Molweni kwakhona!.. Ngobusuku bangaphambi kokuqala kwekhosi Siye salungiselela enye inguqulelo eluncedo.
Umnatha wenkonzo ngumaleko weziseko ezingundoqo olungelelanisiweyo, ophantsi-latency ofunekayo ukuphatha umthamo omkhulu wonxibelelwano olusekwe kwinethiwekhi phakathi kwenkqubo phakathi kojongano lwenkqubo yesicelo (APIs). I-Service Mesh yenza unxibelelwano olukhawulezayo, oluthembekileyo nolukhuselekileyo phakathi kweenkonzo zeziseko ezingundoqo ezifakwe kwisikhongozeli kunye nezihlala zingenasiphelo. I-Service Mesh ibonelela ngezakhono ezifana nokufunyanwa kwenkonzo, ukulinganisa umthwalo, uguqulelo oluntsonkothileyo, ukungafihli, ukulandeleka, ukuqinisekiswa kunye nogunyaziso, kunye nenkxaso yepateni yokuvala ngokuzenzekelayo (umephuli wojikelezo).
Umnatha wenkonzo ngokuqhelekileyo uphunyezwa ngokubonelela ngomzekelo ngamnye wenkonzo ngomzekelo weproxy, obizwa ngokuba Sidecar. Sidecar ukuphatha unxibelelwano phakathi kweenkonzo, ukubeka iliso kunye nokusombulula imiba yokhuseleko, oko kukuthi, yonke into enokuthi ikhutshwe kwiinkonzo zomntu ngamnye. Ngale ndlela, abaphuhlisi banokubhala, bagcine, kwaye bakhonze ikhowudi yesicelo kwiinkonzo, kwaye abalawuli benkqubo banokusebenza kunye ne-Service Mesh kwaye baqhube isicelo.
I-Istio evela kuGoogle, IBM kunye neLyft okwangoku yeyona nto idumileyo yokwakhiwa kwemesh yenkonzo. Kwaye i-Kubernetes, eyaphuhliswa kuqala kuGoogle, ngoku kuphela kwesakhelo se-orchestration yesikhongozeli esixhaswa yi-Istio. Abathengisi bazama ukwenza iinguqulelo ezixhaswa ngokurhweba ze-Istio. Kuya kuba ngumdla ukubona ukuba zeziphi izinto ezintsha abanokuzizisa kwiprojekthi yomthombo ovulekileyo.
Nangona kunjalo, i-Istio ayisiyiyo yodwa inketho njengoko ezinye iinkqubo ze-Service Mesh ziphuhliswa. Umzekelo sidecar proxy lolona phunyezo ludumileyo, njengoko lunokugwetywa yiprojekthi iBuoyant, HashiCorp, Solo.io kunye nabanye. Kukho nezinye iindlela zokwakha: Isixhobo seteknoloji yeNetflix yenye yeendlela apho umsebenzi we-Service Mesh uphunyezwa ngeRibhoni, iHysterix, i-Eureka, iilayibrari ze-Archaius, kunye namaqonga afana ne-Azure Service Fabric.
I-Service Mesh inesigama sayo samacandelo enkonzo kunye nemisebenzi:
- Isakhelo se-orchestration yesikhongozeli. Njengoko izikhongozeli ezininzi zongezwa kwiziseko ezingundoqo zesicelo, kukho imfuneko yesixhobo esahlukileyo sokubeka iliso kunye nokulawula izikhongozeli - isakhelo se-orchestration yesikhongozeli. I-Kubernetes ibambe ngokuqinileyo kule niche, kangangokuba nabakhuphisana nabo abaphambili i-Docker Swarm kunye ne-Mesosphere DC/OS ibonelela ngokudityaniswa ne-Kubernetes njengenye indlela.
- Iinkonzo kunye naMaziko (Kubernetes Pods). Umzekelo yikopi enye esebenzayo ye-microservice. Ngamanye amaxesha umzekelo omnye sisikhongozeli esinye. Kwi-Kubernetes, umzekelo uquka iqela elincinci lezikhongozeli ezizimeleyo ezibizwa ngokuba yi-pod. Abaxhamli abafane bafikelele kumzekelo okanye kwi-pod ngokuthe ngqo; rhoqo, bafikelela kwinkonzo, eyiseti yeziganeko ezifanayo, ezinobungakanani kunye nokunyamezela iziphene okanye iipods (replicas).
- Ummeli wemoto esecaleni. I-Sidecar Proxy isebenza ngomzekelo omnye okanye ipod. Inqaku le-Sidecar Proxy yindlela okanye i-traffic ye-proxy evela kwisikhongozeli esebenza nayo kunye nokubuyisela itrafikhi. I-Sidecar isebenzisana nezinye ii-Sidecar Proxies kwaye ilawulwa yinkqubo ye-orchestration. Ukuphunyezwa okuninzi kweMesh yeNkonzo kusebenzisa i-Sidecar Proxy ukunqanda kunye nokulawula yonke i-traffic ngaphakathi nangaphandle kwimeko okanye i-pod.
- Ukufunyanwa kweNkonzo. Xa umzekelo ufuna ukunxibelelana nenye inkonzo, kufuneka ufumane (ukufumanisa) umzekelo ophilileyo nokhoyo wenye inkonzo. Ngokuqhelekileyo, umzekelo wenza ukujonga kwe-DNS. Isakhelo se-container orchestration framework sigcina uluhlu lwemizekelo elungele ukufumana izicelo kwaye lubonelela ngojongano lwemibuzo ye-DNS.
- Umthwalo wokulinganisa. Uninzi lwezikhokelo zookhestra zibonelela ngolungelelwaniso lomthwalo kumaleko wesi-4 (ezothutho). I-Service Mesh isebenzisa ukulinganisa umthwalo onzima ngakumbi kwinqanaba lesi-7 (inqanaba lesicelo), ucebile kwii-algorithms kunye nokusebenza ngakumbi ekulawuleni i-traffic. Izicwangciso zokulinganisa ukulayisha zingatshintshwa kusetyenziswa i-API, ekuvumela ukuba wenze i-blue-green okanye i-canary deployments.
- Uguqulelo oluntsonkothileyo. I-Service Mesh inokufihla kwaye iguqule izicelo kunye neempendulo, isuse lo mthwalo kwiinkonzo. I-Service Mesh inokuphucula ukusebenza ngokubeka phambili okanye ukusebenzisa kwakhona uqhagamshelo olukhoyo oluqhubekayo, ukunciphisa imfuno yokubala okuxabisa kakhulu ukudala uqhagamshelwano olutsha. Ukuphunyezwa okuqhelekileyo koguqulelo lwe-traffic encryption mutual TLS (mTLS), apho isiseko sesiseko sikawonke-wonke (PKI) sivelisa kwaye sisasaze izatifikethi kunye nezitshixo zokusetyenziswa yi-Sidecar Proxy.
- Uqinisekiso kunye noGunyaziso. I-Service Mesh inokugunyazisa kwaye iqinisekise izicelo ezenziwe ngaphandle okanye ngaphakathi kwesicelo, ithumela kuphela izicelo eziqinisekisiweyo kwiimeko.
- Inkxaso yepateni yokuvala ngokuzenzekelayo. Inkxaso ye-Service Mesh , eyahlula iimeko ezingafanelekanga kwaye emva koko ngokuthe ngcembe ibuyisele echibini leemeko eziphilileyo xa kuyimfuneko.
Inxalenye yesicelo se-Service Mesh elawula itrafikhi yenethiwekhi phakathi kweemeko ibizwa ngokuba Data Plane. Yenza kwaye usebenzise ubumbeko olulawula ukuziphatha Data Plane, yenziwa kusetyenziswa eyahlukileyo Inqwelomoya yokulawula. Inqwelomoya yokulawula iquka okanye yenzelwe ukudibanisa kwi-API, CLI, okanye GUI ukulawula isicelo.
I-Control Plane kwi-Service Mesh isasaza ukucwangciswa phakathi kwe-Sidecar Proxy kunye neDatha yeDatha.
Uyilo lweMesh yeNkonzo ihlala isetyenziselwa ukusombulula iingxaki ezintsonkothileyo zokusebenza kusetyenziswa izikhongozeli kunye nee-microservices. Oovulindlela entsimini ziinkampani ezifana neLyft, Netflix kunye ne-Twitter, ezibonelela ngeenkonzo ezizinzileyo kwizigidi zabasebenzisi kwihlabathi liphela. (). Kwizicelo ezingabizi kakhulu, ulwakhiwo olulula lunokwanela.
Uyilo lweMesh yeNkonzo ayinakwenzeka ukuba ibe yimpendulo kuyo yonke imisebenzi yesicelo kunye nemiba yokuhanjiswa. Abaqulunqi bezakhiwo kunye nabaphuhlisi banomkhosi omkhulu wezixhobo, kwaye enye kuphela iyisando, apho, phakathi kwemisebenzi emininzi, kufuneka isombulule enye kuphela - izikhonkwane zokubethela. , umzekelo, ibandakanya iimodeli ezininzi ezahlukeneyo ezibonelela ngokuqhubekayo kweendlela zokusombulula iingxaki kusetyenziswa ii-microservices.
Izinto ezidibana kwi-architecture ye-Service Mesh, njenge-NGINX, izikhongozeli, i-Kubernetes, kunye ne-microservices njengendlela yokwakha, inokuvelisa ngokulinganayo kwi-non-Service Mesh ukuphunyezwa. Ngokomzekelo, i-Istio yayiyilwe njengoyilo olupheleleyo lwe-mesh yenkonzo, kodwa ukumodareyitha kwayo kuthetha ukuba abaphuhlisi banokukhetha kwaye baphumeze kuphela amacandelo eteknoloji abayifunayo. Unale nto engqondweni, kubalulekile ukuphuhlisa ukuqonda okucacileyo kweService Mesh concept, nokuba awuqinisekanga ukuba uya kukwazi ukuyiphumeza ngokupheleleyo kwisicelo sakho.
umthombo: www.habr.com