TL, DR: Duk CNI suna aiki kamar yadda ya kamata, ban da Kube-Router da Kube-OVN, Calico, ban da gano MTU ta atomatik, shine mafi kyau.
Sabunta labari na cak na baya ( и ), a lokacin gwaji Ina amfani da Kubernetes 1.19 akan Ubuntu 18.04 tare da sabunta CNIs kamar na Agusta 2020.
Kafin mu nutse cikin ma'auni...
Menene sabo tun Afrilu 2019?
- Kuna iya gwadawa akan gungu na ku: Kuna iya yin gwaje-gwaje akan tarin ku ta amfani da kayan aikin mu Kubernetes Network Benchmark:
- Sabbin membobi sun bayyana
- daga VMware Tanzu
- daga alauda.io
- Sabbin Al'amuran: Binciken na yanzu yana gudanar da gwajin aikin cibiyar sadarwa na "Pod-to-Pod", kuma an ƙara sabon rubutun "Pod-to-Service" wanda ke gudanar da gwaje-gwaje kusa da yanayin duniya na gaske. A aikace, Pod ɗin ku tare da API yana aiki tare da tushe azaman sabis, kuma ba ta hanyar adireshin IP na Pod ba (ba shakka muna duba duka TCP da UDP don yanayin yanayin biyu).
- Amfanin albarkatu: kowane gwaji yanzu yana da kwatancen albarkatun sa
- Cire Gwajin Aikace-aikacen: Ba mu ƙara yin gwajin HTTP, FTP da SCP kamar yadda haɗin gwiwarmu mai albarka tare da al'umma da masu kula da CNI suka gano tazara tsakanin sakamakon iperf akan sakamakon TCP da curl sakamakon jinkiri a farawar CNI ('yan daƙiƙa na farko na Pod). farawa, wanda ba na al'ada ba a cikin yanayi na ainihi).
- Bude tushen: duk hanyoyin gwaji (rubutun, saitunan yml da bayanan “raw” na asali) suna samuwa
Ka'idar Gwajin Magana
An bayyana ƙa'idar dalla-dalla Lura cewa wannan labarin game da Ubuntu 18.04 ne tare da tsoho kernel.
Zaɓin CNI don Ƙimar
Wannan gwajin yana da nufin kwatanta CNI da aka saita tare da fayil ɗin yaml guda ɗaya (don haka, duk waɗanda aka sanya ta hanyar rubutun, kamar VPP da sauransu, an cire su).
CNIs ɗinmu da aka zaɓa don kwatanta:
- Antrea v.0.9.1
- Calico v3.16
- Canal v3.16 (Cibiyar hanyar sadarwa ta Flannel + Manufofin hanyar sadarwa na Calico)
- 1.8.2
- 0.12.0
- Kube-router latest (2020-08-25)
- WeaveNet 2.7.0
Ana saita MTU don CNI
Da farko, muna duba tasirin ganowar MTU ta atomatik akan aikin TCP:
Tasirin MTU akan Ayyukan TCP
Ana samun gibi mafi girma yayin amfani da UDP:
Tasirin MTU akan Ayyukan UDP
Ganin babban tasirin aikin da aka bayyana a cikin gwaje-gwajen, muna son aika wasiƙar bege ga duk masu kula da CNI: da fatan za a ƙara gano MTU ta atomatik zuwa CNI. Za ku ajiye kittens, unicorns har ma da mafi kyawun ɗayan: ƙaramin Devop.
Koyaya, idan kuna buƙatar amfani da CNI ba tare da tallafi don gano MTU ta atomatik ba, zaku iya saita shi da hannu don samun aiki. Lura cewa wannan ya shafi Calico, Canal da WeaveNet.
Karamin bukatata ga CNI masu rakiya...
Gwajin CNI: Raw Data
A cikin wannan sashe, za mu kwatanta CNI tare da MTU daidai (an ƙaddara ta atomatik ko saita da hannu). Babban burin anan shine a nuna danyen bayanai a cikin jadawali.
Labarin launi:
- launin toka - samfurin (watau bare baƙin ƙarfe)
- kore - bandwidth sama da 9500 Mbps
- rawaya - bandwidth sama da 9000 Mbps
- orange - bandwidth sama da 8000 Mbps
- ja - bandwidth ƙasa da 8000 Mbps
- blue - tsaka tsaki (ba da alaka da bandwidth)
Amfanin albarkatu ba a yi lodi ba
Da farko, bincika amfani da albarkatu lokacin da tari ke “barci”.
Amfanin albarkatu ba a yi lodi ba
Pod-to-Pod
Wannan yanayin yana ɗauka cewa abokin ciniki Pod yana haɗa kai tsaye zuwa uwar garken Pod ta amfani da adireshin IP ɗin sa.
Hoton Pod-to-Pod
TCP
Sakamakon Pod-to-Pod TCP da kuma amfani da albarkatu masu dacewa:
UDP
Sakamakon Pod-to-Pod UDP da madaidaicin amfani da albarkatu:
Pod-to-Service
Wannan sashe yana dacewa da shari'o'in amfani na gaske, abokin ciniki Pod yana haɗi zuwa uwar garken Pod ta hanyar sabis na ClusterIP.
Rubutun Pod-to-Service
TCP
Sakamako na Pod-to-Service TCP da madaidaicin amfani da albarkatu:
UDP
Sakamakon UDP na Pod-to-Service da daidaitaccen amfani da albarkatu:
Goyan bayan manufofin hanyar sadarwa
Daga cikin abubuwan da ke sama, wanda kawai ba ya goyon bayan siyasa shine Flannel. Duk wasu suna aiwatar da manufofin hanyar sadarwa daidai, gami da shigowa da waje. Babban aiki!
CNI boye-boye
Daga cikin CNIs da aka bincika akwai waɗanda za su iya ɓoye musayar hanyar sadarwa tsakanin Pods:
- Antrea ta amfani da IPsec
- Calico ta amfani da waya guard
- Cilium ta amfani da IPsec
- WeaveNet ta amfani da IPsec
Bandwidth
Tun da CNI kaɗan ne suka rage, bari mu sanya duk yanayin cikin jadawali ɗaya:
Amfanin albarkatu
A cikin wannan sashe, za mu kimanta albarkatun da aka yi amfani da su lokacin sarrafa sadarwar Pod-to-Pod a cikin TCP da UDP. Babu ma'ana a zana hoton Pod-to-Service tunda baya bada ƙarin bayani.
Saka shi duka tare
Bari mu yi ƙoƙarin maimaita duk jadawali, mun gabatar da ɗan ƙaramin magana anan, musanya ainihin ƙimar da kalmomin “vwry fast”, “low”, da sauransu.
Ƙarshe da ƙarshe na
Wannan ɗan ra'ayi ne, tun da na ke isar da fassarar kaina na sakamakon.
Na yi farin ciki da cewa sababbin CNI sun bayyana, Antrea ya yi aiki mai kyau, an aiwatar da ayyuka da yawa har ma a farkon sigogin: ganowar MTU ta atomatik, ɓoyewa da shigarwa mai sauƙi.
Idan muka kwatanta aikin, duk CNI suna aiki da kyau, ban da Kube-OVN da Kube-Router. Kube-Router kuma ya kasa gano MTU, ban sami hanyar daidaita shi a ko'ina cikin takaddun ba ( nema akan wannan batu a buɗe take).
Dangane da amfani da albarkatu, Cilium har yanzu yana amfani da ƙarin RAM fiye da sauran, amma masana'anta a fili suna yin niyya ga manyan gungu, wanda a fili ba iri ɗaya bane da gwaji akan gungu mai kumburi uku. Kube-OVN kuma yana cinye albarkatun CPU da RAM da yawa, amma matashin CNI ne wanda ya dogara da Open vSwitch (kamar Antrea, yana aiki mafi kyau kuma yana cinye ƙasa).
Kowa banda Flannel yana da manufofin hanyar sadarwa. Yana yiwuwa ba zai taba tallafa musu ba, tun da burin ya fi sauƙi fiye da turnip tururi: mai sauƙi, mafi kyau.
Har ila yau, a tsakanin wasu abubuwa, aikin ɓoyewa yana da ban mamaki. Calico yana ɗaya daga cikin tsoffin CNIs, amma an ƙara ɓoyayyen ɓoye makonni biyu da suka gabata. Sun zaɓi mai tsaron waya maimakon IPsec, kuma a sauƙaƙe sanya, yana aiki mai girma da ban mamaki, gaba ɗaya ya mamaye sauran CNI a wannan ɓangaren gwaji. Tabbas, yawan amfani da albarkatu yana ƙaruwa saboda ɓoyewa, amma abin da aka samu yana da daraja (Calico ya nuna haɓakawa sau shida a cikin gwajin ɓoye idan aka kwatanta da Cilium, wanda ke matsayi na biyu). Haka kuma, zaku iya kunna mai tsaron waya a kowane lokaci bayan kun tura Calico zuwa gungu, kuma kuna iya kashe shi na ɗan gajeren lokaci ko na dindindin idan kuna so. Yana da matukar dacewa, ko da yake! Muna tunatar da ku cewa Calico a halin yanzu baya gano MTU ta atomatik (wannan fasalin an tsara shi don sigar gaba), don haka tabbatar da saita MTU idan hanyar sadarwar ku tana goyan bayan Jumbo Frames (MTU 9000).
Daga cikin wasu abubuwa, lura cewa Cilium na iya ɓoye zirga-zirga tsakanin nodes na gungu (kuma ba kawai tsakanin Pods ba), wanda zai iya zama mahimmanci ga nodes ɗin gungun jama'a.
A matsayin ƙarshe, Ina ba da shawarar waɗannan lokuta masu amfani:
- Bukatar CNI don ƙaramin gungu KO ba na buƙatar tsaro: aiki da Flannel, CNI mafi sauƙi kuma mafi kwanciyar hankali (shi ma yana daya daga cikin tsofaffi, a cewar almara Homo Kubernautus ko Homo Contaitorus ne ya kirkiro shi.). Hakanan kuna iya sha'awar aikin mafi hazaƙa , duba!
- Bukatar CNI don gungu na yau da kullun: Calico - zaɓinku, amma kar a manta da saita MTU idan an buƙata. Kuna iya wasa cikin sauƙi da ta halitta tare da manufofin hanyar sadarwa, kunna ɓoyewa da kashewa, da sauransu.
- Bukatar CNI don (sosai) babban tari: To, gwajin ba ya nuna halayen manyan gungu, zan yi farin cikin gudanar da gwaje-gwaje, amma ba mu da daruruwan sabobin tare da haɗin 10Gbps. Don haka mafi kyawun zaɓi shine gudanar da gwajin da aka gyara akan nodes ɗin ku, aƙalla tare da Calico da Cilium.
source: www.habr.com