Find/Create VirtualService
            Create HTTP Headers
                Bookinfo; end-user: x (MVP)
        Find/Create DestinationRule
    Remove
        Cleanup based on CRD.Status

Cli

Create Sessions CRD
Wait for Status (Handler error)
Read 'RouteInfo' Status for e.g. TP
    Headers, Values, External DNS
Start TP ()
    Should handle filewatch changes, relaunch...? (cli --watch ....)
    How to compile?
    How to run it? (inspect D/DC)

.workspace.meta {build:cmd, run:cmd}
    check che app def... (odo)

Execute a local cli to set up safe production route for my local service

> ./ike develop "DeploymentName" --user x [--watch] [--session "Username#Branch+UID(5char)"]

        ... tp...
            ... ike... [-watch]
                ... my build...
                ... my process...

            -> you can now reach app on X using header Y... enjoy!

Tasks

• Scaffold CLI project

  • Run TP

  • Define .workspace.meta

    • build…​

    • run…​

• Run / Watch build..service

• Scaffold Service project

  • Add custom route

    • Find/Clone/Create DC/VS/DR

  • Remove custom route

    • Find/Clone/Remove DC/VS/DR

  • istio.io/api/…​.. generation not fully working something figure out (Rob)

Next steps:

• ike in IDE

• ike in CI

• what are the limitation?

  • datastores etc etc

Pains

• The SA/User the server runs under needs to have anyuid and privileged set else TP can’t connect

  • oc adm policy add-scc-to-user privileged -z istio-workspace -n istio-system

  • oc adm policy add-scc-to-user anyuid -z istio-workspace -n istio-system