ProHoster > Blog > Utongi > Service mesh data plane vs. control ndege

Service mesh data plane vs. control ndege

Mhoro, Habr! Ndinokupa kutariswa kweshanduro yechinyorwa "Sevhisi mesh data ndege vs control ndege" munyori Matt Klein.

Service mesh data plane vs. control ndege

Panguva ino, "ndaida uye ndakashandura" tsananguro yezvose zviri zviviri sevhisi mesh zvikamu, ndege yedata uye ndege inodzora. Tsananguro iyi yairatidzika kwandiri kuti inonzwisisika uye inonakidza, uye zvakanyanya kutungamira mukunzwisisa kwe "Zvine basa here?"

Sezvo pfungwa ye "Service mesh" yave kuwedzera kukurumbira mumakore maviri apfuura (Original chinyorwa Gumiguru 10, 2017) uye nhamba yevatori vechikamu munzvimbo yakawedzera, ndakaona kuwedzera kunoenderana nekuvhiringidzika pakati pese. tech nharaunda maererano nekuenzanisa nekusiyanisa mhinduro dzakasiyana.

Mamiriro ezvinhu anopfupikiswa zvakanyanya neinotevera nhevedzano yematweets andakanyora muna Chikunguru:

Sevhisi mesh kuvhiringidzika #1: Linkerd ~ = Nginx ~ = Haproxy ~ = Nhume. Hapana mumwe wavo akaenzana neIstio. Istio chimwe chinhu chakasiyana zvachose. 1 /

Yekutanga ingori data ndege. Ivo pachavo hapana chavanoita. Vanofanira kunge vari muchimiro chechimwe chinhu. 2/

Istio muenzaniso wendege inodzora inosunga zvikamu pamwe chete. Iyi ndiyo imwe layer. /end

Iwo maTweets apfuura anotaura akati wandei mapurojekiti (Linkerd, NGINX, HAProxy, Envoy, uye Istio), asi zvakanyanya kukosha kusuma pfungwa dzakajairwa dze data plane, service mesh, uye control ndege. Mune ino positi, ini ndichatora nhanho kumashure ndotaura pamusoro pezvandinoreva nemazwi ekuti "data ndege" uye "control ndege" padanho repamusoro, ndozotaura nezve mashandisiro anoita mazwi kumapurojekiti akataurwa mumatweets.

Chii chinonzi sevhisi mesh, chaizvo?

Service mesh data plane vs. control ndege
Mufananidzo 1: Service mesh overview

Mufananidzo 1 inoratidza pfungwa yebasa mesh padanho rayo rekutanga. Kune mana masevhisi masumbu (AD). Yese sevhisi chiitiko chakabatana neyemuno proxy server. Yese network traffic (HTTP, REST, gRPC, Redis, etc.) kubva kune imwechete application muenzaniso inopfuudzwa nemumiriri wenzvimbo kune akakodzera ekunze masevhisi masumbu. Nenzira iyi, chiitiko chekushandisa hachizive nezvetiweki sese uye inongoziva yenzvimbo yayo proxy. Chaizvoizvo, iyo yakagoverwa system network yakabviswa kubva kubasa.

Data ndege

Mune mesh yebasa, sevha yeproxy inowanikwa munharaunda yekushandiswa inoita mabasa anotevera:

  • Kuwanikwa kwesevhisi. Ndeapi masevhisi / maapplication aripo kune yako application?
  • Kuongorora hutano. Mamiriro ebasa anodzoswa nekuwanikwa kwesevhisi ane hutano uye akagadzirira kugamuchira network traffic? Izvi zvinogona kusanganisira zvese zviri kushanda (semuenzaniso mhinduro/utano) uye kungoita (semuenzaniso kushandisa zvikanganiso zvitatu zvakatevedzana 3xx sechiratidzo chekusashanda zvakanaka) kuongororwa kwehutano.
  • Routing. Paunenge uchigamuchira chikumbiro ku "/foo" kubva kune REST sevhisi, ndeipi sevhisi cluster iyo chikumbiro chinofanira kutumirwa kwairi?
  • Load balancing. Kana sevhisi sevhisi yasarudzwa panguva yekufambisa, ndeipi chiitiko chesevhisi chinofanira kutumirwa chikumbiro? Nenguva ipi? Nezvipi zvigadziro zvekuputsa dunhu? Kana chikumbiro chikakundikana, chinofanira kuyedzwazve here?
  • Kutendeseka uye mvumo. Pazvikumbiro zvinouya, sevhisi yekufona inogona kuzivikanwa / kubvumidzwa uchishandisa mTLS kana imwe nzira? Kana ichizivikanwa / ichibvumidzwa, inotenderwa kufonera iyo yakakumbirwa oparesheni (yekupedzisira) pane sevhisi kana kuti mhinduro isina kutenderwa inofanira kudzoserwa?
  • Kucherechedzwa. Huwandu hwakadzama, matanda / matanda, uye yakagoverwa trace data inofanirwa kugadzirwa pachikumbiro chega chega kuitira kuti vashandisi vanzwisise kufambiswa kwetraffic kugoverwa uye kugadzirisa nyaya sezvazvinomuka.

Iyo ndege yedata ine mutoro kune ese apfuura mapoinzi mune mesh mesh. Muchokwadi, iyo proxy yemuno kune sevhisi (padivi) ndiyo ndege yedata. Mune mamwe mazwi, ndege yedata ine basa rekutepfenyura, kutumira, uye kutarisa yega yega packet network inotumirwa kana kubva kune sevhisi.

The control ndege

Iyo network inotorwa inopihwa neproxy yemuno mundege yedata ndeyemashiripiti (?). Nekudaro, iyo proxy inonyatsoziva sei nezve "/foo" nzira yekusevhisi B? Iyo data yekuwana sevhisi inogarwa nezvikumbiro zveproxy ingashandiswa sei? Maparamendi akagadziridzwa sei ekuyeresa mutoro, nguva yekupera, kutyora kwedunhu, nezvimwe? Unoisa sei application uchishandisa iyo yebhuruu/girinhi nzira kana inoyevedza traffic yekuchinja nzira? Ndiani anogadzirisa system-wide authentication uye mvumo yekumisikidza?

Zvose zviri pamusoro apa zviri pasi pekutonga kwendege yekutonga ye mesh yebasa. Iyo ndege yekudzora inotora seti yeakazvimiririra isina nyika proxies uye inoashandura kuita yakagoverwa system.

Ini ndinofunga chikonzero icho vazhinji vetekinoroji vanowana iyo yakaparadzana pfungwa yedata ndege uye inodzora ndege inovhiringidza imhaka yekuti kune vanhu vazhinji ndege yedata inoziva nepo ndege yekutonga iri yekune dzimwe nyika / isinganzwisisike. Isu tanga tichishanda nemuviri network ma routers uye switch kwenguva yakareba. Isu tinonzwisisa kuti mapaketi / zvikumbiro zvinoda kubva pane A kuenda kunongedzo B uye kuti isu tinogona kushandisa Hardware uye software kuita izvi. Chizvarwa chitsva chesoftware proxies zvinongori zvemhando yepamusoro zvezvishandiso zvatanga tichishandisa kwenguva yakareba.

Service mesh data plane vs. control ndege
Mufananidzo 2: Ndege inodzora vanhu

Zvisinei, tanga tichishandisa ndege dzekutonga kwenguva yakareba, kunyange zvazvo vazhinji vanoita network vangave vasingabatanidzi chikamu ichi chegadziriro nechero chikamu chekombiyuta. Chikonzero chiri nyore:
Ndege dzakawanda dzekutonga dziri kushandiswa nhasi nde ... isu.

pamusoro Mufananidzo 2 inoratidza yandinodaidza kuti "ndege inodzora vanhu." Murudzi urwu rwekutumirwa, rwuchiri kuwanda, munhu angangove anogumbuka anogadzira masisitimu - zvingangoita kuburikidza nezvinyorwa - uye anoaendesa kuburikidza neimwe yakakosha maitiro kune ese maproxies. Maproxies anobva atanga kushandisa iyi gadziriso uye otanga kugadzirisa ndege yedata uchishandisa yakagadziridzwa marongero.

Service mesh data plane vs. control ndege
Mufananidzo 3: Yepamberi sevhisi mesh yekudzora ndege

pamusoro Mufananidzo 3 inoratidza "yakawedzerwa" kudzora ndege yebasa mesh. Inosanganisira zvikamu zvinotevera:

  • Munhu: Kuchine munhu (achitarisira hasha shoma) anoita sarudzo dzepamusoro-soro maererano nehurongwa hwose hwakazara.
  • Kudzora ndege UI: Munhu anodyidzana neimwe mhando yemushandisi interface kudzora sisitimu. Iyi inogona kunge iri yewebhu portal, yekuraira mutsara application (CLI), kana imwe interface. Uchishandisa mushandisi interface, mushandisi anogona kuwana yepasi rose masisitimu maparamita akadai se:
    • Deployment control, bhuruu/girinhi uye/kana zvishoma nezvishoma traffic traffic
    • Authentication uye Authorization Sarudzo
    • Routing tafura yakatarwa, semuenzaniso kana application A inokumbira ruzivo nezve "/foo" zvinoitika
    • Rodha zvigadziriso zvebalancer, senge nguva yekubuda, kuzamazve, kutyora kwedunhu, nezvimwe.
  • Murongi webasa: Masevhisi anofambiswa pazvivakwa kuburikidza neimwe mhando yekuronga/orchestration system, senge Kubernetes kana Nomad. Murongi ane basa rekurodha sevhisi pamwe chete nemumiriri wenzvimbo.
  • Kuwanikwa kwesevhisi. Kana mugadziri atanga nekumisa zviitiko zvesevhisi, inoshuma mamiriro ehutano kuhurongwa hwekuwanikwa kwesevhisi.
  • Sidecar proxy kumisikidza APIs : Maproxies emunharaunda anoburitsa zvine simba kubva kune akasiyana masisitimu zvikamu achishandisa inopedzisira ichienderana modhi pasina kupindira kwemushandisi. Iyo yese sisitimu, inosanganisira ese ari kuita sevhisi zviitiko uye emuno proxy maseva, anozopedzisira achinja kuita ecosystem imwe. Envoy's universal dataplane API mumwe muenzaniso wekuti izvi zvinoshanda sei mukuita.

Chaizvoizvo, chinangwa chekudzora ndege ndechekuisa mutemo unozogamuchirwa nendege yedata. Dzimwe ndege dzepamberi dzekudzora dzinobvisa zvimwe zvikamu zvemamwe masisitimu kubva kune mushandisi uye zvinoda kushoma mashandiro emaoko, chero dzichishanda nemazvo!...

Data ndege uye control ndege. Data plane vs. control ndege pfupiso

  • Sevhisi mesh data ndege: Inobata pese pakiti / chikumbiro muhurongwa. Ine basa rekushandisa / sevhisi kuwanikwa, kutarisa hutano, nzira, kuremedza kuenzanisa, kutendeseka / mvumo uye kucherechedzwa.
  • Service mesh control ndege: Inopa mutemo uye zvigadziriso kune ese ari kumhanya data ndege mukati mesevhisi network. Haibate chero mapakeji / zvikumbiro pane system. Iyo ndege inodzora inoshandura ndege dzese dze data kuita system yakagoverwa.

Yazvino purojekiti mamiriro

Tanzwisisa tsananguro iri pamusoro, ngatitarisei mamiriro azvino ebasa mesh project.

  • Data ndegeLinkerd, NGINX, HAProxy, Nhume, Traefik
  • Kudzora ndege: Istio, Nelson, SmartStack

Panzvimbo pekupinda mukuongorora kwakadzama kweimwe neimwe yemhinduro dziri pamusoro, ini ndichagadzirisa muchidimbu mamwe emamwe mapoinzi andinotenda kuti ari kukonzera kuvhiringika kuri mu ecosystem izvozvi.

Linkerd yaive imwe yekutanga data ndege proxy maseva ebasa mesh kutanga kwa2016 uye akaita basa rakanaka rekusimudzira ruzivo uye kutarisisa kune sevhisi mesh dhizaini modhi. Inenge mwedzi mitanhatu mushure meizvozvo, Envoy akabatana neLinkerd (kunyangwe anga ave naLyft kubva mukupera kwa6). Linkerd uye Envoy ndiwo mapurojekiti maviri anonyanya kutaurwa kana achikurukura meshes yebasa.

Istio yakaziviswa muna Chivabvu 2017. Zvinangwa zvepurojekiti yeIstio zvakafanana nendege yekudzora yakawedzerwa inoratidzwa mukati Mufananidzo 3. Nhume yeIstio ndiyo inomiririra proxy. Saka, Istio ndiyo ndege inodzora, uye Envoy ndiyo ndege yedata. Munguva pfupi, Istio yakaunza mufaro mukuru, uye dzimwe ndege dze data dzakatanga kubatanidza sechitsividzo cheEnvoy (zvose Linkerd uye NGINX yakaratidza kubatanidzwa neIstio). Icho chokwadi chekuti ndege dzakasiyana dze data dzinogona kushandiswa mukati meiyo imwechete yekudzora ndege inoreva kuti ndege yekudzora uye ndege yedata hazvifanirwe kubatanidzwa zvakasimba. An API yakadai seEnvoy's generic dataplane API inogona kuumba bhiriji pakati pezvikamu zviviri zvehurongwa.

Nelson naSmartStack vanobatsira kuwedzera kuenzanisira kupatsanurwa kwendege yekudzora uye ndege yedata. Nelson anoshandisa Envoy semumiriri wayo uye anovaka yakavimbika inodzora ndege yebasa mesh yakavakirwa paHashiCorp stack, i.e. Nomad, etc. SmartStack pamwe yaive yekutanga yemafungu matsva ebasa meshes. SmartStack inovaka ndege yekudzora yakatenderedza HAProxy kana NGINX, ichiratidza kugona kudzoreredza ndege yekudzora kubva kune mesh yebasa kubva kundege yedata.

Microservice architecture ine mesh sevhisi iri kuwedzera kutariswa (neizvo!), uye mapurojekiti akawanda uye vatengesi vari kutanga kushanda mune iyi nzira. Mumakore mashomanana anotevera tichaona hutsva hwakawanda mune zvose ndege yedata uye ndege yekutonga, pamwe nekuwedzera kusanganiswa kwezvikamu zvakasiyana. Pakupedzisira, microservice architecture inofanirwa kuve yakajeka uye yemashiripiti (?) kune anoshanda.
Ndinovimba zvishoma uye zvishoma kushatirwa.

Key takeaways

  • Sevhisi mesh ine zvikamu zviviri zvakasiyana: ndege yedata uye ndege yekudzora. Zvose zvikamu zvinodiwa, uye pasina ivo hurongwa hahushande.
  • Wese munhu anoziva nezve ndege inodzora, uye panguva ino, ndege yekudzora inogona kunge iri iwe!
  • Yese ndege dzedata dzinokwikwidzana pazvimiro, kuita, kurongeka, uye kuwedzera.
  • Yese ndege dzekudzora dzinokwikwidzana mune imwe neimwe mune zvimiro, configurability, extensibility, uye nyore kushandisa.
  • Imwe ndege yekudzora inogona kuve neyakakodzera abstractions uye APIs kuitira kuti akawanda data ndege dzigone kushandiswa.

Source: www.habr.com

Voeg