Iimeko zokusetyenziswa komnatha wenkonzo

Phawula. transl.: Umbhali weli nqaku (uLuc Perkins) ungummeli wophuhlisi kwintlangano ye-CNCF, elikhaya kwiiprojekthi ze-Open Source ezifana ne-Linkerd, i-SMI (i-Service Mesh Interface) kunye ne-Kuma (ngendlela, ngaba uye wazibuza ukuba kutheni i-Istio hayi kolu luhlu? Kwakhona uzama ukuzisa uluntu lwe-DevOps ukuqonda okungcono kwe-hype enesitayile ebizwa ngokuba yi "service mesh", udwelisa i-16 yeempawu zobuchule ezibonelela ngezisombululo.

namhlanje umnatha wenkonzo -enye yezona zihloko zishushu kwicandelo lobunjineli besoftware (kwaye kufanelekile!). Ndicinga ukuba le teknoloji ithembisa ngokumangalisayo kwaye ndingathanda ukuyibona yamkelwa ngokubanzi (xa iyavakala, kunjalo). Nangona kunjalo, isajikelezwe yi-aura yemfihlakalo kubantu abaninzi. Kwangaxeshanye, kwanabo eyaziwayo ngayo, kudla ngokuba nzima ukuyila iingenelo zayo kwaye yintoni kanye kanye eyiyo (kubandakanywa neyakho ngokwenene). Kweli nqaku ndiza kuzama ukulungisa imeko ngokudwelisa ezahlukeneyo sebenzisa iimeko "imiba yenkonzo"*.

* Phawula transl.: apha nangaphaya kwinqaku olu guqulelo (“umnatha wenkonzo”) luzakusetyenziswa kwimesh yenkonzo yexesha elitsha.

Kodwa kuqala ndifuna ukwenza amagqabantshintshi ambalwa:

• Andizange ndisebenze ngee-meshes zenkonzo okanye ndiyisebenzise ngaphandle kweeprojekthi eziqaliswe eyam imfundo. Kwelinye icala, ndim owabhala intaphane yamaxwebhu e-Twitter yenkonzo yangaphakathi ye-mesh ngo-2015 (ayizange ibizwa ngokuba "yi-mesh yenkonzo" ngelo xesha) kwaye ndathatha inxaxheba kuphuhliso lwewebhusayithi kunye namaxwebhu e. Linkerd, ngoko oko kuthetha into.
• Uluhlu lwam luqikelelo kwaye aluphelelanga. Kusenokubakho iimeko zokusetyenziswa ezingaziwayo kum, kwaye ukhetho olutsha luya kuvela ngokuhamba kwexesha njengoko itekhnoloji ikhula kunye nokuthandwa kwayo kukhula.
• Kwangaxeshanye, ayizizo zonke iimesh zenkonzo ezikhoyo ezixhasa zonke iimeko zokusetyenziswa ezidwelisiweyo. Ngoko ke, iinkcazo zam ezifana ne "mesh yenkonzo inokuthi..." kufuneka ifundwe "njengomntu ngamnye, kwaye mhlawumbi konke ukuphunyezwa kwe-mesh yenkonzo eyaziwayo ku ...".
• Ukulandelelana kwemizekelo akwenzi mahluko.

Uluhlu olufutshane:

• ukufunyanwa kwenkonzo;
• uguqulelo oluntsonkothileyo;
• uqinisekiso kunye nogunyaziso;
• ukulinganisa umthwalo;
• ukwaphuka kwesekethe;
• autoscaling;
• ukuthunyelwa kwe-canary;
• ukuthunyelwa kweblue-green;
• ukuhlola impilo;
• ukucinywa komthwalo;
• isipili sezithuthi;
• ukugquma;
• ukuncitshiswa kwereyithi yesicelo, ukuzama kwakhona kunye nokuphela kwexesha;
• telemetry;
• uphicotho-zincwadi;
• umbono.

1. Ukufunyanwa kwenkonzo

TL;DR: Qhagamshelana kwezinye iinkonzo kwinethiwekhi usebenzisa amagama alula.

Iinkonzo kufuneka zikwazi “ukufumana” ngokuzenzekelayo omnye komnye usebenzisa amagama afanelekileyo-umzekelo, service.api.production, pets/staging okanye cassandra. Ubume belifu bu-elastic, kwaye igama elinye linokufihla iimeko ezininzi zenkonzo. Kucacile ukuba kwimeko enjalo akunakwenzeka ngokwenyama ukwenza i-hardcode zonke iidilesi ze-IP.

Kwaye, xa enye inkonzo ifumana enye, kufuneka ikwazi ukuthumela izicelo kuloo nkonzo ngaphandle koloyiko lokuba baya kuphelela kwigalelo lemeko yayo eyaphukileyo. Ngamanye amazwi, i-mesh yenkonzo kufuneka ibeke iliso kwimpilo yazo zonke iimeko zenkonzo kwaye igcine uluhlu lwababuki zindwendwe luhlaziyiwe kangangoko.

Umnatha wenkonzo ngamnye usebenzisa indlela yokufumanisa inkonzo ngokwahlukileyo. Okwangoku, eyona ndlela iqhelekileyo kukunikezela kwiinkqubo zangaphandle ezifana neKubernetes DNS. Kwixesha elidlulileyo kuTwitter besisebenzisa inkqubo yokubiza amagama ngale njongo Isiphelo. Ukongeza, itekhnoloji ye-mesh yenkonzo yenza kube lula ukuba kuvele iindlela zokuthiya ngokwesiko (nangona ndingekaboni nakuphi na ukuphunyezwa kweSM kunye nokusebenza okunjalo).

2. Uguqulelo oluntsonkothileyo

TL; DR: Lahla itrafikhi engafihlwanga phakathi kweenkonzo kwaye wenze le nkqubo izenzekele kwaye ihlawulwe.

Kuhle ukwazi ukuba abahlaseli abanakungena kwinethiwekhi yakho yangaphakathi. Iifirewall zenza umsebenzi omkhulu woku. Kodwa kwenzeka ntoni ukuba i-hacker ingena ngaphakathi? Ngaba uya kukwazi ukwenza nantoni na ayifunayo ngetrafikhi yangaphakathi? Masithembe ukuba ayizukwenzeka yonke le nto. Ukuthintela le meko, kufuneka uphumeze inethiwekhi ye-zero-trust apho zonke izithuthi phakathi kweenkonzo zifihliweyo. Uninzi lwee-meshes zenkonzo zanamhlanje zifezekisa oku ngokusebenzisana TLS (i-TLS efanayo, i-mTLS). Kwezinye iimeko, i-mTLS isebenza kuwo onke amafu kunye namaqela (ndicinga ukuba unxibelelwano lwe-interplanetary luya kulungiselelwa ngokufanayo).

Ewe kunjalo, kwinkonzo ye-mTLS ye-mesh ngokuzikhethela. Inkonzo nganye inokukhathalela i-TLS yayo, kodwa oku kuthetha ukuba kuya kufuneka ufumane indlela yokuvelisa izatifikethi, usasaze kuzo zonke iinginginya zenkonzo, kwaye ubandakanye ikhowudi kwisicelo esiya kulayisha ezi zatifikethi kwiifayile. Ewe, ungalibali ukuhlaziya ezi zatifikethi ngamaxesha aqhelekileyo. Iinkonzo ze meshes automate mTLS ngeenkqubo ezifana I-SPIFFE, leyo, yona, izenzele inkqubo yokukhupha kunye nokujikeleza izatifikethi.

3. Uqinisekiso kunye noGunyaziso

TL;DR: Khangela ukuba ngubani umceli kwaye uchaze ukuba bavumeleke ukuba benze ntoni na phambi kokuba isicelo sifikelele nakwinkonzo.

Iinkonzo zihlala zifuna ukwazi ngubani yenza isicelo (ubuqinisekiso), kwaye isebenzisa olu lwazi, yenza isigqibo oko iqumrhu elinikiweyo livumelekile ukwenza (ugunyaziso). Kule meko, isimelabizo esithi "ngubani" unokufihla:

1. Ezinye iinkonzo. Oku kubizwa ngokuba "bubungqina" ntanga" Umzekelo, inkonzo web ufuna ukufikelela kwinkonzo db. Iimeshes zenkonzo zikholisa ukusombulula iingxaki ezinjalo zisebenzisa i-mTLS: izatifikethi kulo mzekelo zisebenza njengesichongi esiyimfuneko.
2. Abanye abasebenzisi babantu. Oku kubizwa ngokuba "bubungqina" isicelo" Umzekelo, umsebenzisi haxor69 ufuna ukuthenga isibane esitsha. Iimeshes zenkonzo zibonelela ngeendlela ezahlukeneyo, umz. Iimpawu zeJSON zeWebhu.

   Abaninzi bethu baye benza oku kwikhowudi yesicelo. Isicelo siyangena, sijonge etafileni users, fumana umsebenzisi kwaye uthelekise igama eligqithisiweyo, emva koko ujonge ikholamu permissions njl. Kwimeko ye-mesh yenkonzo, oku kwenzeka ngaphambi kokuba isicelo sifikelele kwinkonzo.

Sakuba sifumanise ukuba isicelo sivela kubani na, kufuneka siqonde ukuba eli qumrhu livumelekile ukuba lenze ntoni. Ezinye iimeshe zenkonzo zikuvumela ukuba ucwangcise imigaqo-nkqubo esisiseko (malunga nokuba ngubani onokwenza ntoni) njengefayile ye-YAML okanye kumgca womyalelo, ngelixa ezinye zinikezela ngokudityaniswa nezakhelo ezinjenge. Vula i-Arhente yePolisi. Eyona njongo iphambili kukuba iinkonzo zakho zamkele nasiphi na isicelo, ngokukhuselekileyo sicinga ukuba sivela kumthombo othembekileyo и esi senzo sivumelekile.

4. Ukulinganisa umthwalo

TL; DR: Ukusasaza umthwalo kuwo wonke iimeko zenkonzo ngokwepateni ethile.

“Inkonzo” kwicandelo lenkonzo ikholisa ukuba neziganeko ezininzi ezifanayo. Umzekelo, namhlanje inkonzo cache iqulethe iikopi ezi-5, kwaye ngomso inani lazo linokwanda liye kutsho kwi-11. Izicelo ezithunyelwe ku cache, kufuneka ihanjiswe ngokuhambelana nenjongo ethile. Umzekelo, ukunciphisa ukubambezeleka okanye ukwandise amathuba okuba ufike kumzekelo wokusebenza. I-algorithm esetyenziswa ngokuqhelekileyo yi-Round-robin, kodwa kukho ezinye ezininzi - umzekelo, indlela yokulinganisa (ubunzima) imibuzo (ungakhetha iithagethi ezikhethwayo), khala (ringi) i-hashing (usebenzisa i-hashing engaguqukiyo kwiinginginya ezinyukayo) okanye indlela yokucela encinci (ukhetho lunikezelwa kumzekelo ngezona zicelo zimbalwa).

I-Balancers ye-Classic ineminye imisebenzi, efana ne-HTTP caching kunye nokukhusela i-DDoS, kodwa ayifanelekanga kakhulu kwi-traffic yempuma-ntshona (oko kukuthi, i-traffic ehamba ngaphakathi kwendawo yedatha - malunga ne-transl.) (umda oqhelekileyo we-mesh yenkonzo). Kakade ke, akuyomfuneko ukusebenzisa i-mesh yenkonzo yokulinganisa umthwalo, kodwa ikuvumela ukuba usete kwaye ulawule imigaqo-nkqubo yokulungelelanisa kwinkonzo nganye ukusuka kuluhlu lolawulo oluphakathi, ngokwenjenjalo ukuphelisa imfuneko yokuqhuba nokuqwalasela abalinganisi bomthwalo abahlukeneyo kwistakhi yenethiwekhi. .

5. Ukuqhekeka kwesekethe

I-TL; DR: Misa i-traffic kwinkonzo eyingxaki kwaye ulawule umonakalo kwiimeko ezimbi kakhulu.

Ukuba ngesizathu esithile inkonzo ayikwazi ukujamelana ne-traffic, i-mesh yenkonzo inikezela ngeendlela ezininzi zokusombulula le ngxaki (ezinye ziya kuxutyushwa kumacandelo afanelekileyo). Ukwaphulwa kwesekethe lolona khetho luqatha lokuqhawula inkonzo kwitrafikhi. Nangona kunjalo, ngokwayo ayinangqiqo - isicwangciso sokugcina siyafuneka. Uxinzelelo lwangasemva lunokubonelelwa (Uxinzelelo lwasemva) kwiinkonzo ezenza izicelo (ungalibali nje ukuqwalasela umnatha wakho wenkonzo kule nto!), okanye, umzekelo, ukufaka umbala obomvu kwiphepha lesimo kunye nokubuyisela abasebenzisi kolunye uguqulelo lwephepha “ngomnenga owelayo” (“Twitter is phantsi").

Iimeshes zenkonzo azikuvumeli kuphela ukuba uchaze xa ukuvala kuya kulandela kwaye oko oku kuya kulandela. Kule meko, "nini" inokubandakanya nayiphi na indibaniselwano yeeparitha ezichaziweyo: inani elipheleleyo lezicelo zexesha elithile, inani loqhagamshelwano oluhambelanayo, izicelo ezilindileyo, ukuzama kwakhona okusebenzayo, njl.

Mhlawumbi awufuni kuxhaphaza ukwaphulwa kwesekethe, kodwa kumnandi ukwazi ukuba unesicwangciso sokugcina xa kukho imeko kaxakeka.

6. Ukulinganisa okuzenzekelayo

TL;DR: Yandisa okanye unciphise inani leenkonzo zenkonzo ngokuxhomekeke kwiikhrayitheriya ezichaziweyo.

I-meshes yenkonzo ayingobacwangcisi, ngoko ke abayenzi Yithathe uzikala. Nangona kunjalo, banokunika ulwazi malunga nabacwangcisi abaza kusekela izigqibo zabo. Ekubeni i-meshes yenkonzo inokufikelela kuzo zonke i-traffic phakathi kweenkonzo, zinolwazi olubanzi malunga nento eyenzekayo: zeziphi iinkonzo ezijongene neengxaki, zeziphi iinkonzo ezilayishwa kakhulu (amandla abelwe wona achithwa), njl.

Umzekelo, uKubernetes ukala iinkonzo ezisekwe kwi-pods 'CPU kunye nokusetyenziswa kwememori (jonga ingxelo yethu "I-Autoscaling kunye nolawulo lwezibonelelo kwi-Kubernetes"- malunga. guqulela.), kodwa ukuba uthatha isigqibo sokulinganisa ngokusekelwe kuyo nayiphi na enye i-metric (kwimeko yethu, enxulumene ne-traffic), uya kufuna i-metric ekhethekileyo. Ulawulo ndiyayithanda lento ibonisa indlela yokwenza oku sithunywa, Istio и Prometheus, kodwa inkqubo ngokwayo intsonkothile. Singathanda ukuba umnatha wenkonzo wenze lula oku ngokusivumela ukuba sibeke iimeko ezifana “nokwandisa inani leenkonzo zenkonzo. auth, ukuba inani lezicelo ezilindileyo lingaphezulu komqobo kwisithuba somzuzu."

7. Ukuthunyelwa kweCanary

I-TL; DR: Vavanya izinto ezintsha okanye iinguqulelo zenkonzo kwiseti yabasebenzisi.

Masithi uphuhlisa imveliso ye-SaaS kwaye ujonge ukukhupha inguqulelo entsha yayo. Uyivavanye eqongeni kwaye isebenze kakuhle. Kodwa kusekho iinkxalabo ezithile malunga nokuziphatha kwakhe kwiimeko zokwenyani. Ngamanye amazwi, kufuneka uvavanye inguqulelo entsha kwiingxaki zokwenyani ngaphandle kokufaka umngcipheko wokuthenjwa komsebenzisi. Ukuthunyelwa kweCanary kulungile kule nto. Bakuvumela ukuba ubonise into entsha kwiseti yabasebenzisi. Eli candelo lingabandakanya abona basebenzisi bathembekileyo okanye abo basebenza ngoguqulelo lwasimahla lwemveliso, okanye abasebenzisi abavakalise umnqweno wokuba "ziihagu zeguinea".

Uthungelwano lwenkonzo luphumeza oku ngokukuvumela ukuba uchaze iinqobo zokugweba ezimisela ukuba ngubani ozakubona ukuba loluphi uguqulelo lwesicelo, kunye nendlela yetrafikhi ngokufanelekileyo. Nangona kunjalo, akukho nto iguqukayo kwiinkonzo ngokwazo. Inguqulo ye-1.0 yenkonzo ikholelwa ukuba zonke izicelo zivela kubasebenzisi abafanele babone, kwaye inguqulo ye-1.1 ikholelwa okufanayo kubasebenzisi bayo. Okwangoku, unokutshintsha ipesenti yetrafikhi phakathi kweenguqulelo ezindala kunye nezintsha, uhambisa kwakhona inani elikhulayo labasebenzisi ukuya kwentsha ukuba isebenza ngokuzinzileyo kwaye "iihagu zakho zeguinea" zinika ukuhamba phambili.

8. Ukusasazwa okuluhlaza okwesibhakabhaka

TL; DR: Phuma into entsha epholileyo, kodwa ulungele ukubuyisela yonke into kwangoko.

Nentsingiselo blue-green deployments kukukhupha inkonzo entsha “eblue”, ukuyisungula ngokunxuseneyo nendala, “eluhlaza”. Ukuba yonke into ihamba kakuhle kwaye inkonzo entsha iqhuba kakuhle, ke endala inokukhutshazwa ngokuthe ngcembe. (Yeha, ngenye imini le nkonzo entsha "eluhlaza okwesibhakabhaka" iya kuphinda isiphelo "eluhlaza" kwaye inyamalale ...) Ukuhanjiswa kweBlue-green kuyahluka kwi-canary kuba umsebenzi omtsha ugubungela. wonke umntu ngaxeshanye abasebenzisi (hayi inxalenye); Ingongoma apha kukuba “nezibuko elikhuselekileyo” lilungile xa kukho into engahambi kakuhle.

I-meshes yenkonzo inikezela ngendlela efanelekileyo kakhulu yokuvavanya inkonzo "eluhlaza okwesibhakabhaka" kwaye utshintshe ngokukhawuleza kwi "green" esebenzayo xa kukho iingxaki. Ungakhankanyi into yokuba endleleni banikezela ngolwazi oluninzi (jonga "i-Telemetry" ngezantsi) malunga nomsebenzi we "blue", onceda ukuqonda ukuba ulungele ukusebenza ngokupheleleyo.

Phawula. transl.: Unokufunda ngakumbi malunga nezicwangciso ezahlukeneyo zokusasaza eKubernetes (kubandakanywa necanary ekhankanyiweyo, eluhlaza okwesibhakabhaka / eluhlaza kunye nabanye) eli nqaku.

9. Ukuhlolwa kwempilo

TL; DR: Gcina umkhondo wokuba zeziphi iimeko zenkonzo ezisebenzayo kwaye uphendule kwezo zingasasebenziyo.

Ukujonga impilo (jonga impilo) inceda ukwenza isigqibo sokuba ingaba iimeko zenkonzo zikulungele na ukwamkela nokuqhuba itrafikhi. Ngokomzekelo, kwimeko yeenkonzo ze-HTTP, ukuhlolwa kwezempilo kunokubonakala ngathi isicelo se-GET ukuya ekupheleni /health. Phendula 200 OK kuya kuthetha ukuba umzekelo usempilweni, nayiphi na enye - ukuba ayikakulungeli ukufumana i-traffic. Iimeshes zenkonzo zikuvumela ukuba uchaze zombini indlela yokusebenza okuya kuhlolwa kunye namaxesha okutshekisha okuya kwenziwa ngawo. Olu lwazi lunokusetyenziselwa ezinye iinjongo - umzekelo, ukulinganisa umthwalo kunye nokuphulwa kwesekethe.

Ngaloo ndlela, ukuhlolwa kwempilo akusiyo imeko yokusetyenziswa yodwa, kodwa ngokuqhelekileyo isetyenziselwa ukufezekisa ezinye iinjongo. Kwakhona, kuxhomekeke kwiziphumo zokuhlolwa kwempilo, izenzo zangaphandle kwezinye iithagethi zemesh zenkonzo zingafuneka: umzekelo, ukuhlaziya iphepha lesimo, ukudala umcimbi kwi-GitHub, okanye ukugcwalisa itikiti le-JIRA. Kwaye i-mesh yenkonzo ibonelela ngendlela efanelekileyo yokwenza konke oku.

10. Ukuchithwa kwemithwalo

I-TL; DR: Phinda uqondise itrafikhi kwimpendulo kwi-spike yethutyana ekusebenziseni.

Ukuba inkonzo ethile igcwele kakhulu zitrafikhi, ungathumela okwethutyana enye yale traffic uye kwenye indawo (oko kukuthi, "lahla", "ukudluliselwa" (ishedi) yena apho). Umzekelo, kwinkonzo yokugcina okanye kwiziko ledatha, okanye kwisigxina Pulsar isihloko. Ngenxa yoko, inkonzo iya kuqhubeka nokuqhuba ezinye izicelo endaweni yokungqubana nokuyeka ukusetyenzwa yonke into ngokupheleleyo. I-load shedding ikhethwayo kunokophula isekethe, kodwa ayikacetyiswa ukuyisebenzisa kakubi. Inceda ukuthintela ukungaphumeleli kwe-cascading ebangela ukuba iinkonzo ezisezantsi ziphazamiseke.

11. Ukungqamanisa kwetrafikhi/ukwenza isipili

TL;DR: Thumela isicelo esinye kwiindawo ezininzi ngexesha elinye.

Ngamanye amaxesha kukho imfuneko yokuthumela isicelo (okanye ukhetho oluthile lwezicelo) kwiinkonzo ezininzi ngexesha elinye. Umzekelo oqhelekileyo kukuthumela inxalenye yetrafikhi yemveliso kwinkonzo yeqonga. Umncedisi wewebhu wemveliso oyintloko uthumela isicelo kwinkonzo esezantsi products.production kwaye kuye kuphela. Kwaye i-mesh yenkonzo ikhuphela ngobulumko esi sicelo kwaye isithumele kuyo products.staging, apho umncedisi wewebhu engazi nokuba uyazi.

Enye imeko enxulumeneyo yokusetyenziswa komnatha wenkonzo enokuphunyezwa phezu kolungelelwaniso lwetrafikhi uvavanyo lokubuyela umva. Ibandakanya ukuthumela izicelo ezifanayo kwiinguqulelo ezahlukeneyo zenkonzo kunye nokujonga ukuba ingaba zonke iinguqulelo ziziphatha ngendlela efanayo. Andikaze ndifike kuphunyezo lwemesh yenkonzo kunye nenkqubo ehlanganisiweyo yovavanyo lokubuyisela umva njenge Diffy, kodwa ingcamango ngokwayo ibonakala ithembisa.

12. I-Insulation

TL; DR: Yahlula umnatha wakho wenkonzo ube ziinethiwekhi ezincinci.

Kwaziwa njenge ukwahlulahlulaUkwahlukaniswa bubugcisa bokwahlula i-mesh yenkonzo ibe ngamacandelo ahlukeneyo angazi nto ngayo. Ukwahlula kufana nokwenza iinethiwekhi zabucala ezinenyani. Umahluko osisiseko kukuba usenako ukonwabela zonke izibonelelo ze-mesh yenkonzo (njengokufunyanwa kwenkonzo), kodwa ngokhuseleko olongezelelweyo. Ngokomzekelo, ukuba umhlaseli uyakwazi ukungena kwinkonzo kwi-subnet enye, akayi kukwazi ukubona ukuba zeziphi iinkonzo ezisebenza kwezinye ii-subnets okanye zithintele i-traffic yazo.

Ukongezelela, iingenelo zisenokuba zezombutho. Ungafuna ukuthoba iinkonzo zakho ngokusekwe kubume benkampani yakho kwaye ukhulule abaphuhlisi bomthwalo wokuqonda wokuba ugcine yonke i-mesh yenkonzo engqondweni.

13. Isicelo sokunciphisa izinga, ukuzama kwakhona kunye nokuphela kwexesha

TL; DR: Akusekho mfuneko yokuba uquke imisebenzi yolawulo lwesicelo se-nitty-gritty kwisiseko sakho sekhowudi.

Zonke ezi zinto zinokuthathwa njengeemeko zosetyenziso olwahlukileyo, kodwa ndigqibe kwelokuba ndizidibanise ngenxa yento enye eqhelekileyo: zithatha imisebenzi yolawulo lomjikelo wobomi besicelo ngokuqhelekileyo ephathwa ngamathala eencwadi. Ukuba uphuhlisa umncedisi wewebhu kwi-Ruby kwi-Rails (engadityaniswanga ne-mesh yenkonzo) eyenza izicelo zokubuyisela umva ngeenkonzo nge I-GRPC, isicelo kuya kufuneka sithathe isigqibo sokuba senze ntoni na ukuba izicelo ze-N ziyasilela. Kuya kufuneka kwakhona ufumanise ukuba zingakanani itrafikhi ezi nkonzo ziya kukwazi ukuqhubekeka kunye ne-hardcode ezi parameters usebenzisa ithala leencwadi elikhethekileyo. Ukongeza, isicelo siya kufuneka sigqibe xa ilixesha lokuncama kwaye isicelo siphume (ngokusekwe kwixesha lokuphuma). Kwaye ukuze utshintshe nayiphi na iparameters, iseva yewebhu kuya kufuneka imiswe, iqwalaselwe kwakhona kwaye iqalwe kwakhona.

Ukulayisha le misebenzi kumnatha wenkonzo akuthethi nje ukuba abaphuhlisi benkonzo abayi kucinga ngayo, kodwa nokuba banokujongwa ngendlela yehlabathi. Ukuba kusetyenziswe uthotho lweenkonzo ezintsonkothileyo, yithi A -> B -> C -> D -> E, umjikelo wobomi bonke wesicelo kufuneka uthathelwe ingqalelo. Ukuba umsebenzi kukwandisa ixesha lokuphuma kwinkonzo C, kunengqiqo ukwenza oku konke kanye, kwaye kungekhona kwiindawo: ngokuhlaziya ikhowudi yenkonzo kunye nokulinda de isicelo sokutsalwa samkelwe kwaye inkqubo yeCI ihambisa inkonzo ehlaziyiweyo.

14. I-Telemetry

TL; DR: Qokelela zonke eziyimfuneko (kwaye hayi ncam) ulwazi kwiinkonzo.

I-Telemetry ligama eliqhelekileyo elibandakanya i-metrics, ukulandelwa okusasazwayo, kunye neelog. Uthungelwano lweenkonzo lubonelela ngeendlela zokuqokelela nokusetyenzwa kuzo zontathu iindidi zedatha. Apha kulapho izinto ziba luzizi kancinci kuba inani leenketho ezinokwenzeka likhulu kakhulu. Ukuqokelela iimetriki kukho Prometheus kunye nezinye izixhobo ezinokusetyenziswa ukuqokelela iinkuni kakuhle, ULoki, Vector nabanye. (umzekelo ClickHouse kunye yethu loghouse kwiiK8s - malunga. guqulela.), ukuhanjiswa komkhondo kukho Umzingeli kwaye nangokunjalo. Umnatha wenkonzo ngamnye unokuxhasa izixhobo ezithile hayi ezinye. Kuya kuba mnandi ukubona ukuba iprojekthi inako na Vula iTelemetry bonelela ngokudibana.

Kule meko, inzuzo yetekhnoloji ye-mesh yenkonzo kukuba izitya ze-sidecar zinokuthi, ngokomgaqo, ziqokelele zonke iinkcukacha ezingentla kwiinkonzo zabo. Ngamanye amazwi, unenkqubo enye yokuqokelela i-telemetry onayo, kwaye i-mesh yenkonzo inokucubungula lonke olu lwazi ngeendlela ezahlukeneyo. Umzekelo:

• iilog zomsila ezivela kwinkonzo ethile kwi-CLI;
• ukubeka esweni umthamo wezicelo kwideshibhodi ye-mesh yenkonzo;
• qokelela imikhondo esasaziweyo kwaye uyigqithisele kwinkqubo efana neJaeger.

Ingqalelo, isigwebo esiphantsi: Ngokuqhelekileyo, i-telemetry yindawo apho ukuphazamiseka okunamandla kwi-mesh yenkonzo kungafunekiyo. Ukuqokelela ulwazi olusisiseko kunye nokulandelela xa ubhabha ezinye iimetriki zegolide ezifana nezinga lempumelelo yesicelo kunye ne-latency kulungile, kodwa masithembe ukuba asiziboni izixa zeFrankenstein zivela ezizama ukutshintsha iinkqubo ezikhethekileyo, ezinye zazo sele zizibonakalise kwaye zifunde kakuhle. .

15. Uphicotho

TL; DR: Abo bazilibalayo izifundo zembali bagwetywe ukuba baziphinde.

Uphicotho-zincwadi bubugcisa bokuqwalasela iziganeko ezibalulekileyo kwinkqubo. Kwimeko ye-mesh yenkonzo, oku kunokuthetha ukulandelela ukuba ngubani owenze izicelo kwiindawo ezithile zokuphela kweenkonzo ezithile, okanye ukuba mangaphi amaxesha okwenzekileyo okunxulumene nokhuseleko kwinyanga ephelileyo.

Kucacile ukuba uphicotho-zincwadi lusondelelene kakhulu ne-telemetry. Umahluko kukuba i-telemetry idla ngokunxulunyaniswa nezinto ezifana nemveliso kunye nokuthembeka kobugcisa, ngelixa uphicotho-zincwadi lunokuhambelana nezomthetho kunye neminye imiba ehamba ngaphaya kobuchwephesha obungqongqo (umzekelo, ukuthobela i-GDPR - i-EU General Regulation ekukhuselweni kwedatha).

16. Jonga kwangaphambili

TL; DR: Phila ixesha elide i-React.js-umthombo ongaphelelwayo wojongano oluhle.

Kusenokubakho igama elingcono, kodwa andilazi. Ndithetha nje umboniso womzobo womnatha wenkonzo okanye amanye amalungu ayo. Ezi ziboniso zinokubandakanya izalathi ezifana ne-avareji latencies, ulwazi lokumisela i-sidecar, iziphumo zokujonga impilo, kunye nezilumkiso.

Ukusebenza kwindawo ejoliswe kwinkonzo kubandakanya umthwalo ophezulu wokuqonda xa kuthelekiswa noBukhulu bakhe beMonolith. Ngoko ke, uxinzelelo lwengqondo kufuneka luncitshiswe kuzo zonke iindleko. Ujongano olulula lomzobo lomnatha wenkonzo ngokukwazi ukucofa iqhosha kwaye ufumane isiphumo esifunekayo sinokuba sisigqibo sokukhula kokuthandwa kobu buchwepheshe.

Zange zibandakanywe kuluhlu

Ekuqaleni bendifuna ukubandakanya iimeko ezimbalwa zokusetyenziswa kuluhlu, kodwa ke ndagqiba kwelokuba ndingakwenzi. Nazi, kunye nezizathu zesigqibo sam:

• Iziko ledatha eninzi. Ngokombono wam, oku akusiyo imeko yokusetyenziswa njengendawo emxinwa kunye neyodwa yesicelo se-meshes yenkonzo okanye iseti yemisebenzi efana nokufunyanwa kwenkonzo.
• Ukungena kunye nokuphuma. Lo ngummandla onxulumeneyo, kodwa ndizithintele (mhlawumbi ngokuzenzela) kwimeko yokusetyenziswa "kwitrafikhi yasempuma-ntshona". I-Ingress kunye ne-egress ifanelwe inqaku elahlukileyo.

isiphelo

Kuphelele apho ngoku! Kwakhona, olu luhlu alunamkhethe kwaye kusenokwenzeka ukuba aluphelelanga. Ukuba ucinga ukuba kukho into endiyiphosileyo okanye kukho into engalunganga, nceda uqhagamshelane nam kuTwitter (@luckerkins). Nceda uhloniphe imithetho yesidima.

PS evela kumguquleli

Umfanekiso wesihloko wenqaku usekwe kumfanekiso okwinqaku elithi “Yintoni uMnatha weNkonzo (kwaye uwusebenzisa nini)?"(nguGregory MacKinnon). Ibonisa indlela usebenziso oluthile olusuka kwizicelo (eluhlaza) lufudukele kumnatha wenkonzo obonelela ngoqhagamshelo phakathi kwazo (eblue).

Funda nakwibhlog yethu:

• «I-Service Mesh: Yintoni ekufuneka uyazi ngayo yonke iNjineli yeSoftware malunga neTekhnoloji eHottest";
• «Yintoni i-mesh yenkonzo kwaye kutheni ndiyifuna [kwisicelo selifu esinee-microservices]?";
• «Buyela kwii-microservices kunye ne-Istio. Icandelo loku-1».

umthombo: www.habr.com