Ifihan
A wa ninu bẹrẹ gbigbe Istio bi apapo iṣẹ kan. Ni opo, ohun gbogbo dara, ayafi fun ohun kan: o jẹ gbowolori.
В fun Istio o sọ pe:
Pẹlu Istio 1.1, aṣoju n gba to 0,6 vCPUs (awọn ohun kohun foju) fun awọn ibeere 1000 fun iṣẹju kan.
Fun agbegbe akọkọ ni apapo iṣẹ (awọn aṣoju 2 ni ẹgbẹ kọọkan ti asopọ), a yoo ni awọn ohun kohun 1200 kan fun aṣoju, ni iwọn awọn ibeere miliọnu kan fun iṣẹju keji. Gẹgẹbi iṣiro idiyele idiyele Google, o ṣiṣẹ lati jẹ isunmọ $ 40 / oṣu / mojuto fun iṣeto ni n1-standard-64, iyẹn ni, agbegbe yii nikan yoo na wa diẹ sii ju 50 ẹgbẹrun dọla fun oṣu kan fun awọn ibeere miliọnu 1 fun iṣẹju kan.
Ivan Sim () awọn idaduro mesh iṣẹ ni ọdun to kọja ati ṣe ileri kanna fun iranti ati ero isise, ṣugbọn ko ṣiṣẹ:
Nkqwe, values-istio-test.yaml yoo ṣe alekun awọn ibeere Sipiyu ni pataki. Ti Mo ba ti ṣe iṣiro mi ni deede, o nilo isunmọ awọn ohun kohun 24 Sipiyu fun igbimọ iṣakoso ati 0,5 Sipiyu fun aṣoju kọọkan. Emi ko ni iye yẹn. Emi yoo tun awọn idanwo naa ṣe nigbati awọn orisun diẹ sii ti pin si mi.
Mo fẹ lati rii fun ara mi bii iṣẹ ṣiṣe Istio ti jọra jẹ si apapo iṣẹ orisun ṣiṣi miiran: .
Fifi sori ẹrọ apapo iṣẹ
Ni akọkọ, Mo fi sii sinu iṣupọ kan :
$ supergloo init
installing supergloo version 0.3.12
using chart uri https://storage.googleapis.com/supergloo-helm/charts/supergloo-0.3.12.tgz
configmap/sidecar-injection-resources created
serviceaccount/supergloo created
serviceaccount/discovery created
serviceaccount/mesh-discovery created
clusterrole.rbac.authorization.k8s.io/discovery created
clusterrole.rbac.authorization.k8s.io/mesh-discovery created
clusterrolebinding.rbac.authorization.k8s.io/supergloo-role-binding created
clusterrolebinding.rbac.authorization.k8s.io/discovery-role-binding created
clusterrolebinding.rbac.authorization.k8s.io/mesh-discovery-role-binding created
deployment.extensions/supergloo created
deployment.extensions/discovery created
deployment.extensions/mesh-discovery created
install successful!Mo lo SuperGloo nitori pe o jẹ ki bootstrapping apapo iṣẹ rọrun pupọ. Emi ko ni lati ṣe pupọ. A ko lo SuperGloo ni iṣelọpọ, ṣugbọn o jẹ apẹrẹ fun iru iṣẹ-ṣiṣe kan. Mo ni lati lo gangan awọn aṣẹ meji fun apapo iṣẹ kọọkan. Mo lo awọn iṣupọ meji fun ipinya - ọkọọkan fun Istio ati Linkerd.
Idanwo naa ni a ṣe lori Google Kubernetes Engine. Mo ti lo Kubernetes 1.12.7-gke.7 ati adagun ti apa n1-standard-4 pẹlu irẹjẹ oju ipade laifọwọyi (o kere ju 4, o pọju 16).
Lẹhinna Mo fi sori ẹrọ awọn meshes iṣẹ mejeeji lati laini aṣẹ.
Linkerd akọkọ:
$ supergloo install linkerd --name linkerd
+---------+--------------+---------+---------------------------+
| INSTALL | TYPE | STATUS | DETAILS |
+---------+--------------+---------+---------------------------+
| linkerd | Linkerd Mesh | Pending | enabled: true |
| | | | version: stable-2.3.0 |
| | | | namespace: linkerd |
| | | | mtls enabled: true |
| | | | auto inject enabled: true |
+---------+--------------+---------+---------------------------+Lẹhinna Istio:
$ supergloo install istio --name istio --installation-namespace istio-system --mtls=true --auto-inject=true
+---------+------------+---------+---------------------------+
| INSTALL | TYPE | STATUS | DETAILS |
+---------+------------+---------+---------------------------+
| istio | Istio Mesh | Pending | enabled: true |
| | | | version: 1.0.6 |
| | | | namespace: istio-system |
| | | | mtls enabled: true |
| | | | auto inject enabled: true |
| | | | grafana enabled: true |
| | | | prometheus enabled: true |
| | | | jaeger enabled: true |
+---------+------------+---------+---------------------------+Lupu jamba gba iṣẹju diẹ, lẹhinna awọn panẹli iṣakoso duro.
(Akiyesi: SuperGloo nikan ṣe atilẹyin Istio 1.0.x fun bayi. Mo tun ṣe idanwo naa pẹlu Istio 1.1.3, ṣugbọn ko ṣe akiyesi iyatọ akiyesi eyikeyi.)
Ṣiṣeto Ifilọlẹ Aifọwọyi Istio
Lati jẹ ki Istio fi sori ẹrọ Aṣoju ọkọ ayọkẹlẹ ẹgbẹ, a lo injector sidecar - MutatingAdmissionWebhook. A kii yoo sọrọ nipa rẹ ninu nkan yii. Jẹ ki n kan sọ pe eyi jẹ oludari ti o ṣe abojuto iraye si gbogbo awọn adarọ-ese tuntun ati ni agbara ti o ṣafikun sidecar ati initContainer, eyiti o jẹ iduro fun awọn iṣẹ ṣiṣe. iptables.
A ni Shopify kowe oludari iwọle tiwa lati ṣe awọn ọkọ ayọkẹlẹ ẹgbẹ, ṣugbọn fun ala-ilẹ yii Mo lo oludari ti o wa pẹlu Istio. Alakoso nfi awọn ọkọ ayọkẹlẹ ẹgbẹ silẹ nipasẹ aiyipada nigbati ọna abuja ba wa ni aaye orukọ istio-injection: enabled:
$ kubectl label namespace irs-client-dev istio-injection=enabled
namespace/irs-client-dev labeled
$ kubectl label namespace irs-server-dev istio-injection=enabled
namespace/irs-server-dev labeledṢiṣeto imuṣiṣẹ Linkerd laifọwọyi
Lati ṣeto ifibọ ẹgbẹ ẹgbẹ Linkerd, a lo awọn akọsilẹ (Mo ṣafikun wọn pẹlu ọwọ nipasẹ kubectl edit):
metadata:
annotations:
linkerd.io/inject: enabled$ k edit ns irs-server-dev
namespace/irs-server-dev edited
$ k get ns irs-server-dev -o yaml
apiVersion: v1
kind: Namespace
metadata:
annotations:
linkerd.io/inject: enabled
name: irs-server-dev
spec:
finalizers:
- kubernetes
status:
phase: ActiveSimulator Fault Fault Istio
A ṣe simulator ifarada ẹbi kan ti a pe ni Istio lati ṣe idanwo pẹlu alailẹgbẹ ijabọ si Shopify. A nilo ohun elo kan lati ṣẹda topology aṣa ti yoo ṣe aṣoju ipin kan pato ti aworan iṣẹ wa, ti a tunto ni agbara lati ṣe awoṣe awọn ẹru iṣẹ kan pato.
Awọn amayederun Shopify wa labẹ ẹru wuwo lakoko awọn tita filasi. Ni akoko kanna, Shopify . Tobi onibara ma kilo nipa a gbero filasi sale. Àwọn míì máa ń ṣe fún wa láìròtẹ́lẹ̀ nígbàkigbà lọ́sàn-án tàbí lóru.
A fẹ simulator resiliency wa lati ṣe awoṣe awọn ṣiṣan iṣẹ ti o baamu awọn topologies ati awọn ẹru iṣẹ ti o ti bori awọn amayederun Shopify ni iṣaaju. Idi akọkọ ti lilo apapo iṣẹ ni pe a nilo igbẹkẹle ati ifarada ẹbi ni ipele nẹtiwọọki, ati pe o ṣe pataki fun wa pe apapọ iṣẹ naa ni imunadoko pẹlu awọn ẹru ti o fa awọn iṣẹ idalọwọduro tẹlẹ.
Ni okan ti simulator ifarada ẹbi jẹ oju-ọna oṣiṣẹ, eyiti o ṣe bi ipade apapo iṣẹ kan. Ipade oṣiṣẹ le jẹ tunto ni iṣiro ni ibẹrẹ tabi ni agbara nipasẹ API REST kan. A lo iṣeto ni agbara ti awọn apa oṣiṣẹ lati ṣẹda ṣiṣan iṣẹ ni irisi awọn idanwo ipadasẹhin.
Eyi ni apẹẹrẹ ti iru ilana kan:
- A ifilọlẹ 10 apèsè bi
bariṣẹ ti o pada a esi200/OKlẹhin 100 ms. - A ṣe ifilọlẹ awọn alabara 10 - ọkọọkan firanṣẹ awọn ibeere 100 fun iṣẹju kan si
bar. - Gbogbo 10 aaya a yọ 1 olupin ati atẹle awọn aṣiṣe
5xxlori ose.
Ni ipari ṣiṣiṣẹsẹhin, a ṣayẹwo awọn akọọlẹ ati awọn metiriki ati ṣayẹwo boya idanwo naa ti kọja. Ni ọna yii a kọ ẹkọ nipa iṣẹ ṣiṣe ti mesh iṣẹ wa ati ṣiṣe idanwo ipadasẹhin lati ṣe idanwo awọn ero inu wa nipa ifarada ẹbi.
(Akiyesi: A n gbero wiwa ṣiṣi silẹ simulator ifarada ẹbi Istio, ṣugbọn ko ṣetan lati ṣe bẹ sibẹsibẹ.)
Simulator ifarada ẹbi Istio fun ala mesh iṣẹ
A ṣeto ọpọlọpọ awọn apa iṣẹ ti simulator:
irs-client-loadgen: Awọn ẹda 3 ti o firanṣẹ awọn ibeere 100 fun iṣẹju-aaya funirs-client.irs-client: Awọn ẹda 3 ti o gba ibeere naa, duro 100ms ki o firanṣẹ ibeere naa siirs-server.irs-server: 3 replicas ti o pada200/OKlẹhin 100 ms.
Pẹlu iṣeto ni yii, a le wiwọn ṣiṣan ijabọ iduroṣinṣin laarin awọn aaye ipari 9. Sidecars ni irs-client-loadgen и irs-server gba 100 ibeere fun keji, ati irs-client - 200 (ti nwọle ati ti njade).
A tọpinpin lilo awọn orisun nipasẹ nitori a ko ni Prometheus iṣupọ.
Результаты
Iṣakoso paneli
Ni akọkọ, a ṣe ayẹwo lilo Sipiyu.
Linkerd Iṣakoso nronu ~ 22 millicore
Istio Iṣakoso nronu: ~ 750 millicore
Igbimọ iṣakoso Istio nlo isunmọ 35 igba diẹ Sipiyu oroju Linkerd. Nitoribẹẹ, ohun gbogbo ti fi sori ẹrọ nipasẹ aiyipada, ati istio-telemetry n gba ọpọlọpọ awọn orisun Sipiyu nibi (o le jẹ alaabo nipa piparẹ awọn iṣẹ kan). Ti a ba yọ paati yii kuro, a tun gba diẹ sii ju 100 millicores, iyẹn ni Awọn akoko 4 diẹ siiju Linkerd.
Sidecar aṣoju
Lẹhinna a ṣe idanwo lilo aṣoju kan. Ibasepo laini yẹ ki o wa pẹlu nọmba awọn ibeere, ṣugbọn fun ọkọ ayọkẹlẹ ẹgbẹ kọọkan diẹ ninu awọn oke wa ti o ni ipa lori ohun ti tẹ.
Linkerd: ~ 100 millicores fun irs-client, ~ 50 millicores fun irs-client-loadgen
Awọn abajade naa dabi ọgbọn, nitori pe aṣoju alabara gba ilọpo meji ijabọ bi aṣoju fifuye: fun gbogbo ibeere ti njade lati loadgen, alabara ni ọkan ti nwọle ati ti njade kan.
Istio/Aṣoju: ~ 155 millicores fun irs-client, ~ 75 millicores fun irs-client-loadgen
A ri iru esi fun Istio sidecars.
Ṣugbọn ni gbogbogbo, awọn aṣoju Istio/Envoy njẹ to 50% diẹ Sipiyu oroju Linkerd.
A rii ero kanna ni ẹgbẹ olupin:
Linkerd: ~ 50 millicore fun irs-server
Istio/Aṣoju: ~ 80 millicore fun irs-server
Ni ẹgbẹ olupin, sidecar Istio/Envoy njẹ to 60% diẹ Sipiyu oroju Linkerd.
ipari
Aṣoju Istio Envoy n gba 50+% Sipiyu diẹ sii ju Linkerd lori iṣẹ ṣiṣe afarawe wa. Igbimọ iṣakoso Linkerd n gba awọn orisun ti o dinku pupọ ju Istio, pataki fun awọn paati mojuto.
A tun n ronu nipa bi a ṣe le dinku awọn idiyele wọnyi. Ti o ba ni awọn imọran, jọwọ pin!
orisun: www.habr.com