ããŒãã 翻蚳ã:
Istio ãšãµã³ãã« ãã€ã¯ããµãŒãã¹ ã¢ããªã±ãŒã·ã§ã³ã§ããã»ã³ãã¡ã³ãåæããããã€ãã Kubernetes ã¯ã©ã¹ã¿ãŒãã»ããã¢ããããŠãIstio ã®æ©èœãå®èšŒããŸããã
Istio ã䜿çšãããšãåè©Šè¡ãã¿ã€ã ã¢ãŠãããµãŒããã ãã¬ãŒã«ãŒããã¬ãŒã¹ãã¢ãã¿ãªã³ã°ãªã©ã®ã¬ã€ã€ãŒãå®è£
ããå¿
èŠããªãããããµãŒãã¹ãå°ããä¿ã€ããšãã§ããŸãããããã«ãA/B ãã¹ãããã©ãŒãªã³ã°ãã«ããªã¢ ããŒã«ã¢ãŠããªã©ã®é«åºŠãªãã¹ãããã³å±éææ³ã䜿çšããŸããã
æ°ããè³æã§ã¯ãããžãã¹äŸ¡å€ãžã®éã®æåŸã®ã¬ã€ã€ãŒã§ããèªèšŒãšèªå¯ãæ±ããŸããIstio ã§ã¯ãããæ¬åœã«æ¥œããã®ã§ãã
Istio ã§ã®èªèšŒãšèªå¯
ãŸããèªåãèªèšŒãšèªå¯ããã€ã³ã¹ãã¬ãŒã·ã§ã³ãåãããšã¯æã£ãŠãããŸããã§ããããããã®ãããã¯ã楜ãããããã«ã€ã³ã¹ãã¬ãŒã·ã§ã³ãäžããããã«ããã¯ãããžãŒã®èŠ³ç¹ãã Istio ã¯äœãæäŸã§ããã§ãããã?
çãã¯ç°¡åã§ããIstio ã¯ããããã®æ©èœã«å¯Ÿãã責任ããµãŒãã¹ãã Envoy ãããã·ã«ç§»ããŸãããªã¯ãšã¹ãããµãŒãã¹ã«å°éãããŸã§ã«ããªã¯ãšã¹ãã¯ãã§ã«èªèšŒããã³èš±å¯ãããŠãããããå¿ èŠãªã®ã¯ããžãã¹ã«åœ¹ç«ã€ã³ãŒããèšè¿°ããããšã ãã§ãã
ããã§ããïŒäžãèŠããŠã¿ãŸãããïŒ
Auth0ã«ããèªèšŒ
ID ãšã¢ã¯ã»ã¹ç®¡çã®ãµãŒããŒãšããŠãAuth0 ã䜿çšããŸããAuthXNUMX ã«ã¯è©ŠçšçããããçŽæçã«äœ¿çšã§ããåçŽã«æ°ã«å
¥ã£ãŠããŸãããã ããåãååã¯ä»ã®ãã®ã«ãé©çšã§ããŸãã
å§ããã«ã¯ãã«ã¢ã¯ã»ã¹ããŠãã ãã
ãã¡ã€ã«å
ã§ãã®ãã¡ã€ã³ãæå®ããŸã resource-manifests/istio/security/auth-policy.yaml
(
apiVersion: authentication.istio.io/v1alpha1
kind: Policy
metadata:
name: auth-policy
spec:
targets:
- name: sa-web-app
- name: sa-feedback
origins:
- jwt:
issuer: "https://{YOUR_DOMAIN}/"
jwksUri: "https://{YOUR_DOMAIN}/.well-known/jwks.json"
principalBinding: USE_ORIGIN
ãã®ãããªãªãœãŒã¹ã䜿çšããŠããã€ããã㯠(Istio ã® 3 ã€ã®åºæ¬çãªã³ã³ãããŒã« ãã¬ãŒã³ ã³ã³ããŒãã³ãã® 1 〠- ããããã®ç¿»èš³) ãªã¯ãšã¹ãããµãŒãã¹ã«è»¢éããåã«èªèšŒããããã« Envoy ãæ§æããŸãã sa-web-app
О sa-feedback
ãåæã«ãæ§æã¯ãµãŒãã¹ Envoy ã«ã¯é©çšãããŸããã sa-frontend
ããã«ãããããã³ããšã³ããèªèšŒãããªããŸãŸã«ããããšãã§ããŸããããªã·ãŒãé©çšããã«ã¯ã次ã®ã³ãã³ããå®è¡ããŸãã
$ kubectl apply -f resource-manifests/istio/security/auth-policy.yaml
policy.authentication.istio.io âauth-policyâ created
ããŒãžã«æ»ã£ãŠãªã¯ãšã¹ããå®è¡ããŸãããªã¯ãšã¹ãã次ã®ã¹ããŒã¿ã¹ã§çµäºããããšãããããŸãã 401æªæ¿èªã次ã«ãããã³ããšã³ã ãŠãŒã¶ãŒã Auth0 ã§èªèšŒããããã«ãªãã€ã¬ã¯ãããŸãããã
Auth0 ã«ãããªã¯ãšã¹ãã®èªèšŒ
ãšã³ã ãŠãŒã¶ãŒã®ãªã¯ãšã¹ããèªèšŒããã«ã¯ãèªèšŒããããµãŒãã¹ (ã¬ãã¥ãŒã詳现ãè©äŸ¡) ãè¡šã API ã Auth0 ã§äœæããå¿ èŠããããŸãã API ãäœæããã«ã¯ã次ã®å Žæã«ç§»åããŸãã Auth0 ããŒã¿ã« > API > API ã®äœæ ãããŠãã©ãŒã ã«èšå ¥ããŠãã ãã:
ããã§éèŠãªæ
å ±ã¯ã èå¥ããããã¯ãã¹ã¯ãªããã®åŸåã§äœ¿çšããŸãã次ã®ããã«æžãçããŠã¿ãŸãããã
- Audience: {YOUR_AUDIENCE}
å¿ èŠãªæ®ãã®è©³çŽ°ã¯ãAuth0 ããŒã¿ã«ã®ã»ã¯ã·ã§ã³ã«ãããŸãã ã¢ããªã±ãŒã·ã§ã³ - éžæãã ãã¹ãã¢ããªã±ãŒã·ã§ã³ (API ãšãšãã«èªåçã«äœæãããŸã)ã
ããã§ã¯æ¬¡ã®ããã«æžããŸãã
- ãã¡ã€ã³: {ããªãã®ãã¡ã€ã³}
- ã¯ã©ã€ã¢ã³ãID: {YOUR_CLIENT_ID}
ãŸã§ã¹ã¯ããŒã«ããŸã ãã¹ãã¢ããªã±ãŒã·ã§ã³ ããã¹ããã£ãŒã«ããž èš±å¯ãããã³ãŒã«ãã㯠URL (ã³ãŒã«ããã¯ã®è§£æ±ºããã URL)ãèªèšŒã®å®äºåŸã«åŒã³åºããéä¿¡ãã URL ãæå®ããŸããç§ãã¡ã®å Žåã¯æ¬¡ã®ããã«ãªããŸãã
http://{EXTERNAL_IP}/callback
ãã㊠蚱å¯ããããã°ã¢ãŠã URL (ãã°ã¢ãŠãçšã«èš±å¯ããã URL) ãè¿œå ããŸãã
http://{EXTERNAL_IP}/logout
ããã³ããšã³ãã«ç§»ããŸãããã
ããã³ããšã³ãã®ã¢ããããŒã
ãã©ã³ãã«åãæ¿ãã auth0
ãªããžã㪠[istio-mastery]
ããã®ãã©ã³ãã§ã¯ãèªèšŒã®ããã«ãŠãŒã¶ãŒã Auth0 ã«ãªãã€ã¬ã¯ãããä»ã®ãµãŒãã¹ãžã®ãªã¯ãšã¹ã㧠JWT ããŒã¯ã³ã䜿çšããããã«ããã³ããšã³ã ã³ãŒããå€æŽãããŠããŸããåŸè
ã¯æ¬¡ã®ããã«å®è£
ãããŸã(
analyzeSentence() {
fetch('/sentiment', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${auth.getAccessToken()}` // Access Token
},
body: JSON.stringify({ sentence: this.textField.getValue() })
})
.then(response => response.json())
.then(data => this.setState(data));
}
Auth0 ã§ããã³ã ããŒã¿ã䜿çšããããã«ããã³ããšã³ããåãæ¿ããã«ã¯ã次ã®ã³ãã³ããéããŸãã sa-frontend/src/services/Auth.js
ãã®äžã§äžã§æžããå€ã眮ãæããŸã(
const Config = {
clientID: '{YOUR_CLIENT_ID}',
domain:'{YOUR_DOMAIN}',
audience: '{YOUR_AUDIENCE}',
ingressIP: '{EXTERNAL_IP}' // ÐÑпПлÑзÑеÑÑÑ ÐŽÐ»Ñ ÑеЎОÑекÑа пПÑле аÑÑеМÑОÑОкаÑОО
}
ã¢ããªã±ãŒã·ã§ã³ã®æºåãã§ããŸãããå ããããå€æŽããã«ãããŠãããã€ãããšãã«ã以äžã®ã³ãã³ã㧠Docker ID ãæå®ããŸãã
$ docker build -f sa-frontend/Dockerfile
-t $DOCKER_USER_ID/sentiment-analysis-frontend:istio-auth0
sa-frontend
$ docker push $DOCKER_USER_ID/sentiment-analysis-frontend:istio-auth0
$ kubectl set image deployment/sa-frontend
sa-frontend=$DOCKER_USER_ID/sentiment-analysis-frontend:istio-auth0
ã¢ããªãè©ŠããŠã¿ãŸãããïŒ Auth0 ã«ãªãã€ã¬ã¯ããããããã§ãã°ã€ã³ (ãŸãã¯ç»é²) ããå¿ èŠããããŸãããã®åŸããã§ã«èªèšŒããããªã¯ãšã¹ããè¡ãããããŒãžã«æ»ããŸããèšäºã®æåã®éšåã§èª¬æããã³ãã³ããcurlã§è©Šããšã次ã®ã³ãŒããåŸãããŸãã 401 ã¹ããŒã¿ã¹ã³ãŒãããªã¯ãšã¹ããæ¿èªãããŠããªãããšã瀺ããŸãã
次ã®ã¹ãããã«é²ã¿ããªã¯ãšã¹ããæ¿èªããŸãããã
Auth0ã«ããèªå¯
èªèšŒã«ãããŠãŒã¶ãŒã誰ã§ããããç解ã§ããŸããããŠãŒã¶ãŒãäœã«ã¢ã¯ã»ã¹ã§ããããç¥ãã«ã¯æ¿èªãå¿ èŠã§ãã Istio ã¯ãã®ããã®ããŒã«ãæäŸããŠããŸãã
äŸãšããŠã2 ã€ã®ãŠãŒã¶ãŒ ã°ã«ãŒããäœæããŠã¿ãŸããã (äžã®å³ãåç §)ã
- ã¡ã³ã㌠ïŒãŠãŒã¶ãŒïŒ â SA-WebApp ããã³ SA-Frontend ãµãŒãã¹ãžã®ã¢ã¯ã»ã¹ã®ã¿ã
- ã¢ãã¬ãŒã¿ãŒ (åžäŒè ) â 3 ã€ã®ãµãŒãã¹ãã¹ãŠã«ã¢ã¯ã»ã¹ã§ããŸãã
èªå¯ã®æŠå¿µ
ãããã®ã°ã«ãŒããäœæããã«ã¯ãAuth0 Authorization æ¡åŒµæ©èœã䜿çšããIstio ã䜿çšããŠããŸããŸãªã¬ãã«ã®ã¢ã¯ã»ã¹ãæäŸããŸãã
Auth0 èªå¯ã®ã€ã³ã¹ããŒã«ãšæ§æ
Auth0 ããŒã¿ã«ã§ãæ¡åŒµæ©èœ (æ¡åŒµæ©èœ) ãã€ã³ã¹ããŒã«ããŠãã ãã Auth0 èªå¯ãã€ã³ã¹ããŒã«åŸã次ã®å Žæã«ç§»åããŸã èªå¯ã®å»¶é·ãããã« - å³äžãã¯ãªãã¯ããŠé©åãªã¡ãã¥ãŒ ãªãã·ã§ã³ãéžæããŠãããã³ãã®æ§æã«ç§»åããŸã ïŒæ§æïŒãã°ã«ãŒããã¢ã¯ãã£ãåãã ïŒã°ã«ãŒãïŒ ãããŠãã«ãŒã«ã®å ¬éããã¿ã³ãã¯ãªãã¯ããŸã (å ¬éã«ãŒã«).
ã°ã«ãŒããäœæãã
èªèšŒæ¡åŒµã§ã次ã®å Žæã«ç§»åããŸãã ã°ã«ãŒã ãããŠã°ã«ãŒããäœæããŸã ã¢ãã¬ãŒã¿ãŒãèªèšŒããããã¹ãŠã®ãŠãŒã¶ãŒãéåžžã®ãŠãŒã¶ãŒãšããŠæ±ããããè¿œå ã®ã°ã«ãŒããäœæããå¿ èŠã¯ãããŸããã
ã°ã«ãŒããéžæ ã¢ãã¬ãŒã¿ãŒãМажЌОÑеМа ã¡ã³ããŒãè¿œå , ã¡ã€ã³ã¢ã«ãŠã³ããè¿œå ããŸããã¢ã¯ã»ã¹ã確å®ã«æåŠãããããã«ãäžéšã®ãŠãŒã¶ãŒãã°ã«ãŒããªãã®ãŸãŸã«ããŠãããŸãã (æ°ãããŠãŒã¶ãŒã¯ã次ã®æ¹æ³ã§æåã§äœæã§ããŸã) Auth0 ããŒã¿ã« > ãŠãŒã¶ãŒ > ãŠãŒã¶ãŒã®äœæ.)
ã¢ã¯ã»ã¹ããŒã¯ã³ã«ã°ã«ãŒãã¯ã¬ãŒã ãè¿œå
ãŠãŒã¶ãŒã¯ã°ã«ãŒãã«è¿œå ãããŸãããããã®æ
å ±ã¯ã¢ã¯ã»ã¹ ããŒã¯ã³ã«ãåæ ãããå¿
èŠããããŸãã OpenID Connect ã«æºæ ããåæã«å¿
èŠãªã°ã«ãŒããè¿ãã«ã¯ãããŒã¯ã³ã«ç¬èªã®è¿œå ãè¡ãå¿
èŠããããŸãã
ã«ãŒã«ãäœæããã«ã¯ãAuth0 ããŒã¿ã«ã«ç§»åããŠã ãã£ã³ããŒã³ã®ã«ãŒã«ãМажЌОÑеМа ã«ãŒã«ã®äœæ ãã³ãã¬ãŒããã空ã®ã«ãŒã«ãéžæããŸãã
以äžã®ã³ãŒããã³ããŒããæ°ããã«ãŒã«ãšããŠä¿åããŸã ã°ã«ãŒãã¯ã¬ãŒã ã®è¿œå (
function (user, context, callback) {
context.accessToken['https://sa.io/group'] = user.groups[0];
return callback(null, user, context);
}
泚æ: ãã®ã³ãŒãã¯ãèªå¯æ¡åŒµæ©èœã§å®çŸ©ãããæåã®ãŠãŒã¶ãŒ ã°ã«ãŒããååŸãããããã«ã¹ã¿ã ã¯ã¬ãŒã ãšããŠã¢ã¯ã»ã¹ ããŒã¯ã³ã«è¿œå ããŸã (Auth0 ã§å¿ èŠãªåå空éã®äž)ã
ããŒãžã«æ»ã ãã£ã³ããŒã³ã®ã«ãŒã« 2 ã€ã®ã«ãŒã«ã次ã®é åºã§èšè¿°ãããŠããããšã確èªããŸãã
- auth0-èªå¯æ¡åŒµå
- ã°ã«ãŒãã¯ã¬ãŒã ã®è¿œå
ã°ã«ãŒããã£ãŒã«ãã¯ã«ãŒã«ãéåæçã«åä¿¡ãããããé åºã¯éèŠã§ãã auth0-èªå¯æ¡åŒµå ãã®åŸã2 çªç®ã®ã«ãŒã«ã«ãã£ãŠã¯ã¬ãŒã ãšããŠè¿œå ãããŸããçµæã¯æ¬¡ã®ãããªã¢ã¯ã»ã¹ ããŒã¯ã³ã«ãªããŸãã
{
"https://sa.io/group": "Moderators",
"iss": "https://sentiment-analysis.eu.auth0.com/",
"sub": "google-oauth2|196405271625531691872"
// [ÑПкÑаÑеМП ÐŽÐ»Ñ ÐœÐ°Ð³Ð»ÑЎМПÑÑО]
}
ããã§ããŠãŒã¶ãŒ ã¢ã¯ã»ã¹ããã§ãã¯ããããã« Envoy ãããã·ãæ§æããå¿
èŠããããŸãããŠãŒã¶ãŒ ã¢ã¯ã»ã¹ã«å¯ŸããŠãã°ã«ãŒãã¯èŠæ±ãããã«ãããŸã (https://sa.io/group
) è¿ãããã¢ã¯ã»ã¹ ããŒã¯ã³ã«å«ãŸããŸããããã¯ããã®èšäºã®æ¬¡ã®ã»ã¯ã·ã§ã³ã®ãããã¯ã§ãã
Istio ã§ã®èªå¯æ§æ
èªèšŒãæ©èœããã«ã¯ãIstio ã® RBAC ãæå¹ã«ããå¿ èŠããããŸãããããè¡ãã«ã¯ã次ã®æ§æã䜿çšããŸãã
apiVersion: "rbac.istio.io/v1alpha1"
kind: RbacConfig
metadata:
name: default
spec:
mode: 'ON_WITH_INCLUSION' # 1
inclusion:
services: # 2
- "sa-frontend.default.svc.cluster.local"
- "sa-web-app.default.svc.cluster.local"
- "sa-feedback.default.svc.cluster.local"
説æïŒ
- 1 - ãã£ãŒã«ãã«ãªã¹ããããŠãããµãŒãã¹ãšåå空éã«å¯ŸããŠã®ã¿ RBAC ãæå¹ã«ããŸãã
Inclusion
; - 2 â åœç€Ÿã®ãµãŒãã¹ã®ãªã¹ããèšèŒããŸãã
次ã®ã³ãã³ãã䜿çšããŠæ§æãé©çšããŸãããã
$ kubectl apply -f resource-manifests/istio/security/enable-rbac.yaml
rbacconfig.rbac.istio.io/default created
ãã¹ãŠã®ãµãŒãã¹ã«åœ¹å²ããŒã¹ã®ã¢ã¯ã»ã¹å¶åŸ¡ãå¿
èŠã«ãªããŸãããã€ãŸãããã¹ãŠã®ãµãŒãã¹ãžã®ã¢ã¯ã»ã¹ãçŠæ¢ãããå¿çãè¿ãããŸãã RBAC: access denied
ã次ã«ãèš±å¯ããããŠãŒã¶ãŒã«ã¢ã¯ã»ã¹ãèš±å¯ããŸãããã
äžè¬ãŠãŒã¶ãŒã®ã¢ã¯ã»ã¹æ§æ
ãã¹ãŠã®ãŠãŒã¶ãŒã¯ SA-Frontend ãµãŒãã¹ããã³ SA-WebApp ãµãŒãã¹ã«ã¢ã¯ã»ã¹ã§ããå¿ èŠããããŸãã次㮠Istio ãªãœãŒã¹ã䜿çšããŠå®è£ ãããŸãã
- ãµãŒãã¹ããŒã« â ãŠãŒã¶ãŒãæã€æš©å©ã決å®ããŸãã
- ãµãŒãã¹ããŒã«ãã€ã³ãã£ã³ã° â ãã® ServiceRole ã誰ã«å±ãããã決å®ããŸãã
äžè¬ãŠãŒã¶ãŒã«å¯ŸããŠã¯ãç¹å®ã®ãµãŒãã¹ãžã®ã¢ã¯ã»ã¹ãèš±å¯ããŸã (
apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRole
metadata:
name: regular-user
namespace: default
spec:
rules:
- services:
- "sa-frontend.default.svc.cluster.local"
- "sa-web-app.default.svc.cluster.local"
paths: ["*"]
methods: ["*"]
ãããŠã regular-user-binding
ServiceRole ããã¹ãŠã®ããŒãžèšªåè
ã«é©çšããŸã (
apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRoleBinding
metadata:
name: regular-user-binding
namespace: default
spec:
subjects:
- user: "*"
roleRef:
kind: ServiceRole
name: "regular-user"
ããã¹ãŠã®ãŠãŒã¶ãŒããšã¯ãèªèšŒãããŠããªããŠãŒã¶ãŒã SA WebApp ã«ã¢ã¯ã»ã¹ã§ããããšãæå³ããŸãã?ããããããªã·ãŒã¯ JWT ããŒã¯ã³ã®æå¹æ§ããã§ãã¯ããŸãã
èšå®ãé©çšããŸãããã
$ kubectl apply -f resource-manifests/istio/security/user-role.yaml
servicerole.rbac.istio.io/regular-user created
servicerolebinding.rbac.istio.io/regular-user-binding created
ã¢ãã¬ãŒã¿ãŒã®ã¢ã¯ã»ã¹æ§æ
ã¢ãã¬ãŒã¿ãŒã«å¯ŸããŠã¯ããã¹ãŠã®ãµãŒãã¹ãžã®ã¢ã¯ã»ã¹ãæå¹ã«ããããšèããŠããŸã (
apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRole
metadata:
name: mod-user
namespace: default
spec:
rules:
- services: ["*"]
paths: ["*"]
methods: ["*"]
ãã ãããã®ãããªæš©å©ã¯ãã¢ã¯ã»ã¹ ããŒã¯ã³ã«ã¯ã¬ãŒã ãå«ãŸããŠãããŠãŒã¶ãŒã«ã®ã¿å¿
èŠã§ãã https://sa.io/group
æå³ã®ãã Moderators
(
apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRoleBinding
metadata:
name: mod-user-binding
namespace: default
spec:
subjects:
- properties:
request.auth.claims[https://sa.io/group]: "Moderators"
roleRef:
kind: ServiceRole
name: "mod-user"
èšå®ãé©çšããŸãããã
$ kubectl apply -f resource-manifests/istio/security/mod-role.yaml
servicerole.rbac.istio.io/mod-user created
servicerolebinding.rbac.istio.io/mod-user-binding created
ãšã³ãã€ã®ãã£ãã·ã¥ã®ãããèªå¯ã«ãŒã«ãæå¹ã«ãªããŸã§ã«æ°åãããå ŽåããããŸããããã«ããããŠãŒã¶ãŒãšã¢ãã¬ãŒã¿ã«ç°ãªãã¬ãã«ã®ã¢ã¯ã»ã¹æš©ãäžããããšãã§ããŸãã
ãã®éšåã®çµè«
ãããçå£ã«èããŠã¿ããšãèªèšŒãšèªå¯ã«å¯Ÿããããããããã·ã³ãã«ã§ãæéããããããã¹ã±ãŒã©ãã«ã§å®å šãªã¢ãããŒããèŠãããšããããŸãã?
ãµãŒãã¹ãžã®ãšã³ã ãŠãŒã¶ãŒ ã¢ã¯ã»ã¹ã®èªèšŒãšèªå¯ããã现ããå¶åŸ¡ããããã«å¿ èŠãª Istio ãªãœãŒã¹ã¯ 3 ã€ã ã (RbacConfigãServiceRoleãServiceRoleBinding) ã§ããã
ããã«ãåœç€Ÿã¯ç¹äœ¿ãµãŒãã¹ãéããŠãããã®åé¡ã«å¯ŸåŠãã次ã®ããšãéæããŸããã
- ã»ãã¥ãªãã£äžã®åé¡ããã°ãå«ãå¯èœæ§ã®ããæ±çšã³ãŒãã®éãåæžããŸãã
- 1 ã€ã®ãšã³ããã€ã³ããå€éšããã¢ã¯ã»ã¹å¯èœã§ããããšãå€æãããããå ±åããã®ãå¿ãããšããæããªç¶æ³ã®æ°ãæžãããŸãã
- æ°ãã圹å²ãæš©å©ãè¿œå ããããã³ã«ãã¹ãŠã®ãµãŒãã¹ãæŽæ°ããå¿ èŠããªããªããŸãã
- æ°ãããµãŒãã¹ãã·ã³ãã«ãå®å šãé«éã§ããããšãä¿èšŒããŸãã
åºå
Istio ã䜿çšãããšãããŒã ã¯ãµãŒãã¹ã«ãªãŒããŒããããè¿œå ããããšãªãããµãŒãã¹ããã€ã¯ã ã¹ããŒã¿ã¹ã«æ»ãããšãªããããžãã¹ ã¯ãªãã£ã«ã«ãªã¿ã¹ã¯ã«ãªãœãŒã¹ãéäžãããããšãã§ããŸãã
ãã®èšäº (3 éšæ§æ) ã§ã¯ãå®éã®ãããžã§ã¯ã㧠Istio ãå§ããããã®åºæ¬çãªç¥èãšæ¢è£œã®å®è·µçãªæé ãæäŸããŸããã
翻蚳è ããã®è¿œäŒž
ç§ãã¡ã®ããã°ããèªã¿ãã ãã:
- ãIstio ã§ãã€ã¯ããµãŒãã¹ã«æ»ãã:
ããŒã 1 (äž»ãªæ©èœã®çŽ¹ä») ,ããŒã 2 (ã«ãŒãã£ã³ã°ããã©ãã£ãã¯å¶åŸ¡) ; - «
Conduit - Kubernetes çšã®è»œéãµãŒãã¹ ã¡ãã·ã¥ "; - «
ãµãŒãã¹ ã¡ãã·ã¥ãšã¯äœã§ãã? [ãã€ã¯ããµãŒãã¹ãåããã¯ã©ãŠã ã¢ããªã±ãŒã·ã§ã³ã«] ãµãŒãã¹ ã¡ãã·ã¥ãå¿ èŠãªçç±ã¯äœã§ãã? 'ã
åºæïŒ habr.com