Istio waa aalad ku habboon isku xirka, sugidda iyo la socodka codsiyada la qaybiyey. Istio waxay isticmaashaa tignoolajiyada kala duwan si ay u maamusho una maamusho software cabirkeeda, oo ay ku jiraan weelasha lagu xidho koodka codsiga iyo ku tiirsanaanta hawlgelinta, iyo Kubernetes si loo maareeyo weelashaas. Sidaa darteed, si aad ula shaqeyso Istio waa inaad ogaataa sida codsi leh adeegyo badan oo ku saleysan tignoolajiyadan ay u shaqeyso iyada oo aan Istio. Haddii qalabkan iyo fikradahan ay horeba kuugu yaqaaneen, xor u noqo inaad ka gudubto casharkan oo si toos ah u aad qaybta Ku rakibida Istio Google Kubernetes Engine (GKE) ama rakibidda kordhinta Istio on GKE.
Tani waa hage-talaabo-tallaabo ah oo aan ku dhex socon doono dhammaan habka laga soo bilaabo koodhka isha ilaa weelka GKE si aan ku siinno faham aasaasi ah oo tiknoolajiyadan ah iyada oo loo marayo tusaale. Waxa kale oo aad arki doontaa sida Istio uga faa'iidaysto awoodda tignoolajiyadan. Tani waxay u qaadanaysaa inaadan waxba ka garanayn weelasha, Kubernetes, meshes adeegga, ama Istio.
hawlaha
Tababarkan, waxaad ku dhammaystiri doontaa hawlaha soo socda:
Codsiga muunada ah wuxuu ku qoran yahay Python wuxuuna ka kooban yahay laba qaybood oo is-dhexgal isticmaalaya REST:
server: server fudud oo leh hal dhibic dhamaadka hel, /, kaas oo ku daabaca "hello aduunka" console-ka
raran: script u diraya gaadiidka server, oo leh tiro la habeyn karo ee codsiyada ilbiriqsikii.
Ku socodsiinta codsiga ka imanaya koodka isha
Si aad u sahamiso muunada codsiga, ku socodsii Cloud Shell ama kumbuyuutarkaaga.
1) Buugga ku jira istio-samples/sample-apps/helloserver orod server:
python3 server/server.py
Bilowga server Waxa soo socda ayaa la soo bandhigay:
INFO:root:Starting server...
2) Fur daaqad kale oo terminal ah si aad codsiyo ugu dirto server. Haddii aad isticmaalayso Cloud Shell, guji summada ku dar si aad u furto fadhi kale.
3) Codsi u dir server:
curl http://localhost:8080
serverka ayaa ku jawaabay:
Hello World!
4) tusaha meesha aad ka soo dejisay koodhka muunada, u gudub hagaha uu ka kooban yahay raran:
cd YOUR_WORKING_DIRECTORY/istio-samples/sample-apps/helloserver/loadgen
Marka loo eego dhinaca isku xidhka, codsiga oo dhan waxa uu ku shaqeeyaa hal marti-geliyaha (kumbuyuutar maxalli ah ama mashiinka farsamada Cloud Shell). Sidaa darteed waxaad isticmaali kartaa localhostin codsiyo loo diro server.
10) In la joojiyo raran ΠΈ server, geli Ctrl-c daaqad kasta oo terminal ah.
11) Daaqada terminaalka raran dami jawiga casriga ah:
deactivate
Baakadaha codsiga weelasha
Si aad codsiga ugu socodsiiso GKE, waxaad u baahan tahay inaad ku xidho muunada codsiga - server ΠΈ raran - gudaha weelasha. Weelku waa hab lagu xidho arjiga si looga soociyo deegaankiisa.
Si aad codsiga ugu xirto weel, waxaad u baahan tahay Dockerfile. Dockerfile waa fayl qoraal ah oo qeexaya amarrada lagu dhisayo koodhka isha ee codsiga iyo ku tiirsanaanta Sawirka Docker Marka la dhiso, waxaad ku shubtaa sawirka kaydka weelka sida Docker Hub ama Diiwaanka Konteenarada.
Tusaalaha ayaa hore u lahaa Dockerfile si ay u server ΠΈ raran oo leh dhammaan amarrada lagama maarmaanka ah si loo ururiyo sawirrada. Hoosta - Dockerfile si ay u server:
FROM python:3-slim as base
FROM base as builder
RUN apt-get -qq update
&& apt-get install -y --no-install-recommends
g++
&& rm -rf /var/lib/apt/lists/*
# Enable unbuffered logging
FROM base as final
ENV PYTHONUNBUFFERED=1
RUN apt-get -qq update
&& apt-get install -y --no-install-recommends
wget
WORKDIR /helloserver
# Grab packages from builder
COPY --from=builder /usr/local/lib/python3.7/ /usr/local/lib/python3.7/
# Add the application
COPY . .
EXPOSE 8080
ENTRYPOINT [ "python", "server.py" ]
kooxda Laga soo bilaabo Python: 3- caato ah sida saldhigga u sheegay Docker inuu isticmaalo kii ugu dambeeyay Python 3 sawirka saldhig ahaan.
GELIN qeexaya amarka loo isticmaalo in lagu bilaabo weelka. Xaaladeena, amarkani wuxuu la mid yahay kii aad isticmaali jirtay server.py laga soo bilaabo isha code.
kooxda BANDHIG taas ayaa tilmaamaysa server wuxuu sugayaa xogta iyada oo loo marayo dekedda 8080. Kooxdani maaha waxay bixisaa dekedo. Tani waa nooc ka mid ah dukumentiyada loo baahan yahay si loo furo dekedda 8080 marka la bilaabayo weelka.
Isku diyaarinta in aad weel ku shubto codsigaaga
1) Deji doorsoomayaasha deegaanka ee soo socda. Beddel PROJECT_ID ku socota aqoonsiga mashruuca GCP.
export PROJECT_ID="PROJECT_ID"
export GCR_REPO="preparing-istio"
Isticmaalka qiyamka PROJECT_ID ΠΈ GCR_REPO waxaad ku dhejisaa sawirka Docker markaad dhisto oo aad u riixdo Diiwaanka Kontaynarada gaarka ah.
2) U deji mashruuca GCP-ga caadiga ah ee aaladda khadka taliska gcloud.
gcloud config set project $PROJECT_ID
3) U deji aagga caadiga ah ee aaladda khadka taliska gcloud.
gcloud config set compute/zone us-central1-b
4) Hubi in adeega Diiwaangelinta Kontaynarrada laga furay mashruuca GCP.
Dib u eeg liiska sawirada ku jira kaydka oo xaqiiji in sawirada la soo galiyay:
gcloud container images list --repository gcr.io/$PROJECT_ID/preparing-istio
Amarka wuxuu muujinayaa magacyada sawirada cusub ee la soo galiyay:
NAME
gcr.io/PROJECT_ID/preparing-istio/helloserver
gcr.io/PROJECT_ID/preparing-istio/loadgen
Abuuritaanka koox GKE ah.
Weelashan waxaa lagu maamuli karaa mashiinka farsamada ee Cloud Shell ama kumbiyuutarka amarka leh docker run. Laakiin deegaanka wax soo saarka, waxaad u baahan tahay hab aad u habayn karto weelasha. Tusaale ahaan, waxaad u baahan tahay nidaam hubinaya in weelasha ay mar walba socdaan, waxaadna u baahan tahay hab aad kor ugu qaaddo oo aad u miiqdo tusaalooyinka weel dheeraad ah haddii taraafiggu kordho.
Si aad u socodsiiso codsiyada weel ku jira waxaad isticmaali kartaa GKE. GKE waa qalab habaynta weelka kaas oo isku geynaya mashiinada farsamada gacanta koox ahaan. Mashiin kasta oo dalwad ah waxaa loo yaqaan noode. Kutlooyinka GKE waxay ku salaysan yihiin isha furan ee nidaamka maamulka kooxda Kubernetes. Kubernetes waxay bixisaa habab lagula falgalo kooxda.
3) Hadda waxaad kula xiriiri kartaa Kubernetes via kubectl. Tusaale ahaan, amarka soo socda ayaa ogaan kara heerka qanjidhada:
kubectl get nodes
Talisku waxa uu soo saarayaa liiska noodhka:
NAME STATUS ROLES AGE VERSION
gke-istoready-default-pool-dbeb23dc-1vg0 Ready <none> 99s v1.13.6-gke.13
gke-istoready-default-pool-dbeb23dc-36z5 Ready <none> 100s v1.13.6-gke.13
gke-istoready-default-pool-dbeb23dc-fj7s Ready <none> 99s v1.13.6-gke.13
gke-istoready-default-pool-dbeb23dc-wbjw Ready <none> 99s v1.13.6-gke.13
Fikradaha Muhiimka ah ee Kubernetes
Jaantusku wuxuu muujinayaa arjiga GKE:
Kahor intaanad weel geyn GKE, baro fikradaha muhiimka ah ee Kubernetes. Waxaa jira xiriiriya dhamaadka dhamaadka haddii aad rabto in aad wax badan barato.
Nodes iyo rucubyo. Gudaha GKE, noodu waa mashiinka farsamada. Goobaha kale ee Kubernetes, noodu waxay noqon kartaa kombuyuutar ama mashiinka farsamada. Kooxdu waa ururinta noodhka oo loo tixgalin karo hal unug oo aad geyso codsi weel ku jira.
Pods. Kubernetes gudaheeda, weelku waxay ku ordaan boodhyo. Pod ku yaal Kubernetes waa unug aan la qaybin karin. Boodhku waxa uu hayaa hal weel ama ka badan Waxaad geysaa weelasha serverka iyo raran oo ku kala duwan. Marka ay jiraan dhowr weel oo ku jira pod (tusaale ahaan, server-ka codsiga iyo server wakiil), weelasha waxaa loo maamulaa sidii hal hay'ad oo wadaaga kheyraadka.
Hawlgalinta. Kubernetes gudaheeda, geyntu waa shay ay ka mid yihiin baloogyo isku mid ah. Hawlgelintu waxay soo saartaa koobabyo badan oo boodo ah oo loo qaybiyey qanjidhada kooxda. Gelintu waxay si toos ah u beddeshaa boodhyo fashilmay ama aan waxba ka qabanayn.
Adeegga Kubernetes. Markaad ku socoto koodhka codsiga GKE, xidhiidhka ka dhexeeya raran ΠΈ server. Markii aad ka bilowday adeegyada mashiinka farsamada ee Cloud Shell ama miiska, waxaad u dirtay codsiyo server at localhost: 8080. Marka la geeyo GKE, boodhadhka waxaa lagu fuliyay qanjidhada la heli karo. Sida caadiga ah, ma lihid koontaroolka udubka boodhka uu ku socdo, markaa adiga cawska ma jiro ciwaanno IP joogto ah.
Si aad u hesho ciwaanka IP-ga server, waxaad u baahan tahay inaad qeexdo abstraction shabakad oo ku taal dusha sare ee pods. Taasi waa waxa ay tahay Adeegga Kubernetes. Adeegga Kubernetes waxa uu bixiyaa bar-dhamaadka joogtada ah ee gogol-gashiyo. Waxaa jira dhowr noocyada adeegyada. server adeegsadaa LoadBalancer, kaas oo bixiya ciwaanka IP dibadeed ee lagula xidhiidho server ka baxsan kooxda.
Kubernetes waxa kale oo uu leeyahay nidaamka DNS-ku-dhisan kaas oo ku meeleeya magacyada DNS (tusaale ahaan, helloserver.default.cluster.local) adeegyada. Waad ku mahadsan tahay tan, galalka kooxda ku jira waxay la xiriiraan gadmooyinka kale ee kooxda iyagoo ciwaan joogto ah. Magaca DNS looma isticmaali karo meel ka baxsan kutlada, sida Cloud Shell ama kumbuyuutarka.
Kubernetes ayaa muujinaya
Markaad codsiga ka wado isha, waxaad isticmaashay amarka lama huraanka ah python3
server.py
Imperative micneheedu waa fal: "sidan samee."
Kubernetes ayaa isticmaala model ku dhawaaqid. Tani waxay ka dhigan tahay in aanaan u sheegayn Kubernetes sida saxda ah waxa la sameeyo, laakiin taa beddelkeeda sifeynta gobolka la rabo. Tusaale ahaan, Kubernetes wuxuu bilaabaa oo uu joojiyaa boodhka marka loo baahdo si loo ilaaliyo xaaladda dhabta ah ee nidaamka si waafaqsan gobolka la rabo.
Waxaad ku muujisaa xaalada la rabo ee muujinta ama faylasha YAML. Faylka YAML wuxuu ka kooban yahay qeexitaanno hal ama ka badan oo Kubernetes ah.
Tusaalaha waxaa ku jira faylka YAML ee server ΠΈ raran. Fayl kasta oo YAML ah wuxuu qeexayaa xaaladda la rabo ee shayga la dirayo iyo adeegga Kubernetes.
LoadBalancerMacaamiishu waxay codsiyo u diraan ciwaanka IP-ga ee xisaabiyaha culayska, kaas oo leh ciwaan IP joogto ah lagana heli karo meel ka baxsan kooxda.
targetPort: sida aad xasuusato, kooxda EXPOSE 8080 Π² Dockerfile ma siin dekedaha. Adiga ayaa bixiya dekedda 8080si aad ula xidhiidho weelka server ka baxsan kooxda. Xaaladeena helosvc.default.cluster.local:80 (magac gaaban: hellosvc) u dhiganta dekedda 8080 Ciwaanka IP-ga ee Pod helloserver.
dekedda: Kani waa lambarka dekedda ay adeegyada kale ee kooxdu soo diri doonaan codsiyada.
loadgen.yaml
Shayga la geynayo loadgen.yaml u eg server.yaml. Farqiga u dhexeeya ayaa ah in shayga la dirayo uu ka kooban yahay qayb dir. Waxay qeexaysaa doorsoomayaasha deegaanka ee loo baahan yahay raran oo aad ku rakibtay markaad arjiga ka wado isha.
Mar raran ma aqbalo codsiyada soo socda, ee goobta nooca tilmaamay Kooxda IP. Noocani waxa uu bixiyaa ciwaan IP joogto ah oo adeegyada kooxdu ay isticmaali karaan, laakiin ciwaanka IP-ga looma bandhigin macaamiisha dibadda ah.
Marka si guul leh loo dhammeeyo, amarku wuxuu soo saaraa koodka soo socda:
deployment.apps/loadgenerator created
service/loadgensvc created
11) Hubi heerka ay ku sugan yihiin kubadaha:
kubectl get pods
Talisku wuxuu muujinayaa heerka:
NAME READY STATUS RESTARTS AGE
helloserver-69b9576d96-mwtcj 1/1 Running 0 58s
loadgenerator-774dbc46fb-gpbrz 1/1 Running 0 57s
12) Ka soo saar qoraallada codsiyada ka soo duubka raran. Beddel POD_ID ilaa aqoonsiga jawaabta hore.
kubectl logs loadgenerator-POD_ID
13) Hel ciwaannada IP dibadeed hellosvc:
kubectl get service
Jawaabta amarku waxay u egtahay sidan:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
hellosvc LoadBalancer 10.81.15.158 192.0.2.1 80:31127/TCP 33m
kubernetes ClusterIP 10.81.0.1 <none> 443/TCP 93m
loadgensvc ClusterIP 10.81.15.155 <none> 80/TCP 4m52s
14) Codsi u dir hellosvc: beddel EXTERNAL_IP cinwaanka IP-ga dibadda ah hellosvc.
curl http://EXTERNAL_IP
Aynu qaadano Istio
Waxaad hore u haysatay codsi GKE ah. raran Waxaad isticmaali kartaa Kubernetes DNShelosvc:80) in loo diro codsiyo serverwaxaadna u diri kartaa codsiyo server cinwaanka IP-ga dibadda ah. Inkastoo Kubernetes leeyahay astaamo badan, waxaa jira macluumaad ka maqan adeegyada:
Sidee ayay adeegyadu u falgalaan? Waa maxay xiriirka ka dhexeeya adeegyada? Sidee buu gaadiidka u kala goosha adeegyada? Ma la socotaa taas raran codsiyo u dira server, laakiin ka fikir inaadan waxba ka garanayn codsiga. Si aan uga jawaabno su'aalahan, aan eegno liiska boodhadhka ordaya ee GKE.
Metrics. Ilaa goormaan server ma ka jawaabaa codsi soo socda? Immisa codsi ilbidhiqsikii baa seefarku helay? Miyuu bixiyaa farriimaha khaldan?
Xogta Amniga. Gaadiidka u dhexeeya raran ΠΈ server uun baa dhex mara HTTP ama by mTLS?
Istio ayaa ka jawaabaya su'aalahan oo dhan. Si taas loo sameeyo, Istio wuxuu dhigayaa wakiil baabuur-side ah Ergayga kuli kasta. Wakiilka Ergaygu wuxuu ka hortagaa dhammaan taraafikada soo galaya iyo kuwa baxaya ee weelka arjiga. Taas macnaheedu waa server ΠΈ raran Ku hel iyada oo loo sii marayo wakiilka gaarka ah ee sidecar, iyo dhammaan taraafikada ka socda raran ΠΊ server wuxuu maraa wakiilka ergada.
Xidhiidhada u dhexeeya wakiilada ergeyga waxay sameeyaan mesh adeeg. Nashqada mesh-ka adeega ayaa bixisa lakabka xakamaynta ee dusha sare ee Kubernetes.
Mar haddii wakiillada ergaygu ay weelkooda ku jiraan, Istio waxaa lagu rakibi karaa dusha sare ee kooxda GKE iyada oo aan wax isbeddel ah lagu samayn koodka codsiga. Laakiin waxaad samaysay xoogaa shaqo ah si aad codsigaaga ugu diyaariso in uu maamulo Istio:
Adeegyada dhammaan weelasha. Si loo diro server ΠΈ raran ku xidhan adeegga Kubernetes. Xataa raran, kaas oo aan helin codsiyada soo socda, waxaa jira adeeg.
Dekadaha adeegyadu waa inay lahaadaan magacyo. In kasta oo dekedaha adeegga looga tagi karo iyada oo aan la magacaabin GKE, Istio waxa ay kaaga baahan tahay inaad sheegto magaca dekedda si waafaqsan hab-maamuuskiisa. Faylka YAML ee dekedda loogu talagalay server waxaa lagu magacaabaa httpsababtoo ah server-ku wuxuu isticmaalaa borotokoolka HTTP. Hadii adeegga loo isticmaalo gRPC, waxaad magacaabi lahayd dekedda grpc.
Meelaynta waa la calaamadiyay. Sidaa darteed, waxaad isticmaali kartaa sifooyinka maamulka taraafikada ee Istio, sida kala qaybinta taraafikada u dhexeeya noocyada isla adeegga.
Ku rakibida Istio
Waxaa jira laba siyaabood oo lagu rakibo Istio. Karaa awood Istio kordhinta GKE ama ku rakib nooca isha furan ee Istio kutlada. Istio on GKE, waxaad si fudud u maarayn kartaa rakibaadda Istio iyo casriyaynta inta lagu jiro wareegga nolosha ee kooxda GKE. Haddii aad rabto nuqulkii ugu dambeeyay ee Istio ama in ka badan kantaroolka qaabaynta guddigaaga kantaroolka Istio, ku rakib nooca isha furan halkii aad ka isticmaali lahayd Istio ee kordhinta GKE. Si aad u go'aansato habka, akhri maqaalka Miyaan u baahanahay Istio GKE?.
Dooro ikhtiyaar, dib u eeg hagaha ku habboon, oo raac tilmaamaha si aad ugu rakibto Istio kooxdaada. Haddii aad rabto inaad ku isticmaasho Istio codsigaaga cusub ee la diray, awood hirgelinta gawaadhida dhinaceeda magac ahaan Default.
Nadiifinta
Si aad isaga ilaaliso in lagugu dalaco akoonkaaga Google Cloud Platform ee agabka aad ku isticmaashay casharkan, tirtir kooxda weelka marka aad rakibto Istio oo aad ku ciyaarto muunada codsiga. Tani waxay meesha ka saari doontaa dhammaan agabyada kutlada, sida xisaabinta tusaalooyinka, saxanadaha, iyo ilaha shabakada.