Istio kayan aiki ne mai dacewa don haɗawa, tsarewa da saka idanu aikace-aikacen da aka rarraba. Istio yana amfani da fasaha iri-iri don gudanar da sarrafa software a sikelin, gami da kwantena don kunshin lambar aikace-aikacen da abin dogaro don turawa, da Kubernetes don sarrafa waɗannan kwantena. Don haka, don yin aiki tare da Istio dole ne ku san yadda aikace-aikace tare da ayyuka da yawa dangane da waɗannan fasahohin ke aiki ba tare da Istio. Idan waɗannan kayan aikin da dabaru sun riga sun saba muku, jin daɗin tsallake wannan koyawa kuma tafi kai tsaye zuwa sashin Sanya Istio akan Injin Google Kubernetes (GKE) ko shigar da tsawo Istio na GKE.
Wannan jagorar mataki-mataki ne inda za mu yi tafiya cikin dukkan tsari daga lambar tushe zuwa akwati na GKE don ba ku ainihin fahimtar waɗannan fasahohin ta hanyar misali. Za ku kuma ga yadda Istio ke yin amfani da ƙarfin waɗannan fasahohin. Wannan yana ɗauka cewa ba ku san komai game da kwantena, Kubernetes, meshes sabis, ko Istio ba.
ayyuka
A cikin wannan koyawa, zaku kammala ayyuka masu zuwa:
Koyan aikace-aikacen duniya mai sauƙi tare da ayyuka da yawa.
A cikin wannan koyawa, zaku iya amfani da Cloud Shell, wanda ke shirya injin kama-da-wane g1-karami a cikin Injin Lissafi na Google tare da Linux na tushen Debian, ko Linux ko kwamfuta macOS.
Zabin A: Amfani da Cloud Shell
Fa'idodin amfani da Cloud Shell:
Python 2 da Python 3 mahallin ci gaba (ciki har da Kawai) an daidaita su sosai.
Kayan Aikin Layin Umurni gcloud, docker, Git и kubectl, waɗanda za mu yi amfani da su an riga an shigar dasu.
An rubuta samfurin aikace-aikacen a cikin Python kuma ya ƙunshi sassa biyu waɗanda ke hulɗa da amfani sauran:
uwar garken: uwar garken mai sauƙi tare da ƙarshen ƙarshen SAMU, /, wanda ke buga "sannu duniya" zuwa na'ura mai kwakwalwa.
kaya: rubutun da ke aika zirga-zirga zuwa uwar garken, tare da daidaita adadin buƙatun daƙiƙa guda.
Gudanar da aikace-aikace daga lambar tushe
Don bincika samfurin aikace-aikacen, gudanar da shi a cikin Cloud Shell ko a kan kwamfutarka.
1) A cikin kasida istio-samfurori/samfurin-apps/helloserver gudu uwar garken:
python3 server/server.py
A farawa uwar garken Ana nuna masu zuwa:
INFO:root:Starting server...
2) Bude wani taga tasha don aika buƙatun zuwa uwar garken. Idan kana amfani da Cloud Shell, danna alamar ƙara don buɗe wani zama.
3) Aika bukata zuwa uwar garken:
curl http://localhost:8080
amsawar uwar garken:
Hello World!
4) Daga directory ɗin da kuka zazzage lambar samfurin, je zuwa littafin da ya ƙunshi kaya:
cd YOUR_WORKING_DIRECTORY/istio-samples/sample-apps/helloserver/loadgen
Daga mahallin hanyar sadarwar, duk aikace-aikacen yana gudana akan mai watsa shiri ɗaya (kwamfutar gida ko Cloud Shell Virtual machine). Don haka zaka iya amfani Localhostaika buƙatun zuwa ga uwar garken.
10) Tsayawa kaya и uwar garken, shiga Ctrl-c a kowane tagar tasha.
11) A cikin taga tasha kaya kashe yanayin kama-da-wane:
deactivate
Shirya aikace-aikace a cikin kwantena
Don gudanar da aikace-aikacen akan GKE, kuna buƙatar kunshin samfurin aikace-aikacen - uwar garken и kaya - a cikin kwantena. Kwantena hanya ce ta kunshin aikace-aikace don ware shi daga mahallinsa.
Don shirya aikace-aikace a cikin akwati, kuna buƙatar Dockerfile. Dockerfile Fayil ɗin rubutu ne wanda ke bayyana umarni don gina lambar tushe na aikace-aikacen da abin dogaro a ciki Hoton Docker. Da zarar an gina shi, kuna loda hoton zuwa wurin rajistar akwati kamar Docker Hub ko Rijistar kwantena.
Misalin yana da Dockerfile to uwar garken и kaya tare da duk umarni masu mahimmanci don tattara hotuna. A ƙasa - Dockerfile to uwar garken:
FROM python:3-slim as base
FROM base as builder
RUN apt-get -qq update
&& apt-get install -y --no-install-recommends
g++
&& rm -rf /var/lib/apt/lists/*
# Enable unbuffered logging
FROM base as final
ENV PYTHONUNBUFFERED=1
RUN apt-get -qq update
&& apt-get install -y --no-install-recommends
wget
WORKDIR /helloserver
# Grab packages from builder
COPY --from=builder /usr/local/lib/python3.7/ /usr/local/lib/python3.7/
# Add the application
COPY . .
EXPOSE 8080
ENTRYPOINT [ "python", "server.py" ]
tawagar DAGA Python: 3-slim a matsayin tushe ya gaya wa Docker don amfani da sabon abu Hoton Python 3 a matsayin tushe.
MAGANAR SHIGA yana bayyana umarnin da aka yi amfani da shi don fara akwati. A wajenmu, wannan umarni kusan iri ɗaya ne da wanda kuke yi a baya uwar garken.py daga tushen code.
tawagar BAYYANA ya nuna cewa uwar garken yana jiran bayanai ta tashar jiragen ruwa 8080. Wannan tawagar ba yana ba da tashar jiragen ruwa. Wannan wani nau'i ne na takaddun da ake buƙata don buɗe tashar jiragen ruwa 8080 lokacin fara kwantena.
Ana shirye-shiryen yin ajiyar aikace-aikacen ku
1) Saita masu canjin yanayi masu zuwa. Sauya PROJECT_ID zuwa ID na aikin GCP ɗin ku.
export PROJECT_ID="PROJECT_ID"
export GCR_REPO="preparing-istio"
Amfani da dabi'u PROJECT_ID и GCR_REPO kuna yiwa hoton Docker alama lokacin da kuka gina shi kuma ku tura shi zuwa Rijistar Kwantena mai zaman kansa.
Yi nazarin jerin hotuna a cikin ma'ajiyar kuma tabbatar da cewa an ɗora hotunan:
gcloud container images list --repository gcr.io/$PROJECT_ID/preparing-istio
Umurnin yana nuna sunayen sabbin hotunan da aka ɗorawa:
NAME
gcr.io/PROJECT_ID/preparing-istio/helloserver
gcr.io/PROJECT_ID/preparing-istio/loadgen
Ƙirƙirar gungu na GKE.
Ana iya gudanar da waɗannan kwantena akan na'urar kama-da-wane ta Cloud Shell ko kuma akan kwamfuta tare da umarnin Docker gudu. Amma a cikin yanayin samarwa, kuna buƙatar hanyar da za ku tsara kwantena ta tsakiya. Misali, kuna buƙatar tsarin da ke tabbatar da kwantena koyaushe suna gudana, kuma kuna buƙatar hanyar haɓakawa da jujjuya ƙarin misalan kwantena idan zirga-zirga ta ƙaru.
Don gudanar da aikace-aikacen kwantena za ku iya amfani da su G.K.E.. GKE dandamali ne na kaɗe-kaɗe na kwantena wanda ke haɗa injunan kama-da-wane zuwa gungu. Ana kiran kowace inji mai kama da kumburi. Rukunin GKE sun dogara ne akan tsarin kula da gungu na Kubernetes mai buɗewa. Kubernetes yana ba da hanyoyin yin hulɗa tare da tari.
tawagar gcloud yana ƙirƙira gungu na shirye-shirye a cikin aikin GCP da yankin da kuka ayyana. Don gudanar da Istio, muna ba da shawarar samun aƙalla nodes 4 da injin kama-da-wane n1-misali-2.
Ƙungiyar ta ƙirƙira gungu a cikin 'yan mintuna kaɗan. Lokacin da gungu ya shirya, umarnin yana fitar da wani abu kamar wannan sakon.
2) Samar da takaddun shaida a cikin kayan aikin layin umarni kubectldon amfani da shi don sarrafa gungu:
3) Yanzu zaku iya sadarwa tare da Kubernetes ta hanyar kubectl. Misali, umarni mai zuwa na iya gano matsayin nodes:
kubectl get nodes
Umurnin yana samar da jerin nodes:
NAME STATUS ROLES AGE VERSION
gke-istoready-default-pool-dbeb23dc-1vg0 Ready <none> 99s v1.13.6-gke.13
gke-istoready-default-pool-dbeb23dc-36z5 Ready <none> 100s v1.13.6-gke.13
gke-istoready-default-pool-dbeb23dc-fj7s Ready <none> 99s v1.13.6-gke.13
gke-istoready-default-pool-dbeb23dc-wbjw Ready <none> 99s v1.13.6-gke.13
Kubernetes Key Concepts
Jadawalin yana nuna aikace-aikace akan GKE:
Kafin a tura kwantena a GKE, koyi mahimmin dabarun Kubernetes. Akwai hanyoyin haɗi a ƙarshe idan kuna son ƙarin koyo.
Nodes da gungu. A cikin GKE, kumburi shine injin kama-da-wane. A kan wasu dandamali na Kubernetes, kumburi na iya zama kwamfuta ko na'ura mai mahimmanci. Tari tarin nodes ne waɗanda za'a iya ɗaukar raka'a ɗaya inda kuka tura aikace-aikacen kwantena.
Pods. A cikin Kubernetes, kwantena suna gudana a cikin kwasfa. Pod a Kubernetes raka'a ce da ba za a iya raba ta ba. Pod yana riƙe da kwantena ɗaya ko fiye. Kuna tura kwantenan uwar garken da kaya a cikin kwasfa daban-daban. Lokacin da akwai kwantena da yawa a cikin kwafsa (misali, uwar garken aikace-aikace da uwar garken wakili), ana sarrafa kwantena a matsayin mahaɗan guda ɗaya kuma ana raba albarkatun kwasfa.
turawa. A cikin Kubernetes, ƙaddamarwa wani abu ne wanda tarin kwasfa iri ɗaya ne. Ƙaddamarwa yana ƙaddamar da kwafi da yawa na kwas ɗin da aka rarraba a ko'ina cikin kuɗaɗen tari. Aiwatar da aiki ta atomatik yana maye gurbin kwas ɗin da suka gaza ko kuma ba su da amsa.
Kubernetes sabis. Lokacin gudanar da lambar aikace-aikace a GKE, haɗin tsakanin kaya и uwar garken. Lokacin da kuka fara ayyuka akan injin kama-da-wane na Cloud Shell ko tebur, kun aika buƙatun zuwa uwar garken ta adireshin localhost: 8080. Da zarar an tura zuwa GKE, ana aiwatar da kwas ɗin a kan nodes masu samuwa. Ta hanyar tsoho, ba ku da iko akan wane kumburin kullin ke gudana, don haka ku kwasfa babu adiresoshin IP na dindindin.
Don samun adireshin IP don uwar garken, kuna buƙatar ayyana abstraction na cibiyar sadarwa a saman kwas ɗin. Haka abin yake Kubernetes sabis. Sabis ɗin Kubernetes yana ba da madaidaicin ƙarshen ƙarshen saitin kwasfa. Akwai kadan nau'ikan ayyuka. uwar garken amfani LoadBalancer, wanda ke ba da adireshin IP na waje don tuntuɓar uwar garken daga wajen gungu.
Kubernetes kuma yana da ginanniyar tsarin DNS wanda ke ba da sunayen DNS (misali, helloserver.default.cluster.local) ayyuka. Godiya ga wannan, kwas ɗin da ke cikin gungu suna sadarwa tare da sauran kwas ɗin a cikin gungu a adireshi na dindindin. Ba za a iya amfani da sunan DNS a wajen gungu ba, kamar a cikin Cloud Shell ko a kwamfuta.
Kubernetes ya bayyana
Lokacin da kuka gudanar da aikace-aikacen daga tushe, kun yi amfani da umarni mai mahimmanci Python3
uwar garken.py
Imperative yana nufin kalma: "yi wannan."
Kubernetes yana amfani samfurin shela. Wannan yana nufin cewa ba mu gaya wa Kubernetes ainihin abin da za mu yi ba, amma a maimakon haka mu bayyana yanayin da ake so. Misali, Kubernetes yana farawa kuma yana tsayawa kwasfa kamar yadda ake buƙata don tabbatar da cewa ainihin yanayin tsarin ya dace da yanayin da ake so.
Kuna nuna yanayin da ake so a cikin bayyanuwa ko fayiloli YAML. Fayil ɗin YAML ya ƙunshi ƙayyadaddun bayanai don abubuwan Kubernetes ɗaya ko fiye.
Misalin ya ƙunshi fayil ɗin YAML don uwar garken и kaya. Kowane fayil YAML yana ƙayyadad da yanayin da ake so na abin turawa da sabis na Kubernetes.
LoadBalancer: Abokan ciniki suna aika buƙatun zuwa adireshin IP na ma'aunin nauyi, wanda ke da adireshin IP mai tsayi kuma ana samun dama daga wajen tari.
manufaPort: kamar yadda ka tuna, tawagar Farashin 8080 в Dockerfile bai samar da tashar jiragen ruwa ba. Ka ba da tashar jiragen ruwa 8080domin ku iya tuntuɓar akwati uwar garken wajen gungu. A wajenmu helosvc.default.cluster.local:80 (gajeren suna: hellosvc) yayi daidai da tashar jiragen ruwa 8080 Adireshin IP na Pod helloserver.
tashar jiragen ruwa: Wannan ita ce lambar tashar jiragen ruwa inda sauran ayyuka a cikin gungu za su aika buƙatun.
loadgen.yaml
Abun turawa zuwa loadgen.yaml yi kama uwar garken.yaml. Bambance-bambancen shine abin turawa ya ƙunshi sashe kimanin. Yana bayyana sauye-sauyen yanayi waɗanda ake buƙata kaya kuma wanda kuka shigar lokacin gudanar da aikace-aikacen daga tushe.
Sau ɗaya kaya baya karɓar buƙatun masu shigowa, don filin type nuna ClusterIP. Wannan nau'in yana ba da adireshin IP na dindindin wanda sabis a cikin gungu zai iya amfani da shi, amma wannan adireshin IP ɗin baya fallasa ga abokan ciniki na waje.
Sauya PROJECT_ID zuwa ID na aikin GCP ɗin ku.
9) Ajiye ku rufe loadgen.yaml, rufe editan rubutu.
10) Sanya fayil ɗin YAML zuwa Kubernetes:
kubectl apply -f loadgen.yaml
Bayan nasarar kammalawa, umarnin yana samar da lambar mai zuwa:
deployment.apps/loadgenerator created
service/loadgensvc created
11) Duba matsayin kwasfa:
kubectl get pods
Umurnin yana nuna matsayi:
NAME READY STATUS RESTARTS AGE
helloserver-69b9576d96-mwtcj 1/1 Running 0 58s
loadgenerator-774dbc46fb-gpbrz 1/1 Running 0 57s
12) Cire rajistan ayyukan aikace-aikacen daga kwasfa kaya. Sauya POD_ID ga mai ganowa daga amsar da ta gabata.
kubectl logs loadgenerator-POD_ID
13) Sami adiresoshin IP na waje hellosvc:
kubectl get service
Amsar umarni yayi kama da haka:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
hellosvc LoadBalancer 10.81.15.158 192.0.2.1 80:31127/TCP 33m
kubernetes ClusterIP 10.81.0.1 <none> 443/TCP 93m
loadgensvc ClusterIP 10.81.15.155 <none> 80/TCP 4m52s
14) Aika bukata zuwa hellosvc: maye EXTERNAL_IP zuwa adireshin IP na waje hellosvc.
curl http://EXTERNAL_IP
Bari mu ɗauki Istio
Kun riga kuna da aikace-aikacen da aka tura zuwa GKE. kaya Za a iya amfani da Kubernetes DNS (helosvc:80) aika buƙatun zuwa uwar garkenkuma kuna iya aika buƙatun zuwa uwar garken ta adireshin IP na waje. Kodayake Kubernetes yana da fasali da yawa, akwai wasu bayanai da suka ɓace game da ayyukan:
Ta yaya ayyuka suke hulɗa? Menene alaƙa tsakanin ayyuka? Yaya zirga-zirga ke gudana tsakanin sabis? Shin kuna sane da hakan kaya aika buƙatun zuwa uwar garken, amma tunanin cewa ba ku san komai game da aikace-aikacen ba. Don amsa waɗannan tambayoyin, bari mu kalli jerin fastoci masu gudana a cikin GKE.
Ma'auni. Har yaushe uwar garken amsa tambaya mai shigowa? Bukatun nawa ne a cikin dakika daya uwar garken ke karba? Yana ba da saƙonnin kuskure?
Bayanin Tsaro. Tafiya tsakanin kaya и uwar garken wucewa kawai HTTP ko ta mTLS?
Istio ya amsa duk waɗannan tambayoyin. Don yin wannan, Istio yana sanya wakili na gefen mota Wakilin a cikin kowane kwasfa. Wakilin Wakilin yana katse duk wani zirga-zirga mai shigowa da mai fita zuwa kwantena aikace-aikace. Yana nufin haka uwar garken и kaya Karɓi ta hanyar wakilin wakili na sidecar, da duk zirga-zirga daga kaya к uwar garken ta hanyar Wakilin Wakili.
Haɗi tsakanin wakilai na Manzo suna samar da ragar sabis. Sabis ɗin gine-ginen ragamar sabis yana ba da tsarin sarrafawa a saman Kubernetes.
Tunda wakilan wakilai suna gudana a cikin nasu kwantena, ana iya shigar da Istio a saman gungu na GKE ba tare da kusan canje-canje ga lambar aikace-aikacen ba. Amma kun yi wasu ayyuka don shirya aikace-aikacenku don sarrafa Istio:
Ayyuka don duk kwantena. Don turawa uwar garken и kaya daura da sabis na Kubernetes. Ko da kaya, wanda baya karɓar buƙatun masu shigowa, akwai sabis.
Dole ne tashoshin jiragen ruwa a sabis su kasance suna da sunaye. Kodayake ana iya barin tashoshin sabis ba tare da suna a GKE ba, Istio yana buƙatar ka saka sunan tashar jiragen ruwa bisa ga ka'idarsa. A cikin fayil ɗin YAML tashar jiragen ruwa don uwar garken da ake kira httpsaboda uwar garken yana amfani da yarjejeniya HTTP. Idan sabis amfani gRPC, za ku suna tashar jiragen ruwa grpc.
An yi tuta a tura sojoji. Don haka, zaku iya amfani da fasalolin sarrafa zirga-zirga na Istio, kamar rarraba zirga-zirga tsakanin sassan sabis ɗaya.
Shigarwa
Akwai hanyoyi guda biyu don shigar da Istio. Can kunna Istio akan tsawo GKE ko shigar da buɗaɗɗen sigar Istio akan gungu. Tare da Istio akan GKE, zaku iya sarrafa shigarwar Istio da haɓakawa cikin sauƙi a duk tsawon rayuwar tarin GKE. Idan kuna son sabon sigar Istio ko ƙarin iko akan daidaitawar kwamitin kula da Istio, shigar da sigar tushen buɗewa maimakon Istio akan tsawo na GKE. Don yanke shawara akan hanyar, karanta labarin Ina bukatan Istio akan GKE?.
Zaɓi wani zaɓi, duba jagorar da ta dace, kuma bi umarnin don shigar da Istio akan tarin ku. Idan kuna son amfani da Istio tare da sabon aikace-aikacen da aka tura, ba da damar aiwatar da motar gefe don sunan suna tsoho.
Ana wanke
Don guje wa cajin kuɗin asusun ku na Google Cloud Platform don albarkatun da kuka yi amfani da su a cikin wannan koyawa, share gunkin kwantena da zarar kun shigar da Istio kuma kun kunna tare da samfurin aikace-aikacen. Wannan zai cire duk albarkatun tari, kamar lissafin misalai, fayafai, da albarkatun cibiyar sadarwa.