Introduction

This is an extension of the default istio sidecar injector to allow injecting 'perf' container with PID sharing.
The injector can be used in standalone mode for inject 'perf' container in deployed PODs to capture perf statistics for performance analysis

Note

'perf' container requires PID namespace sharing and privilege access.

Deploy

Ensure you are using Kubernetes 1.10+ and the following settings enabled:
- PodShareProcessNamespace=true feature-gate turned on
- Ensure kube-apiserver has the admission-control flag set with MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controllers added

$kubectl api-versions | grep admissionregistration 

admissionregistration.k8s.io/v1beta1

Download istio-0.7.1 release files

$ wget https://github.com/istio/istio/releases/download/0.7.1/istio-0.7.1-linux.tar.gz
$ tar xvf istio-0.7.1-linux.tar.gz

Generate signed cert/key pair

$ ./istio-0.7.1/install/kubernetes/webhook-create-signed-cert.sh \
    --service istio-sidecar-injector \
    --namespace istio-system \
    --secret sidecar-injector-certs

The resulting cert/key file is stored in the secret sidecar-injector-certs for the sidecar injector webhook to consume.

Install sidecar inject configmap

$ kubectl apply -f perf-sidecar/perf-sidecar-configmap.yaml

Set the caBundle in the webhook install YAML that the Kubernetes api-server uses to invoke the webhook

$ cat istio-0.7.1/install/kubernetes/istio-sidecar-injector.yaml | \
     ./istio-0.7.1/install/kubernetes/webhook-patch-ca-bundle.sh > \
     istio-0.7.1/install/kubernetes/istio-sidecar-injector-with-ca-bundle.yaml

Install the sidecar injector webhook

$ sed -i 's/istio\/sidecar_injector/bpradipt\/sidecar_injector/g' istio-0.7.1/install/kubernetes/istio-sidecar-injector.yaml

$ kubectl apply -f istio-0.7.1/install/kubernetes/istio-sidecar-injector-with-ca-bundle.yaml

Verify if the injector webhook is running

$ kubectl -n istio-system get deployment -listio=sidecar-injector

NAME                     DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
istio-sidecar-injector   1         1         1            1           1d

Label the namespace The sidecar injector uses NamespaceSelector to decide whether to run the webhook on an object in a namespace. The default webhook configuration uses istio-injection=enabled The following command sets the label for default namespace.

$ kubectl label namespace default istio-injection=enabled

Deploy your application

$ kubectl apply -f istio-0.7.1/samples/sleep/sleep.yaml

Name		Name	Last commit message	Last commit date
Latest commit History 3,932 Commits
.circleci		.circleci
.github		.github
addons		addons
bin		bin
broker		broker
docker		docker
galley		galley
install		install
istioctl		istioctl
mixer		mixer
perf-sidecar		perf-sidecar
pilot		pilot
pkg		pkg
prow		prow
release		release
samples		samples
security		security
tests		tests
tools		tools
vendor @ 4343858		vendor @ 4343858
.codecov.yml		.codecov.yml
.gitignore		.gitignore
.gitmodules		.gitmodules
.history_rewritten_20171102		.history_rewritten_20171102
CONTRIBUTING.md		CONTRIBUTING.md
DEV-CONVENTIONS.md		DEV-CONVENTIONS.md
DEV-GUIDE.md		DEV-GUIDE.md
DEV-PERF.md		DEV-PERF.md
DEV-TROUBLESHOOTING.md		DEV-TROUBLESHOOTING.md
Gopkg.lock		Gopkg.lock
Gopkg.toml		Gopkg.toml
LICENSE		LICENSE
Makefile		Makefile
ON-CALL.md		ON-CALL.md
OWNERS		OWNERS
README.md		README.md
codecov.requirement		codecov.requirement
codecov.skip		codecov.skip
downloadIstio.sh		downloadIstio.sh
istio.deps		istio.deps
lintconfig_base.json		lintconfig_base.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Introduction

Note

Deploy

About

Releases

Packages

Languages

License

platform-tracing/istio

Folders and files

Latest commit

History

Repository files navigation

Introduction

Note

Deploy

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages