Skip to content

platform-tracing/istio

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3,932 Commits
.circleci
.circleci
 
 
.github
.github
 
 
addons
addons
 
 
bin
bin
 
 
broker
broker
 
 
docker
docker
 
 
galley
galley
 
 
install
install
 
 
istioctl
istioctl
 
 
mixer
mixer
 
 
perf-sidecar
perf-sidecar
 
 
pilot
pilot
 
 
pkg
pkg
 
 
prow
prow
 
 
release
release
 
 
samples
samples
 
 
security
security
 
 
tests
tests
 
 
tools
tools
 
 
vendor @ 4343858
vendor @ 4343858
 
 
.codecov.yml
.codecov.yml
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
.history_rewritten_20171102
.history_rewritten_20171102
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
DEV-CONVENTIONS.md
DEV-CONVENTIONS.md
 
 
DEV-GUIDE.md
DEV-GUIDE.md
 
 
DEV-PERF.md
DEV-PERF.md
 
 
DEV-TROUBLESHOOTING.md
DEV-TROUBLESHOOTING.md
 
 
Gopkg.lock
Gopkg.lock
 
 
Gopkg.toml
Gopkg.toml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
ON-CALL.md
ON-CALL.md
 
 
OWNERS
OWNERS
 
 
README.md
README.md
 
 
codecov.requirement
codecov.requirement
 
 
codecov.skip
codecov.skip
 
 
downloadIstio.sh
downloadIstio.sh
 
 
istio.deps
istio.deps
 
 
lintconfig_base.json
lintconfig_base.json
 
 

Repository files navigation

Introduction

This is an extension of the default istio sidecar injector to allow injecting 'perf' container with PID sharing.
The injector can be used in standalone mode for inject 'perf' container in deployed PODs to capture perf statistics for performance analysis

Note

'perf' container requires PID namespace sharing and privilege access.

Deploy

  • Ensure you are using Kubernetes 1.10+ and the following settings enabled:
    • PodShareProcessNamespace=true feature-gate turned on
    • Ensure kube-apiserver has the admission-control flag set with MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controllers added
$kubectl api-versions | grep admissionregistration 

admissionregistration.k8s.io/v1beta1
  • Download istio-0.7.1 release files
$ wget https://github.com/istio/istio/releases/download/0.7.1/istio-0.7.1-linux.tar.gz
$ tar xvf istio-0.7.1-linux.tar.gz
  • Generate signed cert/key pair
$ ./istio-0.7.1/install/kubernetes/webhook-create-signed-cert.sh \
    --service istio-sidecar-injector \
    --namespace istio-system \
    --secret sidecar-injector-certs

The resulting cert/key file is stored in the secret sidecar-injector-certs for the sidecar injector webhook to consume.

  • Install sidecar inject configmap
$ kubectl apply -f perf-sidecar/perf-sidecar-configmap.yaml
  • Set the caBundle in the webhook install YAML that the Kubernetes api-server uses to invoke the webhook
$ cat istio-0.7.1/install/kubernetes/istio-sidecar-injector.yaml | \
     ./istio-0.7.1/install/kubernetes/webhook-patch-ca-bundle.sh > \
     istio-0.7.1/install/kubernetes/istio-sidecar-injector-with-ca-bundle.yaml
  • Install the sidecar injector webhook
$ sed -i 's/istio\/sidecar_injector/bpradipt\/sidecar_injector/g' istio-0.7.1/install/kubernetes/istio-sidecar-injector.yaml

$ kubectl apply -f istio-0.7.1/install/kubernetes/istio-sidecar-injector-with-ca-bundle.yaml
  • Verify if the injector webhook is running
$ kubectl -n istio-system get deployment -listio=sidecar-injector

NAME                     DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
istio-sidecar-injector   1         1         1            1           1d
  • Label the namespace The sidecar injector uses NamespaceSelector to decide whether to run the webhook on an object in a namespace. The default webhook configuration uses istio-injection=enabled The following command sets the label for default namespace.
$ kubectl label namespace default istio-injection=enabled
  • Deploy your application
$ kubectl apply -f istio-0.7.1/samples/sleep/sleep.yaml

About

Sidecar Injector with PID sharing

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

24 tags

Packages

No packages published

Languages

  • Go 90.7%
  • Shell 4.1%
  • HTML 3.0%
  • Python 1.0%
  • Makefile 0.9%
  • JavaScript 0.2%
  • Other 0.1%