Intshayelelo
Singaphakathi waqala ukuthumela i-Istio njenge-mesh yenkonzo. Ngokomgaqo, yonke into ilungile, ngaphandle kwento enye: iyabiza.
Π kuba Istio ithi:
Nge-Istio 1.1, i-proxy idla malunga ne-0,6 vCPUs (i-virtual cores) ngezicelo ze-1000 ngesekhondi.
Kummandla wokuqala kumnatha wenkonzo (ii-proxies ezi-2 kwicala ngalinye loqhagamshelo), siya kuba ne-1200 cores nje kwi-proxy, ngesantya sesigidi sezicelo ngesekhondi. Ngokwecalculator yeendleko zikaGoogle, isebenza malunga ne-40 yeedola / inyanga / isiseko soqwalaselo. n1-standard-64, oko kukuthi, lo mmandla wodwa uya kusixabisa ngaphezu kwe-50 amawaka eedola ngenyanga ngezicelo ze-1 yezigidi ngomzuzwana.
UIvan Sim () ulibaziseko lwemesh yenkonzo kulo nyaka uphelileyo kwaye wathembisa okufanayo kwimemori kunye neprosesa, kodwa ayizange isebenze:
Kuyabonakala ukuba, ixabiso-istio-test.yaml liya kwandisa kakhulu izicelo ze-CPU. Ukuba ndiyenze imathematika yam ngokuchanekileyo, udinga malunga nama-24 e-CPU cores kwiphaneli yolawulo kunye ne-0,5 CPU kwiproksi nganye. Andinayo ingako. Ndiya kuziphinda iimvavanyo xa izibonelelo ezininzi zabelwe mna.
Bendifuna ukuzibonela ngokwam ukuba ifana njani intsebenzo ye-Istio kwenye i-mesh yenkonzo yomthombo ovulekileyo: .
Ufakelo lomnatha wenkonzo
Okokuqala, ndiyifake kwiqela :
$ supergloo init
installing supergloo version 0.3.12
using chart uri https://storage.googleapis.com/supergloo-helm/charts/supergloo-0.3.12.tgz
configmap/sidecar-injection-resources created
serviceaccount/supergloo created
serviceaccount/discovery created
serviceaccount/mesh-discovery created
clusterrole.rbac.authorization.k8s.io/discovery created
clusterrole.rbac.authorization.k8s.io/mesh-discovery created
clusterrolebinding.rbac.authorization.k8s.io/supergloo-role-binding created
clusterrolebinding.rbac.authorization.k8s.io/discovery-role-binding created
clusterrolebinding.rbac.authorization.k8s.io/mesh-discovery-role-binding created
deployment.extensions/supergloo created
deployment.extensions/discovery created
deployment.extensions/mesh-discovery created
install successful!Ndisebenzise iSuperGloo kuba yenza i-bootstrapping ye-mesh yenkonzo ibe lula kakhulu. Kwakungeyomfuneko ukuba ndenze okuninzi. Asisebenzisi iSuperGloo kwimveliso, kodwa ilungele umsebenzi onjalo. Kwafuneka ndisebenzise ngokwenyani imiyalelo embalwa kumnatha wenkonzo nganye. Ndisebenzise amaqela amabini ukuba ndedwa - elinye lilinye kwi-Istio kunye ne-Linkerd.
Uvavanyo lwenziwe kwi-Google Kubernetes Engine. Ndisebenzise iKubernetes 1.12.7-gke.7 kunye nedama lamaqhuqhuva n1-standard-4 kunye ne-node scaling ngokuzenzekelayo (ubuncinci be-4, ubuninzi be-16).
Emva koko ndifake zombini iimeshes zenkonzo ukusuka kumgca womyalelo.
Okokuqala kudityaniswe:
$ supergloo install linkerd --name linkerd
+---------+--------------+---------+---------------------------+
| INSTALL | TYPE | STATUS | DETAILS |
+---------+--------------+---------+---------------------------+
| linkerd | Linkerd Mesh | Pending | enabled: true |
| | | | version: stable-2.3.0 |
| | | | namespace: linkerd |
| | | | mtls enabled: true |
| | | | auto inject enabled: true |
+---------+--------------+---------+---------------------------+Emva koko Istio:
$ supergloo install istio --name istio --installation-namespace istio-system --mtls=true --auto-inject=true
+---------+------------+---------+---------------------------+
| INSTALL | TYPE | STATUS | DETAILS |
+---------+------------+---------+---------------------------+
| istio | Istio Mesh | Pending | enabled: true |
| | | | version: 1.0.6 |
| | | | namespace: istio-system |
| | | | mtls enabled: true |
| | | | auto inject enabled: true |
| | | | grafana enabled: true |
| | | | prometheus enabled: true |
| | | | jaeger enabled: true |
+---------+------------+---------+---------------------------+I-crash-loop ithathe imizuzu embalwa, kwaye iipaneli zokulawula zizinzile.
(Qaphela: I-SuperGloo ixhasa kuphela i-Istio 1.0.x okwangoku. Ndiphindaphinde umfuniselo nge-Istio 1.1.3, kodwa andizange ndiqaphele nawuphi na umahluko obonakalayo.)
Ukumisela i-Istio Automatic Deployment
Ukwenza i-Istio ifakele i-sidecar uMthunywa, sisebenzisa i-injector ye-sidecar - MutatingAdmissionWebhook. Asiyi kuthetha ngayo kweli nqaku. Manditsho nje ukuba lo ngumlawuli obeka esweni ukufikelela kuzo zonke iipod ezintsha kwaye wongeza ngamandla i-sidecar kunye ne-initContainer, enoxanduva lwemisebenzi. iptables.
Thina kwa-Shopify sibhale umlawuli wethu wokufikelela ukuphumeza ii-sidecars, kodwa ngenxa yolu phawu ndisebenzise umlawuli oza kunye ne-Istio. Umlawuli ufaka iimoto ezisecaleni ngokungagqibekanga xa kukho indlela emfutshane kwindawo yamagama istio-injection: enabled:
$ kubectl label namespace irs-client-dev istio-injection=enabled
namespace/irs-client-dev labeled
$ kubectl label namespace irs-server-dev istio-injection=enabled
namespace/irs-server-dev labeledUkumisela ukuthunyelwa kwe-Linkerd ngokuzenzekelayo
Ukuseta i-Linkerd sidecar embedding, sisebenzisa amanqakwana (ndiyongeze ngesandla nge kubectl edit):
metadata:
annotations:
linkerd.io/inject: enabled$ k edit ns irs-server-dev
namespace/irs-server-dev edited
$ k get ns irs-server-dev -o yaml
apiVersion: v1
kind: Namespace
metadata:
annotations:
linkerd.io/inject: enabled
name: irs-server-dev
spec:
finalizers:
- kubernetes
status:
phase: ActiveI-Istio Fault Tolerance Simulator
Sakhe i-simulator yokunyamezela impazamo ebizwa ngokuba yi-Istio ukuze sivavanye itrafikhi ekhethekileyo kwi-Shopify. Sasidinga isixhobo sokudala i-topology yesiko esiya kubonisa inxalenye ethile yegrafu yenkonzo yethu, iqulunqwe ngamandla ukuba imodeli yomthwalo okhethekileyo womsebenzi.
Iziseko zophuhliso zikaShopify ziphantsi komthwalo onzima ngexesha lentengiso yeflash. Kwangaxeshanye, Shopify . Abathengi abakhulu ngamanye amaxesha balumkisa malunga nokuthengiswa kweflash ecwangcisiweyo. Abanye basiphathela ezi singalindelanga nangaliphi na ixesha emini okanye ebusuku.
Besifuna i-simulator yethu yokuqina ukuba imodeli yokuhamba komsebenzi ehambelana ne-topology kunye nomthwalo womsebenzi oye wongamela iziseko zoncedo zikaShopify kwixesha elidlulileyo. Injongo ephambili yokusebenzisa i-mesh yenkonzo kukuba sifuna ukuthembeka kunye nokunyamezela impazamo kwinqanaba lenethiwekhi, kwaye kubalulekile kuthi ukuba i-mesh yenkonzo ihlangabezane ngokufanelekileyo nemithwalo eyayiphazamisa iinkonzo ngaphambili.
Kwintliziyo ye-fault tolerance simulator yi-node yabasebenzi, esebenza njenge-mesh node yenkonzo. I-node yabasebenzi inokuqwalaselwa ngokwezibalo ekuqaleni okanye ngokuguquguqukayo nge-REST API. Sisebenzisa ukucwangciswa okuguquguqukayo kweenodi zabasebenzi ukudala ukuhamba komsebenzi ngendlela yovavanyo lokubuyisela.
Nanku umzekelo wenkqubo enjalo:
- Siphehlelela iiseva ezili-10 njenge
barinkonzo ebuyisela impendulo200/OKemva kwe-100 ms. - Siqalisa abathengi 10 - ngamnye uthumela 100 izicelo ngomzuzwana ukuya
bar. - Rhoqo kwimizuzwana eyi-10 sisusa iseva enye kwaye sibeke iliso kwiimpazamo
5xxkumxhasi.
Ekupheleni kokuhamba komsebenzi, sihlola iilogi kunye neemetriki kwaye sikhangele ukuba uvavanyo luphumelele. Ngale ndlela sifunda malunga nokusebenza kwe-mesh yethu yenkonzo kwaye siqhuba uvavanyo lokubuyela umva ukuvavanya iingqikelelo zethu malunga nokunyamezela iimpazamo.
(Qaphela: Sicinga ngokuvula i-Istio fault tolerance simulator, kodwa asikakulungeli ukwenza oko okwangoku.)
Istio fault tolerance simulator yenkonzo inemesh benchmark
Siseta iindawo ezininzi zokusebenza zesifanisi:
irs-client-loadgen: Iikopi ezi-3 ezithumela izicelo ezili-100 ngesekhondi nganyeirs-client.irs-client: Iikopi ezi-3 ezifumana isicelo, linda i-100ms kwaye uthumele isicelo kuirs-server.irs-server: Iikopi ezi-3 ezibuyayo200/OKemva kwe-100 ms.
Ngolu lungelelwaniso, sinokulinganisa ukuhamba okuzinzile kwe-traffic phakathi kwe-9 endpoints. Sidecars ngaphakathi irs-client-loadgen ΠΈ irs-server ukufumana izicelo 100 ngomzuzwana, kwaye irs-client β 200 (engenayo naphumayo).
Silandelela ukusetyenziswa kwemithombo kuba asinalo iqela lePrometheus.
Iziphumo
Iiphaneli zokulawula
Okokuqala, sihlolisise ukusetyenziswa kwe-CPU.
Iphaneli yokulawula ye-Linkerd ~ 22 millicore
Iphaneli yokulawula ye-Istio: ~ 750 millicore
Iphaneli yolawulo ye-Istio isebenzisa malunga Amaxesha angama-35 ngaphezulu kwezixhobo ze-CPUngaphezu kwe-Linkerd. Ngokuqinisekileyo, yonke into ifakwe ngokungagqibekanga, kwaye i-istio-telemetry isebenzisa izixhobo ezininzi zeprosesa apha (inokukhutshazwa ngokukhubaza imisebenzi ethile). Ukuba sisusa eli candelo, sisafumana ngaphezulu kwe-100 millicores, oko kukuthi 4 amaxesha ngaphezulungaphezu kwe-Linkerd.
Ummeli wemoto esecaleni
Emva koko siye savavanya ukusetyenziswa kwe-proxy. Kufuneka kubekho ubudlelwane bomgca kunye nenani lezicelo, kodwa kwi-sidecar nganye kukho i-overhead ethile echaphazela ijika.
I-Linkerd: ~100 millicores ye-irs-client, ~50 millicores ye-irs-client-loadgen
Iziphumo zibukeka zinengqiqo, kuba umxhasi womxhasi ufumana i-traffic ephindwe kabini njenge-proxy ye-loadgen: kwisicelo ngasinye esiphumayo esivela kwi-loadgen, umxhasi unenye engenayo kunye nenye ephumayo.
Istio/Umthunywa: ~155 millicores ye-irs-client, ~75 millicores ye-irs-client-loadgen
Sibona iziphumo ezifanayo kwi-Istio sidecars.
Kodwa ngokubanzi, i-Istio/Envoy proxies idla malunga ne-50% yezibonelelo ze-CPU ngaphezulungaphezu kwe-Linkerd.
Sibona inkqubo efanayo kwicala lomncedisi:
I-Linkerd: ~ 50 millicore ye-irs-server
Istio/Umthunywa: ~80 millicore ye-irs-server
Kwicala lomncedisi, i-sidecar Istio / uMthunywa uyadla malunga ne-60% yezibonelelo ze-CPU ngaphezulungaphezu kwe-Linkerd.
isiphelo
Ummeli we-Istio utya i-50+% ye-CPU ngaphezulu kwe-Linkerd kumthwalo wethu wokulinganisa. Iphaneli yokulawula ye-Linkerd isebenzisa izixhobo ezingaphantsi kwe-Istio, ngakumbi kumacandelo angundoqo.
Sisacinga ngendlela yokunciphisa ezi ndleko. Ukuba unemibono, nceda wabelane!
umthombo: www.habr.com