Ukuguqulelwa kwenqaku kulungiselelwe ngokukodwa abafundi bekhosi . Unomdla wokuphuhlisa kweli cala? Bukela iklasi yenkosi nguEgor Zuev (Iqela elikhokelayo kwi-InBit) kwaye ujoyine iqela lekhosi elilandelayo: iqala nge-26 kaSeptemba.
Abantu abaninzi bafudukela kwi-AWS Lambda ngenxa yobunzima, ukusebenza, ukonga, kunye nokukwazi ukuphatha izigidi okanye iitriliyoni zezicelo ngenyanga. Ukwenza oku, akukho mfuneko yokuba ulawule izibonelelo apho inkonzo isebenza khona. Kwaye i-autoscaling ikuvumela ukuba ukhonze amawaka ezicelo ngaxeshanye ngomzuzwana. Ndicinga ukuba i-AWS Lambda inokubizwa ngokufanelekileyo ukuba yenye yezona nkonzo zidumileyo ze-AWS.
I-AWS Lambda
I-AWS Lambda yinkonzo yekhompuyutha eqhutywa ngumcimbi evumela ukuba usebenzise ikhowudi ngaphandle kokubonelela okanye ukulawula iiseva kunye nokwandisa ezinye iinkonzo ze-AWS usebenzisa ingqiqo yesiko. I-Lambda iphendula ngokuzenzekelayo kwiziganeko ezahlukeneyo (ezibizwa ngokuba yi-triggers), njengezicelo ze-HTTP nge-Amazon API Gateway, utshintsho kwiidatha kwiibhakethi ze-Amazon S3 okanye iitafile ze-Amazon DynamoDB; okanye ungaqhuba ikhowudi yakho ngeefowuni ze-API usebenzisa i-AWS SDK kunye notshintsho lwelizwe kwi-AWS Step Functions.
I-Lambda iqhuba ikhowudi kwi-infrastructure ye-computing efumaneka kakhulu kwaye inoxanduva olupheleleyo lokulawula iqonga eliphantsi, kubandakanywa umncedisi kunye nokugcinwa kwenkqubo yokusebenza, ukubonelela ngezibonelelo, ukulinganisa ngokuzenzekelayo, ukubeka iliso kwekhowudi kunye nokuloga. Oko kukuthi, kufuneka ulayishe ikhowudi yakho kwaye uqwalasele indlela kwaye kufuneka iqhutywe ngayo. Ngapha koko, inkonzo iya kukhathalela ukuqaliswa kwayo kwaye iqinisekise ukufumaneka okuphezulu kwesicelo sakho.
Ukutshintshela nini kwiLambda?
I-AWS Lambda yiplatifomu yekhompyutha efanelekileyo efanelekileyo kwiimeko ezahlukeneyo zokusetyenziswa, nje ukuba ulwimi kunye nexesha lokuqhuba ikhowudi yakho zixhaswa yinkonzo. Ukuba ufuna ukugxila kwikhowudi yakho kunye nengqiqo yeshishini ngelixa ukhupha ukugcinwa kweseva, ukubonelela, kunye nokulinganisa ngexabiso elifanelekileyo, i-AWS Lambda ngokuqinisekileyo yindlela yokuhamba.
I-Lambda ilungele ukudala i-interfaces yeprogram, kwaye xa isetyenziswe ngokubambisana ne-API Gateway, unokunciphisa kakhulu iindleko kwaye ufike kwintengiso ngokukhawuleza. Kukho iindlela ezahlukeneyo zokusebenzisa imisebenzi yeLambda kunye neenketho zokuququzelela i-architecture engenamncedisi - wonke umntu unokukhetha into efanelekileyo ngokusekelwe kwinjongo yabo.
ILambda ikuvumela ukuba wenze uluhlu olubanzi lwemisebenzi. Ke, ngenxa yenkxaso ye-CloudWatch, unokwenza imisebenzi erhoxisiweyo kwaye uzenzele iinkqubo zomntu ngamnye. Akukho zithintelo kubume kunye nobukhulu bokusetyenziswa kwenkonzo (ukusetyenziswa kwememori kunye nexesha lithathelwa ingqalelo), kwaye akukho nto ikuthintela ukuba usebenze ngokucwangcisiweyo kwi-microservice epheleleyo esekelwe kwiLambda.
Apha ungenza iintshukumo ezijolise kwinkonzo ezingaqhubekiyo. Umzekelo oqhelekileyo kukulinganisa umfanekiso. Nakwimeko yeenkqubo ezisasazwayo, imisebenzi yeLambda ihlala ifanelekile.
Ngoko ke, ukuba awufuni kujongana nokwabiwa nokulawula izixhobo zekhompyutha, zama i-AWS Lambda; ukuba awudingi izibalo ezinzima, ezisebenza ngamandla, zama kwakhona i-AWS Lambda; ukuba ikhowudi yakho isebenza ngamaxesha athile, ilungile loo nto, kuya kufuneka uzame i-AWS Lambda.
Khu seleko
Ukuza kuthi ga ngoku akukho zikhalazo malunga nokhuseleko. Ngakolunye uhlangothi, ekubeni uninzi lweenkqubo zangaphakathi kunye neempawu zokuphunyezwa kwalo mzekelo zifihliwe kumsebenzisi we-AWS Lambda elawulwa bume bexesha lokuqhuba, eminye imithetho eyamkelekileyo yokhuseleko lwamafu ayibalulekanga.
Njengoninzi lweenkonzo ze-AWS, iLambda ibonelelwa ngokhuseleko ekwabelwana ngalo kunye nokuthotyelwa kwesiseko phakathi kwe-AWS kunye nomthengi. Lo mgaqo unciphisa umthwalo wokusebenza kumxhasi, ekubeni i-AWS ithatha imisebenzi yokugcina, ukulawula kunye nokubeka iliso kumacandelo eenkonzo - ukusuka kwinkqubo yokusebenza ye-host host kunye ne-virtualization layer ukuya kukhuseleko lomzimba we-infrastructure assets.
Ukuthetha ngokuthe ngqo nge-AWS Lambda, i-AWS inoxanduva lokulawula iziseko ezingundoqo, iinkonzo ezisisiseko ezinxulumeneyo, inkqubo yokusebenza, kunye neqonga lesicelo. Ngelixa umxhasi unoxanduva lokhuseleko lwekhowudi yakhe, ukugcinwa kwedatha eyimfihlo, ukulawula ukufikelela kuyo, kunye nenkonzo yeLambda kunye nezibonelelo (i-Identity and Access Management, IAM), kubandakanywa phakathi kwemida yemisebenzi esetyenziswayo.
Umzobo ongezantsi ubonisa imodeli yoxanduva ekwabelwana ngayo njengoko isebenza kwi-AWS Lambda. Uxanduva lwe-AWS luorenji kwaye uXanduva loMthengi lubhlowu. Njengoko ubona, i-AWS ithatha uxanduva ngakumbi kwizicelo ezifakwe kwinkonzo.
IModeli yoXanduva ekwabelwana ngayo iSebenza kwi-AWS Lambda
Lambda ixesha lokusebenza
Inzuzo ephambili yeLambda kukuba ngokwenza umsebenzi egameni lakho, inkonzo ngokwayo yabela izixhobo eziyimfuneko. Unokuphepha ukuchitha ixesha kunye nomgudu kulawulo lwenkqubo kwaye ugxininise kwingqiqo yeshishini kunye nekhowudi.
Inkonzo yeLambda yohlulwe yaba ziinqwelomoya ezimbini. Eyokuqala yinqwelomoya yokulawula. Ngoku ka Wikipedia, inqwelomoya yolawulo yinxalenye yenethiwekhi enoxanduva lokuhambisa umqondiso wetrafikhi kunye nendlela. Licandelo eliphambili elenza izigqibo zehlabathi malunga nokubonelela, ukunika inkonzo, kunye nokusabalalisa imithwalo yemisebenzi. Ukongezelela, indiza yokulawula isebenza njenge-topology yomnikezeli wesisombululo, uxanduva lokuhamba kunye nokulawula i-traffic.
Inqwelomoya yesibini yidatha yedatha. Yona, njengenqwelo-moya yokulawula, inemisebenzi yayo. Indiza yokulawula inikezela ii-APIs zokulawula imisebenzi (CreateFunction, UpdateFunctionCode) kwaye ilawula indlela iLambda enxibelelana ngayo nezinye iinkonzo ze-AWS. Inqwelomoya yedatha ilawula i-Invoke API, eqhuba imisebenzi yeLambda. Emva kokuba umsebenzi ubizwa, indiza yolawulo yabela okanye ikhetha indawo ekhoyo yexesha lokusebenza esele ilungiselelwe loo msebenzi, kwaye ke iphumeze ikhowudi kuyo.
I-AWS Lambda ixhasa iilwimi ezahlukeneyo zeprogram, kuquka i-Java 8, i-Python 3.7, i-Go, i-NodeJS 8, i-NET Core 2, kunye nezinye, ngokusebenzisa iimeko zabo zexesha lokugijima. I-AWS iyazihlaziya rhoqo, isasaza iipetshi zokhuseleko, kwaye yenza eminye imisebenzi yokulondoloza kwezi ndawo. ILambda ikuvumela ukuba usebenzise ezinye iilwimi, ukuba usebenzisa ixesha elifanelekileyo lokubaleka ngokwakho. Kwaye ke kuya kufuneka ukuba unakekele ukugcinwa kwayo, kuquka ukubeka esweni ukhuseleko lwayo.
Isebenza njani yonke kwaye inkonzo iya kuyenza njani imisebenzi yakho?
Umsebenzi ngamnye uqhuba kwindawo enye okanye ngaphezulu ezinikeleyo, ekhoyo kuphela kubomi baloo msebenzi ize itshatyalaliswe. Imekobume nganye yenza umnxeba omnye kuphela ngexesha, kodwa iphinda isetyenziswe ukuba kukho iifowuni ezininzi ezilandelelanayo kumsebenzi ofanayo. Zonke iimeko zexesha lokuqhuba zisebenza koomatshini benyani abanezixhobo ze-hardware-ezibizwa ngokuba zii-microVMs. I-microVM nganye inikwe i-akhawunti ethile ye-AWS kwaye ingaphinda isetyenziswe yimekobume ukwenza imisebenzi eyahlukeneyo ngaphakathi kwaloo akhawunti. IiMicroVM zipakishwa zibe ziibhloko zokwakha zeqonga leLambda Worker hardware, eliphantsi neliqhutywa yi-AWS. Ixesha lokuqhuba elifanayo alinakusetyenziswa yimisebenzi eyahlukeneyo, kwaye azikho ii-microVM zodwa kwiiakhawunti ezahlukeneyo ze-AWS.
I-AWS Lambda iModeli yokuzahlula
Ukwahlulwa kwendawo zexesha lokusebenza kusetyenziswa iindlela ezininzi. Kwinqanaba eliphezulu lemekobume nganye kukho iikopi ezahlukeneyo zala macandelo alandelayo:
- Ikhowudi yokusebenza
- Nawuphi na umaleko weLambda okhethiweyo womsebenzi
- Indawo yokwenziwa komsebenzi
- Indawo encinci yomsebenzisi esekelwe kwi-Amazon Linux
Ezi ndlela zilandelayo zisetyenziselwa ukwahlula iimeko ezahlukeneyo zokwenziwa:
- ii-cgroups - ukunciphisa ukufikelela kwi-CPU, imemori, ukugcinwa kunye nezixhobo zenethiwekhi kwindawo nganye yokuqhuba;
- izithuba zamagama - ii-ID zenkqubo yamaqela, ii-ID zabasebenzisi, ujongano lwenethiwekhi kunye nezinye izixhobo ezilawulwa yiLinux kernel. Ixesha lokubaleka ngalinye libaleka kwindawo yalo yamagama;
- i-seccomp-bpf - ithintela inkqubo yokufowuna enokusetyenziswa ngexesha lokuqhuba;
- iiptables kunye neetafile zomzila-ukwahlulwa kweendawo zokwenziwa komnye nomnye;
- chroot - inika ufikelelo olulinganiselweyo kwinkqubo yefayile engaphantsi.
Idityaniswe ne-AWS yobuchwephesha bokuhlukaniswa kobunini, ezi ndlela ziqinisekisa ukwahlula okuthembekileyo kwexesha lokusebenza. Iimeko ezingqongileyo ezibekwe zodwa ngolu hlobo azikwazi ukufikelela okanye ziguqule idatha kwezinye iindawo.
Nangona amaxesha amaninzi okuqhutywa kweakhawunti enye ye-AWS inokuqhuba kwi-microVM enye, akukho naphantsi kwazo naziphi na iimeko ii-microVM ezinokwabelwana ngazo phakathi kwee-akhawunti ezahlukeneyo ze-AWS. I-AWS Lambda isebenzisa iindlela ezimbini kuphela ukwahlula ii-microVMs: iimeko zeEC2 kunye neFirecracker. Ukwahlulwa kweendwendwe eLambda ngokusekwe kwimiba yeEC2 ikhona ukusukela ngo-2015. I-Firecracker ngumthombo omtsha ovulekileyo we-hypervisor oyilwe ngokukodwa yi-AWS yomthwalo ongasebenziyo kwaye waziswa ngo-2018. Ihardware ebonakalayo eqhuba ii-microVMs kwabelwana ngayo phakathi komthwalo womsebenzi kwiiakhawunti ezahlukeneyo.
Ukugcina okusingqongileyo kunye neemeko zenkqubo
Nangona amaxesha okuqhutywa kweLambda akhethekile kwimisebenzi eyahlukeneyo, banokubiza umsebenzi ofanayo ngokuphindaphindiweyo, okuthetha ukuba ixesha lokubaleka linokuphila iiyure ezininzi ngaphambi kokuba litshatyalaliswe.
Ixesha ngalinye leLambda lokuqhuba likwanayo nenkqubo yefayile ebhalekayo efikelelekayo nge/tmp directory. Imixholo yayo ayinakufikelelwa kwamanye amaxesha okusebenza. Ngokumalunga nenkqubo yokuzingisa kombuso, iifayile ezibhalelwe ku/tmp zikhona kumjikelezo wobomi bonke bemeko yendawo yokusebenza. Oku kuvumela iziphumo zeefowuni ezininzi ukuba ziqokelelwe, nto leyo eluncedo kakhulu kwimisebenzi ebiza kakhulu njengokulayisha iimodeli zokufunda koomatshini.
Fowuna ugqithiso lwedatha
I-Invoke API ingasetyenziswa kwiindlela ezimbini: imowudi yesiganeko kunye nemo yesicelo-yempendulo. Kwimo yesiganeko, ifowuni yongezwa emgceni ukuze iphunyezwe kamva. Kwimo yesicelo-yempendulo, umsebenzi ubizwa ngoko nangoko kunye nomthwalo wokuhlawula onikeziweyo, emva koko impendulo ibuyiselwe. Kuzo zombini ezi meko, umsebenzi uqhuba kwindawo yeLambda, kodwa ngeendlela ezahlukeneyo zomthwalo.
Ngexesha leefowuni zokuphendula isicelo, umthwalo wokuhlawula uphuma kwi-API yokulungisa isicelo (i-API Caller), efana ne-AWS API Gateway okanye i-AWS SDK, kwi-balancer yomthwalo, kwaye emva koko kwinkonzo yefowuni ye-Lambda (Inkonzo ye-Invoke). Le yokugqibela imisela indawo efanelekileyo yokwenza umsebenzi kwaye igqithise umthwalo apho ukugqiba umnxeba. Isilinganisi somthwalo sifumana itrafikhi ekhuselwe yi-TLS kwi-Intanethi. I-Traffic ngaphakathi kwenkonzo yeLambda-emva kokuba ibhalansi yomthwalo-idlula kwi-VPC yangaphakathi kwindawo ethile ye-AWS.
Imodeli ye-AWS yeLambda yokuLungiselela iFowuni: Imo yesicelo-impendulo
Iifowuni zesiganeko zingenziwa ngokukhawuleza okanye zongezwe emgceni. Kwezinye iimeko, umgca uphunyezwa usebenzisa i-Amazon SQS (i-Amazon Simple Queue Service), edlulisela iifowuni kwinkonzo yokuzaliseka kwefowuni yeLambda ngokusebenzisa inkqubo ye-poller yangaphakathi. I-traffic transmitted ikhuselwe yi-TLS, kwaye akukho ngcaciso eyongezelelweyo yedatha egcinwe kwi-Amazon SQS.
Iifowuni zesiganeko azibuyiseli iimpendulo-uMsebenzi weLambda akayihoyi nayiphi na inkcazelo yokuphendula. Iifowuni ezisekelwe kwisiganeko ezivela kwi-Amazon S3, i-Amazon SNS, i-CloudWatch, kunye neminye imithombo iqhutywe yiLambda kwimodi yomcimbi. Iifowuni ezivela kwi-Amazon Kinesis kunye ne-DynamoDB imilambo, imigca ye-SQS, i-Application Load Balancer, kunye neefowuni ze-API Gateway zicutshungulwa ngendlela yesicelo-impendulo.
Ukubeka iliso
Ungabeka iliso kwaye uphicothe imisebenzi yeLambda usebenzisa iindlela ezahlukeneyo ze-AWS kunye neenkonzo, kubandakanywa nezi zilandelayo.
amazoncloudwatch
Iqokelela iinkcukacha-manani ezahlukeneyo ezifana nenani lezicelo, ubude bexesha lezicelo, kunye nenani lezicelo ezingaphumelelanga.
Amazon CloudTrail
Ikuvumela ukuba ungene, uqhubeke ubeka iliso, kwaye ugcine ulwazi lwemisebenzi ye-akhawunti ehambelana nesiseko sakho se-AWS. Uya kuba nembali epheleleyo yezenzo ezenziwe usebenzisa i-AWS Management Console, i-AWS SDK, izixhobo zomgca womyalelo, kunye nezinye iinkonzo ze-AWS.
AWS X-Ray
Ibonelela ngokubonakala okupheleleyo kuzo zonke izigaba zokuqhutywa kwesicelo kwisicelo sakho ngokusekwe kwimephu yamacandelo angaphakathi. Ikuvumela ukuba uhlalutye izicelo ngexesha lophuhliso kunye nakwiindawo zemveliso.
Uqwalaselo lwe-AWS
Uya kuba nakho ukulandelela utshintsho kuqwalaselo lomsebenzi weLambda (kubandakanya ukucima) kunye namaxesha okuqhuba, iithegi, amagama omphathi, ubungakanani bekhowudi, ulwabiwo lwememori, useto lwexesha lokuphuma kunye nezicwangciso zeconcurrency, kunye nendima yophumezo yeLambda IAM, subnetting, kunye nezibophelelo zeqela lokhuseleko. .
isiphelo
I-AWS Lambda inikezela ngeseti enamandla yezixhobo zokwakha usetyenziso olukhuselekileyo kunye nolwenziwayo. Uninzi lweendlela zokhuseleko kunye nokuthotyelwa kwe-AWS Lambda ziyafana nakwezinye iinkonzo ze-AWS, nangona kukho okungaqhelekanga. Ukususela ngo-Matshi 2019, i-Lambda ihambelana ne-SOC 1, i-SOC 2, i-SOC 3, i-PCI DSS, ukuthotyelwa kwe-Inshurensi ye-Inshurensi yezeMpilo kunye noMthetho wokuZiphendulela (HIPAA), kunye neminye imimiselo. Ke, xa ucinga ngokuphumeza isicelo sakho esilandelayo, qwalasela inkonzo ye-AWS Lambda-inokuba ngowona ulungele umsebenzi wakho.
umthombo: www.habr.com