Horudhac
Waan ku jirnaa bilaabay in Istio la geeyo mesh adeeg ahaan. Mabda 'ahaan, wax walba way fiican yihiin, marka laga reebo hal shay: waa qaali.
В Istio waxay tiri:
Iyadoo Istio 1.1, wakiilku wuxuu cunaa ku dhawaad 0,6 vCPUs (cores Virtual) 1000kii codsi ee ilbiriqsikiiba.
Gobolka ugu horeeya ee mesh adeega (2 proxies ee dhinac kasta oo isku xidhka ah), waxaanu yeelan doonaa 1200 oo koor oo wakiil ka ah, oo ah qiime dhan hal milyan oo codsi ilbiriqsikii. Marka loo eego xisaabiyaha qiimaha Google, waxay u shaqaysaa inay noqoto ku dhawaad $40/bishii/core si loo qaabeeyo n1-standard-64, taas oo ah in gobolkan oo kaliya ay inagu kici doonto lacag ka badan 50 kun oo doolar bishii 1 milyan oo codsi ilbiriqsi kasta.
Ivan Sim () mesh mesh adeega ayaa dib u dhac ku yimid sanadkii hore waxaana uu balan qaaday in la mid ah xusuusta iyo processor-ka, laakiin ma aysan shaqayn:
Sida muuqata, qiyamka-istio-test.yaml wuxuu si dhab ah u kordhin doonaa codsiyada CPU. Haddii aan xisaabteyda si sax ah u sameeyay, waxaad u baahan tahay ku dhawaad 24 CPUs koontaroolka iyo 0,5 CPU wakiil kasta. Ma haysto intaas. Waxaan ku celin doonaa imtixaanada marka ilo badan la ii qoondeeyo.
Waxaan rabay in aan naftayda arko sida waxqabadka Istio uu la mid yahay mesh adeeg il furan oo kale: .
Ku rakibida mesh adeega
Marka hore, waxaan ku rakibay koox :
$ supergloo init
installing supergloo version 0.3.12
using chart uri https://storage.googleapis.com/supergloo-helm/charts/supergloo-0.3.12.tgz
configmap/sidecar-injection-resources created
serviceaccount/supergloo created
serviceaccount/discovery created
serviceaccount/mesh-discovery created
clusterrole.rbac.authorization.k8s.io/discovery created
clusterrole.rbac.authorization.k8s.io/mesh-discovery created
clusterrolebinding.rbac.authorization.k8s.io/supergloo-role-binding created
clusterrolebinding.rbac.authorization.k8s.io/discovery-role-binding created
clusterrolebinding.rbac.authorization.k8s.io/mesh-discovery-role-binding created
deployment.extensions/supergloo created
deployment.extensions/discovery created
deployment.extensions/mesh-discovery created
install successful!Waxaan isticmaalay SuperGloo sababtoo ah waxay ka dhigaysaa bootstrapping mesh adeega mid aad u fudud. Ma ahayn inaan wax badan sameeyo. Uma isticmaalno SuperGloo wax soo saarka, laakiin waxay ku fiican tahay hawshan oo kale. Waxay ahayd inaan si dhab ah u isticmaalo dhawr amar oo adeeg kasta mesh. Waxaan go'doominta u adeegsaday laba rucubood - mid walba Istio iyo Linkerd.
Tijaabada waxaa lagu sameeyay Google Kubernetes Engine. Waxaan isticmaalay Kubernetes 1.12.7-gke.7 iyo barkad qandho ah n1-standard-4 oo leh miisaan toosan oo noodhka ah (ugu yaraan 4, ugu badnaan 16).
Kadibna waxaan ku rakibay labada meshes adeegga khadka taliska.
First Linkerd:
$ supergloo install linkerd --name linkerd
+---------+--------------+---------+---------------------------+
| INSTALL | TYPE | STATUS | DETAILS |
+---------+--------------+---------+---------------------------+
| linkerd | Linkerd Mesh | Pending | enabled: true |
| | | | version: stable-2.3.0 |
| | | | namespace: linkerd |
| | | | mtls enabled: true |
| | | | auto inject enabled: true |
+---------+--------------+---------+---------------------------+Kadib Istio:
$ supergloo install istio --name istio --installation-namespace istio-system --mtls=true --auto-inject=true
+---------+------------+---------+---------------------------+
| INSTALL | TYPE | STATUS | DETAILS |
+---------+------------+---------+---------------------------+
| istio | Istio Mesh | Pending | enabled: true |
| | | | version: 1.0.6 |
| | | | namespace: istio-system |
| | | | mtls enabled: true |
| | | | auto inject enabled: true |
| | | | grafana enabled: true |
| | | | prometheus enabled: true |
| | | | jaeger enabled: true |
+---------+------------+---------+---------------------------+Wareegga shilku waxa uu qaatay daqiiqado yar,kadibna kontoroolada ayaa xasiliyay.
(Fiiro gaar ah: SuperGloo kaliya waxay taageertaa Istio 1.0.x hadda. Waxaan ku celiyay tijaabada Istio 1.1.3, laakiin ma aanan dareemin wax farqi muuqda ah.)
Dejinta Istio Gelin Toos ah
Si aad u samayso Istio rakibida Ergeyga dhinaca gaadhiga, waxaanu isticmaalnaa irbad- MutatingAdmissionWebhook. Ka hadli mayno maqaalkan. Aan idhaahdo kani waa kontaroole kormeeraya gelitaanka dhammaan boodhadhka cusub oo si firfircoon ugu daraya baabuur-geeska ah iyo initContainer, kaas oo mas'uul ka ah hawlaha iptables.
Anaga oo Shopify ah ayaa qornay kontaroolaha gelitaankayaga si aan u hirgelino gawaarida dhinaceeda, laakiin bartilmaameedkan waxaan u adeegsaday kontaroolaha la socda Istio. Kantarooluhu waxa uu duraa baabuurta dhinac-dhaafka ah marka ay jirto meel-gaab ah meesha magaca istio-injection: enabled:
$ kubectl label namespace irs-client-dev istio-injection=enabled
namespace/irs-client-dev labeled
$ kubectl label namespace irs-server-dev istio-injection=enabled
namespace/irs-server-dev labeledDejinta dejinta tooska ah ee Linkerd
Si loo dejiyo xidhidhiyaha dhinaceeda ee Linkerd, waxaanu isticmaalnaa tafaasiil (waxaan ku daray gacanta iyada oo loo marayo kubectl edit):
metadata:
annotations:
linkerd.io/inject: enabled$ k edit ns irs-server-dev
namespace/irs-server-dev edited
$ k get ns irs-server-dev -o yaml
apiVersion: v1
kind: Namespace
metadata:
annotations:
linkerd.io/inject: enabled
name: irs-server-dev
spec:
finalizers:
- kubernetes
status:
phase: ActiveIstio Fault Dulqaadka Simulator
Waxaan dhisnay jilbaha dulqaadka cilada loo yaqaan Istio si aan ugu tijaabino taraafikada gaarka ah ee Shopify. Waxaan u baahanahay qalab si aan u abuurno topology gaar ah oo matali doona qayb gaar ah oo ka mid ah garaafyada adeeggayaga, si firfircoon loo habeeyey si loogu qaabeeyo culaysyo shaqo oo gaar ah.
Kaabayaasha Shopify waxaa saaran culeys culus inta lagu jiro iibka tooska ah. Isla markaa, Shopify . Macaamiisha waaweyni waxay mararka qaarkood ka digayaan iibka tooska ah ee qorshaysan. Kuwo kalena waxay noogu dhaqmaan si lama filaan ah wakhti kasta oo habeen iyo maalin ah.
Waxaan rabnay jilitaankayaga adkeysi si uu u qaabeeyo socodka shaqada ee ku habboon topologiyada iyo culeysyada shaqada ee ka batay kaabayaasha Shopify waagii hore. Ujeedada ugu weyn ee isticmaalka mesh-ka adeega ayaa ah in aan u baahanahay isku halaynta iyo dulqaadka qaladka ee heerka shabakada, waxaana muhiim noo ah in mesh-ka adeega uu si wax ku ool ah ula qabsado rarka markii hore carqaladeeyay adeegyada.
Xudunta udubdhexaadiyaha u dulqaadashada khaladku waa noodhka shaqaalaha, kaas oo u shaqeeya sidii mesh node adeeg. Noodka shaqaalaha waxaa loo habayn karaa si joogto ah marka la bilaabayo ama si firfircooni ah iyada oo loo marayo REST API. Waxaan isticmaalnaa qaabeynta firfircoon ee qanjidhada shaqaalaha si aan u abuurno qulqulka shaqada ee qaabka imtixaanada dib u noqoshada.
Waa kan tusaale habkan oo kale:
- Waxaan bilaabay 10 server sida
baradeeg soo celinaya jawaab200/OKka dib 100 ms. - Waxaan bilaabeynaa 10 macaamiil - mid kastaa wuxuu soo diraa 100 codsi ilbiriqsikiiba
bar. - 10-kii ilbiriqsi kasta waxaan ka saarna 1 server oo aan la soconaa khaladaadka
5xxon macmiilka.
Dhammaadka socodka shaqadu, waxaanu baadhnaa diiwaanka iyo cabbirada oo aanu hubino in imtixaanku dhammaaday. Sidan ayaanu ku baranaynaa waxqabadka mesh adeegayaga waxaanu ku samaynaa imtixaan dib u dhac ah si aanu u tijaabino malo-awaalkayaga ku saabsan dulqaadka khaladka.
(Xusuusin: Waxaan ka fakareynaa inaan furno soo saarista jilitaanka dulqaadka cilladaha Istio, laakiin weli diyaar uma nihin inaan sidaas yeelo.)
Simulator u dulqaadashada cilladaha Istio ee bartilmaameedka mesh adeega
Waxaan dejinay dhowr noodood oo shaqeeya oo simulator-ka ah:
irs-client-loadgen: 3 nuqul oo soo dira 100 codsi ilbiriqsikiibairs-client.irs-client: 3 nuqul oo helay codsiga, sug 100ms oo u gudbi codsigairs-server.irs-server: 3 nuqul oo soo noqda200/OKka dib 100 ms.
Qaabeyntan, waxaan ku cabbiri karnaa socodka taraafikada deggan inta u dhaxaysa 9 dhibcood. Sidecars gudaha irs-client-loadgen и irs-server hel 100 codsi ilbiriqsikii, iyo irs-client - 200 (soo galaysa iyo kuwa baxaya).
Waxaan la soconaa isticmaalka kheyraadka sababtoo ah ma lihin kooxda Prometheus.
Результаты
Qalabka xakamaynta
Marka hore, waxaan baarnay isticmaalka CPU.
Xakamaynta Linkerd ~ 22 millicore
Istio control panel: ~ 750 millicore
Guddiga kantaroolka ee Istio wuxuu isticmaalaa qiyaastii 35 jeer ka badan kheyraadka CPUmarka loo eego Linkerd. Dabcan, wax walba waxaa lagu rakibay si default ah, iyo istio-telemetry ayaa halkan ku cunaya kheyraad badan oo processor-ka ah (waxaa lagu curyaami karaa iyada oo la joojinayo hawlaha qaarkood). Haddii aan ka saarno qaybtan, waxaan weli heleynaa in ka badan 100 millicore, taas oo ah 4 jeer in ka badanmarka loo eego Linkerd.
Sidecar wakiil
Waxaan markaa tijaabinay isticmaalka wakiil. Waa inuu jiraa xidhiidh toosan oo leh tirada codsiyada, laakiin gaadhi kasta oo dhinac ah waxa jira xoogaa sare oo saameeya qalooca.
Linkerd: ~ 100 millicore ee irs-client, ~ 50 millicores ee irs-client-loadgen
Natiijooyinku waxay u muuqdaan kuwo macquul ah, sababtoo ah wakiilka macmiilku wuxuu helayaa labanlaab ka badan taraafikada wakiilka loadgen: codsi kasta oo ka yimaada loadgen, macmiilku wuxuu leeyahay mid soo galaya iyo mid baxaya.
Istio/Ergeyga: ~ 155 millicores ee irs-client, ~ 75 millicores ee irs-client-loadgen
Waxaan u aragnaa natiijooyin isku mid ah Istio sidecars.
Laakiin guud ahaan, wakiillada Istio/Ergeyga ayaa isticmaala qiyaastii 50% ka badan kheyraadka CPUmarka loo eego Linkerd.
Waxaan ku aragnaa isla nidaam dhinaca serverka:
Linkerd: ~ 50 millicore ee irs-server
Istio/Ergeyga: ~ 80 millicore ee irs-server
Dhinaca server-ka, sidecar Istio/Ergeyga ayaa wax cunaya qiyaastii 60% ka badan kheyraadka CPUmarka loo eego Linkerd.
gunaanad
Wakiilka Istio Ergayga wuxuu cunaa 50+% CPU ka badan marka loo eego Linkerd culeyska shaqadayada ee la midka ah. Guddiga kontoroolka Linkerd wuxuu cunaa kheyraad aad uga yar kan Istio, gaar ahaan qaybaha asaasiga ah.
Waxaan wali ka fekereynaa sidii aan u dhimi lahayn kharashyadan. Haddii aad fikrado hayso, fadlan la wadaag!
Source: www.habr.com