Komawa microservices tare da Istio. Kashi na 2

Lura. fassara: Kashi na farko An sadaukar da wannan jerin don gabatar da iyawar Istio da nuna su cikin aiki. Yanzu za mu yi magana game da ƙarin ɓangarori masu rikitarwa na daidaitawa da amfani da wannan ragamar sabis, kuma musamman, game da ingantacciyar hanya da sarrafa zirga-zirgar hanyar sadarwa.

Muna kuma tunatar da ku cewa labarin yana amfani da jeri (bayyanannun Kubernetes da Istio) daga ma'ajiyar. istio-masarauta.

sarrafa zirga-zirga

Tare da Istio, sabbin damar iya bayyana a cikin gungu don samarwa:

• Madaidaicin buƙatun routing: Canary rollouts, gwajin A/B;
• Daidaita kaya: mai sauƙi da daidaituwa, bisa ga hashes;
• Farfadowa bayan faɗuwa: ƙarewar lokaci, sake gwadawa, masu watsewa;
• Saka kurakurai: jinkiri, watsi da buƙatun, da sauransu.

Yayin da labarin ya ci gaba, za a kwatanta waɗannan iyawar ta amfani da aikace-aikacen da aka zaɓa a matsayin misali kuma za a gabatar da sababbin ra'ayoyi a hanya. Na farko irin wannan ra'ayi zai kasance DestinationRules (watau dokoki game da mai karɓar zirga-zirga / buƙatun - kusan transl.), tare da taimakon wanda muke kunna gwajin A/B.

Gwajin A/B: Dokokin Makowa a aikace

Ana amfani da gwajin A/B a lokuta inda akwai nau'ikan aikace-aikace guda biyu (yawanci suna bambanta da gani) kuma ba mu da tabbacin 100% wanda zai inganta ƙwarewar mai amfani. Saboda haka, muna gudanar da nau'ikan biyu a lokaci guda kuma muna tattara ma'auni.

Don tura sigar gaba ta biyu, da ake buƙata don nuna gwajin A/B, gudanar da umarni mai zuwa:

$ kubectl apply -f resource-manifests/kube/ab-testing/sa-frontend-green-deployment.yaml
deployment.extensions/sa-frontend-green created

Bayanin ƙaddamarwa don sigar kore ya bambanta a wurare biyu:

1. Hoton ya dogara ne akan wata alama ta daban - istio-green,
2. Pods suna da lakabi version: green.

Tun da duka abubuwan turawa suna da lakabi app: sa-frontend,buƙatun da sabis na kama-da-wane ke yi sa-external-services domin hidima sa-frontend, za a tura shi zuwa duk abubuwan da ya faru kuma za a rarraba kaya ta hanyar zagaye-robin algorithm, wanda zai haifar da yanayi kamar haka:

Ba a sami fayilolin da aka nema ba

Ba a samo waɗannan fayilolin ba saboda an ba su suna daban a cikin nau'ikan aikace-aikacen daban-daban. Bari mu tabbatar da wannan:

$ curl --silent http://$EXTERNAL_IP/ | tr '"' 'n' | grep main
/static/css/main.c7071b22.css
/static/js/main.059f8e9c.js
$ curl --silent http://$EXTERNAL_IP/ | tr '"' 'n' | grep main
/static/css/main.f87cd8c9.css
/static/js/main.f7659dbb.js

Wannan yana nufin cewa index.html, Neman juzu'in fayiloli guda ɗaya, mai ɗaukar nauyi na iya aika shi zuwa kwas ɗin da ke da nau'i daban-daban, inda, saboda dalilai na zahiri, irin waɗannan fayilolin ba su wanzu. Don haka, don aikace-aikacen ya yi aiki, muna buƙatar saita ƙuntatawa: “iri ɗaya na aikace-aikacen da aka yi amfani da index.html yakamata ya ba da buƙatun na gaba".

Za mu isa wurin tare da daidaitaccen ma'auni na tushen zanta (Mai daidaita Hash Load daidaitawa)... A wannan yanayin Ana aika buƙatun daga abokin ciniki ɗaya zuwa misalin baya ɗaya, wanda aka yi amfani da ƙayyadaddun kaddarorin don shi - alal misali, maɓallin HTTP. An aiwatar ta amfani da Dokokin Destination.

Dokokin Makoma

bayan da Sabis na Virtual aika buƙatu zuwa sabis ɗin da ake so, ta amfani da Dokokin Destination za mu iya ayyana manufofin da za a yi amfani da zirga-zirgar da aka ƙaddara don misalin wannan sabis ɗin:

Gudanar da zirga-zirga tare da albarkatun Istio

Примечание: An gabatar da tasirin albarkatun Istio akan zirga-zirgar hanyar sadarwa a nan ta hanyar da ke da sauƙin fahimta. Don zama madaidaici, yanke shawarar wane misali don aika buƙatun zuwa shi ne ta Wakili a Ƙofar Ingress da aka saita a cikin CRD.

Tare da Dokokin Ƙaddamarwa, za mu iya saita daidaita nauyi don amfani da daidaitattun hashes kuma tabbatar da cewa misalin sabis ɗin yana amsawa ga mai amfani iri ɗaya. Tsarin da ke gaba yana ba ku damar cimma wannan (makoma-sa-frontend.yaml):

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: sa-frontend
spec:
  host: sa-frontend
  trafficPolicy:
    loadBalancer:
      consistentHash:
        httpHeaderName: version   # 1

1 - Za a samar da hash bisa abubuwan da ke cikin taken HTTP version.

Aiwatar da tsarin tare da umarni mai zuwa:

$ kubectl apply -f resource-manifests/istio/ab-testing/destinationrule-sa-frontend.yaml
destinationrule.networking.istio.io/sa-frontend created

Yanzu gudanar da umarnin da ke ƙasa kuma tabbatar cewa kun sami fayilolin da suka dace lokacin da kuka ƙayyade taken version:

$ curl --silent -H "version: yogo" http://$EXTERNAL_IP/ | tr '"' 'n' | grep main

Примечание: Don ƙara dabi'u daban-daban a cikin taken kuma gwada sakamakon kai tsaye a cikin mai bincike, zaku iya amfani da su wannan tsawo ku Chrome (ko da wannan don Firefox - kusan. fassara).

Gabaɗaya, DestinationRules yana da ƙarin ƙarfi a fannin daidaita nauyi - bincika cikakkun bayanai a ciki takardun shaida.

Kafin mu kara nazarin VirtualService, bari mu share “kore sigar” na aikace-aikacen da kuma ka'idodin jagorar zirga-zirga ta hanyar bin umarni masu zuwa:

$ kubectl delete -f resource-manifests/kube/ab-testing/sa-frontend-green-deployment.yaml
deployment.extensions “sa-frontend-green” deleted
$ kubectl delete -f resource-manifests/istio/ab-testing/destinationrule-sa-frontend.yaml
destinationrule.networking.istio.io “sa-frontend” deleted

Mirroring: Virtual Services a Practice

Inuwa ("garkuwa") ko Mirroring ("mirroring") ana amfani da shi a cikin lokuta inda muke son gwada canji a cikin samarwa ba tare da shafar masu amfani da ƙarshen ba: don yin wannan, muna kwafin buƙatun (" madubi ") zuwa wani misali na biyu inda aka yi canje-canjen da ake so, kuma duba sakamakon. A taƙaice, wannan shine lokacin da abokin aikinku ya ɗauki mafi mahimmancin batu kuma ya yi buƙatar ja a cikin nau'i mai girma na datti wanda babu wanda zai iya sake duba shi.

Don gwada wannan yanayin a aikace, bari mu ƙirƙiri misali na biyu na SA-Logic tare da kwari (buggy) ta hanyar gudanar da umarni mai zuwa:

$ kubectl apply -f resource-manifests/kube/shadowing/sa-logic-service-buggy.yaml
deployment.extensions/sa-logic-buggy created

Kuma yanzu bari mu gudanar da umurnin don tabbatar da cewa duk lokuta tare da app=sa-logic Suna kuma da takubba mai ma'ana iri-iri:

$ kubectl get pods -l app=sa-logic --show-labels
NAME                              READY   LABELS
sa-logic-568498cb4d-2sjwj         2/2     app=sa-logic,version=v1
sa-logic-568498cb4d-p4f8c         2/2     app=sa-logic,version=v1
sa-logic-buggy-76dff55847-2fl66   2/2     app=sa-logic,version=v2
sa-logic-buggy-76dff55847-kx8zz   2/2     app=sa-logic,version=v2

sabis sa-logic kai hari kwasfan fayiloli tare da lakabi app=sa-logic, don haka za a rarraba duk buƙatun a cikin kowane yanayi:

amma muna son a aika buƙatun zuwa al'amuran v1 kuma a kwatanta su zuwa v2:

Za mu cim ma wannan ta hanyar VirtualService a haɗe tare da DestinationRule, inda ƙa'idodi za su ƙayyadad da ɓangarorin da hanyoyin VirtualService zuwa takamaiman yanki.

Ƙayyadaddun Ƙira a Dokokin Ƙaddara

Rarraba (matsaloli) an ƙaddara ta hanyar tsari mai zuwa (sa-logic-subset-destinationrule.yaml):

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: sa-logic
spec:
  host: sa-logic    # 1
  subsets:
  - name: v1        # 2
    labels:
      version: v1   # 3
  - name: v2
    labels:
      version: v2

1. Mai watsa shiri (host) ya bayyana cewa wannan doka ta shafi lokuta ne kawai lokacin da hanyar ke zuwa sabis sa-logic;
2. lakabi (name) ana amfani da maɓalli a lokacin da ake zagayawa zuwa abubuwan da aka tsara;
3. Lakabin (label) ya bayyana maɓalli-darajar nau'i-nau'i waɗanda dole ne al'amura su daidaita don zama ɓangaren ɓangaren.

Aiwatar da tsarin tare da umarni mai zuwa:

$ kubectl apply -f resource-manifests/istio/shadowing/sa-logic-subsets-destinationrule.yaml
destinationrule.networking.istio.io/sa-logic created

Yanzu da aka ayyana ɓangarorin, za mu iya ci gaba da saita VirtualService don amfani da dokoki don buƙatun sa-logic domin su:

1. An zagaya zuwa wani yanki v1,
2. An yi madubi zuwa wani yanki v2.

Bayanin da ke gaba yana ba ku damar cimma shirye-shiryenku (sa-logic-subsets-shadowing-vs.yaml):

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: sa-logic
spec:
  hosts:
    - sa-logic          
  http:
  - route:
    - destination:
        host: sa-logic  
        subset: v1      
    mirror:             
      host: sa-logic     
      subset: v2

Babu wani bayani da ake buƙata a nan, don haka bari mu gan shi a aikace:

$ kubectl apply -f resource-manifests/istio/shadowing/sa-logic-subsets-shadowing-vs.yaml
virtualservice.networking.istio.io/sa-logic created

Bari mu ƙara kaya ta hanyar kiran umarni mai zuwa:

$ while true; do curl -v http://$EXTERNAL_IP/sentiment 
    -H "Content-type: application/json" 
    -d '{"sentence": "I love yogobella"}'; 
    sleep .8; done

Bari mu kalli sakamakon a Grafana, inda zaku iya ganin cewa sigar tare da kwari (buggy) yana haifar da gazawar ~ 60% na buƙatun, amma babu ɗayan waɗannan gazawar da ke shafar masu amfani na ƙarshe kamar yadda sabis ɗin ke amsa su.

Nasarar martani na nau'ikan sabis na sa-logic daban-daban

Anan mun fara ganin yadda ake amfani da VirtualService ga Manzannin ayyukanmu: yaushe sa-web-app yayi roko zuwa sa-logic, yana wucewa ta wurin wakilin motar gefe, wanda - ta hanyar VirtualService - an saita shi don tafiyar da buƙatun zuwa rukunin v1 da madubi buƙatun zuwa ɓangaren v2 na sabis ɗin. sa-logic.

Na sani, ƙila kun riga kun yi tunanin cewa Sabis na Kaya mai sauƙi ne. A cikin sashe na gaba, za mu faɗaɗa hakan ta hanyar cewa su ma suna da girma da gaske.

Canary Rollouts

Canary Deployment tsari ne na fitar da sabon sigar aikace-aikacen zuwa ƙananan masu amfani. Ana amfani da shi don tabbatar da cewa babu matsaloli a cikin saki kuma kawai bayan haka, riga da tabbaci a cikin ingancinsa (sakin), rarraba shi ga sauran masu amfani.оmanyan masu sauraro.

Don nuna jerin gwanon canary, za mu ci gaba da aiki tare da juzu'i buggy у sa-logic.

Kada mu ɓata lokaci akan ƙananan abubuwa kuma nan da nan aika 20% na masu amfani zuwa sigar tare da kwari (wannan zai wakilci aikin canary ɗin mu), da sauran 80% zuwa sabis na yau da kullun. Don yin wannan, yi amfani da VirtualService mai zuwa (sa-logic-subsets-canary-vs.yaml):

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: sa-logic
spec:
  hosts:
    - sa-logic    
  http:
  - route: 
    - destination: 
        host: sa-logic
        subset: v1
      weight: 80         # 1
    - destination: 
        host: sa-logic
        subset: v2
      weight: 20 # 1

1 shine nauyi (weight), wanda ke ƙayyadadden adadin buƙatun da za a aika zuwa ga mai karɓa ko ɓangaren mai karɓa.

Bari mu sabunta saitunan VirtualService na baya don sa-logic tare da umarni mai zuwa:

$ kubectl apply -f resource-manifests/istio/canary/sa-logic-subsets-canary-vs.yaml
virtualservice.networking.istio.io/sa-logic configured

... kuma nan da nan za mu ga cewa wasu buƙatun suna haifar da gazawa:

$ while true; do 
   curl -i http://$EXTERNAL_IP/sentiment 
   -H "Content-type: application/json" 
   -d '{"sentence": "I love yogobella"}' 
   --silent -w "Time: %{time_total}s t Status: %{http_code}n" 
   -o /dev/null; sleep .1; done
Time: 0.153075s Status: 200
Time: 0.137581s Status: 200
Time: 0.139345s Status: 200
Time: 30.291806s Status: 500

Sabis na Virtual yana ba da damar yin aikin canary: A wannan yanayin, mun rage yuwuwar tasirin batutuwan zuwa kashi 20% na tushen mai amfani. Abin al'ajabi! Yanzu, a kowane hali lokacin da ba mu da tabbacin lambar mu (a wasu kalmomi - ko da yaushe ...), za mu iya amfani da mirroring da canary rollouts.

Ƙayyadaddun lokaci da sakewa

Amma kwari ba koyaushe ke ƙarewa a cikin lambar ba. A cikin lissafin daga "8 Rashin fahimta game da Rarraba Kwamfuta"A farkon wuri shine imanin kuskuren cewa "cibiyar sadarwa tana da aminci." A gaskiya cibiyar sadarwa ba abin dogara, kuma saboda wannan dalili muna buƙatar lokaci-lokaci (lokacin wucewa) kuma ya sake gwadawa (sake gwadawa).

Don nunawa za mu ci gaba da amfani da sigar matsala iri ɗaya sa-logic (buggy), kuma za mu kwaikwayi rashin dogaron hanyar sadarwa tare da gazawar bazuwar.

Bari sabis ɗinmu tare da kwari su sami damar 1/3 na ɗaukar dogon lokaci don amsawa, damar 1/3 na ƙarewa tare da Kuskuren Sabar Cikin Gida, da damar 1/3 na nasarar dawo da shafin.

Don rage tasirin irin waɗannan matsalolin da inganta rayuwa ga masu amfani, za mu iya:

1. ƙara lokacin ƙarewa idan sabis ɗin ya ɗauki fiye da daƙiƙa 8 don amsawa,
2. sake gwadawa idan buƙatar ta gaza.

Don aiwatarwa, za mu yi amfani da ma'anar albarkatu mai zuwa (sa-logic-tries-timeouts-vs.yaml):

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: sa-logic
spec:
  hosts:
    - sa-logic
  http:
  - route: 
    - destination: 
        host: sa-logic
        subset: v1
      weight: 50
    - destination: 
        host: sa-logic
        subset: v2
      weight: 50
    timeout: 8s           # 1
    retries:
      attempts: 3         # 2
      perTryTimeout: 3s # 3

1. An saita lokacin ƙarewar buƙatar zuwa 8 seconds;
2. Ana sake gwada buƙatun sau 3;
3. Kuma kowane ƙoƙari ana ɗaukarsa bai yi nasara ba idan lokacin amsa ya wuce daƙiƙa 3.

Wannan haɓakawa ne saboda mai amfani ba zai jira fiye da daƙiƙa 8 ba kuma za mu yi sabbin yunƙuri uku don samun amsa idan akwai gazawa, ƙara damar samun amsa mai nasara.

Aiwatar da ingantaccen tsarin aiki tare da umarni mai zuwa:

$ kubectl apply -f resource-manifests/istio/retries/sa-logic-retries-timeouts-vs.yaml
virtualservice.networking.istio.io/sa-logic configured

Kuma duba a cikin jadawali na Grafana cewa adadin amsoshi masu nasara ya karu a sama:

Haɓakawa a ƙididdigar amsawa mai nasara bayan ƙara lokutan ƙarewa da sakewa

Kafin a ci gaba zuwa sashe na gaba (ko kuma a maimakon haka, zuwa na gaba na labarin, saboda a cikin wannan ba za a sami ƙarin gwaje-gwaje masu amfani ba - kimanin transl.), share sa-logic-buggy da VirtualService ta hanyar aiwatar da umarni masu zuwa:

$ kubectl delete deployment sa-logic-buggy
deployment.extensions “sa-logic-buggy” deleted
$ kubectl delete virtualservice sa-logic
virtualservice.networking.istio.io “sa-logic” deleted

Matsakaicin Matsala na Wuta da Babban Kangi

Muna magana ne game da mahimman alamu guda biyu a cikin gine-ginen microservice waɗanda ke ba ku damar cimma nasarar dawo da kai (warkar da kai) ayyuka.

Mai karɓar raga ("Circuit breaker") ana amfani da shi don ƙare buƙatun da ke zuwa ga misalin sabis ɗin da ake ganin ba shi da lafiya da mayar da shi yayin da ake karkatar da buƙatun abokin ciniki zuwa yanayin lafiya na waccan sabis ɗin (wanda ke ƙara yawan adadin amsa mai nasara). (Lura: Ana iya samun ƙarin cikakkun bayanai game da tsarin, misali, a nan.)

Babban kai ("bangare") keɓance gazawar sabis daga shafar tsarin gaba ɗaya. Misali, Sabis na B ya karye kuma wani sabis (abokin ciniki na Sabis B) ya nemi Sabis na B, yana sa shi ya ƙare tafkin zaren sa kuma ya kasa yin hidimar wasu buƙatun (ko da ba daga Sabis ɗin B suke ba). (Lura: Ana iya samun ƙarin cikakkun bayanai game da tsarin, misali, a nan.)

Zan bar cikakkun bayanan aiwatar da waɗannan alamu saboda suna da sauƙin samun su takardun shaida, kuma ina so in nuna tabbaci da izini, wanda za a tattauna a sashi na gaba na labarin.

PS daga mai fassara

Karanta kuma a kan shafinmu:

• "Komawa zuwa microservices tare da Istio": Kashi na 1 (gabatarwa ga manyan abubuwa), Kashi na 3 (tabbaci da izini);
• «Conduit - ragar sabis ɗin mara nauyi don Kubernetes";
• «Menene ragamar sabis kuma me yasa nake buƙatar shi [don aikace-aikacen girgije tare da microservices]?".

source: www.habr.com