"Ingozi ligama lam eliphakathi," uAustin Powers, indoda engaqondakaliyo yamazwe ngamazwe, wayedla ngokutsho. Kodwa oko kuxatyiswa kakhulu ngamagosa aphezulu kunye neenkonzo zobuntlola azifanelekanga kwaphela kwiinkonzo zekhompyuter, apho isithukuthezi singcono kunengozi.
Kwaye i-Istio, kunye ne-OpenShift kunye ne-Kubernetes, yenza ukuthumela ii-microservices ukuba kukruqule kwaye kuqikeleleke- kwaye kulungile. Siza kuthetha ngale nto kunye nokunye okuninzi kwisithuba sesine nesokugqibela kuthotho lwe-Istio.
Xa isithukuthezi silungile
Kwimeko yethu, ukukruquka kwenzeka kuphela kwinqanaba lokugqibela, xa konke okuseleyo kukuhlala kwaye ubukele inkqubo. Kodwa ngenxa yoku kufuneka uqwalasele yonke into kuqala, kwaye zininzi izinto ezinomdla ezikulindileyo apha.
Xa uhambisa inguqulelo entsha yesoftware yakho, kufanelekile ukuqwalasela zonke iinketho zokunciphisa umngcipheko. Ukugijima ngokuhambelana kuyindlela enamandla kakhulu kwaye eqinisekisiweyo yokuvavanya, kwaye i-Istio ikuvumela ukuba usebenzise "inkonzo eyimfihlo" (inguqu efihliweyo ye-microservice yakho) ukwenza oku ngaphandle kokuphazamisa inkqubo yokuvelisa. Kukho negama elikhethekileyo loku - "UkuQaliswa okuMnyama", ethi yona isebenze ngumsebenzi onegama elilinganayo lokuhlola "i-traffic mirroring".
Nceda uqaphele ukuba isivakalisi sokuqala somhlathi wangaphambili sisebenzisa igama elithi "deploy" kunokuba "khulula". Kuya kufuneka ukwazi ukuhambisa-kwaye, ewe, sebenzisa-i-microservice yakho rhoqo njengoko ufuna. Le nkonzo kufuneka ikwazi ukufumana kwaye isebenze i-traffic, ivelise iziphumo, kwaye ibhale kwiilogi kunye nokubeka iliso. Kodwa kwangaxeshanye, le nkonzo ngokwayo akufuneki ukuba ikhululwe kwimveliso. Ukuhambisa kunye nokukhupha isoftware ayisoloko iyinto enye. Ungathumela nanini na ufuna, kodwa ukhulule kuphela xa sele ulungile.
Ukulungiselela isithukuthezi kunomdla
Thatha ujongo kumgaqo we-Istio ulandelayo, ohambisa zonke izicelo ze-HTTP kwincomo ye-microservice v1 (yonke imizekelo ethatyathwe ), ngelixa kwangaxeshanye ubenzela isipili kwingcebiso v2 microservice:
Nika ingqalelo kwileyibhile mirror: emazantsi esikrini - yile nto ibeka i-traffic mirroring. Ewe, ilula ngolo hlobo!
Isiphumo salo mgaqo siya kuba kukuba inkqubo yakho yokuvelisa (v1) iya kuqhubeka nokwenza izicelo ezingenayo, kodwa izicelo ngokwazo ziya kujongwa ngokulinganayo kwi-v2, oko kukuthi, iimpinda zazo ezipheleleyo ziya kuya apho. Ngale ndlela, unokuvavanya i-v2 kwiimeko zangempela-kwidatha yangempela kunye ne-traffic - ngaphandle kokuphazamisa nayiphi na indlela yokusebenza kwenkqubo yokuvelisa. Ngaba oku kwenza ulungiselelo lovavanyo lukruquke? Ewe, ngokuqinisekileyo. Kodwa kwenziwa ngendlela enika umdla.
Masenze idrama
Nceda uqaphele ukuba kwikhowudi ye-v2 kuyimfuneko ukubonelela ngeemeko apho izicelo ezingenayo zingakhokelela ekutshintsheni idatha. Izicelo ngokwazo zibonakaliswe ngokulula nangokucacileyo, kodwa ukhetho lwendlela yokucubungula kuvavanyo luxhomekeke kuwe - kwaye oku kuyakhathaza.
Masiphinde ingongoma ebalulekileyo
Ukuqaliswa okuyimfihlo kunye ne-traffic mirroring (Ukuqaliswa Okumnyama / Ukucela i-Mirroring) kunokwenziwa ngaphandle kokuchaphazela ikhowudi nangayiphi na indlela.
Ukutya kwengqondo
Kuthekani ukuba indawo apho izicelo ziboniswa isipili ithumela ezinye zazo hayi kwi-v1, kodwa kwi-v2? Umzekelo, ipesenti enye yazo zonke izicelo okanye izicelo kuphela kwiqela elithile labasebenzisi. Kwaye ke, sele ujonge indlela i-v2 esebenza ngayo, ngokuthe ngcembe udlulisele zonke izicelo kwinguqulelo entsha. Okanye ngokuchaseneyo, buyisela yonke into kwi-v1 ukuba kukho into engahambi kakuhle nge-v2. Ndicinga ukuba ibizwa ngokuba yiCanary Deployment. , yaye ukuba ibiyimvelaphi yesiRashiya, mhlawumbi ibiya kuba nembekiselo kuyo ), kwaye ngoku siza kujonga oku ngakumbi.
Ukuhanjiswa kweCanary kwi-Istio: ukwenza lula ukuthunywa
Ngononophelo kwaye ngokuthe ngcembe
Undoqo wemodeli yeCanary Deployment deployment ilula kakhulu: xa usungula inguqulelo entsha yesoftware yakho (kwimeko yethu, i-microservice), uqala ukunika ukufikelela kuyo kwiqela elincinci labasebenzisi. Ukuba yonke into ihamba kakuhle, ulonyusa kancinci eli qela de inguqulelo entsha iqale ukusebenza, okanye-ukuba ayihambi-ekugqibeleni ufudukele kuyo bonke abasebenzisi. Ngokucinga nangokucotha ukwazisa inguqulelo entsha kunye nokutshintsha abasebenzisi kuyo ngendlela elawulwayo, unokunciphisa umngcipheko kwaye ukwandise impendulo.
Ewe kunjalo, i-Istio yenza lula iCanary Deployment ngokunika iinketho ezininzi ezilungileyo zokucela indlela ekrelekrele. Kwaye ewe, konke oku kunokwenziwa ngaphandle kokuchukumisa ikhowudi yakho yomthombo nangayiphi na indlela.
Ukuhluza isikhangeli
Enye yeendlela ezilula zokujonga kukuhanjiswa okusekwe kwisikhangeli. Masithi ufuna kuphela izicelo ezivela kwiibhrawuza zeSafari ukuya kwi-v2. Nantsi indlela eyenziwa ngayo:
Masisebenzise lo mgaqo womzila kwaye emva koko sisebenzise umyalelo curl Siyakulinganisa izicelo zokwenyani kwi-microservice kwilophu. Njengoko ubona kwiscreenshot, bonke baya kwi-v1:
Ingaba iphi itrafikhi kwi-v2? Kuba kumzekelo wethu zonke izicelo zivela kumgca wethu womyalelo kuphela, abukho. Kodwa nikela ingqalelo kwimigca engezantsi kwisikrini esingasentla: oku kukusabela kwinto yokuba senze isicelo kwisikhangeli seSafari, esathi savelisa oku:
Amandla angenamkhawulo
Sele sibhale ukuba iintetho eziqhelekileyo zibonelela ngezakhono ezinamandla kakhulu kwizicelo zendlela. Jonga lo mzekelo ulandelayo (sicinga ukuba uya kuyiqonda into eyenzayo):
Ukuza kuthi ga ngoku unombono wento enokwenziwa ngamabinzana aqhelekileyo.
Yenza Smart
Indlela ehlakaniphile, ngakumbi ukusetyenzwa kweentloko zeepakethe usebenzisa intetho eqhelekileyo, ikuvumela ukuba ulawule itrafikhi ngendlela ofuna ngayo. Kwaye oku kulula kakhulu ukuphunyezwa kwekhowudi entsha - ilula, ayifuni ukutshintsha ikhowudi ngokwayo, kwaye ukuba kuyimfuneko, yonke into inokubuyiselwa ngokukhawuleza njengoko yayinjalo.
Unomdla?
Ngaba unomdla wokuzama i-Istio, Kubernetes kunye ne-OpenShift kwikhompyuter yakho? Iqela ilungiswe kakuhle ngalo mxholo kwaye wenze ukuba zonke iifayile ezihamba nazo zifumaneke esidlangalaleni. Ngoko qhubeka kwaye ungazikhanyeli nantoni na.
β
Istio Egress: phuma ngevenkile yesikhumbuzo
Ngokusebenzisa i-Istio kunye ne-Red Hat OpenShift kunye ne-Kubernetes, unokwenza ubomi bakho ngee-microservices bube lula kakhulu. Umnatha wenkonzo ye-Istio ufihlwe ngaphakathi kwee-Kubernetes pods, kwaye ikhowudi yakho ibaleka (ubukhulu becala) yodwa. Ukusebenza, ukukhululeka kokutshintsha, ukulandelwa, njl njl - konke oku kulula ukuyisebenzisa ngokubonga ekusebenziseni izitya ze-sidecar. Kodwa kuthekani ukuba i-microservice yakho ifuna ukunxibelelana nezinye iinkonzo ezibekwe ngaphandle kwenkqubo yakho ye-OpenShift-Kubernetes?
Kulapho i-Istio Egress isiza khona. Ngamafutshane, kukuvumela ukuba ufikelele kwizibonelelo (funda: "iinkonzo") ezingeyonxalenye yenkqubo yakho ye-Kubernetes pods. Ukuba awukwenzi uqwalaselo olongezelelweyo, ngoko kwi-Istio Egress i-traffic yendalo ye-traffic ihanjiswa kuphela ngaphakathi kweqela leepods kunye naphakathi kwamaqela anjalo ngokusekelwe kwiitafile zangaphakathi ze-IP. Kwaye oko kukhula kusebenza kakuhle logama nje awufuni ukufikelela kwiinkonzo ezivela ngaphandle.
I-Egress ikuvumela ukuba ugqithe kwiitafile ze-IP ezingentla, mhlawumbi zisekelwe kwimithetho ye-Egress okanye kuluhlu lweedilesi ze-IP.
Masithi sinenkqubo yeJava eyenza isicelo seGET ku httpbin.org/headers.
(httpbin.org sisixhobo esifanelekileyo sokuvavanya izicelo zenkonzo eziphumayo.)
Ukuba ungenisa kumgca womyalelo curl http://httpbin.org/headers, siza kubona oku kulandelayo:
Okanye unokuvula idilesi efanayo kwisikhangeli:
Njengoko ubona, inkonzo ebekwe apho ibuyisela nje iiheader ezigqithiselwe kuyo.
Sithatha indawo yokungenisa elizweni ngokuthe ngqo
Ngoku makhe sithathe ikhowudi yeJava yale nkonzo, ngaphandle kwenkqubo yethu, kwaye siyiqhube yodwa, apho, khumbula, i-Istio ifakwe. (Ungakwenza oku ngokwakho ngokuqhagamshelana .) Emva kokwakha umfanekiso ofanelekileyo kwaye uqalise kwiqonga le-OpenShift, siya kubiza le nkonzo ngomyalelo curl egresshttpbin-istioegress.$(minishift ip).nip.io, emva koko siya kubona oku kwiscreen:
Yhoo kwenzeke ntoni? Yonke into yasebenza. Ithetha ukuthini i-Not Found? Besenzela yena nje curl.
Ukwandiswa kweetafile ze-IP kwi-Intanethi iphela
I-Istio kufuneka ibekwe ityala (okanye ibulele) ngale nto. Emva kwayo yonke loo nto, i-Istio zizikhongozeli zemoto ezisecaleni ezinoxanduva lokubona kunye nendlela (kunye nezinye izinto ezininzi ebesithetha ngazo ngaphambili). Ngesi sizathu, iitafile ze-IP zazi kuphela okungaphakathi kwenkqubo yeqela lakho. Kwaye i-httpbin.org ingaphandle kwaye ayifikeleleki. Kwaye kulapho i-Istio Egress iza kuhlangula - ngaphandle kotshintsho oluncinci kwikhowudi yakho yomthombo.
Umgaqo we-Egress ongezantsi unyanzelisa i-Istio ukuba ikhangele (ukuba kuyimfuneko, ngoko kuyo yonke i-Intanethi) kwinkonzo efunekayo, kulo mzekelo, httpbin.org. Njengoko unokubona kule fayile (egress_httpbin.yml), ukusebenza apha kulula kakhulu:
Okuseleyo kukusebenzisa lo mgaqo:
istioctl create -f egress_httpbin.yml -n istioegress
Uyakwazi ukujonga imithetho ye-Egress ngomyalelo istioctl get egressrules:
Kwaye ekugqibeleni, siqhuba umyalelo kwakhona curl -kwaye siyabona ukuba yonke into iyasebenza:
Sicinga ngokuphandle
Njengoko ubona, i-Istio ikuvumela ukuba uququzelele intsebenziswano kunye nehlabathi langaphandle. Ngamanye amagama, usenokwenza iinkonzo ze-OpenShift kwaye uzilawule nge-Kubernetes, ugcine yonke into kwiipods ezinyuka kwaye zihla njengoko kufuneka. Kwaye kwangaxeshanye, unokufikelela ngokukhuselekileyo kwiinkonzo zangaphandle kokusingqongileyo. Kwaye ewe, siyaphinda kwakhona ukuba konke oku kunokwenziwa ngaphandle kokuchukumisa ikhowudi yakho nangayiphi na indlela.
Esi yayisisithuba sokugqibela kuthotho lwe-Istio. Hlala ubukele - zininzi izinto ezinomdla ezizayo!
umthombo: www.habr.com