Ogow. turjumi: Taxanahan waxa u go'ay soo bandhigida kartida Istio iyo muujinta waxqabadkooda. Hadda waxaan ka hadli doonaa dhinacyo badan oo kakan oo ku saabsan qaabeynta iyo isticmaalka mesh adeeggan, iyo gaar ahaan, ku saabsan marin-u-eegid si fiican loo habeeyey iyo maamulka taraafikada shabakadda.
Waxaan sidoo kale ku xasuusineynaa in maqaalku uu isticmaalo qaabeynta (muujinta Kubernetes iyo Istio) ee kaydka .
Maamulka Gaadiidka
Istio, awoodo cusub ayaa ka dhex muuqda kooxda si ay u bixiso:
- Dariiqinta codsiga firfircoon: duubista canary, tijaabada A/B;
- Isku dheelitirka culeyska: fudud oo joogto ah, oo ku salaysan xashiishyada;
- Soo kabashada ka dib dhicis: wakhti go'an, dib-u-eegisyo, furayaasha wareegga;
- Gelida khaladaadka: dib u dhac, codsiyo la tuuray, iwm.
Sida maqaalku sii socdo, awoodahaan waxaa lagu muujin doonaa iyadoo la adeegsanayo codsiga la doortay tusaale ahaan iyo fikrado cusub ayaa lagu soo bandhigi doonaa jidka. Fikradda ugu horreysa waxay noqon doontaa DestinationRules (tusaale, sharciyo ku saabsan qaataha taraafikada/codsiyada - qiyaastii. transl.), annagoo kaashanayna taas oo aan ku hawlgelinno baaritaanka A/B.
Tijaabada A/B: Xeerarka meesha la aadayo ee ficil ahaan
Tijaabada A/B waxaa loo isticmaalaa xaaladaha ay jiraan laba nooc oo codsi ah (badanaa aragti ahaan way kala duwan yihiin) mana 100% hubin mid ka mid ah hagaajinta khibrada isticmaale. Sidaa darteed, waxaan wadnaa labada nooc isku mar waxaanan aruurineynaa cabbirada.
Si loo geeyo nooca labaad ee hore, looga baahan yahay muujinta tijaabada A/B, socodsii amarka soo socda:
$ kubectl apply -f resource-manifests/kube/ab-testing/sa-frontend-green-deployment.yaml
deployment.extensions/sa-frontend-green createdMuujinta geynta nooca cagaaran waxay ku kala duwan tahay laba meelood:
- Sawirku wuxuu ku salaysan yahay calaamad kale -
istio-green, - Boodhadhku waxay leeyihiin calaamad
version: green.
Maadaama labada gooboodba ay leeyihiin calaamad app: sa-frontend,codsiyada ay jebiyeen adeega farsamada sa-external-services adeega sa-frontend, waxaa loo weecin doonaa dhammaan dhacdooyinkeeda oo culeyska ayaa loo qaybin doonaa iyada oo loo marayo , taasoo keeni doonta xaaladaha soo socda:
Faylasha la codsaday lama helin
Faylashan lama helin sababtoo ah si kala duwan ayaa loogu magacaabay noocyada kala duwan ee codsiga. Aan hubino tan:
$ curl --silent http://$EXTERNAL_IP/ | tr '"' 'n' | grep main
/static/css/main.c7071b22.css
/static/js/main.059f8e9c.js
$ curl --silent http://$EXTERNAL_IP/ | tr '"' 'n' | grep main
/static/css/main.f87cd8c9.css
/static/js/main.f7659dbb.js
Waxay ka dhigan tahay index.html, Codsashada hal nooc oo ah faylasha taagan, waxaa u diri kara miisaamiyaha culeyska si uu u helo qayb ka duwan, halkaas oo, sababo muuqda, faylasha noocaas ah aysan jirin. Sidaa darteed, si codsigu u shaqeeyo, waxaan u baahanahay inaan dejino xaddidaad: "isla nooca arjiga u adeegay index.html waa inuu u adeegaa codsiyada xiga".
Waxaan halkaas ku gaari doonaa dheellitirka xashiish-ku-saleysan ee joogtada ah (Hash Load dheelitirka Joogta ah). Xaaladdan oo kale Codsiyada isla macmiilka ayaa loo diraa isla tusaale dhabarka dambe, kaas oo hanti horay loo sii qeexay - tusaale ahaan, madax HTTP ah. Waxaa la hirgaliyay iyadoo la isticmaalayo DestinationRules.
Xeerarka goobta
Kadib Adeegga Virtual codsi u diray adeega la rabo, anagoo adeegsanayna DestinationRules waxaan qeexi karnaa siyaasadaha lagu dabaqi doono taraafikada tusaale ahaan adeegan:
Maareynta taraafikada oo leh ilaha Istio
tacliiq: Saamaynta ilaha Istio ee taraafikada shabakada ayaa halkan lagu soo bandhigay si ay fududahay in la fahmo. Si sax ah loo dhigo, go'aanka tusaale ahaan codsiga loo dirayo waxaa sameeya Ergeyga ku jira Kadinka Ingress Gateway ee lagu habeeyay CRD.
Xeerarka Meesha, waxaan u habeyn karnaa isku dheelitirka culeyska si aan u isticmaalno xashiish joogto ah oo aan hubinno in adeeg isku mid ah uu uga jawaabo isticmaale isku mid ah. Qaabaynta soo socota ayaa kuu ogolaanaysa inaad tan gaadho ():
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: sa-frontend
spec:
host: sa-frontend
trafficPolicy:
loadBalancer:
consistentHash:
httpHeaderName: version # 1
1 - xashiish ayaa la soo saari doonaa iyadoo lagu salaynayo waxa ku jira madaxa HTTP version.
Ku codso qaabaynta amarkan soo socda:
$ kubectl apply -f resource-manifests/istio/ab-testing/destinationrule-sa-frontend.yaml
destinationrule.networking.istio.io/sa-frontend created
Hadda socodsii amarka hoose oo hubi inaad hesho faylasha saxda ah markaad qeexdo madaxa version:
$ curl --silent -H "version: yogo" http://$EXTERNAL_IP/ | tr '"' 'n' | grep maintacliiq: Si aad ugu darto qiimaha kala duwan ee madaxa oo aad si toos ah u tijaabiso natiijooyinka browserka, waxaad isticmaali kartaa Chrome (ama for Firefox - qiyaastii. turjumi.).
Guud ahaan, DestinationRules waxay leedahay awoodo dheeraad ah oo ku saabsan aagga isu dheelitirka culeyska - hubi faahfaahinta gudaha .
Kahor intaadan baranin VirtualService, aynu tirtirno "nooca cagaaran" ee arjiga iyo xeerka jihaynta taraafiga ee u dhigma anagoo fulinayna amarada soo socda:
$ kubectl delete -f resource-manifests/kube/ab-testing/sa-frontend-green-deployment.yaml
deployment.extensions βsa-frontend-greenβ deleted
$ kubectl delete -f resource-manifests/istio/ab-testing/destinationrule-sa-frontend.yaml
destinationrule.networking.istio.io βsa-frontendβ deletedMuraayadda: Adeegga Farshaxan ee Ku-dhaqanka
Hooska ("gashaanti") ama Muraayadaha ("muraayad") loo isticmaalo kiisaska aan rabno in aan tijaabino isbeddelka wax soo saarka iyada oo aan saameyn ku yeelan isticmaalayaasha dhamaadka: si tan loo sameeyo, waxaan nuqul ka dhiganeynaa ("muraayada") codsiyada tusaale ahaan meesha isbeddellada la rabo la sameeyay, oo fiiri natiijooyinka. Si fudud loo dhigo, tani waa marka saaxiibkaa uu doorto arrinta ugu muhiimsan oo uu sameeyo codsi jiidis ah oo ah buro weyn oo wasakh ah oo aan qofna si dhab ah u eegi karin.
Si loo tijaabiyo dhacdadan ficil ahaan, aynu abuurno tusaale labaad oo ah SA-Logic oo leh cayayaanka (buggy) adoo fulinaya amarkan soo socda:
$ kubectl apply -f resource-manifests/kube/shadowing/sa-logic-service-buggy.yaml
deployment.extensions/sa-logic-buggy created
Oo hadda aynu maamulno amarka si aan u hubinno in dhammaan xaaladaha ay la socdaan app=sa-logic Waxay kaloo leeyihiin calaamado leh noocyada u dhigma:
$ kubectl get pods -l app=sa-logic --show-labels
NAME READY LABELS
sa-logic-568498cb4d-2sjwj 2/2 app=sa-logic,version=v1
sa-logic-568498cb4d-p4f8c 2/2 app=sa-logic,version=v1
sa-logic-buggy-76dff55847-2fl66 2/2 app=sa-logic,version=v2
sa-logic-buggy-76dff55847-kx8zz 2/2 app=sa-logic,version=v2
adeegga sa-logic bar-tilmaameedyo leh calaamad app=sa-logic, marka dhammaan codsiyada waxaa loo qaybin doonaa dhammaan xaaladaha:
Laakiin waxaan rabnaa in codsiyada loo soo diro xaaladaha v1 oo aan u eegno tusaalooyinka v2:
Waxaan taas ku gaari doonaa iyada oo loo marayo VirtualService oo ay weheliso DestinationRule, halkaas oo xeerarku ay go'aamin doonaan qayb-hoosaadka iyo dariiqyada Adeegga Virtual-ka qayb-hoosaad gaar ah.
Qeexidda Qaybaha Hoosaadka ee Xeerarka Meesha
Qayb-hoosaadyo (qayb-hoosaad) waxaa lagu go'aamiyaa qaabeynta soo socota ():
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: sa-logic
spec:
host: sa-logic # 1
subsets:
- name: v1 # 2
labels:
version: v1 # 3
- name: v2
labels:
version: v2- Martigeliyaha (
host) qeexaya in sharcigani uu quseeyo kaliya kiisaska marka dariiqa loo maro adeegasa-logic; - Ciwaanka (
name) qayb-hoosaadyo ayaa la isticmaalaa marka la marinayo xaaladaha hoose; - Summada (
label) qeexayaa lamaanaha qiimaha muhiimka ah ee ay tahay in tusaalooyinku iswaafaqaan si ay qayb uga noqdaan qaybta hoose.
Ku codso qaabaynta amarkan soo socda:
$ kubectl apply -f resource-manifests/istio/shadowing/sa-logic-subsets-destinationrule.yaml
destinationrule.networking.istio.io/sa-logic createdHadda oo qayb-hoosaadyada la qeexay, waan sii socon karnaa oo aan habayn karnaa Adeegga VirtualService si aan ugu dabaqno xeerarka codsiyada sa-logic si ay:
- Loo hagaajiyay qayb-hoosaad
v1, - Loo muuiyay qayb-hoosaad
v2.
Qoraalka soo socda ayaa kuu ogolaanaya inaad gaarto qorshayaashaada ():
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: sa-logic
spec:
hosts:
- sa-logic
http:
- route:
- destination:
host: sa-logic
subset: v1
mirror:
host: sa-logic
subset: v2Sharaxaad loogama baahna halkan, markaa aan aragno ficil ahaan:
$ kubectl apply -f resource-manifests/istio/shadowing/sa-logic-subsets-shadowing-vs.yaml
virtualservice.networking.istio.io/sa-logic createdAynu ku darno culayska anagoo wacaya amarka soo socda:
$ while true; do curl -v http://$EXTERNAL_IP/sentiment
-H "Content-type: application/json"
-d '{"sentence": "I love yogobella"}';
sleep .8; done
Aynu eegno natiijooyinka Grafana, halkaas oo aad ku arki karto in nooca cayayaanka leh (buggy) waxay keentaa guuldarada ~ 60% codsiyada, laakiin guuldarrooyinkan midkoodna ma saameeyo isticmaalayaasha dhamaadka maadaama ay uga jawaabaan adeeg socda.
Jawaabaha lagu guulaystay ee noocyada kala duwan ee adeega sa-logic
Halkan waxaan markii hore ku aragnay sida VirtualService loogu dabaqo Ergeyada adeegyadeena: goorma sa-web-app wuxuu codsi u sameeyaa sa-logic, waxa ay dhex martaa Ergeyga sidecar, kaas oo - iyada oo loo marayo VirtualService - loo habeeyey in uu codsiga u maro qaybta v1 oo uu muraayadda codsiga u gudbiyo qaybta v2 ee adeegga. sa-logic.
Waan ogahay, waxaa laga yaabaa inaad horeba u malaynayso in Adeegyada Virtual ay fudud yihiin. Qaybta soo socota, waxaan ku ballaarin doonaa taas anagoo nidhaahna waxay sidoo kale runtii aad u fiican yihiin.
Soo-bandhigista Canary
Deployment Canary waa habka loo soo rogo nooc cusub oo arji ah tiro yar oo isticmaaleyaal ah. Waxaa loo isticmaalaa in lagu hubiyo in aysan jirin wax dhibaato ah oo la sii daayo oo kaliya ka dib, mar horeba kalsooni ku qaba tayada (sii daynta), u qaybi isticmaalayaasha kale.ΠΎdhagaystayaal waaweyn.
Si loo muujiyo duubista kanary-ga, waxaanu sii wadi doonaa la shaqaynta qayb-hoosaad buggy Ρ sa-logic.
Yaynaan wakhtiga ku lumin waxyaabaha yaryar oo isla markiiba u dir 20% isticmaalayaasha nooca leh cayayaanka (tani waxay matali doontaa soo bixitaankeena canary), iyo 80% soo hadhay ee adeega caadiga ah. Si tan loo sameeyo, isticmaal adeegga VirtualService ee soo socda ():
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: sa-logic
spec:
hosts:
- sa-logic
http:
- route:
- destination:
host: sa-logic
subset: v1
weight: 80 # 1
- destination:
host: sa-logic
subset: v2
weight: 20 # 1
1 waa miisaanka (weight), kaas oo qeexaya boqolleyda codsiyada loo jeedin doono qaataha ama qayb ka mid ah qaataha.
Aynu dib u cusboonaysiinno qaabaynta Adeegga VirtualService ee hore sa-logic oo leh amarka soo socda:
$ kubectl apply -f resource-manifests/istio/canary/sa-logic-subsets-canary-vs.yaml
virtualservice.networking.istio.io/sa-logic configured... oo waxaan isla markiiba arki doonnaa in codsiyada qaar ay horseedaan guuldarro:
$ while true; do
curl -i http://$EXTERNAL_IP/sentiment
-H "Content-type: application/json"
-d '{"sentence": "I love yogobella"}'
--silent -w "Time: %{time_total}s t Status: %{http_code}n"
-o /dev/null; sleep .1; done
Time: 0.153075s Status: 200
Time: 0.137581s Status: 200
Time: 0.139345s Status: 200
Time: 30.291806s Status: 500Adeegyada Virtual waxay awood u siinayaan soo-bandhigidda kanariyada: Xaaladdan oo kale, waxaanu ku soo koobnay saamaynta suurtagalka ah ee arrimaha 20% saldhigga isticmaalaha. Cajiib! Hadda, xaalad kasta marka aynaan hubin koodkayaga (si kale haddii loo dhigo - had iyo jeer...), waxaan isticmaali karnaa muraayadaha iyo duubista canary.
Waqtigoodu iyo isku day
Laakiin dhiqlaha had iyo jeer kuma dhammaadaan koodka. Liiska ku jira""Marka ugu horeysa waa aaminsanaanta khaldan ee ah "shabakadu waa mid la isku halayn karo." Xaqiiqda shabakada ma la isku halayn karo, sababtaas awgeed waxaan u baahanahay waqti-gabo (waqti dhammaatay) oo isku day (isku day).
Muujinta waxaan sii wadi doonaa isticmaalka nooca dhibaatada sa-logic (buggy), waxaanan ku ekaan doonaa kalsoonida aan la isku halleyn karin ee shabakada oo leh fashilaad aan kala sooc lahayn.
U oggolow adeeggayaga kutaannada leh 1/3 fursad uu ku qaadanayo waqti dheer si looga jawaabo, 1/3 fursad uu ku dhammeeyo Khaladka Server-ka Gudaha, iyo 1/3 fursad uu si guul leh ugu soo celiyo bogga.
Si loo yareeyo saameynta dhibaatooyinkan oo kale oo aan nolosha uga dhigno mid u wanaagsan isticmaalayaasha, waxaan awoodnaa:
- ku dar waqti-dhaaf ah haddii adeeggu uu qaato in ka badan 8 ilbiriqsi si uu uga jawaabo,
- isku day haddii codsigu guuldareysto.
Hirgelinta, waxaan isticmaali doonaa qeexida kheyraadka soo socda ():
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: sa-logic
spec:
hosts:
- sa-logic
http:
- route:
- destination:
host: sa-logic
subset: v1
weight: 50
- destination:
host: sa-logic
subset: v2
weight: 50
timeout: 8s # 1
retries:
attempts: 3 # 2
perTryTimeout: 3s # 3- Wakhtiga kama dambaysta ah ee codsiga waxa loo dejiyay 8 sekan;
- Codsiyada waxaa dib loo tijaabiyay 3 jeer;
- Isku day kastana waxaa loo arkaa mid aan guulaysan haddii wakhtiga jawaabta uu ka badan yahay 3 ilbiriqsi.
Tani waa wanaajinta sababtoo ah isticmaaluhu ma sugi doono wax ka badan 8 ilbiriqsi waxaanan sameyn doonaa seddex isku day oo cusub si aan jawaab u helno haddii ay dhacdo guuldarrooyin, kordhinta fursadda jawaab celinta guusha leh.
Dalbo qaabaynta la cusboonaysiiyay ee leh amarka soo socda:
$ kubectl apply -f resource-manifests/istio/retries/sa-logic-retries-timeouts-vs.yaml
virtualservice.networking.istio.io/sa-logic configuredOo hubi garaafyada Grafana in tirada jawaabaha guusha leh ay kordheen:
Hagaajinta tirakoobka jawaabta guusha leh ka dib marka lagu daro waqti-gaabyo iyo isku day
Inta aanad u gudbin qaybta xigta (ama halkii, qaybta xigta ee maqaalka, sababtoo ah tani ma jiri doonto tijaabo dheeraad ah oo la taaban karo - qiyaastii. transl.), tirtir sa-logic-buggy iyo VirtualService adiga oo socodsiinaya amarada soo socda:
$ kubectl delete deployment sa-logic-buggy
deployment.extensions βsa-logic-buggyβ deleted
$ kubectl delete virtualservice sa-logic
virtualservice.networking.istio.io βsa-logicβ deletedWareegtada Jabiya iyo Qaababka Madaxa Weyn
Waxaan ka hadlaynaa laba qaab oo muhiim ah oo ku jira qaab-dhismeedka microservice-ka kaas oo kuu oggolaanaya inaad gaarto dib-u-soo-kabasho (is-bogsiin) adeegyada.
Qalabka wareega ("circuit breaker") loo isticmaalo in lagu joojiyo codsiyada ku imanaya tusaale ahaan adeegga loo arko mid aan caafimaad qabin oo dib loo soo celiyo iyada oo codsiyada macmiilka loo wareejinayo xaaladaha caafimaadka qaba ee adeeggaas (taas oo kordhisa boqolkiiba jawaabaha guuleysta). (Fiiro gaar ah: Tilmaan faahfaahsan oo ka sii faahfaahsan qaabka ayaa la heli karaa, tusaale ahaan, .)
Bulkhead ("qayb") waxay ka saartaa guuldarrooyinka adeegga inay saameeyaan nidaamka oo dhan. Tusaale ahaan, Adeegga B wuu jabay oo adeeg kale (macaamilka Adeegga B) ayaa codsi u diraya Adeegga B, taasoo keenaysa inuu daalo balliga dunta oo aanu awoodin inuu u adeego codsiyada kale (xitaa haddii aanay ka iman Adeegga B). (Fiiro gaar ah: Tilmaan faahfaahsan oo ka sii faahfaahsan qaabka ayaa la heli karaa, tusaale ahaan, .)
Waxaan ka tagi doonaa tafaasiisha fulinta qaababkan sababtoo ah way fududahay in la helo , iyo sidoo kale waxaan runtii rabaa inaan muujiyo aqoonsiga iyo oggolaanshaha, kaas oo looga hadli doono qaybta xigta ee maqaalka.
PS ka turjumaan
Sidoo kale ka akhri boggayaga:
- "Ku laabo adeegaha yaryar ee Istio": , ;
- Β«";
- Β«".
Source: www.habr.com