Faatomuaga
Ua tatou i totonu na amata faʻaaogaina Istio e avea o se masini tautua. I le mataupu faavae, e lelei mea uma, sei vagana ai le mea e tasi: e taugata.
В mo Istio o loo faapea mai:
Faatasi ai ma le Istio 1.1, o le sui e faʻaaogaina pe tusa ma le 0,6 vCPUs (virtual cores) i le 1000 talosaga ile sekone.
Mo le itulagi muamua i le 'au'aunaga mesh (2 proxies i itu ta'itasi o le feso'ota'iga), o le a tatou maua 1200 cores mo na'o le sui, i le fua faatatau o le tasi miliona talosaga i le sekone. E tusa ai ma le Google's cost calculator, e aoga e tusa ma le $40/month/core mo le fa'atulagaina. n1-standard-64, o lona uiga, o lenei itulagi na o le a sili atu nai lo le 50 afe tala i le masina mo le 1 miliona talosaga i le sekone.
Ivan Sim () tautua mesh tuai i le tausaga talu ai ma folafola atu le mea lava e tasi mo le manatua ma le gaosiga, ae e leʻi manuia:
E foliga mai, values-istio-test.yaml o le a matua faʻateleina talosaga CPU. Afai ua sa'o la'u numera, e te mana'omia pe tusa ma le 24 CPU cores mo le vaega e pulea ma le 0,5 CPU mo sui taitasi. E le tele na'u mea. O le a ou toe faia suʻega pe a faʻasoa mai isi punaoa ia te aʻu.
Na ou manaʻo e vaʻai mo aʻu lava pe faʻafefea ona tutusa le faʻatinoga a Istio i se isi faʻasalalauga faʻasalalau punaoa: .
Au'aunaga fa'apipi'i mesh
Muamua lava, na ou faʻapipiʻiina i totonu o se fuifui :
$ supergloo init
installing supergloo version 0.3.12
using chart uri https://storage.googleapis.com/supergloo-helm/charts/supergloo-0.3.12.tgz
configmap/sidecar-injection-resources created
serviceaccount/supergloo created
serviceaccount/discovery created
serviceaccount/mesh-discovery created
clusterrole.rbac.authorization.k8s.io/discovery created
clusterrole.rbac.authorization.k8s.io/mesh-discovery created
clusterrolebinding.rbac.authorization.k8s.io/supergloo-role-binding created
clusterrolebinding.rbac.authorization.k8s.io/discovery-role-binding created
clusterrolebinding.rbac.authorization.k8s.io/mesh-discovery-role-binding created
deployment.extensions/supergloo created
deployment.extensions/discovery created
deployment.extensions/mesh-discovery created
install successful!Na ou faʻaaogaina le SuperGloo aua e faʻafaigofie ai le faʻapipiʻiina o le masini tautua. Sa ou le tau faia ni mea se tele. Matou te le faʻaogaina le SuperGloo i le gaosiga, ae e lelei mo sea galuega. Sa tatau ona ou faʻaaogaina moni ni nai faʻatonuga mo masini tautua taʻitasi. Na ou faʻaogaina fuifui se lua mo le faʻaesea - tasi mo Istio ma Linkerd.
Na faia le suʻega ile Google Kubernetes Engine. Na ou faʻaaogaina Kubernetes 1.12.7-gke.7 ma se vaituloto o nodes n1-standard-4 fa'atasi ai ma le fa'avasegaina o pona (laiti 4, maualuga 16).
Ona ou faʻapipiʻi uma lea o meshes tautua mai le laina faʻatonu.
Uluai Linkerd:
$ supergloo install linkerd --name linkerd
+---------+--------------+---------+---------------------------+
| INSTALL | TYPE | STATUS | DETAILS |
+---------+--------------+---------+---------------------------+
| linkerd | Linkerd Mesh | Pending | enabled: true |
| | | | version: stable-2.3.0 |
| | | | namespace: linkerd |
| | | | mtls enabled: true |
| | | | auto inject enabled: true |
+---------+--------------+---------+---------------------------+Ona Istio:
$ supergloo install istio --name istio --installation-namespace istio-system --mtls=true --auto-inject=true
+---------+------------+---------+---------------------------+
| INSTALL | TYPE | STATUS | DETAILS |
+---------+------------+---------+---------------------------+
| istio | Istio Mesh | Pending | enabled: true |
| | | | version: 1.0.6 |
| | | | namespace: istio-system |
| | | | mtls enabled: true |
| | | | auto inject enabled: true |
| | | | grafana enabled: true |
| | | | prometheus enabled: true |
| | | | jaeger enabled: true |
+---------+------------+---------+---------------------------+O le faʻalavelave faʻafuaseʻi na faʻaalu ni nai minute, ona faʻamautu lea o faʻatonuga.
(Manatua: SuperGloo naʻo le lagolagoina o Istio 1.0.x mo le taimi nei. Na ou toe faia le faʻataʻitaʻiga i le Istio 1.1.3, ae leʻi matauina se eseesega iloga.)
Fa'atulaga le Istio Automatic Deployment
Ina ia faʻapipiʻi e Istio le sidecar Envoy, matou te faʻaaogaina le faʻapipiʻi taʻavale − MutatingAdmissionWebhook. O le a tatou le talanoa i ai i lenei tusiga. Sei ou fai atu o se pule lea e mataʻituina le avanoa o pusa fou uma ma faʻaopoopo faʻamalosi se taʻavale ma initContainer, lea e nafa ma galuega. iptables.
Na matou i Shopify na tusia a matou lava pule e faʻatino ai taʻavale, ae mo lenei faʻailoga na ou faʻaogaina ai le pule e sau ma Istio. E tu'iina e le pule ta'avale ta'avale e ala i le fa'aletonu pe a iai se ala 'alo i le igoa avanoa istio-injection: enabled:
$ kubectl label namespace irs-client-dev istio-injection=enabled
namespace/irs-client-dev labeled
$ kubectl label namespace irs-server-dev istio-injection=enabled
namespace/irs-server-dev labeledFa'atulagaina le fa'apipi'i otometi Linkerd
Ina ia setiina Linkerd sidecar embedding, matou te faʻaogaina faʻamatalaga (Na ou faʻaopoopoina ma le lima e ala i kubectl edit):
metadata:
annotations:
linkerd.io/inject: enabled$ k edit ns irs-server-dev
namespace/irs-server-dev edited
$ k get ns irs-server-dev -o yaml
apiVersion: v1
kind: Namespace
metadata:
annotations:
linkerd.io/inject: enabled
name: irs-server-dev
spec:
finalizers:
- kubernetes
status:
phase: ActiveIstio Fault Tolerance Simulator
Na matou fausia se simulator faʻapalepale sese e taʻua o Istio e faʻataʻitaʻi ai auala faʻapitoa i Shopify. Matou te manaʻomia se meafaigaluega e fai ai se faʻasologa masani e faʻatusalia ai se vaega faʻapitoa o la matou kalafi tautua, faʻatulagaina faʻamalosi e faʻataʻitaʻi ai galuega faʻapitoa.
O mea tetele a le Shopify o loʻo i lalo o le mamafa o uta i le taimi o faʻatauga. I le taimi lava e tasi, Shopify . Lapata'i tagata fa'atau tetele i nisi taimi e uiga i se fa'atauga fa'amalama ua fuafuaina. O isi na faia faafuaseʻi mo i tatou i so o se taimi o le ao po o le pō.
Matou te mananaʻo i la matou faʻataʻitaʻiga faʻamalosi e faʻataʻitaʻi galuega e fetaui ma topologies ma galuega mamafa na lofituina ai le Shopify's infrastructure i aso ua mavae. O le faʻamoemoe autu o le faʻaaogaina o se masini tautua o loʻo tatou manaʻomia le faʻamaoni ma le faʻapalepale faʻaletonu i le tulaga o fesoʻotaʻiga, ma e taua mo i tatou le faʻafetaui lelei o le tautua ma uta na faʻalavelaveina ai auaunaga.
I le fatu o le fa'apalepale fa'aletonu simulator o se node tagata faigaluega, lea e galue o se node mesh tautua. O le node o le tagata faigaluega e mafai ona faʻatulagaina faʻamau i le amataga pe faʻamalosi e ala ile REST API. Matou te fa'aogaina fa'atonuga fa'amalosi o nodes a tagata faigaluega e fa'atupu fa'agasolo galuega i le tulaga o su'ega fa'afouga.
O se fa'ata'ita'iga lea o se faiga fa'apea:
- Matou te tatalaina 10 servers pei
barauaunaga e toe faafoi mai se tali200/OKina ua uma le 100 ms. - Matou te fa'alauiloaina 10 tagata fa'atau - e ta'i 100 talosaga i le sekone e lafo atu i
bar. - O 10 sekone uma matou te aveese 1 server ma mataʻituina mea sese
5xxluga ole kalani.
I le faaiuga o le galuega, matou te suʻesuʻeina ogalaau ma fua faʻatatau ma siaki pe na pasi le suʻega. O le auala lea matou te aʻoaʻoina ai e uiga i le faʻatinoga o la matou tautua mata ma faʻataʻitaʻiina se suʻega faʻasolosolo e faʻataʻitaʻi ai o matou manatu e uiga i le faapalepale masei.
(Manatua: O loʻo matou mafaufau e uiga i le tatalaina o le Istio fault tolerance simulator, ae e leʻi sauni e faia.)
Istio fault tolerance simulator mo le fa'ailoga mata o le tautua
Matou te setiina ni nai pona galue o le simulator:
irs-client-loadgen: 3 kopi e auina atu 100 talosaga i le sekone i leirs-client.irs-client: 3 kopi e maua le talosaga, faatali 100ms ma lafo le talosaga iirs-server.irs-server: 3 kopi e toe foi mai200/OKina ua uma le 100 ms.
Faatasi ai ma lenei faʻatulagaga, e mafai ona tatou fuaina se feʻaveaʻi mautu i le va o 9 endpoints. Sidecars i totonu irs-client-loadgen и irs-server maua 100 talosaga i le sekone, ma irs-client — 200 (ulu mai ma fafo).
Matou te siaki le fa'aogaina o punaoa e ala i aua e leai se matou fuifui Prometheus.
Iʻuga
Panel fa'atonu
Muamua, matou suʻesuʻeina le faʻaaogaina o le CPU.
Linkerd control panel ~22 milicore
Istio pulega vaega: ~ 750 milicore
O le Istio control panel e faʻaaogaina pe tusa 35 taimi sili atu punaoa CPUnai lo Linkerd. Ioe, o mea uma e faʻapipiʻiina e ala i le faaletonu, ma o le istio-telemetry e faʻaaogaina ai le tele o punaoa faʻapipiʻi iinei (e mafai ona faʻagata e ala i le faʻagata o nisi o galuega). Afai tatou te aveese lenei vaega, tatou te maua pea le sili atu i le 100 milicores, o lona uiga 4 taimi sili atunai lo Linkerd.
Sidecar sui
Ona matou tofotofoina lea o le faaaogaina o se sui. E tatau ona i ai se fesoʻotaʻiga laina ma le aofaʻi o talosaga, ae mo taʻavale taʻitasi taʻitasi o loʻo i ai se mea i luga e aʻafia ai le piʻo.
Linkerd: ~ 100 milicores mo irs-client, ~ 50 milicores mo irs-client-loadgen
O fa'ai'uga e foliga sa'o, aua e fa'aluaina le tele o fe'avea'i e maua e le sui o le kalani nai lo le sui o le loadgen: mo talosaga uma e alu atu mai le loadgen, e tasi le tagata o lo'o ulufale mai ma le tasi e alu i fafo.
Istio/Envoy: ~155 milicores mo irs-client, ~75 milicores mo irs-client-loadgen
Matou te vaʻaia iʻuga tutusa mo Istio sidecars.
Ae i se tulaga lautele, Istio / Envoy proxies e faʻaaogaina e tusa ma le 50% sili atu punaoa CPUnai lo Linkerd.
Matou te vaʻai i le polokalame lava e tasi i le itu o le server:
Linkerd: ~ 50 milicore mo irs-server
Istio/Envoy: ~ 80 milicore mo irs-server
I le itu o le server, o loʻo faʻaaogaina le taʻavale Istio/Envoy e tusa ma le 60% sili atu punaoa CPUnai lo Linkerd.
iʻuga
Ole sui ole Istio Envoy e fa'aaogaina le 50+% sili atu PPU nai lo Linkerd ile tatou galuega fa'atusa. O le Linkerd control panel e fa'aaogaina le tele o punaoa nai lo Istio, aemaise lava mo vaega autu.
O lo'o matou mafaufau pea pe fa'afefea ona fa'aitiitia nei tau. Afai ei ai ni ou manatu, faamolemole faasoa!
puna: www.habr.com