ProHoster > Pūnaewele > Nā Administration > Ka loiloi hana CNI no nā Kubernetes ma luna o ka pūnaewele 10G (ʻAukake 2020)

Ka loiloi hana CNI no nā Kubernetes ma luna o ka pūnaewele 10G (ʻAukake 2020)

Ka loiloi hana CNI no nā Kubernetes ma luna o ka pūnaewele 10G (ʻAukake 2020)

Aku; DR: Ke hana nei nā CNI a pau e like me ka mea e pono ai, koe wale nō ʻo Kube-Router a me Kube-OVN, ʻo Calico, me ka ʻike ʻana MTU aunoa, ʻo ia ka mea maikaʻi loa.

ʻatikala-hōʻano hou o kaʻu mau loiloi i hala (2018 и 2019), i ka manawa o ka hoʻāʻo ʻana ke hoʻohana nei au iā Kubernetes 1.19 ma Ubuntu 18.04 me nā CNI hou e like me ʻAukake 2020.

Ma mua o ko mākou luʻu ʻana i nā metric...

He aha ka mea hou mai ʻApelila 2019?

  • Hiki iā ʻoe ke hoʻāʻo ma kāu puʻupuʻu ponoʻī: Hiki iā ʻoe ke holo i nā hoʻokolohua ma kāu pūʻulu ponoʻī me ka hoʻohana ʻana i kā mākou mea hana Kubernetes Network Benchmark: knb
  • Ua puka mai na lala hou
  • Nā Manaʻo Hou: Ke holo nei nā mākaʻikaʻi o kēia manawa i nā hoʻokolohua hoʻokō pūnaewele "Pod-to-Pod", a ua hoʻohui ʻia kahi palapala "Pod-to-Service" hou e holo ana i nā hoʻokolohua kokoke i nā kūlana honua maoli. Ma ka hoʻomaʻamaʻa, hana kāu Pod me API me ke kumu ma ke ʻano he lawelawe, ʻaʻole ma o ka helu ip Pod (ʻoiaʻiʻo mākou e nānā iā TCP a me UDP no nā hiʻohiʻona ʻelua).
  • Hoʻohana waiwai: loaʻa i kēlā me kēia hoʻokolohua kona hoʻohālikelike waiwai ponoʻī
  • Wehe i nā ho'āʻo noi: ʻAʻole mākou e hana hou i nā hōʻike HTTP, FTP a me SCP no ka mea ua ʻike kā mākou hui pū ʻana me ke kaiāulu a me nā mea mālama CNI i kahi āpau ma waena o nā hopena iperf ma luna o nā hopena TCP a me nā curl ma muli o ka lohi i ka hoʻomaka ʻana o CNI (nā kekona mua o Pod. hoʻomaka, ʻaʻole maʻamau i nā kūlana maoli).
  • Loaʻa nā kumu hoʻāʻo a pau (nā palapala, nā hoʻonohonoho yml a me nā ʻikepili "raw" kumu). maanei

Kūkākūkā ho'āʻo kuhikuhi

Ua wehewehe ʻia ka protocol maaneiE ʻoluʻolu e pili ana kēia ʻatikala iā Ubuntu 18.04 me ka kernel paʻamau.

Ke koho ʻana i kahi CNI no ka loiloi

Kuhi ʻia kēia hoʻāʻo ʻana i ka hoʻohālikelike ʻana i nā CNI i hoʻonohonoho ʻia me hoʻokahi faila yaml (no laila, kāpae ʻia nā mea a pau i kau ʻia e nā palapala, e like me VPP a me nā mea ʻē aʻe).

ʻO kā mākou CNI i koho ʻia no ka hoʻohālikelike:

  • Antrea v.0.9.1
  • Calico v3.16
  • Canal v3.16 (Flannel network + Calico Network Policies)
  • Kilium 1.8.2
  • Flannel 0.12.0
  • Kube-router hou loa (2020–08–25)
  • WeaveNet 2.7.0

Ka hoʻonohonoho ʻana iā MTU no CNI

ʻO ka mea mua, nānā mākou i ka hopena o ka ʻike MTU ma ka hana TCP:

Ka loiloi hana CNI no nā Kubernetes ma luna o ka pūnaewele 10G (ʻAukake 2020)

Ka hopena o MTU ma ka hana TCP

Loaʻa ka ʻāpana nui aʻe i ka wā e hoʻohana ai i ka UDP:

Ka loiloi hana CNI no nā Kubernetes ma luna o ka pūnaewele 10G (ʻAukake 2020)
Ka hopena o MTU ma ka UDP Performance

Hāʻawi ʻia i ka hopena hana HUGE i hōʻike ʻia ma nā hoʻāʻo, makemake mākou e hoʻouna i kahi leka o ka manaʻolana i nā mea mālama CNI āpau: e ʻoluʻolu e hoʻohui i ka ʻike MTU aunoa iā CNI. E mālama ʻoe i nā kittens, unicorns a me nā mea nani loa: ʻo Devop liʻiliʻi.

Eia nō naʻe, inā pono ʻoe e hoʻohana i ka CNI me ke kākoʻo ʻole no ka ʻike MTU maʻalahi, hiki iā ʻoe ke hoʻonohonoho iā ia me ka lima e loaʻa ai ka hana. E ʻoluʻolu e pili ana kēia iā Calico, Canal a me WeaveNet.

Ka loiloi hana CNI no nā Kubernetes ma luna o ka pūnaewele 10G (ʻAukake 2020)
ʻO kaʻu noi liʻiliʻi i nā CNI e hui pū ana ...

Ho'āʻo CNI: Raw Data

Ma kēia ʻāpana, e hoʻohālikelike mākou i ka CNI me ka MTU pololei (hoʻoholo ʻokoʻa a hoʻonohonoho lima paha). ʻO ka pahuhopu nui ma ʻaneʻi, ʻo ia ka hōʻike ʻana i ka ʻikepili maka ma nā pakuhi.

Kaao kala:

  • hina - hāpana (ʻo ia hoʻi ka hao ʻole)
  • ʻōmaʻomaʻo - bandwidth ma luna o 9500 Mbps
  • melemele - ka bandwidth ma luna o 9000 Mbps
  • ʻalani - bandwidth ma luna o 8000 Mbps
  • ʻulaʻula - bandwidth ma lalo o 8000 Mbps
  • uliuli - kū ʻole (ʻaʻole pili i ka bandwidth)

ʻAʻohe hoʻouka waiwai

ʻO ka mea mua, e nānā i ka hoʻohana waiwai i ka wā e "moe ai ka pūpū".

Ka loiloi hana CNI no nā Kubernetes ma luna o ka pūnaewele 10G (ʻAukake 2020)
ʻAʻohe hoʻouka waiwai

Pod-to-Pod

Ke manaʻo nei kēia hiʻohiʻona e hoʻopili pololei ka Pod mea kūʻai aku i ka Pod server me ka hoʻohana ʻana i kāna helu IP.

Ka loiloi hana CNI no nā Kubernetes ma luna o ka pūnaewele 10G (ʻAukake 2020)
Pod-to-Pod Scenario

TCP

Nā hualoaʻa Pod-to-Pod TCP a me ka hoʻohana ʻana i nā kumuwaiwai e pili ana:

Ka loiloi hana CNI no nā Kubernetes ma luna o ka pūnaewele 10G (ʻAukake 2020)

Ka loiloi hana CNI no nā Kubernetes ma luna o ka pūnaewele 10G (ʻAukake 2020)

UDP

Nā hualoaʻa Pod-to-Pod UDP a me ka hoʻohana ʻana i nā kumuwaiwai e pili ana:

Ka loiloi hana CNI no nā Kubernetes ma luna o ka pūnaewele 10G (ʻAukake 2020)

Ka loiloi hana CNI no nā Kubernetes ma luna o ka pūnaewele 10G (ʻAukake 2020)

Pod-to-Service

Pili kēia ʻāpana no nā hihia hoʻohana maoli, pili ka Pod mea kūʻai aku i ka Pod server ma o ka lawelawe ClusterIP.

Ka loiloi hana CNI no nā Kubernetes ma luna o ka pūnaewele 10G (ʻAukake 2020)
Palapala Pod-to-Service

TCP

Nā hualoaʻa Pod-to-Service TCP a me ka hoʻohana ʻana i nā kumuwaiwai e pili ana:

Ka loiloi hana CNI no nā Kubernetes ma luna o ka pūnaewele 10G (ʻAukake 2020)

Ka loiloi hana CNI no nā Kubernetes ma luna o ka pūnaewele 10G (ʻAukake 2020)

UDP

Nā hualoaʻa Pod-to-Service UDP a me ka hoʻohana waiwai kūpono:

Ka loiloi hana CNI no nā Kubernetes ma luna o ka pūnaewele 10G (ʻAukake 2020)

Ka loiloi hana CNI no nā Kubernetes ma luna o ka pūnaewele 10G (ʻAukake 2020)

Kākoʻo kulekele pūnaewele

Ma waena o nā mea a pau i luna, ʻo ka mea wale nō i kākoʻo ʻole i ka politika ʻo Flannel. Hoʻokō pono nā mea ʻē aʻe i nā kulekele pūnaewele, me ka komo ʻana a me waho. Nui ka hana!

CNI hoʻopunipuni

Ma waena o nā CNI i hoʻopaʻa ʻia aia nā mea hiki ke hoʻopili i ka hoʻololi pūnaewele ma waena o Pods:

  • Antrea e hoʻohana ana iā IPsec
  • Ke hoʻohana nei ʻo Calico i ka wireguard
  • ʻO Cilium e hoʻohana ana iā IPsec
  • WeaveNet me IPsec

Kāhea

No ka liʻiliʻi o nā CNI i koe, e hoʻokomo i nā hiʻohiʻona a pau i ka pakuhi hoʻokahi:

Ka loiloi hana CNI no nā Kubernetes ma luna o ka pūnaewele 10G (ʻAukake 2020)

Hoʻohana waiwai

Ma kēia ʻāpana, e loiloi mākou i nā kumuwaiwai i hoʻohana ʻia i ka hana ʻana i ka kamaʻilio Pod-to-Pod ma TCP a me UDP. ʻAʻohe kumu o ke kahakaha ʻana i ka pakuhi Pod-to-Service no ka mea ʻaʻole ia e hāʻawi i ka ʻike hou aʻe.

Ka loiloi hana CNI no nā Kubernetes ma luna o ka pūnaewele 10G (ʻAukake 2020)

Ka loiloi hana CNI no nā Kubernetes ma luna o ka pūnaewele 10G (ʻAukake 2020)

Hoʻohui pū

E ho'āʻo mākou e hana hou i nā kiʻi āpau, ua hoʻokomo mākou i kahi kumuhana liʻiliʻi ma aneʻi, e hoʻololi i nā waiwai maoli me nā huaʻōlelo "vwry fast", "low", etc.

Ka loiloi hana CNI no nā Kubernetes ma luna o ka pūnaewele 10G (ʻAukake 2020)

Ka hopena a me kaʻu hopena

He mea liʻiliʻi kēia, ʻoiai ke haʻi nei au i kaʻu wehewehe ponoʻī i nā hopena.

Hauʻoli wau i ka puka ʻana mai o nā CNI hou, ua hana maikaʻi ʻo Antrea, ua hoʻokō ʻia nā hana he nui a hiki i nā mana mua: ʻike MTU maʻalahi, hoʻopili a me ka hoʻonohonoho maʻalahi.

Inā hoʻohālikelike mākou i ka hana, hana maikaʻi nā CNI āpau, koe wale ʻo Kube-OVN a me Kube-Router. ʻAʻole hiki iā Kube-Router ke ʻike i ka MTU, ʻaʻole i loaʻa iaʻu kahi ala e hoʻonohonoho ai iā ia ma nā wahi āpau o ka palapala (maanei ua wehe ʻia kahi noi no kēia kumuhana).

Ma keʻano o ka hoʻohana waiwai, hoʻohana mau ʻo Cilium i ka RAM ma mua o nā poʻe ʻē aʻe, akā ke kuhikuhi pono nei ka mea hana i nā pūʻulu nui, ʻaʻole maopopo ka like me ka hoʻāʻo ʻana i kahi pūʻulu node ʻekolu. Hoʻopau pū ʻo Kube-OVN i ka nui o nā kumuwaiwai CPU a me RAM, akā he CNI ʻōpio ia i hoʻokumu ʻia ma Open vSwitch (e like me Antrea, ʻoi aku ka maikaʻi o ka hoʻopau ʻana).

Loaʻa i nā kānaka a pau koe ʻo Flannel i nā kulekele pūnaewele. ʻAʻole paha ʻo ia e kākoʻo iā lākou, no ka mea ʻoi aku ka maʻalahi o ka pahuhopu ma mua o ka turnip steamed: ʻoi aku ka māmā, ʻoi aku ka maikaʻi.

Eia kekahi, ma waena o nā mea ʻē aʻe, he mea kupanaha ka hana hoʻopunipuni. ʻO Calico kekahi o nā CNI kahiko loa, akā ua hoʻohui ʻia ka encryption i ʻelua mau pule i hala. Ua koho lākou i ka wireguard ma kahi o IPsec, a waiho wale, hana maikaʻi a kupaianaha, hoʻopau piha i nā CNI ʻē aʻe ma kēia ʻāpana o ka hoʻāʻo. ʻOiaʻiʻo, hoʻonui ka hoʻohana waiwai ma muli o ka hoʻopili ʻana, akā ʻo ka throughput i hoʻokō ʻia he mea kūpono ia (Ua hōʻike ʻo Calico i kahi hoʻomaikaʻi ʻeono i ka hoʻāʻo hoʻopunipuni i hoʻohālikelike ʻia me Cilium, ʻo ia ka lua). Eia kekahi, hiki iā ʻoe ke hoʻohana i ka wireguard i kēlā me kēia manawa ma hope o kou kau ʻana iā Calico i ka pūʻulu, a hiki iā ʻoe ke hoʻopau iā ia no ka manawa pōkole a mau loa inā makemake ʻoe. He mea maʻalahi nō naʻe! Hoʻomanaʻo mākou iā ʻoe ʻaʻole ʻike ʻo Calico i ka MTU i kēia manawa (ua hoʻolālā ʻia kēia hiʻohiʻona no nā mana e hiki mai ana), no laila e ʻoluʻolu e hoʻonohonoho i ka MTU inā kākoʻo kāu pūnaewele i nā Jumbo Frames (MTU 9000).

Ma waena o nā mea ʻē aʻe, e hoʻomaopopo e hiki iā Cilium ke hoʻopili i nā kaʻa ma waena o nā nodes cluster (a ʻaʻole wale ma waena o Pods), hiki ke lilo i mea nui loa no nā nodes cluster lehulehu.

I ka hopena, manaʻo wau i kēia mau hihia hoʻohana:

  • Pono CNI no kahi puʻupuʻu liʻiliʻi loa A I ʻole pono iaʻu ka palekana: hana me Flannel, ka CNI māmā a paʻa loa (ʻO ia kekahi o nā mea kahiko loa, e like me ka moʻolelo, ua haku ʻia ʻo ia e Homo Kubernautus a i ʻole Homo Contaitorus.). Hiki paha iā ʻoe ke hoihoi i ka papahana akamai loa k3 mau, nānā!
  • Pono CNI no kahi hui maʻamau: ʻO Kalico - kāu koho, akā mai poina e hoʻonohonoho i ka MTU inā pono. Hiki iā ʻoe ke pāʻani maʻalahi me nā kulekele ʻoihana, hoʻohuli a hoʻopau i ka hoʻopili, etc.
  • Pono ʻo CNI no ka puʻupuʻu nui (nui).: ʻAe, ʻaʻole hōʻike ka hoʻāʻo i ka ʻano o nā puʻupuʻu nui, e hauʻoli wau e hana i nā hoʻokolohua, akā ʻaʻole mākou he mau haneli o nā kikowaena me kahi pilina 10Gbps. No laila ʻo ka koho maikaʻi loa e holo i kahi hoʻokolohua hoʻololi ʻia ma kāu mau nodes, ma ka liʻiliʻi me Calico a me Cilium.

Source: www.habr.com

Pākuʻi i ka manaʻo hoʻopuka