ProHoster > Blog > Utongi > Containers, microservices uye sevhisi meshes

Containers, microservices uye sevhisi meshes

MuInternet boka nyaya ΠΎ service mesh (sevhisi mesh), uye heino imwe. Hooray! Asi nei? Zvadaro, ndinoda kutaura maonero angu kuti zvingave zviri nani kana meshes yebasa yakaonekwa makore gumi apfuura, kusati kwauya kwezvigadziro zvemidziyo zvakadai seDocker naKubernetes. Handisi kuti maonero angu ari nani kana akaipa kupfuura mamwe, asi sezvo meshes yebasa iri mhuka dzakaoma, maonero akawanda achabatsira kunzwisisa zviri nani.

Ini ndichataura nezve dotCloud chikuva, icho chakavakirwa pamusoro peanopfuura zana microservices uye yakatsigira zviuru zvezvishandiso zvemidziyo. Ini ndichatsanangura matambudziko atakatarisana nawo mukugadzira nekuivhura, uye kuti sevhisi meshes inogona sei (kana kusagona) kubatsira.

Nhoroondo ye dotCloud

Ndakanyora nezve nhoroondo yedotCloud uye sarudzo dzezvivakwa zvepuratifomu iyi, asi ini handina kutaura zvakawanda nezve network layer. Kana iwe usingade kunyura mukuverenga chinyorwa chekupedzisira nezve dotCloud, heino pfungwa muchidimbu: iPaaS papuratifomu-se-sevhisi inobvumira vatengi kuti vamhanye zvakasiyana siyana zvekushandisa (Java, PHP, Python...), nerutsigiro rwehuwandu hwakawanda hwe data. masevhisi (MongoDB, MySQL, Redis ...) uye kufambiswa kwebasa senge Heroku: Iwe unorodha kodhi yako pachikuva, inovaka mifananidzo yemidziyo uye inoatumira.

Ini ndichakuudza kuti traffic yakatungamirwa sei kune dotCloud papuratifomu. Kwete nekuti yainyanya kutonhorera (kunyangwe iyo sisitimu yakashanda zvakanaka panguva yayo!), Asi zvakanyanya nekuti nemidziyo yemazuva ano dhizaini yakadai inogona kuitwa zviri nyore munguva pfupi nechikwata chine mwero kana ichida nzira yekufambisa traffic pakati peboka. ye microservices kana boka rekushandisa. Nenzira iyi, unogona kuenzanisa sarudzo: chii chinoitika kana iwe ukagadzira zvese iwe pachako kana kushandisa iripo sevhisi mesh. Sarudzo yakajairika ndeyekuita iwe pachako kana kutenga.

Traffic routing yezvishandiso zvakatambirwa

Zvishandiso padotCloud zvinogona kufumura HTTP uye TCP magumo.

HTTP endpoints dynamically yakawedzerwa kune inotakura balancer cluster kumisikidza Hipache. Izvi zvakafanana nezvinoitwa nezviwanikwa nhasi Ingress muKubernetes uye chiyero chemutoro senge Traefik.

Vatengi vanobatana neHTTP endpoints kuburikidza nenzvimbo dzakakodzera, chero zita rezita rinonongedza kune dotCloud mutoro zviremera. Hapana chino shamisira.

TCP yekupedzisira yakabatana nenhamba yechiteshi, inozopfuudzwa kumidziyo yese iri mustack kuburikidza nemamiriro ekunze.

Vatengi vanogona kubatana neTCP endpoints vachishandisa iro rakakodzera zita rekutambira (chimwe chinhu senge gedhi-X.dotcloud.com) uye nhamba yechiteshi.

Iri zita rekutambira rinogadzirisa kune "nats" server cluster (isina hukama ne NATS), iyo inofambisa inopinda TCP yekubatanidza kune chaiyo mudziyo (kana, kana iri nyaya yebasa-yakaenzana masevhisi, kumidziyo chaiyo).

Kana iwe uchiziva Kubernetes, izvi zvingangokuyeuchidza nezveSevhisi NodePort.

Pakanga pasina masevhisi akaenzana pane dotCloud papuratifomu ClusterIP: Kuti zvive nyore, masevhisi akawanikwa nenzira imwechete mukati nekunze kwepuratifomu.

Zvese zvaive zvakarongeka zvakapfava: kutanga kuita kweHTTP neTCP routing network ingangove mazana mashoma mitsara yePython imwe neimwe. Yakareruka (ndingati naive) algorithms akakwenenzverwa sezvo chikuva chaikura uye zvimwe zvinodiwa zvakaonekwa.

Kudzokorodza kwakadzama kwekodhi yaivepo kwaisadikanwa. Zvikuru sei, 12 factor apps inogona kushandisa zvakananga kero inowanikwa kuburikidza nemamiriro ezvinhu akasiyana.

Izvi zvakasiyana sei neyemazuva ano sevhisi mesh?

Limited kuoneka. Isu takanga tisina kana metrics yeTCP routing mesh zvachose. Kana zvasvika kune HTTP routing, shanduro dzakazotevera dzakaunza yakadzama HTTP metrics ine zvikanganiso kodhi uye nguva yekupindura, asi yemazuva ano sevhisi meshes inoenda zvakanyanya, ichipa kubatanidzwa nemametrics ekuunganidza masisitimu sePrometheus, semuenzaniso.

Kuonekwa kwakakosha kwete chete kubva pakuona kwekushanda (kubatsira kugadzirisa nyaya), asiwo kana uchiburitsa zvitsva. Zviri pamusoro safe blue-green deployment ΠΈ canary deployment.

Kubudirira kwenzira anewo mashoma. Mune dotCloud routing mesh, traffic yese yaifanira kuenda nepakati peboka reakazvitsaurira nzira dzekufambisa. Izvi zvaireva kukwanisa kuyambuka akawanda AZ (Availability Zone) miganhu uye kuwedzera zvakanyanya latency. Ini ndinorangarira kodhi yekugadzirisa dambudziko yanga ichiita inodarika zana SQL mibvunzo pa peji uye kuvhura kutsva kwekubatanidza kune SQL server pamubvunzo wega wega. Paunenge uchimhanya munharaunda, peji inotakura ipapo, asi mudotCloud inotora masekonzi mashoma kurodha nekuti yega yega TCP yekubatanidza (uye inotevera SQL mubvunzo) inotora makumi emamilliseconds. Muchiitiko ichi, kubatana kwakasimba kwakagadzirisa dambudziko.

Mazuva ano sevhisi meshes ari nani pakubata nematambudziko akadaro. Chokutanga pane zvose, vanotarisa kuti zvibatanidza zvakafambiswa mutsime. Kuyerera kunonzwisisika kwakafanana: ΠΊΠ»ΠΈΠ΅Π½Ρ‚ β†’ мСш β†’ сСрвис, asi ikozvino mesh inoshanda munharaunda uye kwete pane kure kure, saka kubatana ΠΊΠ»ΠΈΠ΅Π½Ρ‚ β†’ мСш ndeyemunharaunda uye inokurumidza kwazvo (microseconds panzvimbo yemamilliseconds).

Mazuva ano sevhisi meshes zvakare shandisa akangwara mutoro kuenzanisa algorithms. Nekutarisa hutano hwemashure, vanogona kutumira traffic yakawanda kune nekukurumidza backends, zvichikonzera kuvandudzwa kwese kuita.

Chengetedzo nani futi. Iyo dotCloud routing mesh yakamhanya zvachose paEC2 Classic uye haina encrypt traffic (zvichibva pafungidziro yekuti kana mumwe munhu akakwanisa kuisa sniffer paEC2 network traffic, wanga watove mudambudziko guru). Mazuva ano sevhisi meshes inodzivirira zviripachena traffic yedu yese, semuenzaniso, nekuwirirana TLS kutendeseka uye kunotevera encryption.

Routing traffic yemasevhisi epuratifomu

Zvakanaka, takakurukura nezve traffic pakati pezvikumbiro, asi ko nezve dotCloud papuratifomu pachayo?

Iyo papuratifomu pachayo yaive neanosvika zana mamicroservices ane chekuita neakasiyana mabasa. Vamwe vakagamuchira zvikumbiro kubva kune vamwe, uye vamwe vaive vashandi vekumashure vakabatana nemamwe masevhisi asi ivo vasingagamuchire kubatana. Chero zvazvingava, sevhisi yega yega inofanirwa kuziva mapeji emakero ainoda kubatana nawo.

Mazhinji masevhisi epamusoro-soro anogona kushandisa mesh yenzira inotsanangurwa pamusoro. Muchokwadi, mazhinji emadhora edotCloud anopfuura zana mamicroservices akaiswa seanogara achishandiswa pane dotCloud papuratifomu pachayo. Asi huwandu hushoma hwemasevhisi epasi (kunyanya ayo anoshandisa mesh yenzira iyi) aida chimwe chinhu chakareruka, chine mashoma anotsamira (sezvo vaisakwanisa kuzvimirira kuti vashande - dambudziko rehuku nezai rekare).

Aya epasi-pamwero, mishoni-akakosha masevhisi akaiswa nekumhanyisa midziyo yakananga pane mashoma makiyi node. Muchiitiko ichi, masevhisi epuratifomu haana kushandiswa: linker, scheduler uye mumhanyi. Kana iwe uchida kuenzanisa nemapuratifomu emidziyo yemazuva ano, zvakafanana nekumhanyisa ndege yekudzora nayo docker run zvakananga pamanodhi, pachinzvimbo chekugovera basa kuKubernetes. Zvakafanana chaizvo mupfungwa static modules (pods), iyo inoshandisa kubeadm kana bootkube paunenge uchitanga sumbu rakamira.

Aya masevhisi akafumurwa nenzira yakapfava uye yakapfava: faira reYAML rakanyora mazita avo nekero; uye mutengi wega wega aifanira kutora kopi yeiyi YAML faira kuti aendeswe.

Kune rimwe divi, inovimbika zvakanyanya nekuti haidi rutsigiro rwekunze kiyi / kukosha chitoro seZookeeper (rangarira, etcd kana Consul vaive vasipo panguva iyoyo). Ukuwo, zvaiita kuti zviome kutamisa masevhisi. Pese paifambiswa, vatengi vese vaigashira yakagadziridzwa YAML faira (uye inogona kutangazve). Haina kunyatsogadzikana!

Zvadaro, takatanga kushandisa chirongwa chitsva, apo mutengi wega wega akabatana kune yemunharaunda proxy server. Panzvimbo yekero uye chiteshi, inongoda kuziva nhamba yechiteshi chesevhisi, uye batanidza kuburikidza localhost. Iyo proxy yemuno inobata ichi chinongedzo uye ichiendesa kune chaiyo server. Zvino, kana uchifambisa backend kune mumwe muchina kana kuyera, pachinzvimbo chekuvandudza vatengi vese, iwe unongoda kugadzirisa ese aya emuno ma proxies; uye reboot haichadiwi.

(Zvakarongwawo kuvharidzira traffic muTLS yekubatanidza uye kuisa imwe proxy server padivi rekugamuchira, pamwe nekuona zvitupa zveTLS pasina kutora chikamu chesevhisi yekugamuchira, iyo inogadzirirwa kugamuchira zvinongedzo chete pa. localhost. Zvimwe pane izvi gare gare).

Izvi zvakafanana chaizvo SmartStack kubva kuAirbnb, asi mutsauko wakakosha ndewekuti SmartStack inoshandiswa uye inoiswa mukugadzira, nepo dotCloud yemukati routing system yakavharirwa apo dotCloud yakava Docker.

Ini pachangu ndinoona SmartStack kuve mumwe wevakatangira kune masisitimu akaita seIstio, Linkerd uye Consul Connect nekuti iwo ese anotevera maitiro akafanana:

  • Mhanyai proxy pane imwe neimwe node.
  • Vatengi vanobatana kune proxy.
  • Iyo ndege yekudzora inogadziridza iyo proxy kumisikidzwa kana backends shanduko.
  • ... Profit!

Kuitwa kwemazuva ano kwesevhisi mesh

Kana taida kushandisa gridhi yakafanana nhasi, taigona kushandisa nheyo dzakafanana. Semuenzaniso, gadzira yemukati DNS zone nekumepu mazita ebasa kumakero munzvimbo 127.0.0.0/8. Wobva wamhanya HAProxy pane imwe neimwe node musumbu, uchigamuchira zvinongedzo pakero yega yega sevhisi (mune iyo subnet. 127.0.0.0/8) uye kudzosera / kuenzanisa mutoro kune akakodzera kumashure. HAProxy configuration inogona kudzorwa confd, zvichikubvumidza kuti uchengetedze ruzivo rwekumashure mu etcd kana Consul uye wobva wasundira otomatiki gadziriso yeHAProxy pazvinenge zvichidikanwa.

Izvi zvakanaka chaizvo mashandiro anoita Istio! Asi nezvimwe zvakasiyana:

  • Uses Envoy Proxy panzvimbo yeHAProxy.
  • Zvitoro zvigadziriso zvemashure kuburikidza neKubernetes API panzvimbo yeetcd kana Consul.
  • Masevhisi anopihwa kero pane yemukati subnet (Kubernetes ClusterIP kero) pane 127.0.0.0/8.
  • Iine chimwe chikamu (Citadel) yekuwedzera kutendeseka kweTLS pakati pemutengi nemaseva.
  • Inotsigira zvinhu zvitsva senge kutyora kwedunhu, kugovera kuteedzera, canary deployment, nezvimwe.

Ngatitarisei nekukurumidza mamwe emisiyano.

Envoy Proxy

Envoy Proxy yakanyorwa naLyft [Mukwikwidzi weUber mumusika wetekisi - approx. mugwagwa]. Zvakafanana nenzira dzakawanda kune mamwe maproxies (e.g. HAProxy, Nginx, Traefik...), asi Lyft yakanyora yavo nekuti yaida zvinhu zvaishaikwa nemamwe maproxies, uye zvaiita kunge zvine hungwaru kugadzira imwe nyowani pane kuwedzera iripo.

Envoy inogona kushandiswa yega. Kana ndine sevhisi chaiyo inoda kubatana kune mamwe masevhisi, ndinogona kuigadzirisa kuti ibatane nenhume, uyezve zvine simba kugadzirisa nekugadzirisa zvakare Envoy nenzvimbo yemamwe masevhisi, uku ndichiwana yakawanda yekuwedzera mashandiro ekuwedzera, sekuonekwa. Panzvimbo yeraibhurari yemutengi wetsika kana kupinza madhiri ekufona mukodhi, tinotumira traffic kuEnvoy, uye inotiunganidzira metrics.

Asi Envoy zvakare inokwanisa kushanda se data ndege (ndege yedata) yemasevhisi mesh. Izvi zvinoreva kuti Envoy yave kugadzirirwa iyi sevhisi mesh kudzora ndege (ndege yekudzora).

Kudzora ndege

Kune iyo ndege inodzora, Istio inovimba neKubernetes API. Izvi hazvina kunyanya kusiyana nekushandisa confd, iyo inotsamira pane etcd kana Consul kuona seti yemakiyi muchitoro chedata. Istio inoshandisa Kubernetes API kuona seti yeKubernetes zviwanikwa.

Pakati peizvi neapo: Ini pachangu ndakaona izvi zvichibatsira Kubernetes API tsananguroiyo inoti:

Iyo Kubernetes API Server i "mbeveve sevha" inopa kuchengetedza, kushandura, kusimbiswa, kugadzirisa, uye semantics yeAPI zviwanikwa.

Istio yakagadzirirwa kushanda naKubernetes; uye kana iwe uchida kuishandisa kunze kweKubernetes, saka unofanirwa kumhanyisa muenzaniso weKubernetes API server (uye etcd mubatsiri sevhisi).

Kero dzebasa

Istio inovimba nemakero eClusterIP ayo Kubernetes anogovera, saka masevhisi eIstio anogamuchira kero yemukati (kwete muchikamu. 127.0.0.0/8).

Traffic kuenda kuClusterIP kero yeimwe sevhisi muKubernetes cluster isina Istio inotambirwa nekube-proxy uye inotumirwa kune iyo proxy's backend. Kana iwe uchifarira ruzivo rwehunyanzvi, kube-proxy inomisikidza iptables mitemo (kana IPVS mutoro zviremera, zvichienderana nemagadzirirwo ayo) kunyorazve kwainoenda IP kero yekubatanidza kuenda kuClusterIP kero.

Kamwe Istio yaiswa paKubernetes cluster, hapana chinochinja kudzamara yagoneswa pachena kune akapihwa mutengi, kana kunyange iyo yese namespace, nekuunza mudziyo. sidecar mucustoms pods. Ichi chigadziko chinotenderera chiitiko cheEnvoy uye kumisikidza seti yemitemo iptables kuvharira traffic kuenda kune mamwe masevhisi uye kuendesa iyo traffic kuEnvoy.

Kana yakabatanidzwa neKubernetes DNS, izvi zvinoreva kuti kodhi yedu inogona kubatana nezita rebasa uye zvese "zvinongoshanda." Mune mamwe mazwi, yedu kodhi inobvunza mibvunzo senge http://api/v1/users/4242ipapo api gadzirisa chikumbiro che 10.97.105.48, iyo iptables mitemo ichatora zvisungo kubva ku10.97.105.48 uye ienderere mberi kune yemunharaunda Envoy proxy, uye iyo proxy yemunharaunda ichaendesa chikumbiro kune chaiyo backend API. Phew!

Kuwedzera frills

Istio inopawo kupera-kusvika-kumagumo encryption uye huchokwadi kuburikidza nemTLS (mutual TLS). Chimwe chikamu chakafona nhare.

Panewo chikamu chisanganiso, iyo Nhume inogona kukumbira cheumwe neumwe kukumbira kuita sarudzo yakakosha pamusoro pechikumbiro ichocho zvichienderana nezvinhu zvakasiyana-siyana senge misoro, backend load, nezvimwewo... (usazvinetse: kune nzira dzakawanda dzekuchengeta Mixer ichimhanya, uye kunyangwe ikaparara, Nhume icharamba ichishanda. zvakanaka semumiriri).

Uye, hongu, takataura nezvekuonekwa: Nhume inounganidza huwandu hukuru hwemetrics ichipa kutsvakwa kwakagoverwa. Mune microservices architecture, kana imwechete API chikumbiro ichifanirwa kupfuura ne microservices A, B, C, uye D, ipapo pakupinda, kugoverwa kutsvakwa kuchawedzera yakasarudzika identifier kuchikumbiro uye chengetedza iyi identifier kuburikidza ne subrequests kune ese aya mamicroservices, achibvumira. dzese nhare dzine hukama dzinofanira kubatwa. kunonoka, nezvimwe.

Gadzira kana kutenga

Istio ine mbiri yekuve yakaoma. Kusiyana neizvi, kuvaka mesh yekufambisa iyo yandakatsanangura pakutanga kweiyi post iri nyore kushandisa maturusi aripo. Saka, zvine musoro here kugadzira yako wega sevhisi mesh panzvimbo?

Kana isu tiine mwero zvinodiwa (hatidi kuoneka, wedunhu uye zvimwe zvidiki), ipapo pfungwa dzinouya pakugadzira chishandiso chedu. Asi kana tikashandisa Kubernetes, zvinogona kunge zvisingatombodiwe nekuti Kubernetes inotopa maturusi ekutanga ekutsvagisa sevhisi uye kuyera kuyera.

Asi kana isu tine zvinodiwa zvepamberi, saka "kutenga" mesh sevhisi inoita senge iri nani sarudzo. (Izvi hazvisi nguva dzose "kutenga" nekuti Istio yakavhurika sosi, asi isu tichiri kuda kuisa nguva yeinjiniya kuti tinzwisise, kuendesa, uye kuibata.)

Ndinofanira kusarudza Istio, Linkerd kana Consul Connect?

Parizvino tangotaura nezve Istio, asi iyi handiyo yega mesh mesh. Imwe nzira yakakurumbira - Linkerd, uye kune zvimwe Consul Connect.

Chii chaunosarudza?

Kutaura chokwadi, handizivi. Parizvino handizvioni kuti ndinokwanisa kupindura mubvunzo uyu. Kune vashoma zvinonakidza nyaya nekuenzanisa kwezvishandiso izvi uye kunyange mabhenji.

Imwe nzira inovimbisa ndeyekushandisa chishandiso chakadai SuperGloo. Iyo inoshandisa abstraction layer kurerutsa uye kubatanidza maAPI akafumurwa nemasevhisi meshes. Panzvimbo pekudzidza iyo chaiyo (uye, mumaonero angu, yakaoma kunzwisisa) APIs akasiyana masevhisi masevhisi, tinogona kushandisa SuperGloo's akareruka anovaka - uye nyore kushandura kubva kune imwe kuenda kune imwe, sekunge isu tine yepakati dhizaini fomati inotsanangura HTTP interfaces uye backends inokwanisa. yekugadzira iyo chaiyo gadziriso yeNginx, HAProxy, Traefik, Apache...

Ndakaita zvishoma neIstio uye SuperGloo, uye munyaya inotevera ndinoda kuratidza nzira yekuwedzera Istio kana Linkerd kune boka riripo rinoshandisa SuperGloo, uye kuti iyo yekupedzisira inoita sei basa racho, kureva, inokubvumira kuti uchinje kubva. imwe sevhisi mesh kune imwe pasina kudzoreredza zvigadziriso.

Source: www.habr.com

Voeg