Mau oyamba
Tili mkati adayamba kutumiza Istio ngati mesh yautumiki. Kwenikweni, zonse zili bwino, kupatula chinthu chimodzi: ndi okwera mtengo.
Π kwa Istio akuti:
Ndi Istio 1.1, wothandizira amagwiritsa ntchito pafupifupi 0,6 vCPUs (virtual cores) pa zopempha 1000 pamphindikati.
Pachigawo choyamba mu mesh yautumiki (ma proxies awiri mbali iliyonse ya kulumikizana), tidzakhala ndi ma cores 2 a proxy, pamlingo wa zopempha miliyoni imodzi pamphindikati. Malinga ndi chowerengera mtengo cha Google, zimakhala pafupifupi $1200/mwezi/pachimake kuti kasinthidwe. n1-standard-64, ndiko kuti, dera ili lokha lidzatitengera ndalama zoposa 50 madola zikwi pamwezi pazopempha 1 miliyoni pamphindi.
Ivan Sim () service mesh kuchedwa chaka chatha ndikulonjeza zomwezo kukumbukira ndi purosesa, koma sizinaphule kanthu:
Mwachiwonekere, values-istio-test.yaml idzawonjezera kwambiri zopempha za CPU. Ngati ndachita masamu anga molondola, muyenera pafupifupi 24 CPU cores pa gulu lowongolera ndi 0,5 CPU pa proxy iliyonse. Ndilibe zochuluka chotero. Ndibwerezanso mayesowo pamene zinthu zambiri zaperekedwa kwa ine.
Ndinkafuna kudziwonera ndekha momwe machitidwe a Istio amachitira ndi mauna ena otseguka: .
Kukhazikitsa mauna a Service
Choyamba, ndinachiyika mu tsango :
$ supergloo init
installing supergloo version 0.3.12
using chart uri https://storage.googleapis.com/supergloo-helm/charts/supergloo-0.3.12.tgz
configmap/sidecar-injection-resources created
serviceaccount/supergloo created
serviceaccount/discovery created
serviceaccount/mesh-discovery created
clusterrole.rbac.authorization.k8s.io/discovery created
clusterrole.rbac.authorization.k8s.io/mesh-discovery created
clusterrolebinding.rbac.authorization.k8s.io/supergloo-role-binding created
clusterrolebinding.rbac.authorization.k8s.io/discovery-role-binding created
clusterrolebinding.rbac.authorization.k8s.io/mesh-discovery-role-binding created
deployment.extensions/supergloo created
deployment.extensions/discovery created
deployment.extensions/mesh-discovery created
install successful!Ndidagwiritsa ntchito SuperGloo chifukwa imapangitsa bootstrapping mesh kukhala kosavuta. Sindinafunikire kuchita zambiri. Sitigwiritsa ntchito SuperGloo popanga, koma ndiyabwino pantchito yotere. Ndinayenera kugwiritsa ntchito malamulo angapo pa mauna aliwonse a utumiki. Ndidagwiritsa ntchito masango awiri kudzipatula - imodzi ya Istio ndi Linkerd.
Kuyesaku kudachitika pa Google Kubernetes Engine. Ndinagwiritsa ntchito Kubernetes 1.12.7-gke.7 ndi dziwe la node n1-standard-4 ndi makulitsidwe aatomatiki (osachepera 4, opitilira 16).
Kenako ndidayika ma meshes onse awiri kuchokera pamzere wolamula.
Choyamba Linkerd:
$ supergloo install linkerd --name linkerd
+---------+--------------+---------+---------------------------+
| INSTALL | TYPE | STATUS | DETAILS |
+---------+--------------+---------+---------------------------+
| linkerd | Linkerd Mesh | Pending | enabled: true |
| | | | version: stable-2.3.0 |
| | | | namespace: linkerd |
| | | | mtls enabled: true |
| | | | auto inject enabled: true |
+---------+--------------+---------+---------------------------+Kenako Istio:
$ supergloo install istio --name istio --installation-namespace istio-system --mtls=true --auto-inject=true
+---------+------------+---------+---------------------------+
| INSTALL | TYPE | STATUS | DETAILS |
+---------+------------+---------+---------------------------+
| istio | Istio Mesh | Pending | enabled: true |
| | | | version: 1.0.6 |
| | | | namespace: istio-system |
| | | | mtls enabled: true |
| | | | auto inject enabled: true |
| | | | grafana enabled: true |
| | | | prometheus enabled: true |
| | | | jaeger enabled: true |
+---------+------------+---------+---------------------------+Kuwonongeka kwapang'onopang'ono kunatenga mphindi zingapo, kenako ma control panel adakhazikika.
(Zindikirani: SuperGloo imangothandiza Istio 1.0.x pakadali pano. Ndinabwereza kuyesa ndi Istio 1.1.3, koma sindinazindikire kusiyana kulikonse.)
Kukhazikitsa Istio Automatic Deployment
Kuti apange Istio kukhazikitsa sidecar Envoy, timagwiritsa ntchito injector ya sidecar β MutatingAdmissionWebhook. Sitilankhula za izi m'nkhaniyi. Ndiloleni ndingonena kuti uyu ndi wowongolera yemwe amayang'anira kupezeka kwa ma pod onse atsopano ndikuwonjezera mwamphamvu sidecar ndi initContainer, yomwe imayang'anira ntchito. iptables.
Ife ku Shopify tinalemba zowongolera zathu kuti tigwiritse ntchito sidecars, koma pa benchmark iyi ndidagwiritsa ntchito wowongolera yemwe amabwera ndi Istio. Wowongolera amabaya ma sidecars mwachisawawa pakakhala njira yachidule pamalo a mayina istio-injection: enabled:
$ kubectl label namespace irs-client-dev istio-injection=enabled
namespace/irs-client-dev labeled
$ kubectl label namespace irs-server-dev istio-injection=enabled
namespace/irs-server-dev labeledKukhazikitsa Auto Linkerd Deployment
Kukhazikitsa kuyika kwa Linkerd sidecar, timagwiritsa ntchito zofotokozera (ndinaziwonjezera pamanja kudzera kubectl edit):
metadata:
annotations:
linkerd.io/inject: enabled$ k edit ns irs-server-dev
namespace/irs-server-dev edited
$ k get ns irs-server-dev -o yaml
apiVersion: v1
kind: Namespace
metadata:
annotations:
linkerd.io/inject: enabled
name: irs-server-dev
spec:
finalizers:
- kubernetes
status:
phase: ActiveIstio Fault Tolerance Simulator
Tidapanga choyeserera chololera zolakwika chotchedwa Istio kuti tiyesere magalimoto apadera ku Shopify. Tinkafunika chida chopangira ma topology omwe angayimire gawo linalake la graph yathu yautumiki, yokonzedwa mwamphamvu kuti iwonetse ntchito zinazake.
Zomangamanga za Shopify ndizolemera kwambiri panthawi yogulitsa flash. Nthawi yomweyo, Shopify . Makasitomala akuluakulu nthawi zina amachenjeza za kugulitsa komwe kunakonzedwa. Ena amatichititsa zimenezi mosayembekezera nthawi iliyonse masana kapena usiku.
Tinkafuna kuti simulator yathu yolimba mtima ifanane ndi kayendedwe ka ntchito komwe kamafanana ndi ma topology ndi ntchito zomwe zidalemetsa zida za Shopify m'mbuyomu. Cholinga chachikulu chogwiritsa ntchito mesh yautumiki ndikuti timafunikira kudalirika komanso kulekerera zolakwika pamanetiweki, ndipo ndikofunikira kwa ife kuti ma mesh a service azitha kuthana ndi katundu omwe adasokoneza ntchito kale.
Pamtima pa simulator yolekerera zolakwika ndi malo antchito, omwe amakhala ngati ma mesh node. Node ya ogwira ntchito imatha kukhazikitsidwa mokhazikika poyambira kapena mwamphamvu kudzera pa REST API. Timagwiritsa ntchito masinthidwe osinthika a ma node ogwira ntchito kuti tipange mayendedwe amtundu wa mayeso obwerera.
Nachi chitsanzo cha njira yotere:
- Timatsegula ma seva 10 ngati
barservice yomwe imabweretsa mayankho200/OKpambuyo pa 100 ms. - Timakhazikitsa makasitomala 10 - aliyense amatumiza zopempha 100 pa sekondi iliyonse
bar. - Masekondi 10 aliwonse timachotsa seva imodzi ndikuwunika zolakwika
5xxpa kasitomala.
Kumapeto kwa kayendetsedwe ka ntchito, timasanthula zipika ndi ma metric ndikuwona ngati mayesowo adapambana. Mwanjira iyi timaphunzira za momwe ma mesh athu amagwirira ntchito ndikuyesa kuyesa kwa regression kuyesa malingaliro athu okhudzana ndi kulolerana kolakwa.
(Zindikirani: Tikuganiza zotsegula makina oyeserera a Istio, koma sitinakonzekere kutero.)
Istio fault tolerance simulator ya service mesh benchmark
Tidapanga ma node angapo a simulator:
irs-client-loadgen: Zithunzi za 3 zomwe zimatumiza zopempha 100 pa sekondi iliyonseirs-client.irs-client: 3 replicas amene amalandira pempho, dikirani 100ms ndi kutumiza pempho kwairs-server.irs-server: 3 zofananira zomwe zimabwerera200/OKpambuyo pa 100 ms.
Ndi kasinthidwe uku, titha kuyeza kuyenda kokhazikika kwa magalimoto pakati pa ma 9 endpoints. Sidecars mkati irs-client-loadgen ΠΈ irs-server kulandira zopempha 100 pamphindikati, ndi irs-client - 200 (obwera ndi otuluka).
Timatsata njira zogwiritsira ntchito chifukwa tilibe gulu la Prometheus.
Zotsatira
Control panels
Choyamba, tidasanthula momwe CPU imagwiritsidwira ntchito.
Linkerd control panel ~ 22 millicore
Istio control panel: ~ 750 millicore
Gulu lowongolera la Istio limagwiritsa ntchito pafupifupi Nthawi 35 zambiri za CPUkuposa Linkerd. Zachidziwikire, chilichonse chimayikidwa mwachisawawa, ndipo istio-telemetry imadya zinthu zambiri zama processor pano (itha kuyimitsidwa poletsa ntchito zina). Ngati tichotsa chigawo ichi, timapezabe ma millicores oposa 100, ndiko kuti Nthawi zina 4 zinakuposa Linkerd.
Sidecar proxy
Kenako tinayesa kugwiritsa ntchito proxy. Payenera kukhala mgwirizano wa mzere ndi kuchuluka kwa zopempha, koma pa sidecar iliyonse pali mitu ina yomwe imakhudza pamapindikira.
Linkerd: ~ 100 millicores kwa irs-client, ~ 50 millicores kwa irs-client-loadgen
Zotsatira zimawoneka zomveka, chifukwa woyimira kasitomala amalandira kuchuluka kwa magalimoto kuwirikiza kawiri kuposa proxy ya loadgen: pa pempho lililonse lotuluka kuchokera ku loadgen, kasitomala ali ndi imodzi yomwe ikubwera komanso yotuluka.
Istio/Envoy: ~ 155 millicores kwa irs-client, ~ 75 millicores kwa irs-client-loadgen
Tikuwona zotsatira zofanana za Istio sidecars.
Koma kawirikawiri, ma proxies a Istio/Envoy amadya pafupifupi 50% zambiri CPU chumakuposa Linkerd.
Tikuwona dongosolo lomwelo kumbali ya seva:
Linkerd: ~ 50 millicore kwa irs-server
Istio/Envoy: ~ 80 millicore kwa irs-server
Kumbali ya seva, sidecar Istio/Envoy imadya pafupifupi 60% zambiri CPU chumakuposa Linkerd.
Pomaliza
Wothandizira wa Istio Envoy amadya 50+% CPU kuposa Linkerd pa ntchito yathu yoyerekeza. Gulu lowongolera la Linkerd limagwiritsa ntchito zinthu zochepa kwambiri kuposa Istio, makamaka pazigawo zazikuluzikulu.
Tikulingalirabe momwe tingachepetsere ndalamazi. Ngati muli ndi malingaliro, chonde gawani!
Source: www.habr.com