Dzokera kumamicroservices neIstio. Chikamu 2

Cherechedza. transl.: Chikamu chekutanga Iyi nhevedzano yakatsaurirwa kuunza Istio kugona uye kuvaratidza mukuita. Iye zvino tichataura nezve zvakanyanya kuomarara zvekugadzirisa uye kushandiswa kwesevhisi mesh, uye kunyanya, nezve yakanyatso kurongeka nzira uye network traffic traffic.

Isu tinokuyeuchidza zvakare kuti chinyorwa chinoshandisa zvigadziriso (zvinoratidzwa zveKubernetes uye Istio) kubva pane repository. istio-mastery.

Traffic Management

NeIstio, hutsva hutsva hunoonekwa musumbu kuti upe:

• Dynamic chikumbiro nzira: canary rollouts, kuongororwa kweA / B;
• Load balancing: iri nyore uye inowirirana, yakavakirwa pahashi;
• Kupora mushure mekudonha: nguva dzekupedza nguva, kuedzazve, macircuit breakers;
• Kuisa zvikanganiso: kunonoka, kudonhedza zvikumbiro, nezvimwe.

Sezvo chinyorwa chichienderera mberi, hunyanzvi uhu hucharatidzwa uchishandisa iyo yakasarudzwa application semuenzaniso uye mitsva mitsva ichaunzwa munzira. Pfungwa yekutanga yakadaro ichava DestinationRules (i.e. mitemo ine chekuita neanotambira traffic/zvikumbiro - approx. transl.), nerubatsiro rwatinomisikidza kuongororwa kweA / B.

A/B bvunzo: DestinationMitemo mukuita

Kuedza kweA/B kunoshandiswa mumamiriro ezvinhu apo kune mavhezheni maviri echishandiso (kazhinji iwo anooneka akasiyana) uye isu hatisi 100% chokwadi kuti ndeipi ichavandudza ruzivo rwemushandisi. Naizvozvo, tinomhanyisa ese mavhezheni panguva imwe chete uye tinounganidza metrics.

Kuendesa iyo yechipiri vhezheni yekumberi, inodiwa pakuratidzira A/B bvunzo, mhanyisa unotevera kuraira:

$ kubectl apply -f resource-manifests/kube/ab-testing/sa-frontend-green-deployment.yaml
deployment.extensions/sa-frontend-green created

Iyo yekutumirwa inoratidzirwa yeiyo green vhezheni inosiyana munzvimbo mbiri:

1. Mufananidzo wacho wakavakirwa pane imwe tag - istio-green,
2. Mapodhi ane chinyorwa version: green.

Sezvo zvese zvinotumirwa zvine label app: sa-frontend, zvikumbiro zvinofambiswa nesevhisi chaiyo sa-external-services zvebasa sa-frontend, ichaendeswa kune ese zviitiko uye mutoro uchagovaniswa kuburikidza round-robin algorithm, izvo zvinotungamira kune inotevera mamiriro:

Mafaira akakumbirwa haana kuwanikwa

Aya mafaera haana kuwanikwa nekuti ane mazita akasiyana mushanduro dzakasiyana dzekushandisa. Ngative nechokwadi cheizvi:

$ curl --silent http://$EXTERNAL_IP/ | tr '"' 'n' | grep main
/static/css/main.c7071b22.css
/static/js/main.059f8e9c.js
$ curl --silent http://$EXTERNAL_IP/ | tr '"' 'n' | grep main
/static/css/main.f87cd8c9.css
/static/js/main.f7659dbb.js

Zvinoreva kuti index.html, kukumbira imwe shanduro ye static mafaira, inogona kutumirwa nemutoro wekuenzanisa kune pods dzine shanduro yakasiyana, apo, nokuda kwezvikonzero zvakajeka, mafaira akadaro haapo. Naizvozvo, kuitira kuti chikumbiro chishande, isu tinofanirwa kuseta chirambidzo: “iyo imwe vhezheni yeapp yakashanda index.html inofanira kuita zvikumbiro zvinotevera".

Tichasvika ikoko nekuenderana hash-based load balancing (Inoenderana Hash Loadbalancing). Mune ino kesi zvikumbiro kubva kumutengi mumwe chete zvinotumirwa kune imwechete backend muenzaniso, iyo yakafanotsanangurwa pfuma inoshandiswa - semuenzaniso, musoro weHTTP. Inoitwa uchishandisa DestinationRules.

DestinationRules

Pashure VirtualService takatumira chikumbiro kune sevhisi yaunoda, tichishandisa DestinationRules tinogona kutsanangura marongero anozoshandiswa kune traffic inoitirwa zviitiko zvesevhisi iyi:

Traffic manejimendi neIstio zviwanikwa

taura pfungwa: Mhedzisiro yezviwanikwa zveIstio pane network traffic inoratidzwa pano nenzira iri nyore kunzwisisa. Kuti zvive chaizvo, sarudzo yekuti ndeipi chiitiko chekutumira chikumbiro kunoitwa nenhume muIngress Gateway yakagadziridzwa muCRD.

NeMitemo Yekuenda, tinogona kumisa kuyera kuyera kuti tishandise hashes dzinoenderana uye tive nechokwadi chekuti sevhisi imwechete inopindura kumushandisi mumwechete. Iyo inotevera gadziriso inobvumidza iwe kuti uite izvi (destinationrule-sa-frontend.yaml):

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: sa-frontend
spec:
  host: sa-frontend
  trafficPolicy:
    loadBalancer:
      consistentHash:
        httpHeaderName: version   # 1

1 - hashi ichagadzirwa zvichienderana nezviri mukati meHTTP musoro version.

Isa iyo configuration nemurairo unotevera:

$ kubectl apply -f resource-manifests/istio/ab-testing/destinationrule-sa-frontend.yaml
destinationrule.networking.istio.io/sa-frontend created

Zvino mhanya murairo uri pazasi uye ita shuwa kuti unowana iwo mafaera akakodzera paunotsanangura musoro version:

$ curl --silent -H "version: yogo" http://$EXTERNAL_IP/ | tr '"' 'n' | grep main

taura pfungwa: Kuwedzera maitiro akasiyana mumusoro uye kuyedza mhinduro zvakananga mubrowser, unogona kushandisa kuwedzera uku ku Chrome (kana neizvi yeFirefox - approx. transl.).

Kazhinji, DestinationRules ine mamwe maitiro munzvimbo yekuremedza mitoro - tarisa kune ruzivo mukati zvinyorwa zvepamutemo.

Tisati tadzidza VirtualService mberi, ngatidzimei "girinhi vhezheni" yekushandisa uye inoenderana netraffic gwara mutemo nekumhanyisa inotevera mirairo:

$ kubectl delete -f resource-manifests/kube/ab-testing/sa-frontend-green-deployment.yaml
deployment.extensions “sa-frontend-green” deleted
$ kubectl delete -f resource-manifests/istio/ab-testing/destinationrule-sa-frontend.yaml
destinationrule.networking.istio.io “sa-frontend” deleted

Mirroring: Virtual Services in Practice

Sharing ("kudzivirira") kana Mirroring ("Mirroring") rinoshandiswa mumamiriro ezvinhu apo tinoda kuedza shanduko mukugadzirwa pasina kukanganisa vashandisi vekupedzisira: kuita izvi, tinodzokorora ("girazi") zvikumbiro kune kechipiri apo shanduko dzinodiwa dzakaitwa, uye tarisa migumisiro. Zvichitaurwa zviri nyore, apa ndipo apo waunoshanda naye anotora nyaya inonyanya kukosha uye oita chikumbiro chekudhonza muchimiro chebundu rakakura retsvina zvekuti hapana anogona kunyatso kuriongorora.

Kuti uedze chiitiko ichi muchiito, ngatigadzire yechipiri muenzaniso weSA-Logic ine bugs (buggy) nekumhanyisa murairo unotevera:

$ kubectl apply -f resource-manifests/kube/shadowing/sa-logic-service-buggy.yaml
deployment.extensions/sa-logic-buggy created

Uye zvino ngatimhanyei murairo kuti tive nechokwadi chokuti zviitiko zvose nazvo app=sa-logic Ivo zvakare vane mavara ane mavhezheni anoenderana:

$ kubectl get pods -l app=sa-logic --show-labels
NAME                              READY   LABELS
sa-logic-568498cb4d-2sjwj         2/2     app=sa-logic,version=v1
sa-logic-568498cb4d-p4f8c         2/2     app=sa-logic,version=v1
sa-logic-buggy-76dff55847-2fl66   2/2     app=sa-logic,version=v2
sa-logic-buggy-76dff55847-kx8zz   2/2     app=sa-logic,version=v2

sevhisi sa-logic zvinonangwa mapodhi ane label app=sa-logic, saka zvikumbiro zvese zvichagoverwa pakati pezviitiko zvese:

... asi isu tinoda kuti zvikumbiro zvitumirwe kune v1 zviitiko uye kuratidzwa kune v2 zviitiko:

Tichazadzisa izvi kuburikidza neVirtualService pamwe chete neDestinationRule, apo mitemo ichasarudza ma subsets uye nzira dzeVirtualService kune imwe nzvimbo.

Kutsanangura Subsets muMitemo Yekuenda

Subsets (zvidiki) zvinotemerwa neiyo inotevera gadziriso (sa-logic-subsets-destinationrule.yaml):

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: sa-logic
spec:
  host: sa-logic    # 1
  subsets:
  - name: v1        # 2
    labels:
      version: v1   # 3
  - name: v2
    labels:
      version: v2

1. Host (host) inotsanangura kuti mutemo uyu unoshanda chete kumakesi kana nzira ichienda kushumiro sa-logic;
2. Mazita (name) ma subsets anoshandiswa paunenge uchienda kune subset zviitiko;
3. Label (label) inotsanangura makiyi-value mapeya ayo mamisheni anofanira kuenderana kuti ave chikamu chechikamu.

Isa iyo configuration nemurairo unotevera:

$ kubectl apply -f resource-manifests/istio/shadowing/sa-logic-subsets-destinationrule.yaml
destinationrule.networking.istio.io/sa-logic created

Iye zvino izvo zvidiki zvatsanangurwa, tinogona kuenderera mberi nekugadzirisa iyo VirtualService yekushandisa mitemo kune zvikumbiro kune sa-logic kuti ivo:

1. Kuendeswa kune subset v1,
2. Yakaratidzwa kune chikamu chidiki v2.

Iyo inotevera manifesto inobvumidza iwe kuzadzisa zvirongwa zvako (sa-logic-subsets-shadowing-vs.yaml):

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: sa-logic
spec:
  hosts:
    - sa-logic          
  http:
  - route:
    - destination:
        host: sa-logic  
        subset: v1      
    mirror:             
      host: sa-logic     
      subset: v2

Hapana tsananguro inodiwa pano, saka ngationei ichiita:

$ kubectl apply -f resource-manifests/istio/shadowing/sa-logic-subsets-shadowing-vs.yaml
virtualservice.networking.istio.io/sa-logic created

Ngatiwedzerei mutoro nekudaidza murairo unotevera:

$ while true; do curl -v http://$EXTERNAL_IP/sentiment 
    -H "Content-type: application/json" 
    -d '{"sentence": "I love yogobella"}'; 
    sleep .8; done

Ngatitarisei mhedzisiro muGrafana, kwaunogona kuona kuti iyo vhezheni ine bugs (buggy) inoguma nekukundikana kwe ~ 60% yezvikumbiro, asi hapana chimwe chezvinokanganisa izvi chinokanganisa vashandisi vekupedzisira sezvavanopindurwa nebasa rinoshanda.

Mhinduro dzakabudirira dzeshanduro dzakasiyana dzesa-logic sevhisi

Pano takatanga kuona kuti VirtualService inoshandiswa sei kune Nhume dzemasevhisi edu: rinhi sa-web-app anoita chikumbiro kuna sa-logic, inopfuura nepasidecar Envoy, iyo - kuburikidza neVirtualService - inogadzirirwa kuendesa chikumbiro kune v1 subset uye girazi chikumbiro kune v2 subset yebasa. sa-logic.

Ndinoziva, iwe unogona kutofunga kuti Virtual Services iri nyore. Muchikamu chinotevera, tichawedzera pane izvozvo nekutaura kuti ivo vakanyanya chaizvo.

Canary rollouts

Canary Deployment ndiyo nzira yekuburitsa vhezheni nyowani yekushandisa kune vashoma vashoma vashandisi. Inoshandiswa kuve nechokwadi kuti hapana matambudziko mukusunungurwa uye chete mushure meizvozvo, atova nechivimbo muhutano hwayo (kusunungurwa), kugovera kune vamwe vashandisi.оvateereri vakawanda.

Kuratidza kuburitswa kwe canary, isu ticharamba tichishanda ne subset buggy у sa-logic.

Ngatirege kutambisa nguva pazvinhu zvidiki uye nekukasira tumira makumi maviri muzana evashandisi kune vhezheni netsikidzi (izvi zvinomiririra kuburitsa kwedu canary), uye 20% yasara kune yakajairika sevhisi. Kuti uite izvi, shandisa inotevera VirtualService (sa-logic-subsets-canary-vs.yaml):

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: sa-logic
spec:
  hosts:
    - sa-logic    
  http:
  - route: 
    - destination: 
        host: sa-logic
        subset: v1
      weight: 80         # 1
    - destination: 
        host: sa-logic
        subset: v2
      weight: 20 # 1

1 uremu (weight), iyo inotsanangura chikamu chezvikumbiro zvichaendeswa kune anogamuchira kana chikamu chidiki chemugamuchiri.

Ngatigadzirise yakapfuura VirtualService kumisikidzwa ye sa-logic nemurairo unotevera:

$ kubectl apply -f resource-manifests/istio/canary/sa-logic-subsets-canary-vs.yaml
virtualservice.networking.istio.io/sa-logic configured

... uye isu tichakurumidza kuona kuti zvimwe zvikumbiro zvinotungamira mukukundikana:

$ while true; do 
   curl -i http://$EXTERNAL_IP/sentiment 
   -H "Content-type: application/json" 
   -d '{"sentence": "I love yogobella"}' 
   --silent -w "Time: %{time_total}s t Status: %{http_code}n" 
   -o /dev/null; sleep .1; done
Time: 0.153075s Status: 200
Time: 0.137581s Status: 200
Time: 0.139345s Status: 200
Time: 30.291806s Status: 500

VirtualServices inogonesa canary rollouts: Muchiitiko ichi, isu takatapudza zvinogona kuitika zvenyaya kusvika 20% yebase base. Zvinoshamisa! Iye zvino, mune zvese kana tisina chokwadi chekodhi yedu (nemamwe mazwi - nguva dzose ...), tinogona kushandisa mirroring uye canary rollouts.

Kupera uye kuedza zvakare

Asi tsikidzi hadziwanzo guma mukodhi. Muchirongwa kubva"8 Kusanzwisisana nezve Distributed Computing"Pakutanga idzidziso isiriyo yekuti" network yakavimbika. Muchokwadi network kwete yakavimbika, uye nechikonzero ichi tinoda nguva yekubuda (nguva dzekupera) uye anoedzazve (inoedzazve).

Nekuratidzira isu ticharamba tichishandisa iyo yakafanana dambudziko vhezheni sa-logic (buggy), uye isu tichatevedzera kusavimbika kwetiweki nekutadza kurongeka.

Rega sevhisi yedu ine tsikidzi ive nemukana 1/3 wekutora nguva yakarebesa kupindura, mukana 1/3 wekupedzisa neInternal Server Error, uye 1/3 mukana wekubudirira kudzorera peji.

Kudzikamisa kukanganisa kwematambudziko akadai uye kuita kuti hupenyu huve nani kune vashandisi, tinogona:

1. wedzera nguva yekupedza kana sevhisi ikatora nguva yakareba kupfuura masekonzi masere kupindura,
2. edzazve kana chikumbiro chakundikana.

Kuti tiite, isu tichashandisa inotevera resource tsananguro (sa-logic-retries-timeouts-vs.yaml):

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: sa-logic
spec:
  hosts:
    - sa-logic
  http:
  - route: 
    - destination: 
        host: sa-logic
        subset: v1
      weight: 50
    - destination: 
        host: sa-logic
        subset: v2
      weight: 50
    timeout: 8s           # 1
    retries:
      attempts: 3         # 2
      perTryTimeout: 3s # 3

1. Nguva yekupera kwechikumbiro yakaiswa kumasekonzi masere;
2. Zvikumbiro zvinoedzwazve 3 nguva;
3. Uye kuedza kwega kwega kunoonekwa sekusina kubudirira kana nguva yekupindura ichipfuura masekonzi matatu.

Uku ndiko optimization nekuti mushandisi haafanire kumirira anopfuura masekonzi masere uye isu tichaita mitsva mitatu yekuedza kuwana mhinduro kana ikatadza, tichiwedzera mukana wekubudirira mhinduro.

Isa iyo yakagadziridzwa gadziriso nemurairo unotevera:

$ kubectl apply -f resource-manifests/istio/retries/sa-logic-retries-timeouts-vs.yaml
virtualservice.networking.istio.io/sa-logic configured

Uye tarisa muGrafana magirafu kuti nhamba yemhinduro dzakabudirira yakawedzera pamusoro:

Kuvandudzwa kwenhamba dzemhinduro dzakabudirira mushure mekuwedzera nguva dzekubuda uye kuedza zvekare

Tisati taenda kuchikamu chinotevera (kana kuti, kune chikamu chinotevera chechinyorwa, nekuti mune izvi hapachazove nemimwe miedzo inoshanda - approx. transl.), bvisa sa-logic-buggy uye VirtualService nekushandisa mirairo inotevera:

$ kubectl delete deployment sa-logic-buggy
deployment.extensions “sa-logic-buggy” deleted
$ kubectl delete virtualservice sa-logic
virtualservice.networking.istio.io “sa-logic” deleted

Circuit Breaker uye Bulkhead Pateni

Isu tiri kutaura nezve maviri akakosha mapatani mune microservice architecture iyo inokutendera iwe kuti uwane yekuzvidzoresa (kuzviporesa) masevhisi.

Circuit Breaker ("circuit breaker") rinoshandiswa kumisa zvikumbiro zvinouya kuchiitiko chesevhisi inoonekwa se isina hutano nekuidzoreredza uku zvikumbiro zvevatengi zvichiendeswa kune zvine hutano zviitiko zvesevhisi iyo (iyo inowedzera chikamu chemhinduro dzakabudirira). (Cherechedza: Tsananguro yakadzama yeiyo pateni inogona kuwanikwa, semuenzaniso, pano.)

Bulkhead ("chikamu") inoparadzanisa kutadza kwesevhisi kubva pakukanganisa hurongwa hwese. Semuyenzaniso, Sevhisi B yakatyoka uye imwe sevhisi (Mutengi weSevhisi B) inoita chikumbiro kuSevhisi B, zvichiita kuti ipedze dziva rayo reshinda uye itadze kuita zvimwe zvikumbiro (kunyangwe zvisiri zveBasa B). (Cherechedza: Tsananguro yakadzama yeiyo pateni inogona kuwanikwa, semuenzaniso, pano.)

Ini ndichasiya ruzivo rwekuita zveaya mapatani nekuti ari nyore kuwana mukati zvinyorwa zvepamutemo, uye iniwo ndinoda chaizvo kuratidza huchokwadi uye mvumo, iyo ichakurukurwa muchikamu chinotevera chechinyorwa.

PS kubva kumushanduri

Verenga zvakare pablog yedu:

• "Kudzokera kumamicroservices neIstio": chikamu 1 (sumo kune makuru maficha), Chikamu 3 (kutendeseka uye mvumo);
• «Conduit - lightweight sevhisi mesh yeKubernetes";
• «Chii chinonzi mesh sevhisi uye nei ndichida imwe [yegore application ine microservices]?".

Source: www.habr.com