Ekugqibeleni Sijonge amacandelo asisiseko se-Service Mesh Istio, saqhelana nenkqubo kwaye saphendula imibuzo ephambili edla ngokuvela xa iqala ukusebenza kunye ne-Istio. Kule nxalenye siza kujonga indlela yokulungelelanisa ingqokelela yolwazi lokulandela umkhondo kwinethiwekhi.
Into yokuqala ethi qatha engqondweni kubaphuhlisi abaninzi kunye nabalawuli benkqubo xa besiva amagama athi i-Service Mesh ilandela umkhondo. Enyanisweni, songeza iseva ye-proxy ekhethekileyo kwi-node nganye yenethiwekhi apho yonke i-TCP traffic idlula khona. Kubonakala ngathi ngoku kunokwenzeka ukuthumela ngokulula ulwazi malunga nalo lonke unxibelelwano lwenethiwekhi kwinethiwekhi. Ngelishwa, enyanisweni kukho ama-nuances amaninzi ekufuneka athathelwe ingqalelo. Masizijonge.
Umbono ongeyiyo wokuqala: sinokufumana idatha yokukhwela intaba kwi-intanethi simahla.
Enyanisweni, simahla, sinokufumana kuphela iindawo zenkqubo yethu eqhagamshelwe ngamatolo kunye nesantya sedatha esidlula phakathi kweenkonzo (enyanisweni, kuphela inani leebhayithi kwiyunithi nganye yexesha). Nangona kunjalo, kwiimeko ezininzi, iinkonzo zethu zinxibelelana ngaphaya kolunye uhlobo lweprotocol yomaleko wesicelo, njengeHTTP, gRPC, Redis, njalo njalo. Kwaye, ewe, sifuna ukubona umkhondo wolwazi ngokukodwa kwezi protocols; sifuna ukubona ireyithi yesicelo, hayi ireyithi yedatha. Sifuna ukuqonda ukubambezeleka kwezicelo sisebenzisa iprotocol yethu. Okokugqibela, sifuna ukubona indlela epheleleyo isicelo esiyithathayo ukusuka ekungeneni kwinkqubo yethu ukufumana impendulo kumsebenzisi. Le ngxaki akusekho lula ukuyicombulula.
Okokuqala, makhe sijonge ukuba ukuthumela i-spans yokulandela umkhondo kujongeka njani ukusuka kwindawo yokujonga i-Istio. Njengoko sikhumbula inxalenye yokuqala, i-Istio inecandelo elihlukeneyo elibizwa ngokuba nguMxube wokuqokelela i-telemetry. Nangona kunjalo, kwinguqulo yangoku ye-1.0.*, ukuthunyelwa kwenziwa ngokuthe ngqo kwiiseva zommeli, ezizezi, ukusuka kummeli womthunywa. Umthunywa we-proxy uxhasa ukuthumela izikhewu zokulandela umkhondo usebenzisa iprotocol ye-zipkin ngaphandle kwebhokisi. Kuyenzeka ukudibanisa ezinye iiprothokholi, kodwa kuphela nge-plugin. Nge-Istio sifumana ngokukhawuleza i-proxy yomthunywa edibeneyo kwaye iqwalaselwe, exhasa kuphela i-zipkin protocol. Ukuba sifuna ukusebenzisa, umzekelo, i-Jaeger protocol kunye nokuthumela i-tracing spans nge-UDP, ngoko kuya kufuneka sizakhele umfanekiso wethu we-istio-proxy. Kukho inkxaso yeeplagi zesiqhelo ze-istio-proxy, kodwa isekwinguqulelo yealpha. Ngoko ke, ukuba sifuna ukwenza ngaphandle kwenani elikhulu lemimiselo yesiko, uluhlu lwezobuchwepheshe ezisetyenziselwa ukugcina kunye nokufumana iindawo zokulandelela ziyancipha. Kwiinkqubo eziphambili, ngokwenene, ngoku ungasebenzisa i-Zipkin ngokwayo, okanye i-Jaeger, kodwa thumela yonke into apho usebenzisa i-protocol ehambelana ne-zipkin (engasebenzi kakhulu). Iprotocol ye-zipkin ngokwayo ibandakanya ukuthumela lonke ulwazi lokulandelela kubaqokeleli nge-HTTP protocol, ebiza kakhulu.
Njengoko besenditshilo, sifuna ukulandelela iiprothokholi zomgangatho wesicelo. Oku kuthetha ukuba iiseva zommeli ezime ecaleni kwenkonzo nganye kufuneka ziqonde ukuba luhlobo luni lwentsebenziswano eyenzekayo ngoku. Ngokungagqibekanga, i-Istio iqwalasela onke amazibuko ukuba abe yi-TCP engenanto, nto leyo ethetha ukuba akukho zikhondo ziya kuthunyelwa. Ukuze kuthunyelwe umkhondo, kufuneka, okokuqala, wenze olu khetho kuqwalaselo lomnatha oluphambili kwaye, okubaluleke kakhulu, biza onke amazibuko eenkonzo ze-kubernetes ngokuhambelana neprotocol esetyenziswa enkonzweni. Oko kukuthi, umzekelo, ngolu hlobo:
apiVersion: v1
kind: Service
metadata:
name: nginx
spec:
ports:
- port: 80
targetPort: 80
name: http
selector:
app: nginxUngasebenzisa kwakhona amagama ahlanganisiweyo afana ne-http-magic (Istio izakubona i-http kwaye iqaphele i-port njenge-http endpoint). Ifomati yile: iproto-eyongezelelweyo.
Ukuze ungapakishi inani elikhulu lolungelelwaniso ukumisela umthetho olandelwayo, ungasebenzisa indawo yokusebenza emdaka: patch icandelo lePilot ngalo mzuzu xa ilungile. . Ekugqibeleni, ngokuqinisekileyo, kuya kufuneka ukuba utshintshe le ngqiqo kumgangatho kwaye utshintshele kwindibano yamagama kuzo zonke izibuko.
Ukuze uqonde ukuba ngaba iprotocol ichazwe ngokuchanekileyo na, kufuneka ungene kuyo nayiphi na imigqomo ye-sidecar kunye ne-proxy yomthunywa kwaye wenze isicelo kwi-port port yojongano lomthunywa kunye nendawo / config_dump. Kwisiphumo soqwalaselo, kufuneka ujonge kwintsimi yokusebenza yenkonzo oyifunayo. Isetyenziswa kwi-Istio njengesazisi salapho isicelo senziwe khona. Ukuze wenze ngokwezifiso ixabiso lale parameter kwi-Istio (emva koko siya kuyibona kwinkqubo yethu yokulandela umkhondo), kuyimfuneko ukucacisa iflegi ye-serviceCluster kwinqanaba lokuphehlelela i-sidecar container. Umzekelo, ingabalwa ngolu hlobo ukusuka kuguquguquko olufunyenweyo ukusuka ezantsi kubernetes API:
--serviceCluster ${POD_NAMESPACE}.$(echo ${POD_NAME} | sed -e 's/-[a-z0-9]*-[a-z0-9]*$//g')
Umzekelo omhle wokuqonda ukuba umkhondo usebenza njani kumthunywa .
Isiphelo ngokwaso sokuthumela izikhewu zokulandela umkhondo kufuneka kwakhona zichazwe kwiiflegi zokuphehlelelwa komthunywa womthunywa, umzekelo: --zipkinAddress tracing-collector.tracing:9411
Umbono ongalunganga wesibini: sinokufumana ngokungabiziyo ukufumana umkhondo opheleleyo wezicelo ngenkqubo ngaphandle kwebhokisi.
Ngelishwa, akunjalo. Ubunzima bokuphunyezwa buxhomekeke kwindlela osele uphumeze ngayo ukusebenzisana kweenkonzo. Kutheni kunjalo?
Inyani kukuba ukuze i-istio-proxy ikwazi ukuqonda imbalelwano yezicelo ezingenayo kwinkonzo kunye nabo bashiya inkonzo efanayo, akwanele ukuba uthintele nje yonke i-traffic. Kufuneka ube nesichongi sonxibelelwano oluthile. Umthunywa we-HTTP usebenzisa iintloko ezikhethekileyo, apho umthunywa uqonda ukuba yeyiphi isicelo esikhethekileyo kwinkonzo esenza izicelo ezithile kwezinye iinkonzo. Uluhlu lwezihloko ezinjalo:
- x-sicelo-id,
- x-b3-umkhondo,
- x-b3-spanid,
- x-b3-parentspanid,
- x-b3-isampulu,
- iiflegi ze-x-b3,
- x-ot-span-context.
Ukuba unenqaku elilodwa, umzekelo, umxhasi osisiseko, apho unokongeza ingqiqo enjalo, ngoko yonke into ilungile, kufuneka nje ulinde ukuba le layibrari ihlaziywe kubo bonke abathengi. Kodwa ukuba unenkqubo eyahluke kakhulu kwaye akukho ludibaniso ukusuka kwinkonzo ukuya kwinkonzo ngaphezulu komsebenzi womnatha, oku kuya kuba yingxaki enkulu. Ngaphandle kokongeza loo ngqiqo, lonke ulwazi lokulandela umkhondo luya kuba βkwinqanaba elinyeβ kuphela. Oko kukuthi, siya kufumana lonke unxibelelwano phakathi kweenkonzo, kodwa aziyi kuncamatheliswa kwikhonkco elinye lokudlula kwinethiwekhi.
isiphelo
I-Istio inikezela ngesixhobo esifanelekileyo sokuqokelela ulwazi lokulandelela kwinethiwekhi, kodwa kufuneka uqonde ukuba ukuphunyezwa kuya kufuneka ulungelelanise inkqubo yakho kwaye uthathele ingqalelo iimpawu zokuphunyezwa kwe-Istio. Ngenxa yoko, iingongoma ezimbini eziphambili zifuna ukusonjululwa: ukuchaza iprothokholi yenqanaba lesicelo (ekufuneka ixhaswe ngummeli womthunywa) kunye nokuseta ukuhanjiswa kolwazi malunga nokudityaniswa kwezicelo kwinkonzo evela kwizicelo ezivela kwinkonzo (usebenzisa iiheader). , kwimeko ye-HTTP protocol). Xa le miba isonjululwe, sinesixhobo esinamandla esisivumela ukuba siqokelele ulwazi elubala kwinethiwekhi, nakwiinkqubo ezixananazileyo ezibhalwe ngeelwimi ezininzi kunye nezakhelo.
Kwinqaku elilandelayo malunga ne-Service Mesh, siza kujonga enye yeengxaki ezinkulu kunye ne-Istio - ukusetyenziswa okukhulu kwe-RAM kwisitya ngasinye se-proxy ye-sidecar kwaye sixoxe ngendlela ongayenza ngayo.
umthombo: www.habr.com