Salaan! Waa maqaal gaaban oo ka jawaabaya su'aalaha: "waa maxay ergeyga?", "maxaa loogu baahan yahay?" iyo "halkee laga bilaabo?".
Waa maxay tan
Ergaygu waa dheelitiriye L4-L7 oo ku qoran C++, diiradda saaraya waxqabadka sare iyo helitaanka. Dhinaca kale, tani si uun waa analoog ee nginx iyo haproxy, oo la barbar dhigi karo waxqabadka iyaga. Dhanka kale, waxay aad ugu janjeersan tahay qaab-dhismeedka microservice oo waxay leedahay shaqeyn aan ka sii xumaan Java iyo go' dheelitirayaasha, sida zuul ama traefik.
Shaxda isbarbardhigga ee haproxy/nginx/ ergeyga, ma sheeganayso inay tahay runta dhabta ah, laakiin waxay bixisaa sawir guud.
nginx
haproxy
diray
trafik
xiddigaha github
11.2k/muraayad
1.1k/muraayad
12.4k
27.6k
ku qoran
C
C
C ++
go
API
no
godka kaliya/riix
dataplane/jiid
qaado
hubin caafimaad oo firfircoon
no
haa
haa
haa
Baafinta furan
plugin dibadda
no
haa
haa
J.W.T.
plugin dibadda
no
haa
no
kordhinta
Lua/C
Lua/C
Lua/C++
no
Maxaa loogu talagalay
Kani waa mashruuc da'yar, waxyaabo badan ayaa ka maqan, qaar ayaa ku jira alfa hore. Laakin diray, sidoo kale ay sabab u tahay dhalinyaradeeda, si degdeg ah u kobcaya oo horeyba u leh astaamo badan oo xiiso leh: qaabeynta firfircoon, filtarrada diyaarsan oo badan, interface fudud oo lagu qoro filtarradaada.
Aagagga codsiga ayaa ka socda tan, laakiin marka hore waxaa jira 2 nooc oo liddi ku ah:
- Soo noqoshada taagan
Xaqiiqdu waxay tahay in xilligan la joogo diray ma jirto taageero kayd ah. Nimanka Google ayaa tan isku dayaya . Fikradda ayaa la hirgelin doonaa hal mar diray Dhammaan waxyaalaha qarsoon (madaxyada xayawaanka) ee u hoggaansanaanta RFC, iyo hirgelinta gaarka ah samee interface. Laakiin hadda xitaa alfa maaha, naqshadaha ayaa laga doodayaa, furan (intii aan qorayay maqaalka PR, PR wuu barafoobay, laakiin qodobkan wali waa mid khuseeya).
Hadda, u isticmaal nginx statics.
- qaabeynta taagan
Waad isticmaali kartaa, laakiin diray Taasi maaha waxa loo abuuray. Tilmaamaha qaabaynta taagan lama soo bandhigi doono Waxaa jira daqiiqado badan:
Markaad tafatirayso qaabaynta gudaha yaml, waa lagu khaldami doonaa, waxaad ku canaanan doontaa horumariyeyaasha hadal ahaan oo waxaad u malaynaysaa in qaabaynta nginx/haproxy, in kasta oo aan qaabaysanayn, ay aad u kooban tahay. Taasi waa ujeedku. Qaabeynta Nginx iyo Haproxy waxaa loo sameeyay in lagu tafatiro gacanta, iyo diray jiil ka code. Qaabaynta oo dhan ayaa lagu sifeeyay , ka soo saarida faylalka proto aad ayey u adag tahay in qalad la sameeyo.
Canary, b/g geynta xaaladaha iyo wax ka badan ayaa sida caadiga ah lagu fuliyaa kaliya qaabaynta firfircoon. Ma dhahayo tan lama samayn karo si cad, dhammaanteen waan sameynaa. Laakiin tan waxaad u baahan tahay inaad gashato biraha, mid kasta oo ka mid ah dheelitirayaasha, gudaha diray oo ay ku jiraan.
Hawsha Ergeyga aan looga maarmin:
- Isku-dheellitirka gaadiidka ee habab adag oo firfircoon. Tan waxa ku jira mesh-ka adeega, laakiin maahan ka kaliya.
- Baahida loo qabo hawl-raadinta la qaybiyey, oggolaanshaha adag ama hawlo kale oo laga heli karo diray ka baxsan sanduuqa ama si ku habboon loo hirgeliyay, laakiin nginx/haproxy waxaad u baahan tahay in lagu hareereeyo lua iyo plugins shaki leh.
Labadaba, haddii loo baahdo, waxay bixiyaan waxqabad sare.
Sidee tani u shaqaysaa
Ergeyga waxa loo qaybiyaa laba-geesood oo kaliya sida sawir-qaade. Sawirku waxa uu ka kooban yahay tusaale qaabaynta taagan. Laakiin waxaan xiiseyneynaa kaliya fahamka qaabdhismeedka.
ergay.yaml qaabeynta taagan
static_resources:
listeners:
- name: listener_0
address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match:
prefix: "/"
route:
host_rewrite: www.google.com
cluster: service_google
http_filters:
- name: envoy.router
clusters:
- name: service_google
connect_timeout: 0.25s
type: LOGICAL_DNS
# Comment out the following line to test on v6 networks
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: service_google
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: www.google.com
port_value: 443
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"@type": type.googleapis.com/envoy.api.v2.auth.UpstreamTlsContext
sni: www.google.comqaabeynta firfircoon
Dhibkee ayaan xal u raadinaynaa? Kaliya dib uma dejin kartid isku-dheelitirka culeyska culeyska hoostiisa; dhibaatooyin "yar" ayaa soo bixi doona:
- Xaqiijinta qaabaynta
Nidaamku wuxuu noqon karaa mid weyn, wuxuu noqon karaa mid aad u weyn, haddii aan si xad dhaaf ah u wada saarno hal mar, fursadaha qaladka ayaa kor u kaca.
- Isku xirka muddada dheer.
Markaad bilaabayso dhegeyste cusub, waxaad u baahan tahay inaad daryeesho isku xirka ku shaqeeya kii hore, haddii isbedeladu si isdaba joog ah u dhacaan oo ay jiraan xiriiro waara, waa inaad raadisaa tanaasul. Hello, kubernetes gudaha nginx.
- Baaritaanno caafimaad oo firfircoon.
Haddii aan haysano baaritaanno caafimaad oo firfircoon, waxaan u baahanahay inaan laba-laabno kulligood qaabka cusub ka hor inta aan taraafikada dirin. Haddii ay jiraan meelo badan oo korka ah, tani waxay qaadataa waqti. Hello haproxy.
Sidee tan lagu xalliyaa gudaha dirayMarkaad ku dhejiso qaabeynta si firfircoon, marka loo eego qaabka barkadda, waxaad u qaybin kartaa qaybo kala duwan oo aadan dib u bilaabin qaybta aan isbeddelin. Tusaale ahaan, dhegeyste, kaas oo qaali ah in dib loo bilaabo oo marar dhif ah isbeddelo.
Qaabeynta diray (laga soo bilaabo faylka sare) wuxuu leeyahay hay'adaha soo socda:
- dhegeyste - dhegeyste ku dheggan ip/deked gaar ah
- martigeliyaha dalwaddii - martigeliyaha dalwaddii magaca domain
- jidka - qaanuunka dheellitirka
- cluster - koox ka mid ah durdurrada sare oo leh cabbir dheellitiran
- dhammaadka - ciwaanka tusaalaha sare
Mid kasta oo ka mid ah hay'adahan iyo qaar kale ayaa loo buuxin karaa si firfircoon; tan, qaabaynta ayaa qeexaysa ciwaanka adeegga halka habaynta laga helayo. Adeeggu wuxuu noqon karaa REST ama gRPC, gRPC waa la door bidayaa.
Adeegyada waxaa loo kala magacaabay: LDS, VHDS, RDS, CDS iyo EDS. Waxaad isku dari kartaa qaabayn joogto ah iyo mid firfircoon, iyadoo la xaddidayo in kheyraadka firfircoon aan lagu qeexi karin mid taagan.
Hawlaha intooda badan, waa ku filan tahay in la hirgeliyo seddexda adeeg ee ugu dambeeya, waxaa loo yaqaannaa ADS (Adeegga Daahfurka Isku-darka ah), oo tag waxaa jira fulin diyaarsan oo gRPC dataplane ah kaas oo aad u baahan tahay oo kaliya inaad ku buuxiso walxaha ishaada.
Habayntu waxa ay qaadataa qaabkan soo socda:
ergay.yaml habayn firfircoon
dynamic_resources:
ads_config:
api_type: GRPC
grpc_services:
envoy_grpc:
cluster_name: xds_clr
cds_config:
ads: {}
static_resources:
listeners:
- name: listener_0
address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
stat_prefix: ingress_http
rds:
route_config_name: local_route
config_source:
ads: {}
http_filters:
- name: envoy.router
clusters:
- name: xds_clr
connect_timeout: 0.25s
type: LOGICAL_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: xds_clr
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: xds
port_value: 6565Bilowga diray Qaabayntan, waxay ku xidhmi doontaa diyaaradda-kontoroolka oo waxay isku dayi doontaa inay codsato qaabaynta RDS, CDS iyo EDS. Sida habka isdhexgalka uu u dhaco ayaa lagu sharaxay .
Marka la soo koobo, diray soo diraya codsi tilmaamaya nooca kheyraadka la codsanayo, nooca iyo cabbirka noodhka. Jawaabta, waxay helaysaa kheyraad iyo nooc, haddii nooca diyaaradda uusan isbeddelin, kama jawaabto.
Waxaa jira 4 ikhtiyaar oo is dhexgalka:
- Hal gRPC ee dhammaan noocyada agabka, heerka buuxa ee agabka ayaa la diraa.
- durdurrada kala duwan, xaalad buuxda.
- Hal durdur, xaalad korodhsi
- durdurrada goonida ah, xaaladda korodhka.
Kordhinta xDS waxay kuu ogolaanaysaa inaad yarayso isu socodka inta u dhaxaysa diyaaradda-control iyo diray, tani waxay khusaysaa qaabaynta waaweyn. Laakin way adkaynaysaa is dhexgalka;codsigu waxa uu ka kooban yahay liiska agabka iska-diiwaangelinta iyo is-diiwaangelinta
Tusaalahayagu waxa uu isticmaalaa ADS - hal durdur oo loogu talagalay RDS, CDS, EDS iyo qaab aan kordhinayn. Si aad u suurtageliso qaabka kordhinta, waxaad u baahan tahay inaad qeexdo api_type: DELTA_GRPC
Maadaama codsigu ka kooban yahay xuduudaha noodhka, waxaan u diri karnaa ilo kala duwan diyaaradda-koontaroolka xaalado kala duwan diray, tani waxay ku habboon tahay in la dhiso mesh adeegga.
Kululee
In diray marka la bilaabayo ama marka la helo qaabayn cusub oo laga helo diyaarada kontoroolka, habka kululaynta khayraadka waa la bilaabay. Waxay u qaybsantaa kululaynta dhegeystaha iyo kulaylka kooxeed. Midka kowaad waxa la bilaabaa marka ay isbedel ku yimaad RDS/LDS, ka labaad marka CDS/EDS. Tani waxay la macno tahay in haddii durdurrada sare ay isbeddelaan, dhegeystaha aan dib loo abuurin.
Inta lagu jiro habka kululaynta, agabka ku-tiirsanta ayaa laga filayaa diyaarada kantaroolka inta lagu jiro wakhtiga. Haddii wakhtigu dhaco, bilawga ma noqon doonto mid guulaysata oo dhegeystaha cusubi ma bilaabi doono inuu dhegeysto dekedda.
Amarka bilaabista: EDS, CDS, hubin caafimaad oo firfircoon, RDS, LDS. Marka hubinta caafimaad ee firfircoon la oggolaado, taraafikada ayaa kor u kici doonta kaliya ka dib hal hubin caafimaad oo guul leh.
Haddii dhegeystaha dib loo abuuray, kii hore wuxuu galayaa gobolka DRAIN oo waa la tirtiri doonaa ka dib marka dhammaan xidhiidhada la xiro ama wakhtigu dhaco --drain-time-s, caadiga ah 10 daqiiqo.
In la sii wado.
Source: www.habr.com