我正在使用Istio 1.1.6、Prometheus 2.18.1和Seldon 1.1.0(用于机器学习);当 Prometheus 尝试抓取端点时,我们对 Istio ConfigMap 进行了以下设置:
outboundTrafficPolicy:
mode: ALLOW_ANY
根据文档,这应该允许 Prometheus 抓取任何没有关联服务的端点(通过 VirtualServices)。但是,我一直收到以下警报,爆破访问日志:
2020-05-27 12:56:43
[2020-05-27T16:56:42.448Z] "- - -" 0 - "-" 247 0 0 - "-" "-" "-" "-" "10.51.105.4:6001" PassthroughCluster 10.51.105.4:35708 10.51.105.4:6001 10.51.106.2:51760 -
Show context
2020-05-27 12:56:43
[2020-05-27T16:56:42.448Z] "- - -" 0 UO "-" 0 0 0 - "-" "-" "-" "-" "-" - - 10.51.105.4:6001 10.51.105.4:35708 -
现在,当我 bash-exec 进入 pod 内的容器时,目的地localhost:6001是可访问的,并且已格式化以供 Prometheus 抓取。
此外,DestinationRule没有短路限制:
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
generation: 1
name: destination-pod
ownerReferences:
- apiVersion: machinelearning.seldon.io/v1
blockOwnerDeletion: true
controller: true
kind: SeldonDeployment
name: destination
spec:
host: destination-pod
subsets:
- labels:
version: 41949a6
name: pod
Istio 似乎阻止了这一点的原因可能是什么?