Akiyesi. itumọ.: A ṣe iyasọtọ jara yii lati ṣafihan awọn agbara Istio ati ṣafihan wọn ni iṣe. Bayi a yoo sọrọ nipa awọn abala eka diẹ sii ti iṣeto ati lilo ti apapo iṣẹ yii, ati ni pataki, nipa ipa-ọna aifwy daradara ati iṣakoso ijabọ nẹtiwọọki.
A tun leti pe nkan naa nlo awọn atunto (awọn ifihan fun Kubernetes ati Istio) lati ibi ipamọ .
Traffic Management
Pẹlu Istio, awọn agbara titun han ninu iṣupọ lati pese:
- Yiyi ìbéèrè afisona: canary rollouts, A / B igbeyewo;
- Iwontunwonsi fifuye: rọrun ati ni ibamu, da lori hashes;
- Imularada lẹhin isubu: timeouts, retries, Circuit breakers;
- Fi awọn aṣiṣe sii: idaduro, silẹ ibeere, ati be be lo.
Bi nkan naa ti n tẹsiwaju, awọn agbara wọnyi yoo jẹ alaworan nipa lilo ohun elo ti o yan gẹgẹbi apẹẹrẹ ati awọn imọran tuntun yoo ṣafihan ni ọna. Ni igba akọkọ ti iru ero yoo jẹ DestinationRules (ie awọn ofin nipa olugba ti ijabọ/awọn ibeere - isunmọ. transl.), pẹlu iranlọwọ ti eyi ti a mu A / B igbeyewo.
A / B igbeyewo: DestinationRules ni iwa
Idanwo A/B ni a lo ni awọn ọran nibiti awọn ẹya meji ti ohun elo kan wa (nigbagbogbo wọn yatọ ni oju) ati pe a ko rii daju 100% eyiti yoo mu iriri olumulo dara si. Nitorinaa, a nṣiṣẹ awọn ẹya mejeeji nigbakanna ati gba awọn metiriki.
Lati ran ẹya keji ti iwaju iwaju, ti o nilo fun iṣafihan idanwo A/B, ṣiṣe aṣẹ wọnyi:
$ kubectl apply -f resource-manifests/kube/ab-testing/sa-frontend-green-deployment.yaml
deployment.extensions/sa-frontend-green createdIfihan imuṣiṣẹ fun ẹya alawọ ewe yatọ ni awọn aaye meji:
- Aworan naa da lori aami ti o yatọ -
istio-green, - Pods ni aami kan
version: green.
Niwon awọn imuṣiṣẹ mejeeji ni aami kan app: sa-frontend,awọn ibeere ipasẹ nipasẹ foju iṣẹ sa-external-services fun iṣẹ sa-frontend, yoo wa ni darí si gbogbo awọn oniwe- instances ati awọn fifuye yoo wa ni pin nipasẹ , eyi ti yoo ja si awọn wọnyi ipo:
Awọn faili ti o beere ko ri
A ko ri awọn faili wọnyi nitori pe wọn jẹ orukọ ọtọtọ ni awọn ẹya ti ohun elo naa. Jẹ ki a rii daju eyi:
$ curl --silent http://$EXTERNAL_IP/ | tr '"' 'n' | grep main
/static/css/main.c7071b22.css
/static/js/main.059f8e9c.js
$ curl --silent http://$EXTERNAL_IP/ | tr '"' 'n' | grep main
/static/css/main.f87cd8c9.css
/static/js/main.f7659dbb.js
O tumọ si pe index.html, n beere fun ẹya kan ti awọn faili aimi, le firanṣẹ nipasẹ iwọntunwọnsi fifuye si awọn adarọ-ese ti o ni ẹya ti o yatọ, nibiti, fun awọn idi ti o han gbangba, iru awọn faili ko si. Nitorinaa, ki ohun elo naa le ṣiṣẹ, a nilo lati ṣeto ihamọ kan: “ẹya kanna ti ohun elo ti o ṣiṣẹ index.html yẹ ki o sin awọn ibeere ti o tẹle».
A yoo de ibẹ pẹlu iwọntunwọnsi fifuye-orisun hash dédé (Iwọntunwọnsi elile Hash ni ibamu)... Fun idi eyi Awọn ibeere lati ọdọ alabara kanna ni a firanṣẹ si apẹẹrẹ ẹhin ẹhin kanna, fun eyiti a ti lo ohun-ini asọtẹlẹ tẹlẹ - fun apẹẹrẹ, akọsori HTTP kan. Ti ṣe imuse nipa lilo Awọn ofin Destination.
Awọn ofin ibi
Lẹhin Iṣẹ-iṣẹ Foju firanṣẹ ibeere kan si iṣẹ ti o fẹ, ni lilo Awọn ofin Destination a le ṣalaye awọn eto imulo ti yoo lo si ijabọ ti a pinnu fun awọn apẹẹrẹ ti iṣẹ yii:
Isakoso ijabọ pẹlu awọn orisun Istio
Daakọ: Ipa ti awọn orisun Istio lori ijabọ nẹtiwọki ti gbekalẹ nibi ni ọna ti o rọrun lati ni oye. Lati jẹ kongẹ, ipinnu lori iru apẹẹrẹ lati firanṣẹ ibeere naa jẹ nipasẹ Aṣoju ni ẹnu-ọna Ingress ti a tunto ni CRD.
Pẹlu Awọn ofin Ilọsiwaju, a le tunto iwọntunwọnsi fifuye lati lo hashes dédé ati rii daju pe apẹẹrẹ iṣẹ kanna dahun si olumulo kanna. Iṣeto ni atẹle gba ọ laaye lati ṣaṣeyọri eyi ():
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: sa-frontend
spec:
host: sa-frontend
trafficPolicy:
loadBalancer:
consistentHash:
httpHeaderName: version # 1
1 - hash yoo jẹ ipilẹṣẹ ti o da lori awọn akoonu ti akọsori HTTP version.
Waye iṣeto ni pẹlu aṣẹ atẹle:
$ kubectl apply -f resource-manifests/istio/ab-testing/destinationrule-sa-frontend.yaml
destinationrule.networking.istio.io/sa-frontend created
Bayi ṣiṣe aṣẹ ni isalẹ ki o rii daju pe o gba awọn faili to tọ nigbati o ba pato akọsori naa version:
$ curl --silent -H "version: yogo" http://$EXTERNAL_IP/ | tr '"' 'n' | grep mainDaakọLati ṣafikun awọn iye oriṣiriṣi ninu akọsori ati idanwo awọn abajade taara ni ẹrọ aṣawakiri, o le lo si Chrome (tabi fun Firefox - isunmọ. itumọ.).
Ni gbogbogbo, Awọn ofin Destination ni awọn agbara diẹ sii ni agbegbe iwọntunwọnsi fifuye - ṣayẹwo fun awọn alaye ni .
Ṣaaju ki o to kọ ẹkọ VirtualService siwaju, jẹ ki a paarẹ “ẹya alawọ ewe” ti ohun elo naa ati ofin itọsọna ijabọ ti o baamu nipa ṣiṣe awọn aṣẹ wọnyi:
$ kubectl delete -f resource-manifests/kube/ab-testing/sa-frontend-green-deployment.yaml
deployment.extensions “sa-frontend-green” deleted
$ kubectl delete -f resource-manifests/istio/ab-testing/destinationrule-sa-frontend.yaml
destinationrule.networking.istio.io “sa-frontend” deletedMirroring: Foju Awọn iṣẹ ni Iwa
Pipọnti ("idabobo") tabi Mirroring ("digi") Ti a lo ni awọn ọran nibiti a fẹ lati ṣe idanwo iyipada ninu iṣelọpọ laisi ni ipa awọn olumulo ipari: lati ṣe eyi, a ṣe ẹda (“digi”) awọn ibeere si apẹẹrẹ keji nibiti a ti ṣe awọn ayipada ti o fẹ, ati wo awọn abajade. Ni kukuru, eyi ni nigbati ẹlẹgbẹ rẹ yan ọran to ṣe pataki julọ ti o ṣe ibeere fa ni irisi iru idọti nla kan ti ko si ẹnikan ti o le ṣe atunwo rẹ gaan.
Lati ṣe idanwo oju iṣẹlẹ yii ni iṣe, jẹ ki a ṣẹda apẹẹrẹ keji ti SA-Logic pẹlu awọn idun (buggy) nipa ṣiṣe aṣẹ wọnyi:
$ kubectl apply -f resource-manifests/kube/shadowing/sa-logic-service-buggy.yaml
deployment.extensions/sa-logic-buggy created
Ati nisisiyi jẹ ki a ṣiṣẹ aṣẹ naa lati rii daju pe gbogbo awọn iṣẹlẹ pẹlu app=sa-logic Wọn tun ni awọn akole pẹlu awọn ẹya ti o baamu:
$ kubectl get pods -l app=sa-logic --show-labels
NAME READY LABELS
sa-logic-568498cb4d-2sjwj 2/2 app=sa-logic,version=v1
sa-logic-568498cb4d-p4f8c 2/2 app=sa-logic,version=v1
sa-logic-buggy-76dff55847-2fl66 2/2 app=sa-logic,version=v2
sa-logic-buggy-76dff55847-kx8zz 2/2 app=sa-logic,version=v2
iṣẹ sa-logic fojusi pods pẹlu aami kan app=sa-logic, nitorina gbogbo awọn ibeere yoo pin laarin gbogbo awọn iṣẹlẹ:
ṣugbọn a fẹ ki a firanṣẹ awọn ibeere si awọn iṣẹlẹ v1 ati ki o ṣe afihan si awọn iṣẹlẹ v2:
A yoo ṣaṣeyọri eyi nipasẹ VirtualService ni apapo pẹlu DestinationRule, nibiti awọn ofin yoo pinnu awọn ipin ati awọn ipa-ọna ti Iṣẹ Virtual si ipin kan pato.
Asọye Subsets ni Nlo Ofin
Awọn ipin (awọn ipin) ti pinnu nipasẹ iṣeto ni atẹle ():
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: sa-logic
spec:
host: sa-logic # 1
subsets:
- name: v1 # 2
labels:
version: v1 # 3
- name: v2
labels:
version: v2- agbalejo (
host) ṣalaye pe ofin yii kan si awọn ọran nikan nigbati ipa ọna ba lọ si iṣẹ naasa-logic; - Awọn akọle (
name) Awọn ipin-ipin ti wa ni lilo nigbati o ba nlọ si awọn igba idasile; - Aami (
label) ṣe asọye awọn orisii iye bọtini ti awọn apẹẹrẹ gbọdọ baramu lati di apakan ti ipin.
Waye iṣeto ni pẹlu aṣẹ atẹle:
$ kubectl apply -f resource-manifests/istio/shadowing/sa-logic-subsets-destinationrule.yaml
destinationrule.networking.istio.io/sa-logic createdNi bayi pe a ti ṣalaye awọn ipin-ipin, a le tẹsiwaju ati tunto Iṣẹ Virtual lati lo awọn ofin si awọn ibeere lati sa-logic ki wọn:
- Yi lọ si ipin kan
v1, - Ti ṣe afihan si ipin kan
v2.
Ilana atẹle yii gba ọ laaye lati ṣaṣeyọri awọn ero rẹ ():
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: sa-logic
spec:
hosts:
- sa-logic
http:
- route:
- destination:
host: sa-logic
subset: v1
mirror:
host: sa-logic
subset: v2Ko si alaye ti o nilo nibi, nitorinaa jẹ ki a kan rii ni iṣe:
$ kubectl apply -f resource-manifests/istio/shadowing/sa-logic-subsets-shadowing-vs.yaml
virtualservice.networking.istio.io/sa-logic createdJẹ ki a ṣafikun ẹru naa nipa pipe pipaṣẹ atẹle:
$ while true; do curl -v http://$EXTERNAL_IP/sentiment
-H "Content-type: application/json"
-d '{"sentence": "I love yogobella"}';
sleep .8; done
Jẹ ki a wo awọn abajade ni Grafana, nibi ti o ti le rii pe ẹya pẹlu awọn idun (buggyAwọn abajade ikuna fun ~ 60% awọn ibeere, ṣugbọn ko si ọkan ninu awọn ikuna wọnyi ti o kan awọn olumulo ipari bi wọn ṣe dahun si nipasẹ iṣẹ ṣiṣe kan.
Awọn idahun aṣeyọri ti awọn ẹya oriṣiriṣi ti iṣẹ sa-logic
Nibi a kọkọ rii bii VirtualService ṣe lo si Awọn Aṣoju ti awọn iṣẹ wa: nigbawo sa-web-app mu ki a ìbéèrè lati sa-logic, o lọ nipasẹ awọn sidecar Envoy, eyi ti - nipasẹ VirtualService - ti wa ni tunto lati darí awọn ìbéèrè si v1 subset ati digi awọn ìbéèrè si v2 subset ti awọn iṣẹ. sa-logic.
Mo mọ, o le ti ro pe Awọn iṣẹ Foju jẹ rọrun. Ni apakan ti o tẹle, a yoo faagun lori iyẹn nipa sisọ pe wọn tun jẹ nla nitootọ.
Canary rollouts
Imuṣiṣẹ Canary jẹ ilana ti yiyi ẹya tuntun ti ohun elo kan si nọmba kekere ti awọn olumulo. O ti lo lati rii daju pe ko si awọn iṣoro ninu itusilẹ ati lẹhin iyẹn nikan, ti ni igboya tẹlẹ ninu didara rẹ (itusilẹ), pin kaakiri si awọn olumulo miiran.оtobi jepe.
Lati ṣe afihan awọn iyipo canary, a yoo tẹsiwaju lati ṣiṣẹ pẹlu ipin kan buggy у sa-logic.
Jẹ ki a ma ṣe egbin akoko lori awọn ohun kekere ati firanṣẹ lẹsẹkẹsẹ 20% ti awọn olumulo si ẹya pẹlu awọn idun (eyi yoo ṣe aṣoju yiyi canary wa), ati 80% to ku si iṣẹ deede. Lati ṣe eyi, lo iṣẹ VirtualService wọnyi ():
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: sa-logic
spec:
hosts:
- sa-logic
http:
- route:
- destination:
host: sa-logic
subset: v1
weight: 80 # 1
- destination:
host: sa-logic
subset: v2
weight: 20 # 1
1 ni iwuwo (weight), eyiti o ṣalaye ipin ogorun awọn ibeere ti yoo ṣe itọsọna si olugba tabi ipin ti olugba.
Jẹ ki a ṣe imudojuiwọn iṣeto VirtualService tẹlẹ fun sa-logic pẹlu aṣẹ wọnyi:
$ kubectl apply -f resource-manifests/istio/canary/sa-logic-subsets-canary-vs.yaml
virtualservice.networking.istio.io/sa-logic configuredati pe a yoo rii lẹsẹkẹsẹ pe diẹ ninu awọn ibeere ja si awọn ikuna:
$ while true; do
curl -i http://$EXTERNAL_IP/sentiment
-H "Content-type: application/json"
-d '{"sentence": "I love yogobella"}'
--silent -w "Time: %{time_total}s t Status: %{http_code}n"
-o /dev/null; sleep .1; done
Time: 0.153075s Status: 200
Time: 0.137581s Status: 200
Time: 0.139345s Status: 200
Time: 30.291806s Status: 500Awọn iṣẹ Virtual jẹ ki awọn iyipo canary ṣiṣẹ: Ni idi eyi, a ti dín ipa agbara ti awọn ọran naa si 20% ti ipilẹ olumulo. Iyanu! Bayi, ni gbogbo ọran nigba ti a ko ba ni idaniloju koodu wa (ni awọn ọrọ miiran - nigbagbogbo ...), a le lo digi ati awọn iyipo canary.
Awọn akoko ipari ati awọn atunwo
Ṣugbọn awọn idun ko nigbagbogbo pari ni koodu. Ninu atokọ lati ""Ni aaye akọkọ ni igbagbọ aṣiṣe pe" nẹtiwọki jẹ igbẹkẹle." Ni otito, nẹtiwọki kii ṣe gbẹkẹle, ati fun idi eyi ti a nilo timeouts (akoko ipari) ati ki o tun (gbiyanju).
Fun ifihan a yoo tẹsiwaju lati lo ẹya iṣoro kanna sa-logic (buggy), ati pe a yoo ṣe afiwe aiṣedeede ti nẹtiwọọki pẹlu awọn ikuna laileto.
Jẹ ki iṣẹ wa pẹlu awọn idun ni aye 1/3 ti gbigba pipẹ pupọ lati dahun, aye 1/3 ti ipari pẹlu Aṣiṣe olupin inu, ati aye 1/3 ti dapadabọ oju-iwe naa ni aṣeyọri.
Lati dinku ipa iru awọn iṣoro bẹ ati jẹ ki igbesi aye dara julọ fun awọn olumulo, a le:
- ṣafikun akoko isinmi ti iṣẹ naa ba gba to ju iṣẹju-aaya 8 lọ lati dahun,
- tun gbiyanju ti ibeere ba kuna.
Fun imuse, a yoo lo asọye awọn orisun atẹle ():
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: sa-logic
spec:
hosts:
- sa-logic
http:
- route:
- destination:
host: sa-logic
subset: v1
weight: 50
- destination:
host: sa-logic
subset: v2
weight: 50
timeout: 8s # 1
retries:
attempts: 3 # 2
perTryTimeout: 3s # 3- Akoko ipari fun ibeere ti ṣeto si awọn aaya 8;
- Awọn ibeere ni a tun gbiyanju ni igba mẹta;
- Ati pe igbiyanju kọọkan ni a gba pe ko ni aṣeyọri ti akoko idahun ba kọja awọn aaya 3.
Eyi jẹ iṣapeye nitori olumulo kii yoo ni lati duro diẹ sii ju awọn aaya 8 ati pe a yoo ṣe awọn igbiyanju tuntun mẹta lati gba esi ni ọran ti awọn ikuna, jijẹ aye ti esi aṣeyọri.
Waye iṣeto imudojuiwọn pẹlu aṣẹ atẹle:
$ kubectl apply -f resource-manifests/istio/retries/sa-logic-retries-timeouts-vs.yaml
virtualservice.networking.istio.io/sa-logic configuredAti ṣayẹwo ninu awọn aworan Grafana pe nọmba awọn idahun aṣeyọri ti pọ si loke:
Awọn ilọsiwaju ni awọn iṣiro idahun aṣeyọri lẹhin fifi awọn akoko ipari kun ati awọn atunwo
Ṣaaju ki o to lọ si apakan atẹle (tabi dipo, si apakan atẹle ti nkan naa, nitori ninu eyi kii yoo si awọn idanwo ti o wulo diẹ sii - isunmọ. transl.), paarẹ sa-logic-buggy ati Iṣẹ Virtual nipa ṣiṣe awọn aṣẹ wọnyi:
$ kubectl delete deployment sa-logic-buggy
deployment.extensions “sa-logic-buggy” deleted
$ kubectl delete virtualservice sa-logic
virtualservice.networking.istio.io “sa-logic” deletedCircuit fifọ ati Bulkhead Àpẹẹrẹ
A n sọrọ nipa awọn ilana pataki meji ni faaji microservice ti o gba ọ laaye lati ṣaṣeyọri imularada ara ẹni (iwosan ara ẹni) awọn iṣẹ.
Opin Iyika monamona ("Opin Iyika monamona") ti a lo lati fopin si awọn ibeere ti o nbọ si apẹẹrẹ ti iṣẹ kan ti a ka pe ko ni ilera ati mu pada nigba ti awọn ibeere alabara ni a darí si awọn iṣẹlẹ ilera ti iṣẹ yẹn (eyiti o pọ si ipin ogorun awọn idahun aṣeyọri). (Akiyesi: Apejuwe alaye diẹ sii ti apẹrẹ le ṣee rii, fun apẹẹrẹ, .)
Olopobobo ("ipin") ya sọtọ awọn ikuna iṣẹ lati ni ipa lori gbogbo eto. Fun apẹẹrẹ, Iṣẹ B ti bajẹ ati pe iṣẹ miiran (Olubara Iṣẹ B) ṣe ibeere kan si Iṣẹ B, nfa ki o pari adagun okun okun rẹ ati pe ko le ṣe iṣẹ awọn ibeere miiran (paapaa ti wọn ko ba wa lati Iṣẹ B). (Akiyesi: Apejuwe alaye diẹ sii ti apẹrẹ le ṣee rii, fun apẹẹrẹ, .)
Emi yoo fi awọn alaye imuse ti awọn ilana wọnyi silẹ nitori pe wọn rọrun lati wa ninu , ati pe Mo tun fẹ gaan lati ṣafihan ijẹrisi ati aṣẹ, eyiti a yoo jiroro ni apakan atẹle ti nkan naa.
PS lati onitumọ
Ka tun lori bulọọgi wa:
- "Pada si awọn iṣẹ microservice pẹlu Istio": , ;
- «»;
- «».
orisun: www.habr.com