Siqala uluhlu lwezithuba ezibonisa ezinye zezakhono ezininzi ze-Istio Service Mesh xa zidibene ne-Red Hat OpenShift kunye ne-Kubernetes.
Inxalenye yokuqala, namhlanje:
- Makhe sichaze umxholo we-Kubernetes sidecar containers kwaye senze i-leitmotif yolu luhlu lwezithuba: "Akufuneki utshintshe nantoni na kwikhowudi yakho".
- Makhe sazise eyona nto ingundoqo ye-Istio-imigaqo yomzila. Zonke ezinye iimpawu ze-Istio zakhelwe phezu kwazo, kuba yimithetho ekuvumela ukuba uqondise itrafikhi kwii-microservices, usebenzisa iifayile ze-YAML ngaphandle kwekhowudi yenkonzo. Sikwaqwalasela isikimu sokuthunyelwa kweCanary Deployment. Ibhonasi yoNyaka oMtsha β izifundo ezili-10 ezisebenzisanayo kwi-Istio
Inxalenye yesibini, ezayo kungekudala, iya kukuxelela:
- Indlela i-Istio eyenza ngayo i-Pool Ejection ngokudibanisa ne-Circuit Breaker kwaye iya kubonisa indlela i-Istio evumela ngayo ukuba ususe i-pod efileyo okanye engasebenzi kakuhle kwisekethe yokulinganisa.
- Siza kuphinda sijonge isihloko se-Circuit Breaker ukusuka kwisithuba sokuqala ukuze sibone indlela i-Istio enokusetyenziswa ngayo apha. Siza kukubonisa indlela yokuhambisa itrafikhi kunye nokusingatha iimpazamo zenethiwekhi usebenzisa iifayile zoqwalaselo ze-YAML kunye nemiyalelo yeterminal ngaphandle kotshintsho oluncinci kwikhowudi yenkonzo.
Icandelo lesithathu:
- Ibali malunga nokulandela kunye nokubeka iliso, esele yakhelwe ngaphakathi okanye yongezwa ngokulula kwi-Istio. Siza kukubonisa indlela yokusebenzisa izixhobo ezinje ngePrometheus, Jaeger, kunye neGrafana ngokudityaniswa ne-OpenShift yokukala ukuze ulawule ngokungakhathali uyilo lwe-microservice.
- Sisuka ekubekeni iliso kunye nokuphatha iimpazamo ukuya ekuzingeniseni kwinkqubo ngabom. Ngamanye amazwi, sifunda indlela yokwenza i-fault injection ngaphandle kokutshintsha ikhowudi yomthombo, ebaluleke kakhulu kwimbono yokuvavanya - ekubeni ukuba utshintshe ikhowudi ngokwayo kule nto, kukho umngcipheko wokuzisa iimpazamo ezongezelelweyo.
Okokugqibela, kwisithuba sokugqibela kwi-Istio Service Mesh:
- Masiye kwiNdawo emnyama. Ngokuchanekileyo, siya kufunda ukusebenzisa i-Dark Launch scheme, xa ikhowudi isetyenziswe kwaye ivavanywa ngokuthe ngqo kwidatha yokuvelisa, kodwa ayichaphazeli ukusebenza kwenkqubo nangayiphi na indlela. Yilapho amandla ka-Istio okwahlula i-traffic afika ngokufanelekileyo. Kwaye ukukwazi ukuvavanya kwidatha yemveliso ephilayo ngaphandle kokuchaphazela ukusebenza kwenkqubo yokulwa nangayiphi na indlela yindlela eqinisekisayo yokuqinisekisa.
- Ukwakha kwi-Dark Launch, siza kukubonisa indlela yokusebenzisa imodeli yeCanary Deployment ukunciphisa umngcipheko kunye nokwenza kube lula ukufumana ikhowudi entsha kwimveliso. ICanary Deployment ngokwayo ikude kunentsha, kodwa i-Istio ikuvumela ukuba usebenzise olu cwangciso ngeefayile ezilula ze-YAML.
- Ekugqibeleni, siya kukubonisa indlela yokusebenzisa i-Istio Egress ukunika ukufikelela kwiinkonzo kwabo bangaphandle kwamaqela akho ukuze basebenzise amandla e-Istio xa usebenza ne-Intanethi.
Ngoko, sihamba...
I-Istio yokubeka iliso kunye nezixhobo zokulawula - yonke into oyifunayo ukuze udibanise ii-microservices kwi-mesh yenkonzo .
Yintoni i-Istio Service Mesh
Umnatha wenkonzo uphumeza imisebenzi efana nokujongwa kwetrafikhi, ulawulo lofikelelo, ukubhaqwa, ukhuseleko, ukunyamezela iziphene kunye nezinye izinto eziluncedo kwiqela leenkonzo. I-Istio ikuvumela ukuba wenze konke oku ngaphandle kotshintsho oluncinci kwikhowudi yeenkonzo ngokwazo. Yintoni imfihlelo yomlingo? I-Istio ifakela i-proxy yayo kwinkonzo nganye ngendlela ye-sidecar container (i-sidecar yi-motorcycle sidecar), emva koko yonke i-traffic kule nkonzo ihamba nge-proxy, ekhokelwa yimigaqo-nkqubo ekhankanyiweyo, ithatha isigqibo sokuba, nini kwaye ingaba le traffic. kufuneka bafikelele kwinkonzo konke konke. I-Istio iphinda yenza ukuba kube lula ukuphumeza iindlela eziphambili ze-DevOps ezifana ne-canary deployments, i-breakers circuit, i-injection yephutha kunye nabanye abaninzi.
Isebenza njani i-Istio kunye nezikhongozeli kunye neKubernetes
I-Istio service mesh yi-sidecar ukuphunyezwa kwayo yonke into efunekayo ukudala kunye nokulawula i-microservices: ukubeka iliso, ukulandelwa, i-circuit breakers, umzila, ukulinganisa umthwalo, i-injection ye-fault, i-retries, i-timeouts, i-mirroring, ukulawula ukufikelela, ukukhawulela izinga kunye nokunye okuninzi. Kwaye nangona namhlanje kukho iitoni zamathala eencwadi ukuphumeza le misebenzi ngokuthe ngqo kwikhowudi, kunye ne-Istio unokufumana zonke izinto ezifanayo ngaphandle kokutshintsha nantoni na kwikhowudi yakho.
Ngokwemodeli yemoto esecaleni, i-Istio isebenza kwisikhongozeli seLinux, esikwenye -ipod enenkonzo elawulwayo kwaye ifaka kwaye ikhuphe ukusebenza kunye nolwazi ngokobumbeko olunikiweyo. Sigxininisa ukuba olu lulungelelwaniso lwakho, kwaye luhlala ngaphandle kwekhowudi yakho. Ngoko ke, ikhowudi iba lula kwaye ibe mfutshane.
Kwakhona okubalulekileyo kukuba icandelo elisebenzayo le-microservices lijika lingazange lidityaniswe nekhowudi ngokwayo, oku kuthetha ukuba ukusebenza kwabo kunokudluliselwa ngokukhuselekileyo kwiingcali ze-IT. Ngokwenene, kutheni umphuhlisi kufuneka abe noxanduva lwezaphuli zesekethe kunye nenaliti yempazamo? Phendula, ewe, kodwa uziqhube kwaye uzidale? Ukuba ususa konke oku kwikhowudi, abadwelisi beprogram baya kukwazi ukugxila ngokupheleleyo ekusebenzeni kwesicelo. Kwaye ikhowudi ngokwayo iya kuba mfutshane kwaye ibe lula.
Umnatha wenkonzo
I-Istio, eyenza imisebenzi yokulawula ii-microservices ngaphandle kwekhowudi yazo, ngumbono we-Service Mesh. Ngamanye amazwi, liqela elilungelelanisiweyo lokubini enye okanye ngaphezulu ezenza umnatha wemisebenzi yomsebenzi womnatha.
Isebenza njani i-Istio ngee-microservices
Le yindlela umsebenzi wezikhongozeli zemoto ezisecaleni zijongeka ngokudibeneyo ΠΈ iliso lentaka: qalisa umzekelo we-Minishift, yenza iprojekthi ye-Istio (masiyibize ngokuthi "istio-system"), faka kwaye uqhube onke amacandelo anxulumene ne-Istio. Emva koko, njengoko udala iiprojekthi kunye neepods, wongeza ulwazi loqwalaselo kwi-deployments yakho, kwaye iipods zakho ziqala ukusebenzisa i-Istio. Umzobo owenziwe lula ujongeka ngolu hlobo:
Ngoku unokutshintsha izicwangciso ze-Istio ngokulandelelana, umzekelo, ukulungelelanisa isitofu sephutha, inkxaso okanye ezinye iimpawu ze-Istio - kwaye konke oku ngaphandle kokuchukumisa ikhowudi yezicelo ngokwazo. Masithi ufuna ukwalathisa zonke iitrafikhi zewebhu ukusuka kubasebenzisi boyena mthengi mkhulu (Foo Corporation) ukuya kuguqulelo olutsha lwesiza. Ukwenza oku, yenza ngokulula umgaqo we-Istio oza kukhangela @foocorporation.com kwi-ID yomsebenzisi kwaye uqondise kwakhona ngokufanelekileyo. Kubo bonke abanye abasebenzisi, akukho nto iya kutshintsha. Okwangoku, uya kuvavanya ngokuzolileyo inguqulelo entsha yesiza. Kwaye qaphela ukuba awudingi ukubandakanya abaphuhlisi konke konke kule nto.
Yaye ngaba kuya kufuneka uhlawule kakhulu ngayo?
Hayi akunjalo. I-Istio ikhawuleza kakhulu kwaye ibhalwe kuyo kwaye yenza ngaphezulu kancinci. Ukongeza, ilahleko enokwenzeka kwimveliso ye-intanethi ilungiswa kukunyuka kwemveliso yophuhlisi. Ubuncinci kwithiyori: ungalibali ukuba ixesha labaphuhlisi lixabisekile. Ngokumalunga neendleko zesoftware, i-Istio yisoftware yomthombo ovulekileyo, ukuze ufumane kwaye uyisebenzise simahla.
Yifunde ngokwakho
IQela le-Red Hat Developer Experience liphuhlise izandla ezinzulu nguIstio (ngesiNgesi). Isebenza kwi-Linux, MacOS kunye neWindows, kwaye ikhowudi ifumaneka kwiJava kunye neNode.js.
Izifundo ezili-10 ezisebenzisanayo kwi-Istio
Ibhlokhi yoku-1 - yabaQalayo
Intshayelelo kwi-Istio
Imizuzu ye30
Masikhe siqhelane ne-Service Mesh, sifunde indlela yokufaka i-Istio kwiqela le-OpenShift Kubernetes.
Ukusasaza ii-microservices kwi-Istio
Imizuzu ye30
Sisebenzisa i-Istio ukuhambisa ii-microservices ezintathu nge-Spring Boot kunye ne-Vert.x.
Ibhlokhi yesi-2 - inqanaba eliphakathi
Ukubeka iliso kunye nokulandelela kwi-Istio
Imizuzu ye60
Siza kuphonononga izixhobo ezakhelwe ngaphakathi ze-Istio zokubeka iliso, iimetriki zesiko, kunye ne-OpenTracing nge-Prometheus kunye ne-Grafana.
Indlela elula kwi-Istio
Imizuzu ye60
Funda indlela yokulawula umzila kwi-Istio usebenzisa imithetho elula.
Imithetho yendlela ekwinqanaba eliphezulu
Imizuzu ye60
Makhe sijonge kwindlela ehlakaniphile ye-Istio, ulawulo lokufikelela, ukulinganisa umthwalo kunye nokunciphisa izinga.
Ibhlokhi yesi-3 - umsebenzisi ophambili
I-Fault Injection kwi-Istio
Imizuzu ye60
Sifunda ukungaphumeleli kokuphatha iimeko kwizicelo ezisasazwayo, ukudala iimpazamo ze-HTTP kunye nokulibaziseka kwenethiwekhi, kwaye sifunde ukusebenzisa ubunjineli besiphithiphithi ukubuyisela imeko.
Umqhekezi weSekethe kwi-Istio
Imizuzu ye30
Sifaka iSiege kwiindawo zokuvavanya uxinzelelo kwaye sifunde indlela yokuqinisekisa ukunyamezela i-backend fault tolerance usebenzisa i-replays, i-circuit breaker kunye ne-pool ejection.
I-Egress kunye ne-Istio
Imizuzu ye10
Sisebenzisa iindlela ze-Egress ukudala imigaqo yokusebenzisana kweenkonzo zangaphakathi kunye nee-APIs zangaphandle kunye neenkonzo.
Istio kunye neKiali
Imizuzu ye15
Funda ukusebenzisa i-Kiali ukufumana isishwankathelo se-mesh yenkonzo kwaye uhlolisise isicelo kunye nokuhamba kwedatha.
I-TLS edibeneyo kwi-Istio
Imizuzu ye15
Senza i-Istio Gateway kunye ne-VirtualService, emva koko sifunda i-TLS (mTLS) kunye nezicwangciso zayo ngokubanzi.
Ibhlokhi 3.1 - I-Deep Dive: I-Istio Service Mesh yee-Microservices
Imalunga nantoni le ncwadi:
- Yintoni umnatha wenkonzo?
- Inkqubo ye-Istio kunye nendima yayo kwi-microservice architecture.
- Ukusebenzisa i-Istio ukusombulula ezi ngxaki zilandelayo:
- Ukunyamezela iimpazamo;
- Indlela;
- Uvavanyo lwesiphithiphithi;
- UKhuseleko;
- Ukuqokelelwa kweTelemetry kusetyenziswa imikhondo, iimetrics kunye neGrafana.
Uthotho lwamanqaku kwi-meshes yenkonzo kunye ne-Istio
Yizame ngokwakho
Olu chungechunge lwezithuba alwenzelwe ukubonelela ngokuntywila okunzulu kwihlabathi le-Istio. Sifuna nje ukukwazisa ngombono kwaye mhlawumbi sikukhuthaze ukuba uzame i-Istio ngokwakho. Kusimahla ukwenza, kwaye iRed Hat ibonelela ngazo zonke izixhobo ozidingayo ukuze uqalise nge-OpenShift, iKubernetes, izikhongozeli zeLinux, kunye ne-Istio, kubandakanya: , kunye nezinye izixhobo zethu . Musa ukulibazisa, qala namhlanje!
I-Istio routing imigaqo: ukuqondisa izicelo zenkonzo apho kufuneka baye khona
ΠΈ yenza umsebenzi oncomekayo wokulungisa zithunyelwa kwiipod ezifunekayo. Esi sesinye sezizathu zokuba khona kwe-Kubernetes - umzila kunye nokulinganisa umthwalo. Kodwa kuthekani ukuba ufuna iindlela ezichuliweyo neziphucukileyo? Umzekelo, ukusebenzisa ngaxeshanye iinguqulelo ezimbini ze-microservice. Inganceda njani i-Istio Route Rules apha?
Imithetho yomzila yimigaqo emisela ngokwenene ukhetho lwendlela. Kungakhathaliseki ukuba inqanaba lobunzima benkqubo, umgaqo oqhelekileyo wokusebenza kwale mithetho uhlala ulula: izicelo zihanjiswa ngokusekelwe kwiiparamitha ezithile kunye namaxabiso eentloko zeHTTP.
Makhe sijonge imizekelo:
I-Kubernetes engagqibekanga: encinci "50/50"
Kumzekelo wethu, siza kubonisa indlela yokusebenzisa ngaxeshanye iinguqulelo ezimbini ze-microservice kwi-OpenShift, masibabize nge-v1 kunye ne-v2. Inguqulelo nganye isebenza kwi-Kubernetes pod yayo, kwaye ngokungagqibekanga iqhuba ngokulungeleleneyo ukujikeleza kwerobin. I-pod nganye ifumana isabelo sayo sezicelo ngokusekelwe kwinani leezehlo ze-microservice yayo, ngamanye amazwi, i-replicas. I-Istio ikuvumela ukuba utshintshe le bhalansi ngesandla.
Masithi sisasaze iinguqulelo ezimbini zenkonzo yethu yengcebiso kwi-OpenShift, ingcebiso-v1 kunye nengcebiso-v2.
KwiFig. Umzobo 1 ubonisa ukuba xa inkonzo nganye imelwe kwimeko enye, icela ngokulinganayo phakathi kwabo: 1-2-1-2-... Le yindlela i-Kubernetes routing isebenza ngayo ngokungagqibekanga:
Ukusabalalisa okulinganiselwe phakathi kweenguqulelo
KwiFig. Umzobo we-2 ubonisa okwenzekayo xa unyusa inani leenkonzo ze-v2 eziphindaphindayo ukusuka kwenye ukuya kwezimbini (oku kwenziwa ngomlinganiselo we-oc-replicas=2 deployment/commendation-v2 command). Njengoko ubona, izicelo phakathi kwe-v1 kunye ne-v2 ngoku zahlulwe kumlinganiselo omnye ukuya kwezintathu: 1-2-2-1-2-2-β¦:
Ungayihoyi inguqulelo usebenzisa i-Istio
I-Istio yenza kube lula ukutshintsha ukuhanjiswa kwezicelo ngendlela esiyifunayo. Umzekelo, thumela zonke itrafikhi kuphela kwingcebiso-v1 usebenzisa le fayile ilandelayo ye-Istio yaml:
Apha kufuneka ubeke ingqalelo kule nto: iipods zikhethwa ngokweelebhile. Umzekelo wethu usebenzisa ileyibhile v1. "Ubunzima: 100" ipharamitha ithetha ukuba i-100% yetrafikhi iya kusiwa kuzo zonke iipod zenkonzo ezineleyibhile ye-v1.
Ukuhanjiswa komyalelo phakathi kweenguqulelo (Ukusasazwa kweCanary)
Okulandelayo, usebenzisa iparameter yobunzima, ungaqondisa i-traffic kuzo zombini iipod, ungahoyi inani leemeko ze-microservice ezisebenza kuyo nganye yazo. Umzekelo, apha sikhokela i-90% yetrafikhi kwi-v1 kunye ne-10% ukuya kwi-v2:
Ukwahlula iindlela kubasebenzisi bemfonomfono
Ukuqukumbela, siza kubonisa indlela yokunyanzelisa i-traffic yomsebenzisi weselula ukuba ihanjiswe kwinkonzo ye-v2, kunye naye wonke umntu kwi-v1. Ukwenza oku, sisebenzisa amabinzana aqhelekileyo ukuhlalutya ixabiso le-arhente yomsebenzisi kwisihloko sesicelo:
Ngoku lithuba lakho
Umzekelo onamagama aqhelekileyo okwahlulahlula okusentloko kufuneka ukukhuthaze ukuba ufumane eyakho indlela yokusebenzisa imigaqo ye-Istio. Ngapha koko, okunokwenzeka apha kubanzi kakhulu, kuba amaxabiso eentloko anokwakheka kwikhowudi yomthombo wesicelo.
Kwaye khumbula ukuba i-Ops, hayi iDev
Yonke into esiyibonise kwimizekelo engentla yenziwa ngaphandle kotshintsho oluncinci kwikhowudi yomthombo, kakuhle, ngaphandle kwezo meko xa kuyimfuneko ukuvelisa iiheader ezikhethekileyo zesicelo. I-Istio iya kuba luncedo kubo bobabini abaphuhlisi, abathi, ngokomzekelo, baya kukwazi ukuyisebenzisa kwinqanaba lokuvavanya, kunye neengcali ekusebenzeni kweenkqubo ze-IT, eziza kunceda kakhulu kwimveliso.
Ke masiphinde i-leitmotif yolu ngcelele lwezithuba: awudingi ukutshintsha nantoni na kwikhowudi yakho. Akukho mfuneko yokwakha imifanekiso emitsha okanye uqalise izitya ezintsha. Konke oku kuphunyezwa ngaphandle kwekhowudi.
Sebenzisa intelekelelo yakho
Khawufane ucinge amathuba okuhlalutya okusentloko usebenzisa amabinzana aqhelekileyo. Ufuna ukwalathisa umthengi wakho omkhulu kuguqulelo olukhethekileyo lwakho ? Ngokulula! Ngaba ufuna inguqulelo eyahlukileyo yesikhangeli seChrome? Akhongxaki! Uyakwazi ukuhambisa i-traffic malunga nalo naluphi na uphawu.
Yizame ngokwakho
Ukufunda nge-Istio, Kubernetes kunye ne-OpenShift yinto enye, kodwa kutheni ungachukumisi yonke into ngokwakho? Iqela ulungiselele isikhokelo esineenkcukacha (ngesiNgesi) esiya kukunceda ukuba ubambe ezi teknoloji ngokukhawuleza. Le ncwadana iphinde ibe ngumthombo ovulekileyo we-100%, ngoko ithunyelwe kwindawo yoluntu. Ifayile isebenza kwi-macOS, Linux kunye neWindows, kwaye ikhowudi yomthombo iyafumaneka kwiJava kunye neenguqulelo ze-node.js (iinguqulelo kwezinye iilwimi ezizayo kungekudala). Vula nje indawo yokugcina i-git kwisiphequluli sakho .
Kwiposti elandelayo: silungisa iingxaki kakuhle
Namhlanje ubonile ukuba imithetho ye-Istio yomzila inokwenza ntoni. Ngoku khawucinge into enye, kodwa kuphela ngokunxulumene nokuphathwa kwempazamo. Yile nto kanye esiza kuthetha ngayo kwisithuba esilandelayo.
umthombo: www.habr.com