第九章 自定义mixer adapter
1 install/kubernetes/helm/istio/templates/crds.yaml
序号 名称 用途 分类 归属 1 virtualservices.networking.istio.io 用于路由,定义virtual service networking pilot 2 destinationrules.networking.istio.io 用于路由,定义destination rule 3 serviceentries.networking.istio.io 用于路由,定义service entry 4 gateways.networking.istio.io 用于路由,定义gateway 5 envoyfilters.networking.istio.io 使用filter为特定envoy添加特定配置 6 policies.authentication.istio.io 用于authn,作用域为namespace authentication citadel 7 meshpolicies.authentication.istio.io 用于authn,作用域为global 8 httpapispecbindings.config.istio.io apim mixer 9 httpapispecs.config.istio.io 10 quotaspecbindings.config.istio.io 11 quotaspecs.config.istio.io 12 rules.config.istio.io mixer rule,用于绑定handler和instance mixer core 13 attributemanifests.config.istio.io 定义envoy传递给mixer的用于policy和telemetry的attribute 14 bypasses.config.istio.io mixer adapter用于处理从envoy收集的数据 15 circonuses.config.istio.io 定义circonus adapter 16 deniers.config.istio.io 定义dinier adapter 17 fluentds.config.istio.io 定义fluentd adapter 18 kubernetesenvs.config.istio.io 定义kubernetesenv adapter 19 listcheckers.config.istio.io 定义list adapter 20 memquotas.config.istio.io 定义memquota adapter 21 noops.config.istio.io 22 opas.config.istio.io 定义opa adapter 23 prometheuses.config.istio.io 定义prometheus adapter 24 rbacs.config.istio.io 定义rbac adapter 25 redisquotas.config.istio.io 定义redisquota adapter 26 servicecontrols.config.istio.io 定义servicecontrol adapter 27 signalfxs.config.istio.io 定义signalfx adapter 28 solarwindses.config.istio.io 定义solarwinds adapter 29 stackdrivers.config.istio.io 定义stackdriver adapter 30 statsds.config.istio.io 定义statsd adapter 31 stdios.config.istio.io 定义stdio adapter 32 apikeys.config.istio.io 定义apikey template mixer instance用于定义从envoy收集的数据 33 authorizations.config.istio.io 定义authorization template 34 checknothings.config.istio.io 定义checknothing template 35 kuberneteses.config.istio.io 定义kubernetes template 36 listentries.config.istio.io 定义listentry template 37 logentries.config.istio.io 定义logentry template 38 edges.config.istio.io 39 metrics.config.istio.io 定义metric template 40 quotas.config.istio.io 定义quota template 41 reportnothings.config.istio.io 定义reportnothing template 42 servicecontrolreports.config.istio.io 定义servicecontrolreport template 43 tracespans.config.istio.io 定义tracespan template 44 rbacconfigs.rbac.istio.io 用于authz,定义istio的rbac策略 rbac 45 serviceroles.rbac.istio.io 用于authz,定义service role 46 servicerolebindings.rbac.istio.io 用于authz,定义service role binding 47 adapters.config.istio.io others 48 instances.config.istio.io 49 templates.config.istio.io 50 handlers.config.istio.io Istio Helm Chart 的安装配置解析 序号 chart 文件 k8s组件类型 k8s组件名称 用途 1 main _affinity.tpl 无 无 用于定义各个组件deployment chart中的nodeAffinity _helpers.tpl 无 无 用于定义各个组件chart中一些变量的默认值 configmap.yaml ConfigMap istio istio主配置configmap crds.yaml CustomResourceDefinition 共50个 istio需要的所有的crd资源 install-custom-resources.sh.tpl 无 无 用于定义grafana和security chart中configmap中所包含的脚本,验证istio-galley validatingwebhookconfiguration已经存在并且部署组件相关其他资源 sidecar-injector-configmap.yaml ConfigMap istio-sidecar-injector 用于定义sidecar injector的configmap 2 sidecarInjectorWebhook默认开启 _helpers.tpl 无 无 用于定义sidecarInjectorWebhook chart中一些变量的默认值 clusterrole.yaml ClusterRole istio-sidecar-injector-{{ .Release.Namespace }} 用于定义sidecarInjectorWebhook使用的clusterrole clusterrolebinding.yaml ClusterRoleBinding istio-sidecar-injector-admin-role-binding-{{ .Release.Namespace }} 用于定义sidecarInjectorWebhook使用的clusterrolebinding deployment.yaml Deployment istio-sidecar-injector 用于定义sidecarInjectorWebhook使用的deployment mutatingwebhook.yaml MutatingWebhookConfiguration istio-sidecar-injector 用于定义sidecarInjectorWebhook使用的mutatingwebhookconfiguration service.yaml Service istio-sidecar-injector 用于定义sidecarInjectorWebhook使用的service serviceaccount.yaml ServiceAccount istio-sidecar-injector-service-account 用于定义sidecarInjectorWebhook使用的serviceaccount 3 security默认开启 _helpers.tpl 无 无 用于定义security chart中一些变量的默认值 cleanup-secrets.yaml ServiceAccount istio-cleanup-secrets-service-account 在helm删除istio后对citadel中的secret进行清理 ClusterRole istio-cleanup-secrets-{{ .Release.Namespace }} ClusterRoleBinding istio-cleanup-secrets-{{ .Release.Namespace }} Job istio-cleanup-secrets clusterrole.yaml ClusterRole istio-citadel-{{ .Release.Namespace }} 用于定义citadel相关clusterole clusterrolebinding.yaml ClusterRoleBinding istio-citadel-{{ .Release.Namespace }} 用于定义citdel相关clusterrolebinding configmap.yaml ConfigMap istio-security-custom-resources 用于定义citidel相关configmap,与global values中的mtls.enabled相关,是否启用全局的mtls authn create-custom-resources-job.yaml ServiceAccount istio-security-post-install-account 在global values的mtls.enabled设置为true后才会生效,建立mtls相关serviceaccount,clusterrole,clusterrolebinding,以及comfigmap中定义的其他相关对象 ClusterRole istio-security-post-install-{{ .Release.Namespace }} ClusterRoleBinding istio-security-post-install-role-binding-{{ .Release.Namespace }} Job istio-security-post-install deployment.yaml Deployment istio-citadel 用于定义citadel相关deployment enable-mesh-mtls.yaml MeshPolicy default 在global values的mtls.enabled设置为true后,这些资源会写入configmap DestinationRule default DestinationRule api-server meshexpansion.yaml VirtualService meshexpansion-citadel 在global values的meshExpansion设置为true后,新建citadel相关virtualservice VirtualService meshexpansion-ilb-citadel 在global values的meshExpansionILB设置为true后,新建citadel相关virtualservice service.yaml Service istio-citadel 用于定义citade相关service serviceaccount.yaml ServiceAccount istio-citadel-service-account 用于定义citade相关serviceaccount 4 galley默认开启 _helpers.tpl 无 无 用于定义galley chart中一些变量的默认值 clusterrole.yaml ClusterRole istio-galley-{{ .Release.Namespace }} 用于定义galley相关clusterrole clusterrolebinding.yaml ClusterRoleBinding istio-galley-admin-role-binding-{{ .Release.Namespace }} 用于定义galley相关clusterrolebinding configmap.yaml ConfigMap istio-galley-configuration 用于定义galley相关configmap deployment.yaml Deployment istio-galley 用于定义galley相关deployment service.yaml Service istio-galley 用于定义galley相关service serviceaccount.yaml ServiceAccount istio-galley-service-account 用于定义galley相关serviceaccount validatingwehookconfiguration.yaml.tpl ValidatingWebhookConfiguration istio-galley 用于定义对pilot和mixer的配置进行验证,与galley deployment关联 5 mixer默认开启 _helpers.tpl 无 无 用于定义mixer chart中一些变量的默认值 autoscale.yaml HorizontalPodAutoscaler istio-policy 用于定义mixer,包括policy和telemetry的horizontalpodautoscaler HorizontalPodAutoscaler istio-telemetry clusterrole.yaml ClusterRole istio-mixer-{{ .Release.Namespace }} 用于定义mixer相关clusterole clusterrolebinding.yaml ClusterRoleBinding istio-mixer-admin-role-binding-{{ .Release.Namespace }} 用于定义mixer相关clusterolebinding config.yaml attributemanifest istioproxy 用于定义从envoy到mixer的attributemanifest attributemanifest kubernetes 用于定义从k8s到mixer的attributemanifest stdio handler 用于定义stdio handler logentry accesslog 用于定义http logentry instance logentry tcpaccesslog 用于定义tcp logentry instance rule stdio 用于定义从accesslog.logentry到handler.stdio的rule,将accesslog发送至stdio rule stdiotcp 用于定义从tcpaccesslog.logentry到handler.stdio的rule,将tcpaccesslog发送至stdio metric requestcount 用于定义requestcount metric instance metric requestduration 用于定义requestduration metric instance metric requestsize 用于定义requestsize metric instance metric responsesize 用于定义responsesize metric instance metric tcpbytesent 用于定义tcpbytesent metric instance metric tcpbytereceived 用于定义tcpbytereceived metric instance prometheus handler 用于定义prometheus handler rule promhttp 用于定义从requestcount.metric,requestduration.metric,requestsize.metric和responsesize.metric到handler.prometheus的rule,将http metric发送至prometheus rule promtcp 用于定义从tcpbytesent.metric和tcpbytereceived.metric到handler.prometheus的rule,将tcp metric发送至prometheus kubernetesenv handler 用于定义kubernetesenv handler rule kubeattrgenrulerule 用于定义从attributes.kubernetes到handler.kubernetesenv的rule,生成kubernetes相关attribute rule tcpkubeattrgenrulerule 用于定义从attributes.kubernetes到handler.kubernetesenv的rule,生成kubernetes tcp相关attribute kubernetes attributes 用于定义kubernetes相关attribute instance DestinationRule istio-policy 用于定义istio-policy相关destinationrule DestinationRule istio-telemetry 用于定义istio-telemetry相关destinationrule configmap.yaml ConfigMap istio-statsd-prom-bridge 用于定义istio-statsd-prom-bridge相关configmap deployment.yaml Deployment istio-policy 用于定义istio-policy相关deployment Deployment istio-telemetry 用于定义istio-telemetry相关deployment service.yaml Service istio-policy 用于定义istio-policy相关service Service istio-telemetry 用于定义istio-telemetry相关service serviceaccount.yaml ServiceAccount istio-mixer-service-account 用于定义mixer相关serviceaccount statsdtoprom.yaml Service istio-statsd-prom-bridge 用于定义istio-statsd-prom-bridge相关service Deployment istio-statsd-prom-bridge 用于定义istio-statsd-prom-bridge相关deployment 6 pilot默认开启 autoscale.yaml horizontalPodAutoscaler istio-pilot 用于定义pilot相关horizontalpodautoscaler clusterrole.yaml ClusterRole istio-pilot 用于定义pilot相关clusterrole clusterrolebinding.yaml ClusterRoleBinding istio-pilot 用于定义pilot相关clusterrolebinding deployment.yaml Deployment istio-pilot 用于定义pilot相关deployment gateway.yaml Gateway istio-autogenerated-k8s-ingress 用于定义pilot相关gateway,缺省向前兼容,使用ingress Gateway meshexpansion-gateway 用于定义pilot相关gateway,如果global.meshExpansion设置为true,则将pilot暴露在gateway Gateway meshexpansion-ilb-gateway 用于定义pilot相关gateway,如果global.meshExpansionILB设置为true,则将pilot暴露在internal gateway meshexpansion.yaml VirtualService meshexpansion-pilot 在global values的meshExpansion设置为true后,新建pilot相关virtualservice VirtualService ilb-meshexpansion-pilot 在global values的meshExpansionILB设置为true后,新建pilot相关virtualservice service.yaml Service istio-pilot 用于定义pilot相关service serviceaccount.yaml ServiceAccount istio-pilot-service-account 用于定义pilot相关serviceaccount 7 gateways默认开启 autoscale.yaml horizontalPodAutoscaler istio-ingressgateway 用于定义ingressgateway相关horizontalpodautoscaler horizontalPodAutoscaler istio-egressgateway 用于定义egressgateway相关horizontalpodautoscaler horizontalPodAutoscaler istio-ilbgateway 用于定义ilbgateway相关horizontalpodautoscaler,默认关闭,只支持gcp clusterrole.yaml ClusterRole istio-ingressgateway-{{ $.Release.Namespace }} 用于定义ingressgateway相关clusterrole ClusterRole istio-egressgateway-{{ $.Release.Namespace }} 用于定义egressgateway相关clusterrole ClusterRole istio-ilbgateway-{{ $.Release.Namespace }} 用于定义ilbgateway相关clusterrole,默认关闭,只支持gcp clusterrolebinding.yaml ClusterRoleBinding istio-ingressgateway-{{ $.Release.Namespace }} 用于定义ingressgateway相关clusterrolebinding ClusterRoleBinding istio-egressgateway-{{ $.Release.Namespace }} 用于定义egressgateway相关clusterrolebinding ClusterRoleBinding istio-ilbgateway-{{ $.Release.Namespace }} 用于定义ilbgateway相关clusterrolebindig,默认关闭,只支持gcp deployment.yaml Deployment istio-ingressgateway 用于定义ingressgateway相关deployment Deployment istio-egressgateway 用于定义egressgateway相关deployment Deployment istio-ilbgateway 用于定义ilbgateway相关deployment,默认关闭,只支持gcp service.yaml Service istio-ingressgateway 用于定义ingressgateway相关service Service istio-egressgateway 用于定义egressgateway相关service Service istio-ilbgateway 用于定义ilbgateway相关service,默认关闭,只支持gcp serviceaccount.yaml ServiceAccount istio-ingressgateway-service-account 用于定义ingressgateway相关serviceaccount ServiceAccount istio-egressgateway-service-account 用于定义egressgateway相关serviceaccount ServiceAccount istio-ilbgateway-service-account 用于定义ilbgateway相关serviceaccount,默认关闭,只支持gcp 8 prometheus默认开启 _helpers.tpl 无 无 用于定义prometheus chart中一些变量的默认值 clusterrole.yaml ClusterRole prometheus-{{ .Release.Namespace }} 用于定义prometheus相关clusterrole clusterrolebinding.yaml ClusterRoleBinding prometheus-{{ .Release.Namespace }} 用于定义prometheus相关clusterrolebinding configmap.yaml ConfigMap prometheus 用于定义prometheus相关configmap deployment.yaml Deployment prometheus 用于定义prometheus相关deployment service.yaml Service prometheus 用于定义prometheus相关service serviceaccount.yaml ServiceAccount prometheus 用于定义prometheus相关serviceaccount 9 telemetry-gateway默认关闭 gateway.yaml Gateway istio-telemetry-gateway 用于定义prometheus和grafana的gateway,如果prometheusEnabled设置为true,则添加prometheus相关gateway配置,如果grafanaEnabled设置为true,则添加grafana相关gateway配置 DestinationRule grafana 定义prometheus相关destinationrule DestinationRule prometheus 定义grafana相关destinationrule VirtualService telemetry-virtual-service 用于定义prometheus和grafana的virtualservice,如果prometheusEnabled设置为true,则添加prometheus相关virtualservice配置,如果grafanaEnabled设置为true,则添加grafana相关virtualservice配置 10 ingress默认关闭legacy ingress support autoscale.yaml HorizontalPodAutoscaler istio-ingress 用于定义ingress相关horizontalpodautoscaler clusterrole.yaml ClusterRole istio-ingress-{{ .Release.Namespace }} 用于定义ingress相关clusterrole clusterrolebinding.yaml ClusterRoleBinding istio-ingress-{{ .Release.Namespace }} 用于定义ingress相关clusterrolebinding deployment.yaml Deployment istio-ingress 用于定义ingress相关deployment service.yaml Service istio-ingress 用于定义ingress相关service serviceaccount.yaml ServiceAccount istio-ingress-service-account 用于定义ingress相关serviceaccount 11 grafana默认关闭 _helpers.tpl 无 无 用于定义grafana chart中一些变量的默认值 configmap.yaml ConfigMap istio-grafana-custom-resources 用于定义grafana相关configmap create-custom-resources-job.yaml ServiceAccount istio-grafana-post-install-account 用于定义grafana post install相关serviceaccount ClusterRole istio-grafana-post-install-{{ .Release.Namespace }} 用于定义grafana post install相关clusterrole ClusterRoleBinding istio-grafana-post-install-role-binding-{{ .Release.Namespace }} 用于定义grafana post install相关clusterrolebinding Job istio-grafana-post-install 用于定义grafana post install相关job deployment.yaml Deployment grafana 用于定义grafana相关deployment grafana-ports-mtls.yaml Policy grafana-ports-mtls-disabled 对grafana访问开启mtls pvc.yaml PersistentVolumeClaim istio-grafana-pvc 如果persist设置为true,则为grafana新建pvc和pv secret.yaml Secret grafana 如果security.enabled设置为true,则为grafana启用authn service.yaml Service grafana 用于定义grafana相关service 12 servicegraph默认关闭 _helpers.tpl 无 无 用于定义servicegraph chart中一些变量的默认值 deployment.yaml Deployment servicegraph 用于定义servicegraph相关deployment ingress.yaml Ingress servicegraph 用于定义servicegraph相关ingress service.yaml Service servicegraph 用于定义servicegraph相关service 13 tracing默认关闭 _helpers.tpl 无 无 用于定义tracing chart中一些变量的默认值 deployment.yaml Deployment istio-tracing 用于定义jaeger tracing相关deployment ingress-jaeger.yaml Ingress jaeger-query 用于定义jaeger tracing相关ingress ingress.yaml Ingress tracing 用于定义zipkin tracing相关ingress service-jaeger.yaml Service jaeger-query 用于定义jaeger tracing query相关service Service jaeger-collector 用于定义jaeger tracing collector相关service Service jaeger-agent 用于定义jaeger tracing agent相关service service.yaml Service zipkin 用于定义zipkin tracing相关service Service tracing 用于定义jaeger tracing相关service 14 kiali默认关闭 clusterrole.yaml ClusterRole kiali 用于定义kiali相关clusterrole clusterrolebinding.yaml ClusterRoleBinding istio-kiali-admin-role-binding-{{ .Release.Namespace }} 用于定义kiali相关clusterrolebinding configmap.yaml ConfigMap kiali 用于定义kiali相关configmap deployment.yaml Deployment kiali 用于定义kiali相关deployment ingress.yaml Ingress kiali 用于定义kiali相关ingress secrets.yaml Secret kiali 用于定义kiali相关secret service.yaml Service kiali 用于定义kiali相关service serviceaccount.yaml ServiceAccount kiali-service-account 用于定义kiali相关serviceaccount 15 certmanager默认关闭 _helpers.tpl 无 无 用于定义certmanager chart中一些变量的默认值 crds.yaml CustomResourceDefinition clusterissuers.certmanager.k8s.io 用于定义certmanager相关crd CustomResourceDefinition issuers.certmanager.k8s.io CustomResourceDefinition certificates.certmanager.k8s.io deployment.yaml Deployment certmanager 用于定义certmanager相关deployment issuer.yaml ClusterIssuer letsencrypt-staging 用于定义certmanager相关clusterissuer ClusterIssuer letsencrypt rbac.yaml ClusterRole certmanager 用于定义certmanager相关clusterrole ClusterRoleBinding certmanager 用于定义certmanager相关clusterrolebinding certmanager ServiceAccount certmanager 用于定义certmanager相关serviceaccount