ãå±éºã¯ç§ã®ããã«ããŒã ã ããšåœéçãªè¬ã®ç·ããªãŒã¹ãã£ã³ã»ãã¯ãŒãºã¯ããèšã£ãŠããã ããããã¹ãŒããŒãšãŒãžã§ã³ããè«å ±æ©é¢ã«ãã£ãŠé«ãè©äŸ¡ãããŠãããã®ã¯ãå±éºãããéå±ã®ã»ããã¯ããã«åªããŠããã³ã³ãã¥ãŒã¿ãŒãµãŒãã¹ã«ã¯ãŸã£ããé©ããŠããŸããã
ãããŠãIstio ã OpenShift ã Kubernetes ãšçµã¿åããããšããã€ã¯ããµãŒãã¹ã®ãããã€ãæ¬åœã«éå±ã§äºæž¬å¯èœã«ãªããŸããããã¯çŽ æŽãããããšã§ãã ãã®ç¹ããã®ä»ã®ããšã«ã€ããŠã¯ãIstio ã·ãªãŒãºã® XNUMX çªç®ã§æåŸã®æçš¿ã§èª¬æããŸãã
éå±ãã¡ããã©ãããšã
ç§ãã¡ã®å Žåãéå±ã¯æçµæ®µéã§ã®ã¿çºçããŸãããã®æ®µéã§ã¯ãæ®ã£ãŠããã®ã¯åº§ã£ãŠããã»ã¹ãçºããã ãã§ãã ãã ãããã®ããã«ã¯æåã«ãã¹ãŠãèšå®ããå¿ èŠããããããã§ã¯å€ãã®èå³æ·±ãããšãããªããåŸ ã£ãŠããŸãã
ãœãããŠã§ã¢ã®æ°ããããŒãžã§ã³ãå°å ¥ãããšãã¯ããªã¹ã¯ãæå°éã«æããããã«ãããããªãã·ã§ã³ãæ€èšãã䟡å€ããããŸãã 䞊åå®è¡ã¯éåžžã«åŒ·åã§å®èšŒæžã¿ã®ãã¹ãæ¹æ³ã§ãããIstio ã§ã¯ãã·ãŒã¯ã¬ãã ãµãŒãã¹ã (ãã€ã¯ããµãŒãã¹ã®é ãããŒãžã§ã³) ã䜿çšããŠãéçšã·ã¹ãã ã«å¹²æžããããšãªããããå®è¡ã§ããŸãã ããã«ã¯ãããŒã¯ ããŒã³ãããšããç¹å¥ãªçšèªãããããŸããããã¯ãåæ§ã«ã¹ãã€åããã©ãã£ã㯠ãã©ãŒãªã³ã°ããæã€æ©èœã«ãã£ãŠã¢ã¯ãã£ãåãããŸãã
åã®æ®µèœã®æåã®æã§ã¯ãããªãªãŒã¹ãã§ã¯ãªãããããã€ããšããçšèªã䜿çšãããŠããããšã«æ³šæããŠãã ããã å®éã«ã¯ããã€ã¯ããµãŒãã¹ãå¿ èŠãªã ããããã€ã§ãããã¡ãã䜿çšã§ããå¿ èŠããããŸãã ãã®ãµãŒãã¹ã¯ããã©ãã£ãã¯ãåä¿¡ããŠââåŠçããçµæãçæãããã°ã«æžã蟌ãã§ç£èŠã§ããå¿ èŠããããŸãã ãããåæã«ããã®ãµãŒãã¹èªäœã¯å¿ ãããéçšç°å¢ã«ãªãªãŒã¹ããå¿ èŠã¯ãããŸããã ãœãããŠã§ã¢ã®ãããã€ãšãªãªãŒã¹ã¯å¿ ãããåãã§ã¯ãããŸããã ãã€ã§ããããã€ã§ããŸããããªãªãŒã¹ã¯æºåãã§ããå Žåã«éããŸãã
éå±ãæŽçããã®ã¯é¢çœã
次㮠Istio ã«ãŒãã£ã³ã° ã«ãŒã«ãèŠãŠãã ãããããã¯ããã¹ãŠã® HTTP ãªã¯ãšã¹ãããã€ã¯ããµãŒãã¹æšå¥š v1 ã«ã«ãŒãã£ã³ã°ããŸã (ãã¹ãŠã®äŸã¯ã
ã©ãã«ã«æ³šç®ããŠãã ãã mirror:
ç»é¢ã®äžéšã«ãã - ããããã©ãã£ãã¯ãã©ãŒãªã³ã°ãèšå®ããŸãã ã¯ãããšãŠãç°¡åã§ã!
ãã®ã«ãŒã«ã®çµæãéçšã·ã¹ãã (v1) ã¯åä¿¡ãªã¯ãšã¹ãã®åŠçãç¶è¡ããŸããããªã¯ãšã¹ãèªäœã¯éåæ㧠v2 ã«ãã©ãŒãªã³ã°ãããå®å šãªè€è£œã v2 ã«éä¿¡ãããŸãã ãã®ããã«ããŠãå®çšŒåã·ã¹ãã ã®åäœããŸã£ãã劚ããããšãªããå®éã®ããŒã¿ãšãã©ãã£ãã¯ã䜿çšããŠãå®éã®æ¡ä»¶ã§ vXNUMX ããã¹ãã§ããŸãã ããã§ã¯ãã¹ãã®çµç¹åãéå±ã«ãªã£ãŠããŸããŸãã? ã¯ããééããªãã ããããããã¯èå³æ·±ãæ¹æ³ã§è¡ãããŠããŸãã
ãã©ããå ããŠã¿ãŸããã
v2 ã³ãŒãã§ã¯ãåä¿¡ãªã¯ãšã¹ãã«ãã£ãŠããŒã¿ãå€æŽãããå¯èœæ§ãããç¶æ³ã«åããå¿ èŠãããããšã«æ³šæããŠãã ããã ãªã¯ãšã¹ãèªäœã¯ç°¡åãã€ééçã«ãã©ãŒãªã³ã°ãããŸããããã¹ãã§ã®åŠçæ¹æ³ã®éžæã¯ãŠãŒã¶ãŒæ¬¡ç¬¬ã§ãããããã¯å°ãå¿é ã§ãã
éèŠãªç¹ãç¹°ãè¿ããŸããã
ãã©ãã£ã㯠ãã©ãŒãªã³ã°ã䜿çšããã·ãŒã¯ã¬ããèµ·å (ããŒã¯èµ·å/ãªã¯ãšã¹ã ãã©ãŒãªã³ã°) ã¯ãã³ãŒãã«ãŸã£ãã圱é¿ãäžããããšãªãå®è¡ã§ããŸãã
æèã®ç³§
ãªã¯ãšã¹ãããã©ãŒãªã³ã°ãããå Žæã§ããªã¯ãšã¹ãã®äžéšã v1 ã§ã¯ãªã v2 ã«éä¿¡ãããå Žåã¯ã©ããªãã§ãããã? ããšãã°ããã¹ãŠã®ãªã¯ãšã¹ãã® 2 ããŒã»ã³ãããŸãã¯ç¹å®ã®ãŠãŒã¶ãŒ ã°ã«ãŒãããã®ãªã¯ãšã¹ãã®ã¿ãªã©ã§ãã ãããŠãv1 ãã©ã®ããã«æ©èœãããããã§ã«ç¢ºèªããäžã§ããã¹ãŠã®ãªã¯ãšã¹ããåŸã
ã«æ°ããããŒãžã§ã³ã«è»¢éããŸãã ãŸãã¯éã«ãv2 ã§åé¡ãçºçããå Žåã¯ããã¹ãŠã vXNUMX ã«æ»ããŸãã ã«ããªã¢ãããã€ã¡ã³ããšåŒã°ãããã®ã ãšæããŸãã
Istio ã§ã® Canary ãããã€ã¡ã³ã: ã³ããã·ã§ãã³ã°ã®ç°¡çŽ å
æ éã«åŸã ã«
Canary Deployment ãããã€ã¡ã³ã ã¢ãã«ã®æ¬è³ªã¯éåžžã«ã·ã³ãã«ã§ãããœãããŠã§ã¢ã®æ°ããããŒãžã§ã³ (ãã®å Žåã¯ãã€ã¯ããµãŒãã¹) ãèµ·åãããšãããŸãããã®ãœãããŠã§ã¢ãžã®ã¢ã¯ã»ã¹ãå°æ°ã®ãŠãŒã¶ãŒ ã°ã«ãŒãã«èš±å¯ããŸãã ãã¹ãŠãããŸãããã°ãæ°ããããŒãžã§ã³ãæ©èœãå§ãããŸã§ãã®ã°ã«ãŒããåŸã ã«å¢ãããŸããããã§ãªãå Žåã¯ãæçµçã«ãã¹ãŠã®ãŠãŒã¶ãŒããã®ã°ã«ãŒãã«ç§»è¡ããŸãã æ°ããããŒãžã§ã³ãæ éãã€æ®µéçã«å°å ¥ããå¶åŸ¡ãããæ¹æ³ã§ãŠãŒã¶ãŒããã®ããŒãžã§ã³ã«åãæ¿ããããšã§ããªã¹ã¯ã軜æžãããã£ãŒãããã¯ãæ倧åããããšãã§ããŸãã
ãã¡ãããIstio ã¯ãã€ã³ããªãžã§ã³ããªãªã¯ãšã¹ã ã«ãŒãã£ã³ã°ã®ããã®åªãããªãã·ã§ã³ãããã€ãæäŸããããšã§ãã«ããªã¢ ãããã€ã¡ã³ããç°¡çŽ åããŸãã ãããŠãã¯ããããããã¹ãŠã¯ãœãŒã¹ã³ãŒãã«äžå觊ããã«å®è¡ã§ããŸãã
ãã©ãŠã¶ã®ãã£ã«ã¿ãªã³ã°
æãåçŽãªã«ãŒãã£ã³ã°åºæºã® 2 ã€ã¯ããã©ãŠã¶ããŒã¹ã®ãªãã€ã¬ã¯ãã§ãã Safari ãã©ãŠã¶ããã®ãªã¯ãšã¹ãã®ã¿ã vXNUMX ã«éä¿¡ããããšããŸãã ãã®æ¹æ³ã¯æ¬¡ã®ãšããã§ãã
ãã®ã«ãŒãã£ã³ã° ã«ãŒã«ãé©çšããŠããã次ã®ã³ãã³ãã䜿çšããŠã¿ãŸãããã curl
ã«ãŒãå
ã®ãã€ã¯ããµãŒãã¹ãžã®å®éã®ãªã¯ãšã¹ããã·ãã¥ã¬ãŒãããŸãã ã¹ã¯ãªãŒã³ã·ã§ããã§ãããããã«ããããã¯ãã¹ãŠ v1 ã«ç§»è¡ããŸãã
v2 ã®ãã©ãã£ãã¯ã¯ã©ãã«ãããŸãã? ãã®äŸã§ã¯ããã¹ãŠã®ãªã¯ãšã¹ããç¬èªã®ã³ãã³ã ã©ã€ã³ããã®ã¿éä¿¡ãããŠãããããåçŽã«ååšããŸããã ãã ããäžã®ç»é¢ã®äžçªäžã®è¡ã«æ³šç®ããŠãã ãããããã¯ãSafari ãã©ãŠã¶ãããªã¯ãšã¹ããå®è¡ããããšã«å¯Ÿããåå¿ã§ãããçµæãšããŠæ¬¡ã®ãã®ãçæãããŸãã
ç¡å¶éã®ãã¯ãŒ
æ£èŠè¡šçŸããªã¯ãšã¹ããã«ãŒãã£ã³ã°ããããã®éåžžã«åŒ·åãªæ©èœãæäŸããããšã¯ãã§ã«æžããŸããã 次ã®äŸãèŠãŠãã ãã (ãããäœãããã®ãç解ã§ãããšæããŸã)ã
ãããŸã§ã§ãæ£èŠè¡šçŸã§äœãã§ãããã«ã€ããŠã¯ç解ã§ããã®ã§ã¯ãªãã§ããããã
è³¢ãè¡åãã
ã¹ããŒã ã«ãŒãã£ã³ã°ãç¹ã«æ£èŠè¡šçŸã䜿çšãããã±ãã ããããŒã®åŠçã«ããããã©ãã£ãã¯ãåžæã©ããã«èªå°ã§ããŸãã ããã«ãããæ°ããã³ãŒãã®å®è£ ãå€§å¹ ã«ç°¡çŽ åãããŸããã·ã³ãã«ã§ãã³ãŒãèªäœãå€æŽããå¿ èŠããªããå¿ èŠã«å¿ããŠãã¹ãŠãå ã®ç¶æ ã«ããã«æ»ãããšãã§ããŸãã
èå³ããããŸããïŒ
ã³ã³ãã¥ãŒã¿ãŒäžã§ IstioãKubernetesãOpenShift ãè©ŠããŠã¿ãããšæã£ãŠããŸãã? ããŒã
â
Istio Egress: åç£ç©åºãéã£ãŠåºãŸãã
Istio ã Red Hat OpenShift ããã³ Kubernetes ãšçµã¿åãããŠäœ¿çšââãããšããã€ã¯ããµãŒãã¹ã®äœ¿çšãã¯ããã«ç°¡åã«ãªããŸãã Istio ã®ãµãŒãã¹ ã¡ãã·ã¥ã¯ Kubernetes ãããå ã«é ãããŠãããã³ãŒã㯠(ã»ãšãã©ã®å Žå) åé¢ããŠå®è¡ãããŸãã ããã©ãŒãã³ã¹ãå€æŽã®å®¹æãããã¬ãŒã¹ãªã© - ãµã€ãã«ãŒ ã³ã³ãããŒã䜿çšããããšã§ãããããã¹ãŠãç°¡åã«äœ¿çšã§ããŸãã ãããããã€ã¯ããµãŒãã¹ã OpenShift-Kubernetes ã·ã¹ãã ã®å€éšã«ããä»ã®ãµãŒãã¹ãšéä¿¡ããå¿ èŠãããå Žåã¯ã©ããªãã§ãããã?
ãã㧠Istio Egress ã圹ã«ç«ã¡ãŸãã äžèšã§èšãã°ãKubernetes ãããã®ã·ã¹ãã ã®äžéšã§ã¯ãªããªãœãŒã¹ (ããµãŒãã¹ããšèªã¿ãŸã) ã«ã¢ã¯ã»ã¹ã§ããããã«ããã ãã§ãã è¿œå ã®æ§æãå®è¡ããªãå ŽåãIstio Egress ç°å¢ã§ã¯ããã©ãã£ãã¯ã¯å éš IP ããŒãã«ã«åºã¥ããŠãããã®ã¯ã©ã¹ã¿ãŒå ããã³ã¯ã©ã¹ã¿ãŒéã§ã®ã¿ã«ãŒãã£ã³ã°ãããŸãã ãããŠããã®ãããªè¹åã¯ãå€éšãããµãŒãã¹ã«ã¢ã¯ã»ã¹ããå¿ èŠããªãéããããŸãæ©èœããŸãã
Egress ã䜿çšãããšãEgress ã«ãŒã«ãŸã㯠IP ã¢ãã¬ã¹ã®ç¯å²ã«åºã¥ããŠãäžèšã® IP ããŒãã«ããã€ãã¹ã§ããŸãã
httpbin.org/headers ã« GET ãªã¯ãšã¹ããè¡ã Java ããã°ã©ã ããããšããŸãã
(httpbin.org ã¯ãçºä¿¡ãµãŒãã¹èŠæ±ããã¹ãããããã®äŸ¿å©ãªãªãœãŒã¹ã«ãããŸããã)
ã³ãã³ãã©ã€ã³ã«å
¥åãããš curl http://httpbin.org/headers
ã次ã®ããšãããããŸãã
ãŸãã¯ããã©ãŠã¶ã§åãã¢ãã¬ã¹ãéãããšãã§ããŸãã
ã芧ã®ãšãããããã«ãããµãŒãã¹ã¯ãæž¡ãããããããŒãè¿ãã ãã§ãã
ç§ãã¡ã¯èŒžå ¥åãçã£åãã眮ãæããŠããŸã
次ã«ãã·ã¹ãã ã®å€éšã«ãããã®ãµãŒãã¹ã® Java ã³ãŒããååŸããIstio ãã€ã³ã¹ããŒã«ãããŠããå Žæã§ç¬èªã«å®è¡ããŠã¿ãŸãããã ïŒé£çµ¡ããã°èªåã§è¡ãããšãã§ããŸãïŒ curl egresshttpbin-istioegress.$(minishift ip).nip.io
ãã®åŸãç»é¢ã«æ¬¡ã®ããã«è¡šç€ºãããŸãã
ãã£ãšãäœãèµ·ãã£ãã®ã§ããïŒ ãã¹ãŠãããŸããããŸããã èŠã€ãããªã ãšã¯ã©ãããæå³ã§ãã? ç§ãã¡ã¯åœŒã®ããã«ãã£ãã ãã§ã curl
.
IP ããŒãã«ãã€ã³ã¿ãŒãããå šäœã«æ¡åŒµãã
ããã«ã€ããŠã¯ Istio ãéé£ããã (ãŸãã¯æè¬ããã) ã¹ãã§ãã çµå±ã®ãšãããIstio ã¯ãæ€åºãšã«ãŒãã£ã³ã° (ããã³å ã»ã©èª¬æããä»ã®å€ãã®ããš) ãæ åœãããµã€ãã«ãŒ ã³ã³ãããŒã«ãããŸããã ãã®ãããIP ããŒãã«ã¯ã¯ã©ã¹ã¿ãŒ ã·ã¹ãã å ã®å 容ã®ã¿ãèªèããŸãã ãŸããhttpbin.org ã¯å€éšã«ããããã¢ã¯ã»ã¹ã§ããŸããã ãã㧠Istio Egress ã圹ã«ç«ã¡ãŸãããœãŒã¹ ã³ãŒããå°ããå€æŽããå¿ èŠã¯ãããŸããã
以äžã® Egress ã«ãŒã«ã«ãããIstio ã¯å¿ èŠãªãµãŒãã¹ (ãã®å Žå㯠httpbin.org) ã (å¿ èŠã«å¿ããŠã€ã³ã¿ãŒãããå šäœã§) æ€çŽ¢ããŸãã ãã®ãã¡ã€ã« (egress_httpbin.yml) ãããããããã«ãããã§ã®æ©èœã¯éåžžã«åçŽã§ãã
æ®ã£ãŠããã®ã¯ããã®ã«ãŒã«ãé©çšããããšã ãã§ãã
istioctl create -f egress_httpbin.yml -n istioegress
ã³ãã³ãã䜿çšã㊠Egress ã«ãŒã«ã衚瀺ã§ããŸãã istioctl get egressrules
:
ãããŠæåŸã«ãã³ãã³ããå床å®è¡ããŸã curl â ãããŠããã¹ãŠãæ©èœããŠããããšãããããŸãã
ç§ãã¡ã¯ççŽã«èããŸã
ã芧ã®ãšãããIstio ã䜿çšãããšãå€éšäžçãšã®ããåããæŽçã§ããŸãã èšãæããã°ãOpenShift ãµãŒãã¹ãäœæããKubernetes ãéããŠãããã管çããå¿ èŠã«å¿ããŠã¹ã±ãŒã«ã¢ããããã³ã¹ã±ãŒã«ããŠã³ã§ãããããã«ãã¹ãŠãä¿æããããšãã§ããŸãã åæã«ãç°å¢ã®å€éšã®ãµãŒãã¹ã«å®å šã«ã¢ã¯ã»ã¹ã§ããŸãã ã¯ããããäžåºŠç¹°ãè¿ããŸãããããããã¹ãŠã¯ã³ãŒãã«äžå觊ããã«å®è¡ã§ããŸãã
ãã㯠Istio ã«é¢ããã·ãªãŒãºã®æåŸã®æçš¿ã§ããã 楜ãã¿ã«åŸ
ã£ãŠããŠãã ãã - ãããããããããã®èå³æ·±ãããšãåŸ
ã£ãŠããŸã!
åºæïŒ habr.com