Buyela kwii-microservices kunye ne-Istio. Icandelo loku-2

Phawula. transl.: Inxalenye yokuqala Olu chungechunge lunikezelwe ukwazisa amandla e-Istio kunye nokuwabonisa ngokusebenza. Ngoku siza kuthetha malunga nemiba enzima ngakumbi yoqwalaselo kunye nokusetyenziswa kwale mesh yenkonzo, kwaye ngokukodwa, malunga nendlela elungiswe kakuhle kunye nolawulo lwetrafikhi yenethiwekhi.

Siyakukhumbuza kwakhona ukuba inqaku lisebenzisa ulungelelwaniso (imiboniso ye-Kubernetes kunye ne-Istio) ukusuka kwindawo yokugcina. istio-mastery.

Ulawulo lwezoThutho

Nge-Istio, amandla amatsha avela kwiqela ukubonelela:

• Isicelo sendlela eshukumayo: ukukhutshwa kwe-canary, uvavanyo lwe-A / B;
• Umthwalo wokulinganisa: ilula kwaye ihambelana, ngokusekelwe kwi-hashes;
• Ukuchacha emva kokuwa: ixesha lokuvala, ukuzama kwakhona, abaphuli beesekethe;
• Ukufaka iimpazamo: ukulibaziseka, ukulahla izicelo, njl.

Njengoko inqaku liqhubeka, ezi zakhono ziya kuboniswa kusetyenziswa isicelo esikhethiweyo njengomzekelo kwaye iikhonsepthi ezintsha ziya kwaziswa endleleni. Ingcamango yokuqala enjalo iya kuba DestinationRules (okt. imithetho malunga nomamkeli wetrafikhi/izicelo - malunga noguqulelo.), ngoncedo apho sivula uvavanyo lwe-A / B.

Uvavanyo lwe-A/B: Imithetho yokuFikela kwindawo yokusebenza

Uvavanyo lwe-A / B lusetyenziswa kwiimeko apho kukho iinguqulelo ezimbini zesicelo (ngokuqhelekileyo zihluke ngokubonakalayo) kwaye asiqinisekanga nge-100% ukuba ngubani oza kuphucula amava omsebenzisi. Ke ngoko, siqhuba zombini iinguqulelo ngaxeshanye kwaye siqokelela iimethrikhi.

Ukuhambisa inguqulelo yesibini ye-frontend, efunekayo ekuboniseni uvavanyo lwe-A/B, sebenzisa lo myalelo ulandelayo:

$ kubectl apply -f resource-manifests/kube/ab-testing/sa-frontend-green-deployment.yaml
deployment.extensions/sa-frontend-green created

Ukubonakaliswa kokusasazwa kwenguqulelo eluhlaza kohluka kwiindawo ezimbini:

1. Umfanekiso usekwe kwithegi eyahlukileyo - istio-green,
2. Iipods zineleyibhile version: green.

Ekubeni zombini ukuthunyelwa kuneleyibhile app: sa-frontend,izicelo eziqhutywa yinkonzo yenyani sa-external-services inkonzo sa-frontend, iya kuthunyelwa kwakhona kuzo zonke iimeko zayo kwaye umthwalo uya kusasazwa i-algorithm ye-robin ejikelezayo, eya kukhokelela kwimeko elandelayo:

Iifayile eziceliweyo azifunyanwanga

Ezi fayile azifunyenwanga kuba zithiywe ngokwahlukileyo kwiinguqulelo ezahlukeneyo zesicelo. Masiqinisekise ngale nto:

$ curl --silent http://$EXTERNAL_IP/ | tr '"' 'n' | grep main
/static/css/main.c7071b22.css
/static/js/main.059f8e9c.js
$ curl --silent http://$EXTERNAL_IP/ | tr '"' 'n' | grep main
/static/css/main.f87cd8c9.css
/static/js/main.f7659dbb.js

Ithetha ukuba index.html, icela enye inguqu yeefayile ezimileyo, inokuthunyelwa ngumlinganisi womthwalo kwiipods ezinenguqu eyahlukileyo, apho, ngenxa yezizathu ezicacileyo, iifayile ezinjalo azikho. Ke ngoko, ukuze isicelo sisebenze, kufuneka sibeke umqobo: “uguqulelo olufanayo lwesicelo esinikezelweyo index.html kufuneka inike izicelo ezilandelayo».

Siza kufika apho kunye ne-hash-based load balancing (Ukuhambelana komthwalo weHash)... Kule meko izicelo ezivela kumxhasi ofanayo zithunyelwa kumzekelo ofanayo wokungasemva, apho ipropati echazwe kwangaphambili isetyenziselwa - umzekelo, i-header ye-HTTP. Iphunyezwe kusetyenziswa iDestinationRules.

DestinationRules

Emva Inkonzo ebonakalayo ithumele isicelo kwinkonzo efunekayo, sisebenzisa iDestinationRules sinokuchaza imigaqo-nkqubo eza kusetyenziswa kwitrafikhi emiselwe iimeko zale nkonzo:

Ulawulo lwezithuthi ngezixhobo ze-Istio

Qaphela:: Impembelelo yemithombo ye-Istio kwi-traffic yenethiwekhi iboniswe apha ngendlela elula ukuyiqonda. Ukuchaneka, isigqibo sokuba yeyiphi imeko yokuthumela isicelo senziwe nguMthunywa kwi-Ingress Gateway elungiselelwe kwi-CRD.

NgeMithetho yendawo ekuyiwa kuyo, singakwazi ukuqwalasela ulungelelwaniso lomthwalo ukuze sisebenzise iihashi ezingaguqukiyo kwaye siqinisekise ukuba inkonzo efanayo iphendula kumsebenzisi omnye. Uqwalaselo olulandelayo lukuvumela ukuba ufezekise oku (destinationrule-sa-frontend.yaml):

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: sa-frontend
spec:
  host: sa-frontend
  trafficPolicy:
    loadBalancer:
      consistentHash:
        httpHeaderName: version   # 1

I-1 - i-hash iya kuveliswa ngokusekelwe kwimixholo ye-header ye-HTTP version.

Faka ulungelelwaniso ngalo myalelo ulandelayo:

$ kubectl apply -f resource-manifests/istio/ab-testing/destinationrule-sa-frontend.yaml
destinationrule.networking.istio.io/sa-frontend created

Ngoku sebenzisa lo myalelo ungezantsi kwaye uqinisekise ukuba ufumana iifayile ezifanelekileyo xa ukhankanya i-header version:

$ curl --silent -H "version: yogo" http://$EXTERNAL_IP/ | tr '"' 'n' | grep main

Qaphela:: Ukongeza amaxabiso ahlukeneyo kwiheda kwaye uvavanye iziphumo ngokuthe ngqo kwisikhangeli, ungasebenzisa olu lwandiso kwiChrome (okanye ngale nto yeFirefox - malunga. guqulela.).

Ngokubanzi, iDestinationRules inamandla ngakumbi kwindawo yokulinganisa umthwalo-jonga iinkcukacha amaxwebhu asemthethweni.

Ngaphambi kokufunda i-VirtualService ngakumbi, masicime "uguqulelo oluluhlaza" lwesicelo kunye nomgaqo ohambelana netrafikhi ngokuqhuba le miyalelo ilandelayo:

$ kubectl delete -f resource-manifests/kube/ab-testing/sa-frontend-green-deployment.yaml
deployment.extensions “sa-frontend-green” deleted
$ kubectl delete -f resource-manifests/istio/ab-testing/destinationrule-sa-frontend.yaml
destinationrule.networking.istio.io “sa-frontend” deleted

Mirroring: Iinkonzo Virtual in Practice

Isithunzi (“ikhusi”) okanye Isipili (“isipili”) isetyenziswe kwiimeko apho sifuna ukuvavanya utshintsho kwimveliso ngaphandle kokuchaphazela abasebenzisi bokugqibela: ukwenza oku, siphindaphinda izicelo ("isibuko") kwimeko yesibini apho utshintsho olufunwayo lwenziwe, kwaye ujonge imiphumo. Ukubeka nje ngokulula, oku kuxa umntu osebenza naye ekhetha owona mba ubaluleke kakhulu kwaye enze isicelo sokutsalwa ngendlela yokungcola okukhulu kangangokuba akukho mntu unokukuphonononga.

Ukuvavanya le meko isebenzayo, masenze umzekelo wesibini we-SA-Logic enebugs (buggy) ngokwenza lo myalelo ulandelayo:

$ kubectl apply -f resource-manifests/kube/shadowing/sa-logic-service-buggy.yaml
deployment.extensions/sa-logic-buggy created

Kwaye ngoku masiqhube umyalelo wokuqinisekisa ukuba zonke iimeko nge app=sa-logic Bakwanazo neeleyibhile ezineenguqulelo ezihambelanayo:

$ kubectl get pods -l app=sa-logic --show-labels
NAME                              READY   LABELS
sa-logic-568498cb4d-2sjwj         2/2     app=sa-logic,version=v1
sa-logic-568498cb4d-p4f8c         2/2     app=sa-logic,version=v1
sa-logic-buggy-76dff55847-2fl66   2/2     app=sa-logic,version=v2
sa-logic-buggy-76dff55847-kx8zz   2/2     app=sa-logic,version=v2

inkonzo sa-logic iipod ezijoliswe kuzo ezineleyibhile app=sa-logic, ke zonke izicelo ziya kusasazwa kuzo zonke iimeko:

... kodwa sifuna ukuba izicelo zithunyelwe kwiimeko ze-v1 kwaye ziboniswe kwiimeko ze-v2:

Siza kufezekisa oku nge-VirtualService ngokudibanisa ne-DestinationRule, apho imigaqo iya kugqiba ii-subsets kunye neendlela ze-VirtualService kwi-subset ethile.

Ukuchaza iMiqathango kwiMithetho yendawo ekusingwa kuyo

Iiseti (iiseti) zimiselwa ngolu lungelelwaniso lulandelayo (sa-logic-subsets-destinationrule.yaml):

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: sa-logic
spec:
  host: sa-logic    # 1
  subsets:
  - name: v1        # 2
    labels:
      version: v1   # 3
  - name: v2
    labels:
      version: v2

1. Umamkeli (host) ichaza ukuba lo mgaqo usebenza kuphela kwiimeko xa indlela isiya kwinkonzo sa-logic;
2. Izihloko (name) iiseti ezisezantsi zisetyenziswa xa kuthungelwa imizekelo;
3. ileyibhile (label) ichaza izibini zexabiso elingundoqo ekufuneka imizekelo ithelekise ukuze zibe yinxalenye yeseti.

Faka ulungelelwaniso ngalo myalelo ulandelayo:

$ kubectl apply -f resource-manifests/istio/shadowing/sa-logic-subsets-destinationrule.yaml
destinationrule.networking.istio.io/sa-logic created

Ngoku ukuba iiseti ezisezantsi zichaziwe, sinokuqhubekeka kwaye siqwalasele iNkonzo yeVirtual ukuze sisebenzise imithetho kwizicelo kwi-sa-logic ukuze:

1. Uhanjiswe kwiseti engaphantsi v1,
2. Ibonakaliswe kwiseti esezantsi v2.

Le manifesto ilandelayo ikuvumela ukuba ufezekise izicwangciso zakho (sa-logic-subsets-shadowing-vs.yaml):

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: sa-logic
spec:
  hosts:
    - sa-logic          
  http:
  - route:
    - destination:
        host: sa-logic  
        subset: v1      
    mirror:             
      host: sa-logic     
      subset: v2

Akukho ngcaciso ifunekayo apha, ngoko masiyibone isebenza:

$ kubectl apply -f resource-manifests/istio/shadowing/sa-logic-subsets-shadowing-vs.yaml
virtualservice.networking.istio.io/sa-logic created

Makhe songeze umthwalo ngokubiza lo myalelo ulandelayo:

$ while true; do curl -v http://$EXTERNAL_IP/sentiment 
    -H "Content-type: application/json" 
    -d '{"sentence": "I love yogobella"}'; 
    sleep .8; done

Makhe sijonge iziphumo eGrafana, apho unokubona ukuba inguqulelo enebugs (buggy) kubangela ukusilela kwi- ~ 60% yezicelo, kodwa akukho nanye kwezi ntsilelo ezichaphazela abasebenzisi bokugqibela njengoko bephendulwa ngenkonzo eqhubayo.

Iimpendulo eziyimpumelelo zeenguqulelo ezahlukeneyo zenkonzo ye-sa-logic

Apha siqale sabona indlela iVirtualService esetyenziswa ngayo kubathunywa beenkonzo zethu: nini sa-web-app yenza isicelo ku sa-logic, ihamba ngemoto esecaleni uMthunywa, leyo - ngeVirtualService - iqwalaselwe indlela yesicelo ukuya kwiseti esezantsi ye-v1 kunye nesipili isicelo kwi-v2 subset yenkonzo. sa-logic.

Ndiyazi, usenokuba sele ucinga ukuba iiNkonzo zeVirtual zilula. Kwicandelo elilandelayo, siza kwandisa oko ngokuthi nabo bakhulu ngokwenene.

Ukukhutshwa kweCanary

I-Canary Deployment yinkqubo yokukhupha inguqu entsha yesicelo kwinani elincinci labasebenzisi. Isetyenziselwa ukuqinisekisa ukuba akukho ngxaki ekukhululweni kwaye kuphela emva koko, sele sele uqinisekile ngomgangatho wayo (ukukhutshwa), usasaze kwabanye abasebenzisi.оabaphulaphuli abaninzi.

Ukubonisa ukukhutshwa kwe-canary, siya kuqhubeka nokusebenza kunye ne-subset buggy у sa-logic.

Masingachithi ixesha kwizinto ezincinci kwaye ngokukhawuleza sithumele i-20% yabasebenzisi kwinguqulo kunye neebhugi (oku kuya kubonisa ukukhutshwa kwethu kwe-canary), kunye ne-80% eseleyo kwinkonzo eqhelekileyo. Ukwenza oku, sebenzisa iNkonzo yeVirtual ilandelayo (sa-logic-subsets-canary-vs.yaml):

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: sa-logic
spec:
  hosts:
    - sa-logic    
  http:
  - route: 
    - destination: 
        host: sa-logic
        subset: v1
      weight: 80         # 1
    - destination: 
        host: sa-logic
        subset: v2
      weight: 20 # 1

1 bubunzima (weight), echaza ipesenti yezicelo eziya kubhekiswa kumamkeli okanye iseti engaphantsi yomamkeli.

Masihlaziye ubumbeko lweNkonzo yeVirtual yangaphambili ye sa-logic ngalo myalelo ulandelayo:

$ kubectl apply -f resource-manifests/istio/canary/sa-logic-subsets-canary-vs.yaml
virtualservice.networking.istio.io/sa-logic configured

... kwaye ngokukhawuleza siza kubona ukuba ezinye izicelo zikhokelela ekungaphumelelini:

$ while true; do 
   curl -i http://$EXTERNAL_IP/sentiment 
   -H "Content-type: application/json" 
   -d '{"sentence": "I love yogobella"}' 
   --silent -w "Time: %{time_total}s t Status: %{http_code}n" 
   -o /dev/null; sleep .1; done
Time: 0.153075s Status: 200
Time: 0.137581s Status: 200
Time: 0.139345s Status: 200
Time: 30.291806s Status: 500

Iinkonzo zeVirtual zenza i-canary rollouts: Kule meko, siye sacutha impembelelo enokubakho yemiba ukuya kwi-20% yesiseko somsebenzisi. Iyamangalisa! Ngoku, kuyo yonke imeko xa singaqinisekanga ngekhowudi yethu (ngamanye amagama - rhoqo ...), sinokusebenzisa i-mirroring kunye ne-canary rollouts.

Ukuphela kwexesha kunye nokuzama kwakhona

Kodwa ii-bugs azisoloko ziphela kwikhowudi. Kuluhlu oluvela "8 Iingcamango ezingezizo malunga neComputing Distributed"Eyokuqala yinkolelo ephosakeleyo yokuba" inethiwekhi inokuthenjwa. Enyanisweni inethiwekhi hayi inokuthenjwa, kwaye ngenxa yesi sizathu sifuna ukuphelelwa lixesha (amaxesha) kwaye iyazama kwakhona (iyazama kwakhona).

Ukubonisa siya kuqhubeka sisebenzisa uhlobo lwengxaki efanayo sa-logic (buggy), kwaye siya kulinganisa ukungathembeki kwenethiwekhi kunye nokungaphumeleli okungahleliwe.

Vumela inkonzo yethu enebug ibe nethuba le-1/3 lokuthatha ixesha elide ukuphendula, ithuba le-1/3 lokuphela ngempazamo yeseva yangaphakathi, kunye nethuba le-1/3 lokubuyisela ngempumelelo iphepha.

Ukunciphisa impembelelo yeengxaki ezinjalo kunye nokwenza ubomi bubengcono kubasebenzisi, singakwazi:

1. yongeza ixesha lokuvala ukuba inkonzo ithatha ixesha elide kunemizuzwana eyi-8 ukuphendula,
2. zama kwakhona ukuba isicelo asiphumeleli.

Ukuphunyezwa, siya kusebenzisa le nkcazo yomthombo ilandelayo (sa-logic-retries-timeouts-vs.yaml):

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: sa-logic
spec:
  hosts:
    - sa-logic
  http:
  - route: 
    - destination: 
        host: sa-logic
        subset: v1
      weight: 50
    - destination: 
        host: sa-logic
        subset: v2
      weight: 50
    timeout: 8s           # 1
    retries:
      attempts: 3         # 2
      perTryTimeout: 3s # 3

1. Ixesha lokuphela kwesicelo limiselwe kwimizuzwana eyi-8;
2. Izicelo ziyazanywa kwakhona amaxesha ama-3;
3. Kwaye inzame nganye ithathwa njengengaphumeleli ukuba ixesha lokuphendula lidlula imizuzwana ye-3.

Oku kukulungelelaniswa kuba umsebenzisi akayi kulinda ngaphezu kwemizuzwana ye-8 kwaye siya kwenza iinzame ezintathu ezintsha zokufumana impendulo kwimeko yokungaphumeleli, ukwandisa ithuba lokuphendula ngempumelelo.

Faka ulungelelwaniso oluhlaziyiweyo ngalo myalelo ulandelayo:

$ kubectl apply -f resource-manifests/istio/retries/sa-logic-retries-timeouts-vs.yaml
virtualservice.networking.istio.io/sa-logic configured

Kwaye jonga kwiigrafu zaseGrafana ukuba inani leempendulo eziyimpumelelo linyukile ngasentla:

Uphuculo kwizibalo zempendulo eziyimpumelelo emva kokongeza amaxesha kunye nokuzama kwakhona

Phambi kokudlulela kwicandelo elilandelayo (okanye kunoko, kwinxalenye elandelayo yenqaku, kuba kule akusayi kubakho mifuniselo esebenzayo - approx. transl.), cima sa-logic-buggy kunye neNkonzo yeVirtual ngokusebenzisa le miyalelo ilandelayo:

$ kubectl delete deployment sa-logic-buggy
deployment.extensions “sa-logic-buggy” deleted
$ kubectl delete virtualservice sa-logic
virtualservice.networking.istio.io “sa-logic” deleted

I-Circuit Breaker kunye ne-Bulkhead Patterns

Sithetha ngeepateni ezimbini ezibalulekileyo kwi-microservice architecture evumela ukuba ufezekise ukuzibuyisela (ukuziphilisa) iinkonzo.

Umephuli wojikelezo ("umephuli wojikelezo") isetyenziselwa ukuphelisa izicelo eziza kumzekelo wenkonzo ethathwa njengengekho mpilweni kwaye iyibuyisele ngelixa izicelo zabaxhasi zithunyelwa kwiimeko eziphilileyo zaloo nkonzo (nto leyo eyandisa ipesenti yeempendulo eziyimpumelelo). (Qaphela: Ingcaciso ethe kratya yepateni inokufumaneka, umzekelo, apha.)

Ubunzima ("isahlulo") yahlula ukusilela kwenkonzo ekuchaphazeleni yonke inkqubo. Umzekelo, iNkonzo B yaphukile kwaye enye inkonzo (umthengi weNkonzo B) yenza isicelo kwiNkonzo ye-B, ebangela ukuba ikhuphe i-thread pool yayo kwaye ingakwazi ukubonelela ezinye izicelo (nokuba aziveli kwiNkonzo B). (Qaphela: Ingcaciso ethe kratya yepateni inokufumaneka, umzekelo, apha.)

Ndiya kuzishiya iinkcukacha zokuphunyezwa kwezi patheni kuba kulula ukuzifumana amaxwebhu asemthethweni, kwaye ndifuna ngokwenene ukubonisa ukuqinisekiswa kunye nokugunyazwa, okuya kuxutyushwa kwinxalenye elandelayo yenqaku.

PS evela kumguquleli

Funda nakwibhlog yethu:

• "Buyela kwiinkonzo ezincinci kunye ne-Istio": icandelo 1 (intshayelelo yeempawu eziphambili), icandelo 3 (uqinisekiso kunye nogunyaziso);
• «I-Conduit - i-mesh yenkonzo elula ye-Kubernetes";
• «Yintoni i-mesh yenkonzo kwaye kutheni ndiyifuna [kwisicelo selifu esinee-microservices]?».

umthombo: www.habr.com