Tiri kutanga nhevedzano yezvinyorwa zvinoratidzira zvimwe zvezvakawanda zveIstio Service Mesh kana zvasanganiswa neRed Hat OpenShift uye Kubernetes.
Chikamu chekutanga, nhasi:
- Ngatitsanangure pfungwa yeKubernetes sidecar midziyo uye tigadzire iyo leitmotif yeiyi nhevedzano yezvinyorwa: "haufanire kuchinja chero chinhu mukodhi yako".
- Ngatitangei kusuma chinhu chakakosha cheIstio - routing mitemo. Mamwe ese maIstio maficha akavakirwa pazviri, sezvo iri mitemo inobvumidza iwe kutungamira traffic kune microservices, uchishandisa YAML mafaera ekunze kune kodhi yebasa. Isu tiri kufungawo nezve Canary Deployment deployment scheme. Bhonasi yeGore Idzva - zvidzidzo gumi zvinopindirana paIstio
Chikamu chechipiri, chiri kuuya munguva pfupi, chichakuudza:
- Istio inoshandisa sei Pool Ejection pamwe chete neCircuit Breaker uye icharatidza kuti Istio inokubvumira sei kubvisa pod yakafa kana kusaita zvakanaka kubva kudunhu rekuenzanisa.
- Isu tichatarisawo iyo Circuit Breaker musoro kubva kune yekutanga positi kuti tione kuti Istio inogona kushandiswa sei pano. Isu tinokuratidza maitiro ekufambisa traffic uye kubata zvikanganiso zvetiweki uchishandisa YAML yekumisikidza mafaera uye terminal mirairo pasina kana kudiki shanduko mukodhi yebasa.
Chikamu chechitatu:
- Nyaya yekutarisa uye yekutarisa, iyo yakatovakwa-mukati kana nyore kuwedzerwa kuIstio. Isu tinokuratidza mashandisiro ezvishandiso zvakaita sePrometheus, Jaeger, uye Grafana musanganiswa neOpenShift kuyera kubata zvisina basa microservice architecture.
- Isu tinobva pakutarisa nekubata zvikanganiso kuenda kuzvisuma muhurongwa nemaune. Mune mamwe mazwi, tinodzidza maitiro ekuita jekiseni remhosva pasina kushandura kodhi kodhi, iyo inonyanya kukosha kubva pakuona kwekuyedza - sezvo kana iwe ukashandura iyo kodhi pachayo nekuda kweizvi, pane njodzi yekuunza mamwe zvikanganiso.
Pakupedzisira, mune yekupedzisira positi paIstio Service Mesh:
- Handei kuRima Side. Kunyanya, isu tichadzidza kushandisa iyo Rima Launch chirongwa, kana iyo kodhi yaiswa uye nekuyedzwa zvakananga pane yekugadzira data, asi haina kukanganisa mashandiro ehurongwa chero nzira. Apa ndipo apo kugona kweIstio kuparadzanisa traffic kunouya zvakanaka. Uye kugona kuyedza pane yehupenyu yekugadzira data pasina kukanganisa kushanda kweyekurwa system munzira ipi neipi ndiyo inogutsa nzira yekusimbisa.
- Kuvaka paRima Launch, tinokuratidza mashandisiro emhando yeCanary Deployment kuderedza njodzi uye kuita kuti zvive nyore kuwana kodhi nyowani mukugadzira. Canary Deployment pachayo iri kure neitsva, asi Istio inokutendera kuti uite chirongwa ichi nemafaira ari nyore YAML.
- Chekupedzisira, isu tinokuratidza mashandisiro eIstio Egress kupa mukana kune masevhisi kune avo vari kunze kwemasumbu ako kuti ushandise kugona kweIstio kana uchishanda neInternet.
Saka, toenda ...
Istio yekutarisa uye manejimendi maturusi - zvese zvaunoda kuronga mamicroservices mune mesh sevhisi .
Chii chinonzi Istio Service Mesh
Sevhisi mesh inoshandisa mabasa akadai sekutarisa traffic, kutonga kwekupinda, kuwanikwa, chengetedzo, kukanganisa kushivirira uye zvimwe zvinhu zvinobatsira kuboka remasevhisi. Istio inokutendera kuti uite zvese izvi pasina shanduko diki kune kodhi yemasevhisi pachawo. Chii chakavanzika chemashiripiti? Istio inosungirira proxy yayo kune yega yega sevhisi muchimiro che sidecar chigaba (sidecar is a motorcycle sidecar), mushure meizvozvo traffic yese kune iyi sevhisi inopfuura nemumiriri, iyo, inotungamirwa nemitemo yakatarwa, inosarudza sei, riini uye kana iyi traffic. anofanira kusvika pasevhisi zvachose. Istio zvakare inoita kuti zvikwanise kuita epamberi DevOps matekiniki akadai se canary deployments, circuit breakers, kukanganisa jekiseni uye zvimwe zvakawanda.
Istio inoshanda sei nemidziyo uye Kubernetes
Istio sevhisi mesh ndeyekuitwa kwepadivi pezvinhu zvese zvinodikanwa kugadzira uye kubata mamicroservices: kutarisa, kutsvaga, matunhu anotyora, routing, mutoro kuenzanisa, kukanganisa jekiseni, retries, timeouts, mirroring, access control, rate limiting nezvimwe zvakawanda. Uye kunyangwe nhasi kune matani emaraibhurari ekushandisa aya mabasa zvakananga mukodhi, neIstio unogona kuwana zvese zvakafanana zvinhu pasina kuchinja chero chinhu mukodhi yako.
Zvinoenderana neiyo sidecar modhi, Istio inomhanya muLinux mudziyo, iri mune imwe -pod ine sevhisi inodzorwa uye injects uye inobvisa mashandiro uye ruzivo zvinoenderana nekugadziriswa kwakapihwa. Isu tinosimbisa kuti iyi ndiyo yako gadziriso, uye inogara kunze kwekodhi yako. Naizvozvo, iyo kodhi inova nyore uye ipfupi.
Chinonyanya kukosha ndechekuti chikamu chekushanda che microservices chinoshanduka chisina kubatana nekodhi pachayo, zvinoreva kuti kushanda kwavo kunogona kuendeswa zvakachengeteka kune nyanzvi dzeIT. Chokwadi, nei mugadziri achifanira kuve nebasa remadunhu mabreak uye jekiseni remhosva? React, hongu, asi zvigadzirise uye uzvigadzire? Kana iwe ukabvisa zvese izvi kubva kune kodhi, vanogadzira mapurogiramu vanozokwanisa kutarisisa zvizere nezvekushanda kweapp. Uye iyo kodhi pachayo ichava pfupi uye nyore.
Service mesh
Istio, iyo inoshandisa mabasa ekutarisira microservices kunze kwekodhi yavo, ndiyo pfungwa yeSevhisi Mesh. Mune mamwe mazwi, iboka rakarongeka reimwe kana anopfuura mabhinari anoumba mesh ye network mabasa.
Istio inoshanda sei ne microservices
Izvi ndizvo zvinoita basa remidziyo yepasidecar inotaridzika pamwe chete ΠΈ ziso reshiri: tanga chiitiko cheMinishift, gadzira chirongwa cheIstio (ngatichidaidze "istio-system"), isa uye mhanyisa zvese zvine chekuita neIstio. Zvadaro, paunogadzira mapurojekiti uye mapodhi, unowedzera ruzivo rwekugadzirisa kune zvaunotumira, uye mapodhi ako anotanga kushandisa Istio. Dhiyagiramu yakareruka inoita seizvi:
Iye zvino unogona kushandura Istio marongero kuitira, semuenzaniso, kuronga jekiseni rekukanganisa, rutsigiro kana mamwe maficha eIstio - uye zvese izvi pasina kubata kodhi yemashandisirwo acho. Ngatiti iwe unoda kutungamira ese webhu traffic kubva kune vashandisi vemutengi wako mukuru (Foo Corporation) kune imwe vhezheni yesaiti. Kuti uite izvi, ingo gadzira iyo Istio routing mutemo unozotsvaga @foocorporation.com mune ID yemushandisi uye tungamira zvinoenderana. Kune vamwe vese vashandisi, hapana chinoshanduka. Zvichakadaro, iwe unozodzikama kuyedza iyo itsva vhezheni yesaiti. Uye cherechedza kuti haufanire kubatanidza vanogadzira zvachose pane izvi.
Uye iwe uchafanira kubhadhara zvakanyanya nokuda kwayo?
Kana bodo. Istio inokurumidza uye yakanyorwa mukati uye inogadzirisa zvishoma zvishoma. Pamusoro pezvo, kurasikirwa kunokwanisika mukugadzirwa kwepamhepo kunodzikiswa nekuwedzera kwekugadzirwa kwemugadziri. Zvirinani mune dzidziso: usakanganwa kuti nguva yevagadziri yakakosha. Kana zviri zvemitengo yesoftware, Istio ndeye yakavhurika sosi software, saka iwe unogona kuwana uye kuishandisa mahara.
Zvigone iwe pachako
The Red Hat Developer Experience Team yakagadzira yakadzika maoko-pamusoro naIstio (muChirungu). Inoshanda paLinux, MacOS neWindows, uye kodhi inowanikwa muJava neNode.js.
10 zvidzidzo zvinopindirana paIstio
Block 1 - Kune Vanotanga
Nhanganyaya kuIstio
30 maminitsi
Ngatijairane neSevhisi Mesh, dzidza maitiro ekuisa Istio muOpenShift Kubernetes cluster.
Kuendesa microservices muIstio
30 maminitsi
Isu tinoshandisa Istio kuendesa matatu mamicroservices ane Spring Boot uye Vert.x.
Block 2 - nhanho yepakati
Kuongorora uye kutsvaga muIstio
60 maminitsi
Tichaongorora maturusi eIstio akavakirwa-mukati ekutarisa, tsika metrics, uye OpenTracing kuburikidza nePrometheus uye Grafana.
Nzira iri nyore muIstio
60 maminitsi
Dzidza maitiro ekugadzirisa nzira muIstio uchishandisa mitemo yakapusa.
Advanced routing mitemo
60 maminitsi
Ngatitarisei kuIstio's smart routing, kutonga kwekuwana, kuyera kuyera uye kudzikamisa chiyero.
Block 3 - mushandisi wepamusoro
Kukanganisa Injection muIstio
60 maminitsi
Isu tinodzidza kutadza kubata zvimiro mumashandisirwo akagoverwa, kugadzira zvikanganiso zveHTTP uye kunonoka kwetiweki, uye kudzidza kushandisa mhirizhonga engineering kudzoreredza nharaunda.
Circuit Breaker muIstio
30 maminitsi
Isu tinoisa Siege yemasaiti ekuyedza kushushikana uye tinodzidza maitiro ekuita backend kukanganisa kushivirira uchishandisa replays, wedunhu breaker uye ejection dziva.
Egress uye Istio
10 maminitsi
Isu tinoshandisa nzira dzeEgress kugadzira mitemo yekudyidzana kwemukati masevhisi nekunze API uye masevhisi.
Istio uye Kiali
15 maminitsi
Dzidza kushandisa Kiali kuti uwane tarisiro yemasevhisi mesh uye kuongorora chikumbiro uye data inoyerera.
Mutual TLS muIstio
15 maminitsi
Isu tinogadzira Istio Gateway uye VirtualService, tobva tadzidza mutual TLS (mTLS) uye marongero ayo zvakadzama.
Block 3.1 - Yakadzika Dive: Istio Service Mesh yeMicroservices
Bhuku racho rinotaura nezvei:
- Chii chinonzi service mesh?
- Iyo Istio system uye basa rayo mune microservice architecture.
- Kushandisa Istio kugadzirisa matambudziko anotevera:
- Mhosva kushivirira;
- Routing;
- Chaos testing;
- Kuchengetedza;
- Kuunganidzwa kweTelemetry uchishandisa traces, metrics uye Grafana.
Yakatevedzana yezvinyorwa pane sevhisi meshes uye Istio
Edza iwe pachako
Iyi nhevedzano yezvinyorwa haina kuitirwa kupa yakadzika dive munyika yeIstio. Isu tinongoda kukuzivisa iwe kune iyo pfungwa uye pamwe kukurudzira iwe kuti uedze Istio iwe pachako. Izvo zvakasununguka kuita, uye Red Hat inopa ese maturusi aunoda kuti utange neOpenShift, Kubernetes, Linux midziyo, uye Istio, kusanganisira: , nezvimwe zviwanikwa patiri . Usanonoka, tanga nhasi!
Istio routing mitemo: kutungamira zvikumbiro zvebasa kwavanoda kuenda
ΠΈ kuita basa rakanaka rekutaura kuendeswa kumapodhi anodiwa. Ichi ndicho chimwe chezvikonzero zvekuvapo kweKubernetes - routing uye kuyera kuyera. Asi zvakadini kana iwe uchida mamwe maitiro akajeka uye akaomarara? Semuenzaniso, kushandisa panguva imwe chete shanduro mbiri dze microservice. Istio Route Rules ingabatsira sei pano?
Mitemo yenzira ndiyo mitemo inonyatso sarudza sarudzo yenzira. Pasinei nechiyero chekuoma kwehurongwa, mutemo wekushanda wemitemo iyi unoramba uri nyore: zvikumbiro zvinofambiswa zvichibva pane mamwe ma parameter uye HTTP header values.
Ngatitarisei mienzaniso:
Kubernetes default: zvishoma "50/50"
Mumuenzaniso wedu, isu ticharatidza maitiro ekushandisa panguva imwe chete mavhezheni maviri eiyo microservice muOpenShift, ngativadaidze v1 uye v2. Imwe neimwe vhezheni inomhanya mune yayo Kubernetes pod, uye nekukasira inomhanya yakaenzana yakaenzana kutenderera robin routing. Imwe neimwe pod inogamuchira mugove wayo wezvikumbiro zvichienderana nehuwandu hweiyo microservice kesi, nemamwe mazwi, replicas. Istio inokubvumira kuti uchinje chiyero ichi nemaoko.
Ngatitii takaisa mavhezheni maviri erumbidzo yedu sevhisi paOpenShift, kurudziro-v1 uye kurudziro-v2.
Mumufananidzo. Mufananidzo 1 unoratidza kuti kana sevhisi yega yega inomiririrwa mune imwe nguva, inokumbira chinjana pakati pavo: 1-2-1-2-... Aya ndiwo mashandiro anoita Kubernetes routing nekukasira:
Huremu kugovera pakati shanduro
Mumufananidzo. Mufananidzo 2 unoratidza zvinoitika kana ukawedzera nhamba yev2 service replicas kubva kune imwe kusvika kune mbiri (izvi zvinoitwa ne oc scale -replicas = 2 deployment / recommendation-v2 murairo). Sezvauri kuona, zvikumbiro pakati pev1 nev2 zvave kukamurwa muchiyero chimwe-kusvika-nhatu: 1-2-2-1-2-2-β¦:
Rega vhezheni uchishandisa Istio
Istio inoita kuti zvive nyore kuchinja kugoverwa kwezvikumbiro nenzira yatinoda. Semuenzaniso, tumira traffic yese chete kune kurudziro-v1 uchishandisa inotevera Istio yaml faira:
Pano iwe unofanirwa kubhadhara kune izvi: mapodhi anosarudzwa maererano nemavara. Muenzaniso wedu unoshandisa label v1. Iyo "huremu: 100" parameter inoreva kuti 100% yetraffic ichaendeswa kune ese masevhisi pods ane v1 label.
Directive kugovera pakati peshanduro (Canary Deployment)
Tevere, uchishandisa huremu paramende, unogona kutungamira traffic kune ese mapods, uchiregeredza huwandu hwema microservice kesi anomhanya mune imwe neimwe yadzo. Semuenzaniso, pano tinotungamira 90% yetraffic kuv1 uye 10% kusvika v2:
Yakaparadzana nzira yevashandisi venhare
Mukupedzisa, isu ticharatidza nzira yekumanikidza nhare yemushandisi traffic kuti iendeswe kushumiro v2, uye vamwe vese kuv1. Kuti tiite izvi, tinoshandisa mataurirwo enguva dzose kuongorora kukosha kwemushandisi-mumiririri mumusoro wekukumbira:
Yava nguva yako
Muenzaniso une mataurirwo enguva dzose ekuparadzanisa misoro inofanirwa kukukurudzira kuti uwane yako mashandisiro eIstio routing mitemo. Uyezve, mikana iri pano yakawandisa, sezvo hunhu hwemusoro hunogona kuumbwa mune yekushandisa sosi kodhi.
Uye rangarira kuti Ops, kwete Dev
Zvese zvatakaratidza mumienzaniso iri pamusoro zvinoitwa pasina kana kudiki shanduko mune kodhi kodhi, zvakanaka, kunze kweiyo kesi kana zvichidikanwa kugadzira yakakosha misoro yekukumbira. Istio ichave yakakosha kune vese vanogadzira, avo, semuenzaniso, vanozokwanisa kuishandisa padanho rekuyedza, uye kune nyanzvi mukushanda kweIT masisitimu, ayo achabatsira zvakanyanya mukugadzira.
Saka ngatidzokorore iyo leitmotif yeiyi nhevedzano yezvinyorwa: haufanire kushandura chero chinhu mukodhi yako. Iko hakuna chikonzero chekuvaka mifananidzo mitsva kana kuvhura midziyo mitsva. Zvese izvi zvinoitwa kunze kwekodhi.
Shandisa fungidziro yako
Chimbofungidzira mikana yekuongororwa kwemusoro uchishandisa mataurirwo enguva dzose. Unoda kutungamira mutengi wako mukuru kune yakakosha vhezheni yako ? Zviri nyore! Unoda imwe shanduro yeChrome browser? Hapana dambudziko! Unogona kufambisa traffic zvinoenderana nechero hunhu.
Edza iwe pachako
Kuverenga nezve Istio, Kubernetes uye OpenShift chinhu chimwe chete, asi wadii kubata zvese iwe pachako? Team yakagadzira gwara rakadzama (muChirungu) rinokubatsira kugona matekinoroji aya nekukurumidza sezvinobvira. Bhuku racho zvakare 100% yakavhurika sosi, saka inotumirwa munzvimbo yeruzhinji. Iyo faira inoshanda paMacOS, Linux uye Windows, uye iyo kodhi kodhi inowanikwa muJava uye node.js shanduro (shanduro mune mimwe mitauro iri kuuya munguva pfupi). Ingovhura iyo inoenderana git repository mubrowser yako .
Muchikamu chinotevera: tinogadzira matambudziko zvakanaka
Nhasi waona izvo Istio routing mitemo inogona kuita. Zvino fungidzira chinhu chimwe chete, asi chete maererano nekubata kukanganisa. Izvi ndizvo chaizvo zvatichataura nezvazvo mune inotevera positi.
Source: www.habr.com