Okwu Mmalite
Anyị nọ malitere ibuga Istio dị ka ntupu ọrụ. Na ụkpụrụ, ihe niile dị mma, ma e wezụga otu ihe: ọ dị oke ọnụ.
В Maka Istio ọ na-ekwu, sị:
Site na Istio 1.1, proxy na-eri ihe dịka 0,6 vCPUs (cores mebere) kwa arịrịọ 1000 kwa sekọnd.
Maka mpaghara mbụ na mesh ọrụ (2 proxies n'akụkụ ọ bụla nke njikọ), anyị ga-enwe 1200 cores naanị maka proxy, na ọnụego nke otu nde arịrịọ kwa nkeji. Dị ka ihe mgbako ọnụ ahịa Google si kwuo, ọ na-arụ ọrụ ka ọ bụrụ ihe ruru $40 / ọnwa / isi maka nhazi n1-standard-64, ya bụ, mpaghara a naanị ga-efu anyị ihe karịrị 50 puku dollar kwa ọnwa maka 1 nde arịrịọ kwa sekọnd.
Ivan Sim () Ọrụ mesh na-egbu oge n'afọ gara aga wee kwe nkwa otu maka ebe nchekwa na processor, mana ọ naghị arụ ọrụ:
N'ụzọ doro anya, ụkpụrụ-istio-test.yaml ga-abawanye arịrịọ CPU nke ukwuu. Ọ bụrụ na emela m mgbakọ na mwepụ m nke ọma, ịchọrọ ihe dị ka cores 24 CPU maka njikwa njikwa yana 0,5 CPU maka proxy ọ bụla. Enweghị m nnukwu ego ahụ. M ga-emegharị ule ahụ mgbe ekenyela m ihe onwunwe ndị ọzọ.
Achọrọ m ịhụ n'onwe m ka arụmọrụ Istio si dị na nchikota ọrụ mepere emepe ọzọ: .
Ntinye ntupu ọrụ
Nke mbụ, etinyere m ya na ụyọkọ :
$ supergloo init
installing supergloo version 0.3.12
using chart uri https://storage.googleapis.com/supergloo-helm/charts/supergloo-0.3.12.tgz
configmap/sidecar-injection-resources created
serviceaccount/supergloo created
serviceaccount/discovery created
serviceaccount/mesh-discovery created
clusterrole.rbac.authorization.k8s.io/discovery created
clusterrole.rbac.authorization.k8s.io/mesh-discovery created
clusterrolebinding.rbac.authorization.k8s.io/supergloo-role-binding created
clusterrolebinding.rbac.authorization.k8s.io/discovery-role-binding created
clusterrolebinding.rbac.authorization.k8s.io/mesh-discovery-role-binding created
deployment.extensions/supergloo created
deployment.extensions/discovery created
deployment.extensions/mesh-discovery created
install successful!M na-eji SuperGloo n'ihi na ọ na-eme bootstrapping mesh ọrụ mfe. Achọghị m ime ọtụtụ ihe. Anyị anaghị eji SuperGloo na mmepụta, mana ọ dị mma maka ọrụ dị otú ahụ. Ekwesịrị m iji iwu ole na ole maka ntupu ọrụ ọ bụla. Eji m ụyọkọ abụọ maka ịnọpụ iche - otu maka Istio na Linkerd.
Emere nnwale a na Google Kubernetes Engine. M na-eji Kubernetes 1.12.7-gke.7 na ọdọ mmiri nke ọnụ n1-standard-4 ya na nhazi ọnụ ọnụ akpaka (opekempe 4, kacha 16).
M tinyeziri meshes ọrụ abụọ ahụ site na ahịrị iwu.
Ejikọtara nke mbụ:
$ supergloo install linkerd --name linkerd
+---------+--------------+---------+---------------------------+
| INSTALL | TYPE | STATUS | DETAILS |
+---------+--------------+---------+---------------------------+
| linkerd | Linkerd Mesh | Pending | enabled: true |
| | | | version: stable-2.3.0 |
| | | | namespace: linkerd |
| | | | mtls enabled: true |
| | | | auto inject enabled: true |
+---------+--------------+---------+---------------------------+Mgbe ahụ Istio:
$ supergloo install istio --name istio --installation-namespace istio-system --mtls=true --auto-inject=true
+---------+------------+---------+---------------------------+
| INSTALL | TYPE | STATUS | DETAILS |
+---------+------------+---------+---------------------------+
| istio | Istio Mesh | Pending | enabled: true |
| | | | version: 1.0.6 |
| | | | namespace: istio-system |
| | | | mtls enabled: true |
| | | | auto inject enabled: true |
| | | | grafana enabled: true |
| | | | prometheus enabled: true |
| | | | jaeger enabled: true |
+---------+------------+---------+---------------------------+Mkpọku-loop were nkeji ole na ole, na mgbe ahụ ogwe njikwa kwụsiri ike.
(Rịba ama: SuperGloo na-akwado naanị Istio 1.0.x ugbu a. Emeghachiri m nnwale ahụ na Istio 1.1.3, mana ahụghị ihe ọ bụla pụtara ìhè.)
Ịtọlite Istio Akpaaka nkenye
Iji mee ka Istio wụnye Envoy sidecar, anyị na-eji injector sidecar - MutatingAdmissionWebhook. Anyị agaghị ekwu maka ya n'isiokwu a. Ka m kwuo na nke a bụ onye njikwa na-enyocha ohere nke pọd ọhụrụ niile ma na-agbakwunye otu sidecar na initContainer, nke na-ahụ maka ọrụ. iptables.
Anyị na Shopify dere onye njikwa ohere nke anyị iji mejuputa ụgbọ ala, mana maka akara ngosi a, ejiri m njikwa na-abịa na Istio. Onye njikwa ahụ na-agbaba ụgbọ ala na ndabara mgbe enwere ụzọ mkpirisi na oghere aha istio-injection: enabled:
$ kubectl label namespace irs-client-dev istio-injection=enabled
namespace/irs-client-dev labeled
$ kubectl label namespace irs-server-dev istio-injection=enabled
namespace/irs-server-dev labeledỊtọlite ntinye aka nke Linkerd
Iji guzobe ntinye akụkụ akụkụ Linkerd, anyị na-eji nkọwapụta (Anyere m ha aka site na kubectl edit):
metadata:
annotations:
linkerd.io/inject: enabled$ k edit ns irs-server-dev
namespace/irs-server-dev edited
$ k get ns irs-server-dev -o yaml
apiVersion: v1
kind: Namespace
metadata:
annotations:
linkerd.io/inject: enabled
name: irs-server-dev
spec:
finalizers:
- kubernetes
status:
phase: ActiveIstio Fault Tolerance Simulator
Anyị wuru simulator nnabata mmejọ akpọrọ Istio iji nwalee okporo ụzọ pụrụ iche nke Shopify. Anyị chọrọ ngwá ọrụ iji mepụta topology omenala nke ga-anọchi anya otu akụkụ nke eserese ọrụ anyị, ahaziri nke ọma iji ṅomie nnukwu ọrụ.
Akụrụngwa Shopify nọ n'oké ibu n'oge ire ọkụ. N'otu oge ahụ, Shopify . Ndị ahịa buru ibu na-adọ aka ná ntị mgbe ụfọdụ maka ire ọkụ a na-eme atụmatụ. Ndị ọzọ na-akpa àgwà ha na-atụghị anya ha n'oge ọ bụla n'ehihie ma ọ bụ n'abalị.
Anyị chọrọ simulator resiliency anyị ka ọ ṅomie usoro ọrụ nke dabara na topologies na ibu ọrụ nke rikpuru akụrụngwa nke Shopify n'oge gara aga. Ebumnuche bụ isi nke iji ntupu ọrụ bụ na anyị chọrọ ntụkwasị obi na nnabata mmejọ na ọkwa netwọkụ, yana ọ dị anyị mkpa na ntanetị ọrụ ahụ na-anagide ibu ndị mebiri ọrụ mbụ.
N'ime obi nke simulator nnabata mmejọ bụ ọnụ onye ọrụ, nke na-arụ ọrụ dị ka ọnụ ntupu ọrụ. Enwere ike ịhazi ọnụ ọnụ onye ọrụ na mmalite ma ọ bụ n'ike n'ike site na API REST. Anyị na-eji nhazi dị ike nke ọnụ ọnụ ndị ọrụ na-emepụta usoro ọrụ n'ụdị ule nlọghachi azụ.
Nke a bụ ọmụmaatụ nke usoro a:
- Anyị na-ebuputa sava 10 dị ka
barọrụ na-eweghachi nzaghachi200/OKmgbe 100 ms. - Anyị na-ebupụta ndị ahịa 10 - onye ọ bụla na-eziga arịrịọ 100 kwa sekọnd
bar. - Kwa 10 sekọnd anyị na-ewepụ 1 nkesa na nyochaa njehie
5xxna onye ahịa.
Na njedebe nke usoro ọrụ ahụ, anyị na-enyocha ndekọ na metrik wee lelee ma ule ahụ gafere. Nke a bụ otu anyị si amụta maka arụmọrụ nke ntupu ọrụ anyị wee na-eme ule mgbagha iji nwalee echiche anyị gbasara nnabata mmejọ.
(Rịba ama: Anyị na-eche maka imeghe simulator nnabata nke Istio, mana anyị adịbeghị njikere ime ya.)
Istio mmejọ ndidi simulator maka ọrụ mesh benchmark
Anyị na-edobe ọtụtụ ọnụ ọnụ na-arụ ọrụ nke simulator:
irs-client-loadgen: 3 oyiri na-eziga 100 arịrịọ kwa sekọnd kwairs-client.irs-client: 3 oyiri na-enweta arịrịọ ahụ, chere 100ms ma ziga arịrịọ ahụirs-server.irs-server: 3 oyiri na-alọghachi200/OKmgbe 100 ms.
Site na nhazi a, anyị nwere ike tụọ usoro okporo ụzọ kwụsiri ike n'etiti ebe njedebe 9. Sidecars na irs-client-loadgen и irs-server nata 100 arịrịọ kwa sekọnd, na irs-client - 200 (na-abata na ndị na-apụ apụ).
Anyị na-enyocha ojiji akụrụngwa site na n'ihi na anyị enweghị ụyọkọ Prometheus.
Результаты
Ogwe njikwa
Nke mbụ, anyị nyochara oriri CPU.
Njikọ njikwa njikọ ~ 22 millicore
Ogwe njikwa Istio: ~ 750 millicore
Ogwe njikwa Istio na-eji ihe dị ka Ngwa CPU ugboro 35karịa Linkerd. N'ezie, etinyere ihe niile na ndabara, na istio-telemetry na-eri ọtụtụ ihe nrụpụta ebe a (enwere ike nwee nkwarụ site na iwepu ọrụ ụfọdụ). Ọ bụrụ na anyị ewepụ akụkụ a, anyị ka na-enweta ihe karịrị 100 millicores, ya bụ 4 ugboro ọzọkarịa Linkerd.
Sidecar proxy
Anyị nwaleziri iji proxy. Ekwesịrị inwe mmekọrịta dị n'ahịrị na ọnụ ọgụgụ nke arịrịọ, mana maka ụgbọ ala ọ bụla enwere ihe karịrị nke na-emetụta akụkụ ahụ.
Linkerd: ~ 100 millicores maka onye ahịa irs, ~ 50 millicores maka irs-client-loadgen
Nsonaazụ a na-ele anya nke ọma, n'ihi na proxy onye ahịa na-anata okporo ụzọ ugboro abụọ karịa proxy loadgen: maka arịrịọ ọ bụla na-apụ apụ site na loadgen, onye ahịa nwere otu na-abata na nke na-apụ apụ.
Istio / Onye ozi: ~ 155 millicores maka onye ahịa irs, ~ 75 millicores maka irs-client-loadgen
Anyị na-ahụ nsonaazụ ndị yiri ya maka Istio sidecars.
Mana n'ozuzu, proxies Istio/Envoy na-eri ihe dị ka 50% ọzọ akụrụngwa CPUkarịa Linkerd.
Anyị na-ahụ otu atụmatụ ahụ n'akụkụ sava:
Linkerd: ~ 50 millicore maka ihe nkesa irs
Istio/Envoy: ~ 80 millicore maka ihe nkesa irs
N'akụkụ ihe nkesa, sidecar Istio/Envoy na-eri ihe dị ka 60% ọzọ akụrụngwa CPUkarịa Linkerd.
nkwubi
Onye nnọchi anya Istio Envoy na-eri 50+% karịa CPU karịa Linkerd na ọrụ simulated anyị. Ogwe njikwa Linkerd na-eri obere akụrụngwa karịa Istio, ọkachasị maka ihe ndị bụ isi.
Anyị ka na-eche ka anyị ga-esi belata ego ndị a. Ọ bụrụ na ị nwere echiche, biko kesaa!
isi: www.habr.com