Gaisuwa! Wannan gajeriyar labarin ce da ke amsa tambayoyin: “menene manzo?”, “me yasa ake bukata?” kuma "ina zan fara?".
Menene wannan
Manzo shine madaidaicin L4-L7 da aka rubuta a cikin C++, mai da hankali kan babban aiki da samuwa. A gefe ɗaya, wannan ta wata hanya ce analogue na nginx da haproxy, kwatankwacin aiki a gare su. A gefe guda, ya fi karkata zuwa ga gine-ginen microservice kuma yana da aiki ba mafi muni fiye da java da masu daidaitawa, kamar zuul ko traefik.
Teburin kwatanta haproxy/nginx/manzo, baya da'awar zama cikakkiyar gaskiya, amma yana ba da hoto gabaɗaya.
nginx
hamsin
manzo
trafik
taurari akan github
11.2k/ madubi
1.1k/ madubi
12.4k
27.6k
an rubuta a ciki
C
C
C ++
go
API
babu
soket kawai/turawa
jirgin sama / ja
jawo
duban lafiya mai aiki
babu
a
a
a
Bude bincike
plugin na waje
babu
a
a
J.W.T.
plugin na waje
babu
a
babu
tsawo
Lua/C
Lua/C
Lua/C++
babu
Me yasa
Wannan aikin matashi ne, akwai abubuwa da yawa da suka ɓace, wasu a farkon alpha. Amma manzo, Har ila yau, saboda ƙuruciyarsa, yana tasowa da sauri kuma yana da abubuwa masu ban sha'awa da yawa: daidaitawa mai ƙarfi, yawancin shirye-shiryen da aka yi, mai sauƙi don rubuta abubuwan tacewa.
Yankunan aikace-aikacen sun biyo baya daga wannan, amma da farko akwai 2 antipatterns:
- Juyawa a tsaye.
Gaskiyar ita ce a halin yanzu a manzo babu goyon bayan caching. Mutanen Google suna gwada wannan . Za a aiwatar da ra'ayin sau ɗaya a ciki manzo duk dabara (headers zoo) na yarda da RFC, kuma don takamaiman aiwatarwa suna yin mu'amala. Amma a yanzu ba ma alfa ba ne, ana tattaunawa kan gine-ginen, bude (yayin da nake rubuta labarin PR, PR ya daskare, amma wannan batu har yanzu yana da dacewa).
A yanzu, yi amfani da nginx don ƙididdiga.
- Tsayayyen tsari.
Kuna iya amfani da shi, amma manzo Ba abin da aka halicce shi ba kenan. Ba za a fallasa abubuwan da ke cikin tsayayyen tsari ba. Akwai lokuta da yawa:
Lokacin gyara tsarin a cikin yaml, za ku yi kuskure, ku tsawatar da masu haɓakawa don yin magana kuma kuyi tunanin cewa nginx/haproxy configs, kodayake ƙarancin tsari, sun fi taƙaice. Wannan shine batun. An ƙirƙiri saitin Nginx da Haproxy don gyara ta hannu, kuma manzo domin tsara daga code. An siffanta dukkan tsarin a ciki , Samar da shi daga fayilolin proto ya fi wuya a yi kuskure.
Canary, b/g yanayin turawa da ƙari yawanci ana aiwatar da su ne kawai a cikin tsari mai ƙarfi. Ba ina cewa ba za a iya yin wannan a kididdiga ba, duk muna yinsa. Amma don wannan kana buƙatar saka kullun, a cikin kowane ma'auni, a ciki manzo gami da.
Ayyukan da Manzo ke da makawa a kansu:
- Daidaita zirga-zirga a cikin hadaddun tsarin aiki da kuzari. Wannan ya haɗa da ragamar sabis, amma ba lallai ba ne kaɗai ba.
- Bukatar aikin ganowa da rarrabawa, hadadden izini ko wasu ayyuka da ke akwai a ciki manzo daga cikin akwatin ko aiwatar da dacewa, amma a cikin nginx/haproxy kuna buƙatar kewaye da lua da plugins masu ban mamaki.
Dukansu, idan ya cancanta, suna ba da babban aiki.
Ta yaya wannan aikin
Ana rarraba manzo a cikin binaries kawai azaman hoton docker. Hoton ya riga ya ƙunshi misalin tsayayyen tsari. Amma muna sha'awar shi kawai don fahimtar tsarin.
manzo.yaml tsayayyen tsari
static_resources:
listeners:
- name: listener_0
address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match:
prefix: "/"
route:
host_rewrite: www.google.com
cluster: service_google
http_filters:
- name: envoy.router
clusters:
- name: service_google
connect_timeout: 0.25s
type: LOGICAL_DNS
# Comment out the following line to test on v6 networks
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: service_google
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: www.google.com
port_value: 443
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"@type": type.googleapis.com/envoy.api.v2.auth.UpstreamTlsContext
sni: www.google.comTsari mai ƙarfi
Wace matsala muke neman mafita? Ba za ku iya kawai sake shigar da ma'aunin ma'aunin nauyi a ƙarƙashin kaya ba; matsalolin "kananan" za su taso:
- Tabbatar da tsari.
Tsarin na iya zama babba, yana iya zama babba, idan muka yi lodin sa gaba ɗaya, yuwuwar kuskure a wani wuri yana ƙaruwa.
- Haɗin kai na dogon lokaci.
Lokacin fara sabon mai sauraro, kuna buƙatar kula da haɗin gwiwar da ke gudana akan tsohuwar; idan canje-canje na faruwa akai-akai kuma akwai haɗin kai na dogon lokaci, dole ne ku nemi sasantawa. Sannu, kubernetes ingress akan nginx.
- Ayyukan kiwon lafiya masu aiki.
Idan muna da gwajin lafiya mai aiki, muna buƙatar duba su sau biyu a cikin sabon tsarin kafin aika zirga-zirga. Idan akwai abubuwa masu yawa na sama, wannan yana ɗaukar lokaci. Hello haproxy.
Ta yaya aka warware wannan a manzoTa hanyar loda saitin a hankali, bisa ga tsarin tafkin, zaku iya raba shi zuwa sassa daban-daban kuma kada ku sake fara sashin da bai canza ba. Misali, mai sauraro, wanda yake da tsada don sake farawa kuma da wuya ya canza.
Kanfigareshan manzo (daga fayil ɗin da ke sama) yana da abubuwa masu zuwa:
- mai sauraro - mai sauraron rataye akan takamaiman ip/tashar ruwa
- mai masaukin baki - mai masaukin baki ta sunan yankin
- hanya - tsarin daidaitawa
- tari - rukuni na sama tare da daidaita sigogi
- ƙarshe - adireshin misali na sama
Kowane ɗayan waɗannan mahaɗan da wasu za a iya cika su da ƙarfi; don wannan, saitin yana ƙayyade adireshin sabis ɗin daga inda za a karɓi tsarin. Sabis ɗin na iya zama REST ko gRPC, gRPC ya fi dacewa.
Ana kiran sabis ɗin bi da bi: LDS, VHDS, RDS, CDS da EDS. Kuna iya haɗa daidaitaccen tsari da tsayayyen tsari, tare da iyakancewa cewa ba za a iya ƙayyade albarkatu mai ƙarfi a cikin tsayayyen abu ba.
Ga yawancin ayyuka, ya isa aiwatar da ayyuka uku na ƙarshe, ana kiran su ADS (Aggregated Discovery Service), don kuma tafi akwai shirye-shiryen aiwatar da gRPC dataplane wanda kawai kuna buƙatar cika abubuwa daga tushen ku.
Tsarin yana ɗaukar tsari mai zuwa:
envoy.yaml tsayayyen tsari
dynamic_resources:
ads_config:
api_type: GRPC
grpc_services:
envoy_grpc:
cluster_name: xds_clr
cds_config:
ads: {}
static_resources:
listeners:
- name: listener_0
address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
stat_prefix: ingress_http
rds:
route_config_name: local_route
config_source:
ads: {}
http_filters:
- name: envoy.router
clusters:
- name: xds_clr
connect_timeout: 0.25s
type: LOGICAL_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: xds_clr
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: xds
port_value: 6565A farawa manzo tare da wannan saitin, zai haɗa zuwa jirgin sama mai sarrafawa kuma yayi ƙoƙarin buƙatar tsarin RDS, CDS da EDS. An bayyana yadda tsarin hulɗar ke faruwa .
A takaice, manzo aika buƙatun da ke nuna nau'in albarkatun da ake nema, sigar da sigogin kumburi. A cikin martani, yana karɓar albarkatu da sigar; idan sigar da ke kan jirgin sama mai sarrafawa bai canza ba, baya amsawa.
Akwai zaɓuɓɓukan hulɗa guda 4:
- Rafin gRPC ɗaya don kowane nau'in albarkatu, ana aika cikakken matsayin albarkatun.
- Rarrabe rafuka, cikakken yanayi.
- Rafi ɗaya, yanayin haɓaka.
- Rarrabe rafukan, yanayin haɓaka.
Ƙara xDS yana ba ku damar rage zirga-zirga tsakanin jirgin sama mai sarrafawa da manzo, wannan ya dace da manyan gyare-gyare. Amma yana rikitar da hulɗar; buƙatar ta ƙunshi jerin albarkatun don cirewa da biyan kuɗi.
Misalinmu yana amfani da ADS - rafi ɗaya don RDS, CDS, EDS da yanayin rashin ƙarawa. Don kunna yanayin haɓaka, kuna buƙatar ƙayyade api_type: DELTA_GRPC
Tun da buƙatar ta ƙunshi sigogin kumburi, za mu iya aika albarkatu daban-daban zuwa jirgin sama mai sarrafawa don lokuta daban-daban manzo, wannan ya dace don gina ragar sabis.
Dumama
a kan manzo a farawa ko lokacin karɓar sabon tsari daga jirgin sama mai sarrafawa, ana ƙaddamar da tsarin dumama albarkatu. An raba shi zuwa dumama mai sauraro da dumama tari. Ana ƙaddamar da na farko lokacin da aka sami canje-canje a cikin RDS/LDS, na biyu lokacin CDS/EDS. Wannan yana nufin cewa idan ƙoramar sama kawai ta canza, ba a sake ƙirƙirar mai sauraro ba.
A lokacin aikin dumama, ana sa ran albarkatu masu dogaro daga jirgin sama mai sarrafawa yayin lokacin ƙarewa. Idan lokacin ƙarewar ya faru, farawa ba zai yi nasara ba kuma sabon mai sauraro ba zai fara sauraren tashar jiragen ruwa ba.
Odar farawa: EDS, CDS, duba lafiyar aiki, RDS, LDS. Tare da kunna aikin duba lafiya, zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar ababen hawa za ta haura zuwa sama ne kawai bayan nasarar gwajin lafiya guda ɗaya.
Idan an sake ƙirƙirar mai sauraro, tsohon yana shiga cikin yanayin DRAIN kuma za a share shi bayan an rufe duk haɗin gwiwa ko lokacin ƙarewar ya ƙare. --drain-time-s, tsoho minti 10.
Don ci gaba.
source: www.habr.com