Mukakhazikitsa gulu la Kubernetes kuti mugwiritse ntchito, muyenera kumvetsetsa zomwe pulogalamuyo, bizinesi, ndi omwe akutukula amapangira izi. Ndi chidziwitso ichi, mukhoza kuyamba kupanga chisankho cha zomangamanga ndipo, makamaka, kusankha wolamulira wa Ingress, omwe alipo kale ambiri lero. Kuti tipeze lingaliro lazosankha zomwe zilipo popanda kudutsa zolemba / zolemba zambiri, ndi zina zambiri, takonzekera mwachidule izi, kuphatikiza owongolera (okonzeka kupanga) a Ingress.
Tikukhulupirira kuti zithandiza anzathu posankha njira yomanga - osachepera idzakhala poyambira kupeza zambiri mwatsatanetsatane komanso kuyesa kothandiza. M'mbuyomu, tidaphunzira zida zina zofananira paukonde ndipo, modabwitsa, sitinapeze imodzi yokwanira kapena yocheperako, komanso yofunika kwambiri - yokhazikika - kuwunikiranso. Ndiye tiyeni tikwaniritse kusiyana kumeneko!
Makhalidwe
M'malo mwake, kuti mufananize ndikupeza zotsatira zothandiza, muyenera kumvetsetsa osati gawo la phunzirolo, komanso kukhala ndi mndandanda wazinthu zomwe zidzakhazikitse vector yofufuza. Popanda kunamizira kusanthula milandu yonse yogwiritsira ntchito Ingress / Kubernetes, tidayesa kuwunikira zomwe zimafunikira kwa owongolera - khalani okonzeka kuti mulimonse muyenera kuphunzira tsatanetsatane wanu ndi zambiri padera.
Koma ndiyamba ndi mikhalidwe yomwe yadziwika kwambiri kotero kuti imayendetsedwa pamayankho onse ndipo samaganiziridwa:
- kupezeka kwamphamvu kwa mautumiki (kutulukira kwa ntchito);
- Kutha kwa SSL;
- ntchito ndi websockets.
Tsopano kwa mfundo zofananiza:
Ma protocol othandizira
Chimodzi mwazofunikira pakusankha. Mapulogalamu anu mwina sangagwire ntchito pa HTTP wamba, kapena angafunike kugwirira ntchito pama protocol angapo nthawi imodzi. Ngati mlandu wanu ndi wosagwirizana, onetsetsani kuti mukuganizira izi kuti musamakonzenso gululo pambuyo pake. Kwa olamulira onse, mndandanda wa ma protocol omwe amathandizidwa amasiyanasiyana.
mapulogalamu pachimake
Pali mitundu ingapo yamapulogalamu yomwe wowongolera amatengera. Odziwika ndi nginx, traefik, haproxy, nthumwi. Nthawi zambiri, sizingakhale ndi zotsatira zambiri pa momwe magalimoto amalandirira ndi kufalikira, koma nthawi zonse zimakhala zothandiza kudziwa zomwe zingatheke komanso zomwe zili "pansi pa hood".
Njira zamagalimoto
Pamaziko a zomwe zingatheke kupanga chisankho chokhudza kayendetsedwe ka magalimoto ku ntchito inayake? Nthawi zambiri izi ndi zokhala ndi njira, koma pali zina zowonjezera.
Malo a mayina mkati mwa gulu
Namespace (namespace) - kuthekera kogawaniza zinthu ku Kubernetes (mwachitsanzo, pa siteji, kupanga, etc.). Pali olamulira a Ingress omwe amayenera kukhazikitsidwa padera pamtundu uliwonse wa mayina (kenako amatha kuwongolera magalimoto okha ku mapoto a malo awa). Ndipo pali ena (ndi ambiri omveka bwino) omwe amagwira ntchito padziko lonse lapansi pagulu lonse - m'menemo magalimoto amapita ku gulu lililonse lamagulu, mosasamala kanthu za malo.
Zitsanzo za pamwamba
Kodi magalimoto amayendetsedwa bwanji kuzochitika zabwino za ntchito, mautumiki? Pali zosankha zokhala ndi macheke achangu komanso osagwira ntchito, zoyesereranso, zowononga ma circuit (Kuti mumve zambiri, onani, mwachitsanzo, ), mayendedwe azaumoyo, ndi zina. Gawo lofunika kwambiri ngati muli ndi zofunikira zambiri kuti mukhalepo komanso kuchotsedwa kwanthawi yake kwa ntchito zomwe zalephera kusanja.
Kulinganiza ma aligorivimu
Pali zambiri zomwe mungachite: kuchokera kuchikhalidwe ku zachilendo , komanso mawonekedwe amunthu ngati .
Kutsimikizika
Ndi njira ziti zololeza zomwe wowongolera amathandizira? Basic, digest, wauth, external-auth - Ndikuganiza kuti zosankhazi ziyenera kukhala zodziwika bwino. Ichi ndi muyeso wofunikira ngati pali malupu ambiri (ndi/kapena achinsinsi) omwe amapezeka kudzera mu Ingress.
Kugawa kwamagalimoto
Kodi woyang'anira amathandizira njira zogawira magalimoto zomwe zimagwiritsidwa ntchito nthawi zambiri monga kutulutsa kwa canary (canary), kuyesa kwa A / B, kuyang'anira magalimoto (kuyang'ana / kuyika mithunzi)? Iyi ndi nkhani yowawa kwambiri pamapulogalamu omwe amafunikira kasamalidwe kolondola komanso kolondola kwa magalimoto kuti ayesedwe bwino, kukonza zolakwika zapaintaneti (kapena kutayika pang'ono), kusanthula kwamagalimoto, ndi zina zotero.
Kulembetsa kolipira
Kodi pali njira yolipira yowongolera, yokhala ndi magwiridwe antchito apamwamba komanso / kapena chithandizo chaukadaulo?
Mawonekedwe a ogwiritsa ntchito (Web UI)
Kodi pali GUI iliyonse yoyang'anira kasinthidwe kawoyang'anira? Makamaka "zamanja" ndi / kapena kwa iwo omwe akufunika kusintha kusintha kwa Ingress'a, koma kugwira ntchito ndi ma templates "yaiwisi" ndikovuta. Zitha kukhala zothandiza ngati madivelopa akufuna kuchita zoyeserera ndi kuchuluka kwa magalimoto pamsewu.
Kutsimikizika kwa JWT
Kukhalapo kwa kutsimikizika kokhazikika kwa ma tokeni apaintaneti a JSON kuti avomerezedwe ndikutsimikizira wogwiritsa ntchito kumapeto.
Mwayi wosintha makonda
Kukula kwa ma template munjira yoti mukhale ndi njira zomwe zimakulolani kuti muwonjezere malangizo anu, mbendera, ndi zina ku ma tempuleti okhazikika.
Njira zodzitetezera za DDOS
Ma algorithms osavuta a malire kapena njira zovuta zosefera zamagalimoto kutengera ma adilesi, ma whitelists, mayiko, ndi zina.
Pemphani kuti mufufuze
Kutha kuyang'anira, kutsatira ndikuwongolera zopempha kuchokera ku Ingresses kupita kuzinthu zina / ma pod, komanso pakati pa mautumiki / ma pod nawonso.
Waf
thandizo .
Olamulira
Mndandanda wa olamulira unapangidwa kutengera ΠΈ . Sitinaphatikizepo ena pakuwunikiridwa chifukwa chakuchulukirachulukira kapena kutsika pang'ono (gawo loyambirira lachitukuko). Zina zonse zikukambidwa pansipa. Tiyeni tiyambe ndi kulongosola kwachidule kwa mayankho ndikupitiriza ndi tebulo lachidule.
Ingress kuchokera Kubernetes
Website:
License: Apache 2.0
Uyu ndiye woyang'anira boma wa Kubernetes ndipo akupangidwa ndi anthu ammudzi. Mwachiwonekere kuchokera ku dzinali, zimachokera ku nginx ndipo zimathandizidwa ndi mapulagini osiyanasiyana a Lua omwe amagwiritsidwa ntchito kukhazikitsa zina zowonjezera. Chifukwa cha kutchuka kwa nginx palokha komanso zosinthidwa zochepa zikagwiritsidwa ntchito ngati wowongolera, njira iyi ikhoza kukhala yosavuta komanso yosavuta kusinthira mainjiniya wamba (wokhala ndi chidziwitso pa intaneti).
Ingress ndi NGINX Inc.
Website:
License: Apache 2.0
Chovomerezeka cha opanga nginx. Ali ndi mtundu wolipidwa kutengera . Lingaliro lalikulu ndi kukhazikika kwapamwamba, kugwirizana kosalekeza m'mbuyo, kusakhalapo kwa ma modules aliwonse akunja ndi kulengeza kuwonjezereka kwachangu (poyerekeza ndi wolamulira wovomerezeka), zomwe zimatheka chifukwa cha kukana kwa Lua.
Mtundu waulere umachepetsedwa kwambiri, kuphatikiza ngakhale poyerekeza ndi wolamulira wovomerezeka (chifukwa chosowa ma module a Lua omwewo). Nthawi yomweyo, wolipirayo amakhala ndi magwiridwe antchito ochulukirapo: ma metric anthawi yeniyeni, kutsimikizika kwa JWT, kuwunika zaumoyo, ndi zina zambiri. Ubwino wofunikira kuposa NGINX Ingress ndikuthandizira kwathunthu kwa traffic ya TCP / UDP (komanso m'gulu la anthu!). Kuchotsa - gawo logawa magalimoto, lomwe, "lilili lofunika kwambiri kwa opanga," koma zimatenga nthawi kuti zitheke.
Kong Ingress
Website:
License: Apache 2.0
Zopangidwa ndi Kong Inc. m'mabaibulo awiri: malonda ndi ufulu. Kutengera nginx, yomwe idakulitsidwa ndi ma module ambiri a Lua.
Poyambirira, idangoyang'ana pakukonza ndikuwongolera zopempha za API, i.e. monga Chipata cha API, koma pakadali pano yakhala wolamulira wa Ingress. Ubwino waukulu: ma modules ambiri owonjezera (kuphatikiza omwe amachokera kwa omwe akupanga chipani chachitatu) omwe ndi osavuta kukhazikitsa ndikukonzekera komanso mothandizidwa ndi zomwe zida zambiri zowonjezera zimakhazikitsidwa. Komabe, ntchito zomangidwira kale zimapereka mwayi wambiri. Kukonzekera kwa ntchito kumachitika pogwiritsa ntchito zothandizira za CRD.
Chinthu chofunika kwambiri cha mankhwala - kugwira ntchito mumzere womwewo (m'malo modutsana mayina) ndi nkhani yotsutsana: kwa ena idzawoneka ngati yopanda phindu (muyenera kupanga mabungwe pa contour iliyonse), ndi kwa wina - mawonekedwe ( bΠΎMlingo waukulu wa kudzipatula, monga ngati wolamulira mmodzi wathyoledwa, ndiye kuti vutoli limangoyenda dera lokha).
Traefik
Website:
License: MIT
Proxy yomwe idapangidwa koyambirira kuti igwire ntchito ndi njira zofunsira ma microservices ndi malo awo osinthika. Chifukwa chake, zinthu zambiri zothandiza: kukonzanso kasinthidwe popanda kuyambiranso, kuthandizira njira zambiri zofananira, mawonekedwe awebusayiti, kutumiza ma metrics, kuthandizira ma protocol osiyanasiyana, REST API, kutulutsa kwa canary, ndi zina zambiri. Chinthu china chabwino ndikuthandizira ma satifiketi a Let Encrypt kunja kwa bokosi. Choyipa ndichakuti kuti akonzekere kupezeka kwakukulu (HA), wowongolera adzafunika kukhazikitsa ndikulumikiza kusungirako kwake kwa KV.
Hapo
Website:
License: Apache 2.0
HAProxy yadziwika kale ngati proxy ndi traffic balancer. Monga gawo la gulu la Kubernetes, limapereka zosintha "zofewa" (popanda kutayika kwa magalimoto), kupezeka kwautumiki kutengera DNS, kasinthidwe kamphamvu pogwiritsa ntchito API. Zitha kukhala zokopa kuti musinthe makonda anu template posintha CM, komanso kuthekera kogwiritsa ntchito laibulale ya Sprig momwemo. Kawirikawiri, kutsindika kwakukulu kwa njira yothetsera vutoli ndi kuthamanga kwambiri, kukhathamiritsa kwake komanso kuchita bwino pazinthu zomwe zimagwiritsidwa ntchito. Ubwino wa woyang'anira ndikuthandizira chiwerengero cha zolemba za njira zosiyana zogwirizanitsa.
Woyenda
Website:
License: Apache 2.0
Kutengera HAproxy controller, yomwe ili ngati yankho lachilengedwe chonse lomwe limathandizira zinthu zambiri pagulu lalikulu la opereka. Mwayi umaperekedwa pakulinganiza kuchuluka kwa magalimoto pa L7 ndi L4, ndikuwongolera kuchuluka kwa magalimoto a TCP L4 yonse kumatha kutchedwa chimodzi mwazinthu zazikulu zothetsera vutoli.
Contour
Website:
License: Apache 2.0
Yankho ili silinangotengera nthumwi: idapangidwa ndi pamodzi ndi olemba a proxy yotchuka iyi. Chofunikira kwambiri ndikutha kulekanitsa kuwongolera kwazinthu za Ingress pogwiritsa ntchito zida za IngressRoute CRD. Kwa mabungwe omwe ali ndi magulu ambiri achitukuko omwe amagwiritsa ntchito masango omwewo, izi zimathandiza kukulitsa chitetezo chogwira ntchito ndi magalimoto mu malupu oyandikana nawo ndikuwateteza ku zolakwika posintha zipangizo za Ingress.
Limaperekanso njira zowonjezera zofananira (pali zowonera magalasi, kubwereza-bwereza, kuchepetsa kuchuluka kwa zopempha, ndi zina zambiri), kuwunika mwatsatanetsatane kayendedwe ka magalimoto ndi kulephera. Mwina kwa wina kudzakhala cholepheretsa kwambiri kusowa kwa chithandizo cha magawo omata (ngakhale ntchitoyo ).
Istio Ingress
Website:
License: Apache 2.0
Yankho la ma mesh lathunthu lomwe silimangoyang'anira Ingress lomwe limayang'anira magalimoto omwe akubwera kuchokera kunja, komanso amawongolera magalimoto onse mkati mwa gululo. Pansi pa hood, Envoy imagwiritsidwa ntchito ngati proxy yam'mbali pa ntchito iliyonse. Kwenikweni, ichi ndi chophatikizira chachikulu chomwe "chingathe kuchita chilichonse", ndipo lingaliro lake lalikulu ndikuwongolera kwakukulu, kukulitsa, chitetezo ndi kuwonekera. Ndi iyo, mutha kuwongolera njira zamagalimoto, chilolezo chofikira pakati pa mautumiki, kusanja, kuwunika, kutulutsa kwa canary, ndi zina zambiri. Werengani zambiri za Istio pamndandanda wazolemba "".
Ambassador
Website:
License: Apache 2.0
Yankho lina lochokera pa Envoy. Iwo ali ufulu ndi malonda Mabaibulo. Imayikidwa ngati "yobadwira ku Kubernetes", zomwe zimabweretsa zabwino zomwe zimagwirizana (kuphatikizana kolimba ndi njira ndi mabungwe a gulu la K8s).
Gome lofananirana
Chifukwa chake, chimaliziro cha nkhaniyi ndi tebulo lalikulu ili:
Imadina kuti muwone bwino, ndipo imapezekanso mumtundu wake .
Tiyeni tiwone
Cholinga cha nkhaniyi ndikupereka kumvetsetsa kokwanira (komabe, osakwanira!) Chosankha chomwe mungapange pankhani yanu. Monga mwachizolowezi, wowongolera aliyense ali ndi zabwino zake komanso zovuta zakeβ¦
Ingress yachikale yochokera ku Kubernetes ndiyabwino pakupezeka kwake komanso kutsimikizika, mawonekedwe olemera - nthawi zambiri, iyenera kukhala "yokwanira maso". Komabe, ngati pali zofunikira zowonjezera kukhazikika, mlingo wa mawonekedwe ndi chitukuko, muyenera kumvetsera Ingress ndi NGINX Plus ndi kulembetsa kolipira. Kong ali ndi mapulagini olemera kwambiri (ndipo, motero, mipata yomwe amapereka), ndipo mu mtundu wolipidwa pali ochulukirapo. Ili ndi mwayi wokwanira wogwira ntchito ngati Chipata cha API, kusinthika kosinthika kutengera zinthu za CRD, komanso ntchito zoyambira za Kubernetes.
Ndi zofunikira zowonjezera pakusanja ndi kuvomereza njira, yang'anani Traefik ndi HAProxy. Awa ndi ma projekiti a Open Source, otsimikiziridwa pazaka zambiri, okhazikika komanso akutukuka mwachangu. Contour yatuluka kwa zaka zingapo tsopano, koma ikuwonekabe yaying'ono kwambiri ndipo ili ndi zofunikira zokha zomwe zawonjezeredwa pamwamba pa Envoy. Ngati pali zofunikira pakukhalapo / kuyika kwa WAF kutsogolo kwa pulogalamuyi, muyenera kulabadira zomwezo Ingress kuchokera Kubernetes kapena HAProxy.
Ndipo olemera kwambiri potengera mawonekedwe ndi zinthu zopangidwa pamwamba pa Envoy, makamaka Istio. Ikuwoneka ngati yankho lathunthu lomwe "lingathe kuchita chilichonse", lomwe, komabe, limatanthawuzanso mwayi wolowera kwambiri pakukhazikitsa / kukhazikitsa / kuyang'anira kuposa mayankho ena.
Tasankha ndipo tikugwiritsabe ntchito Ingress kuchokera ku Kubernetes monga wolamulira wokhazikika, womwe umakhudza 80-90% ya zosowa. Ndizodalirika, zosavuta kuzikonza ndikukulitsa. Nthawi zambiri, pakalibe zofunikira zenizeni, ziyenera kugwirizana ndi magulu / mapulogalamu ambiri. Pazinthu zomwezo zapadziko lonse lapansi komanso zosavuta, Traefik ndi HAProxy zitha kulimbikitsidwa.
PS
Werenganinso pa blog yathu:
- "Kubwerera ku microservices ndi Istio": , , ;
- Β«";
- Β«".
Source: www.habr.com