ProHoster > Blog > Utongi > Istio uye Kubernetes mukugadzira. Chikamu 2. Kutsvaga

Istio uye Kubernetes mukugadzira. Chikamu 2. Kutsvaga

Pakupedzisira chinyorwa Takatarisa zvikamu zvekutanga zveService Mesh Istio, takazivana nehurongwa uye takapindura mibvunzo mikuru inowanzoitika kana uchitanga kushanda neIstio. Muchikamu chino tichatarisa maitiro ekuronga kuunganidzwa kweruzivo rwekutsvaga pane network.

Istio uye Kubernetes mukugadzira. Chikamu 2. Kutsvaga

Chinhu chekutanga chinouya mupfungwa kune vakawanda vanogadzira uye masisitimu maneja pavanonzwa mazwi eSevhisi Mesh arikutevera. Chokwadi, isu tinowedzera yakakosha proxy server kune yega network node iyo yese TCP traffic inopfuura. Zvinoita sekunge zvave kuita nyore kutumira ruzivo nezvese kupindirana kwetiweki pane network. Nehurombo, muchokwadi kune akawanda nuances anofanirwa kuverengerwa. Ngativatarise.

Zvisizvo nhamba yekutanga: tinogona kuwana online yekufamba data mahara.

Muchokwadi, yemahara, isu tinogona chete kuwana ma node ehurongwa hwedu akabatana nemiseve uye chiyero che data chinopfuura pakati pesevhisi (chaizvoizvo, chete nhamba yemabhayiti pachikamu chenguva). Nekudaro, kazhinji, masevhisi edu anotaurirana pamusoro peimwe mhando yeapplication layer protocol, seHTTP, gRPC, Redis, zvichingodaro. Uye, hongu, isu tinoda kuona yekutsvaga ruzivo chaizvo kune aya maprotocol; isu tinoda kuona chiyero chekukumbira, kwete chiyero chedata. Tinoda kunzwisisa kunonoka kwezvikumbiro tichishandisa protocol yedu. Chekupedzisira, tinoda kuona nzira yakazara iyo chikumbiro chinotora kubva pakupinda musystem yedu kusvika pakugamuchira mhinduro kubva kumushandisi. Dambudziko iri harisisiri nyore kugadzirisa.

Chekutanga, ngatitarisei kuti kutumira kunotsvaga spans kunotaridzika sei kubva pakuona kwekuvaka muIstio. Sezvatinorangarira kubva muchikamu chekutanga, Istio ine chikamu chakasiyana chinonzi Mixer yekuunganidza telemetry. Zvakadaro, mune yazvino vhezheni 1.0. *, kutumira kunoitwa zvakananga kubva kune proxy maseva, kureva, kubva kunhume proxy. Envoy proxy inotsigira kutumira kuronda spans uchishandisa zipkin protocol kunze kwebhokisi. Zvinokwanisika kubatanidza mamwe maprotocol, asi chete kuburikidza neplugin. NeIstio isu tinobva tangowana yakaunganidzwa uye yakagadziridzwa mumiriri proxy, inongotsigira zipkin protocol. Kana isu tichida kushandisa, semuenzaniso, iyo Jaeger protocol uye kutumira tracing spans kuburikidza neUDP, saka isu tichada kuvaka yedu isu istio-proxy mufananidzo. Iko kune kutsigirwa kwetsika plugins yeistio-proxy, asi ichiri mune alpha vhezheni. Nokudaro, kana tichida kuita pasina nhamba huru yezvigadziro zvetsika, huwandu hwetekinoroji hunoshandiswa kuchengetedza uye kugamuchira mitsara yekutevera inoderedzwa. Pakati pemasisitimu makuru, chokwadi, ikozvino unogona kushandisa Zipkin pachayo, kana Jaeger, asi tumira zvese ipapo uchishandisa zipkin inowirirana protocol (iyo isinganyanyi kushanda). Iyo zipkin protocol pachayo inosanganisira kutumira ruzivo rwese rwekutsvaga kune vanotora kuburikidza neHTTP protocol, inodhura zvakanyanya.

Sezvandambotaura, tinoda kuteedzera application-level protocol. Izvi zvinoreva kuti maseva eproxy anomira padivi pesevhisi yega yega anofanirwa kunzwisisa kuti rudzii rwekudyidzana rwuri kuitika izvozvi. Nekumisikidza, Istio inogadzirisa zvese zviteshi kuti zvive pachena TCP, zvinoreva kuti hapana maronda achatumirwa. Kuti zvitendwa zvitumirwe, iwe unofanirwa, kutanga, kugonesa iyi sarudzo mune main mesh config uye, chakanyanya kukosha, doma ese madoko ekubernetes sevhisi masangano zvinoenderana neprotocol inoshandiswa mubasa. Izvi, semuenzaniso, seizvi:

apiVersion: v1
kind: Service
metadata:
  name: nginx
spec:
  ports:
  - port: 80
    targetPort: 80
    name: http
  selector:
    app: nginx

Iwe unogona zvakare kushandisa mazita emukomboni se http-magic (Istio ichaona http uye kuziva iyo port seye http endpoint). Iyo fomati ndeye: proto-yakawedzera.

Kuti urege kubatanidza huwandu hukuru hwezvigadziriso kuti uone iyo protocol, unogona kushandisa yakasviba workaround: gadzira chikamu chePilot panguva iyo yangove. inoita protocol tsanangudzo logic. Mukupedzisira, hongu, zvichave zvakafanira kushandura iyi logic kune yakajairwa uye chinja kune gungano rezita rezviteshi zvese.

Kuti unzwisise kana iyo protocol yakanyatso kutsanangurwa nemazvo, iwe unofanirwa kupinda mune chero yemidziyo yepadivi nenhume proxy uye woita chikumbiro kune admin port yenhume interface ine nzvimbo /config_dump. Muchigadziro chinoguma, iwe unofanirwa kutarisa kumunda wekushanda webasa raunoda. Inoshandiswa muIstio sechiziviso chekwaiitwa chikumbiro. Kuti tigadzirise kukosha kweiyi parameter muIstio (tichazviona mune yedu yekutevera system), zvinodikanwa kutsanangura iyo serviceCluster mureza padanho rekuvhura sidecar mudziyo. Semuenzaniso, inogona kuverengerwa seizvi kubva kune akasiyana anowanikwa kubva pasi kubernetes API:

--serviceCluster ${POD_NAMESPACE}.$(echo ${POD_NAME} | sed -e 's/-[a-z0-9]*-[a-z0-9]*$//g')

Muenzaniso wakanaka wekunzwisisa kuti kutsvaga kunoshanda sei munhume pano.

Iyo yekupedzisira pachayo yekutumira spans yekutsvagisa inofanirwa zvakare kutsanangurwa mune enhume proxy kuvhura mireza, semuenzaniso: --zipkinAddress tracing-collector.tracing:9411

Zvisizvo nhamba yechipiri: tinogona kuwana zvisingadhuri zvikumbiro zvakakwana kuburikidza nehurongwa kunze kwebhokisi.

Zvinosuruvarisa, hazvisi. Kuoma kwekuita kunoenderana nekuti wakatoita sei kupindirana kwemasevhisi. Nei zvakadaro?

Icho chokwadi ndechekuti kuitira kuti istio-proxy ikwanise kunzwisisa kunyorerana kwezvikumbiro zvinouya kune sevhisi neavo vanosiya sevhisi imwe chete, hazvina kukwana kungobvisa traffic yese. Iwe unofanirwa kuve neimwe mhando yekutaura identifier. HTTP nhume yemumiriri inoshandisa misoro yakakosha, iyo nhume inonzwisisa kuti ndechipi chikumbiro chesevhisi chinoburitsa zvikumbiro zvakananga kune mamwe masevhisi. Rondedzero yemisoro yakadai:

  • x-chikumbiro-id,
  • x-b3-kutevera,
  • x-b3-spanid,
  • x-b3-vaberekipanid,
  • x-b3-sampled,
  • x-b3-mureza,
  • x-ot-span-context.

Kana iwe uine poindi imwe chete, semuenzaniso, mutengi wekutanga, maunogona kuwedzera mantiki akadaro, saka zvese zvakanaka, iwe unongoda kumirira kuti raibhurari iyi igadziriswe kune vese vatengi. Asi kana iwe uine yakanyanya heterogeneous system uye pasina kubatana pakufamba kubva kune sevhisi kuenda kune sevhisi pane network, zvino izvi zvingangove dambudziko hombe. Pasina kuwedzera pfungwa dzakadaro, ruzivo rwese rwekutsvaga ruchangova "chikamu chimwe chete". Ndokunge, isu tinogashira kupindirana kwese-sevhisi, asi ivo havazonamirwe mumaketani mamwe ekufamba kuburikidza netiweki.

mhedziso

Istio inopa chishandiso chiri nyore chekuunganidza ruzivo rwekutsvaga pamusoro petiweki, asi iwe unofanirwa kunzwisisa kuti kuti ushandise iwe unozofanirwa kugadzirisa yako system uye funga nezve maficha eIstio kuita. Nekuda kweizvozvo, mapoinzi maviri makuru anofanirwa kugadziriswa: kutsanangura iyo application level protocol (iyo inofanirwa kutsigirwa nenhume proxy) uye kumisikidza kutumirwa kweruzivo nezve kubatana kwezvikumbiro kune sevhisi kubva kune zvikumbiro kubva kubasa (uchishandisa misoro. , kana iri HTTP protocol). Kana nyaya idzi dzagadziriswa, isu tine chishandiso chine simba chinotibvumira kuunganidza zviri pachena ruzivo kubva kunetiweki, kunyangwe mune akasiyana masisitimu akanyorwa mumitauro yakawanda uye masisitimu.

Muchinyorwa chinotevera nezve Service Mesh, isu tichatarisa rimwe rematambudziko makuru neIstio - iyo yakakura mashandisiro eRAM nega yega sidecar proxy mudziyo uye tokurukura kuti ungaite sei nazvo.

Source: www.habr.com

Voeg