Isingeniso
Singaphakathi
Π
Nge-Istio 1.1, ummeleli usebenzisa cishe ama-vCPU angu-0,6 (ama-virtual cores) ngezicelo eziyi-1000 ngomzuzwana.
Esifundeni sokuqala ku-mesh yesevisi (ama-proxies angu-2 ohlangothini ngalunye loxhumo), sizoba nama-cores angu-1200 kummeleli nje, ngenani lezicelo eziyisigidi ngomzuzwana. Ngokusho kokubala kwezindleko ze-Google, kusebenza cishe u-$40/ngenyanga/okuyisisekelo ukuze kucushwe n1-standard-64
, okungukuthi, lesi sifunda sisodwa sizosibiza ngaphezu kwama-dollar ayizinkulungwane ezingu-50 ngenyanga ngezicelo eziyizigidi ezingu-1 ngomzuzwana.
U-Ivan Sim (
Ngokusobala, i-values-istio-test.yaml izokwandisa kakhulu izicelo ze-CPU. Uma ngenze izibalo zami ngendlela efanele, udinga cishe ama-CPU angu-24 ephaneli yokulawula kanye no-0,5 CPU kummeleli ngamunye. Anginakho okungako. Ngizophinda izivivinyo uma izinsiza ezengeziwe zabelwe mina.
Bengifuna ukuzibonela ngawami ukuthi ukusebenza kwe-Istio kufana kanjani kwenye i-mesh yesevisi yomthombo ovulekile:
Ukufakwa kwe-mesh yesevisi
Okokuqala, ngiyifake kuqoqo
$ supergloo init
installing supergloo version 0.3.12
using chart uri https://storage.googleapis.com/supergloo-helm/charts/supergloo-0.3.12.tgz
configmap/sidecar-injection-resources created
serviceaccount/supergloo created
serviceaccount/discovery created
serviceaccount/mesh-discovery created
clusterrole.rbac.authorization.k8s.io/discovery created
clusterrole.rbac.authorization.k8s.io/mesh-discovery created
clusterrolebinding.rbac.authorization.k8s.io/supergloo-role-binding created
clusterrolebinding.rbac.authorization.k8s.io/discovery-role-binding created
clusterrolebinding.rbac.authorization.k8s.io/mesh-discovery-role-binding created
deployment.extensions/supergloo created
deployment.extensions/discovery created
deployment.extensions/mesh-discovery created
install successful!
Ngisebenzise i-SuperGloo ngoba yenza i-bootstrapping mesh yesevisi ibe lula kakhulu. Kwakungadingeki ngenze okuningi. Asisebenzisi iSuperGloo ekukhiqizeni, kodwa ilungele umsebenzi onjalo. Bekufanele ngisebenzise ngokoqobo imiyalo embalwa yesevisi ngayinye. Ngisebenzise amaqoqo amabili ukuze ngizihlukanise - elilodwa ele-Istio ne-Linkerd.
Ukuhlolwa kwenziwe ku-Google Kubernetes Engine. Ngisebenzise i-Kubernetes 1.12.7-gke.7
kanye nechibi lamanodi n1-standard-4
ngokukala kwenodi okuzenzakalelayo (ubuncane obungu-4, ubuningi obungu-16).
Ngabe sengifaka womabili ama-meshes wesevisi kusuka kulayini womyalo.
I-Linked yokuqala:
$ supergloo install linkerd --name linkerd
+---------+--------------+---------+---------------------------+
| INSTALL | TYPE | STATUS | DETAILS |
+---------+--------------+---------+---------------------------+
| linkerd | Linkerd Mesh | Pending | enabled: true |
| | | | version: stable-2.3.0 |
| | | | namespace: linkerd |
| | | | mtls enabled: true |
| | | | auto inject enabled: true |
+---------+--------------+---------+---------------------------+
Khona-ke i-Istio:
$ supergloo install istio --name istio --installation-namespace istio-system --mtls=true --auto-inject=true
+---------+------------+---------+---------------------------+
| INSTALL | TYPE | STATUS | DETAILS |
+---------+------------+---------+---------------------------+
| istio | Istio Mesh | Pending | enabled: true |
| | | | version: 1.0.6 |
| | | | namespace: istio-system |
| | | | mtls enabled: true |
| | | | auto inject enabled: true |
| | | | grafana enabled: true |
| | | | prometheus enabled: true |
| | | | jaeger enabled: true |
+---------+------------+---------+---------------------------+
I-crash-loop ithathe imizuzu embalwa, bese ama-control panel azinza.
(Qaphela: I-SuperGloo isekela i-Istio 1.0.x kuphela okwamanje. Ngiphinde ukuhlola nge-Istio 1.1.3, kodwa angizange ngiqaphele noma yimuphi umehluko obonakalayo.)
Isetha i-Istio Automatic Deployment
Ukwenza i-Istio ifake i-Sithunywa yenqola eseceleni, sisebenzisa i-injector ye-sidecar β MutatingAdmissionWebhook
. Ngeke sikhulume ngakho kulesi sihloko. Ake ngisho ukuthi lesi yisilawuli esiqapha ukufinyelela kwawo wonke ama-pod amasha futhi sengeza ngamandla i-sidecar ne-initContainer, ebhekele imisebenzi. iptables
.
Thina kwa-Shopify sibhale isilawuli sethu sokufinyelela ukuze sisebenzise ama-sidecars, kodwa kulokhu kulinganisa ngisebenzise isilawuli esiza ne-Istio. Isilawuli sifaka ama-sidecars ngokuzenzakalela uma kukhona isinqamuleli endaweni yamagama istio-injection: enabled
:
$ kubectl label namespace irs-client-dev istio-injection=enabled
namespace/irs-client-dev labeled
$ kubectl label namespace irs-server-dev istio-injection=enabled
namespace/irs-server-dev labeled
Isetha ukuthunyelwa kwe-Linkerd okuzenzakalelayo
Ukusetha ukushumeka kwe-Linkerd sidecar, sisebenzisa izichasiselo (ngizengeze mathupha nge kubectl edit
):
metadata:
annotations:
linkerd.io/inject: enabled
$ k edit ns irs-server-dev
namespace/irs-server-dev edited
$ k get ns irs-server-dev -o yaml
apiVersion: v1
kind: Namespace
metadata:
annotations:
linkerd.io/inject: enabled
name: irs-server-dev
spec:
finalizers:
- kubernetes
status:
phase: Active
I-Istio Fault Tolerance Simulator
Sakhe isifanisi sokubekezelela amaphutha esibizwa nge-Istio ukuze sihlole ithrafikhi ehlukile kwaShopify. Besidinga ithuluzi lokudala i-topology yangokwezifiso ezomela ingxenye ethile yegrafu yesevisi yethu, elungiselelwe ngokuguqukayo ukuze ifane nemithwalo ethile yomsebenzi.
Ingqalasizinda yakwaShopify ingaphansi komthwalo osindayo ngesikhathi sokuthengiswa kwe-flash. Ngesikhathi esifanayo, Shopify
Besifuna isifanisi sethu sokuqina senze imodeli yokugeleza komsebenzi okufana nezihloko zezindaba kanye nomthwalo womsebenzi okhungathekise ingqalasizinda yakwaShopify esikhathini esidlule. Inhloso eyinhloko yokusebenzisa i-service mesh ukuthi sidinga ukwethembeka nokubekezelela amaphutha ezingeni lenethiwekhi, futhi kubalulekile kithi ukuthi i-service mesh ibhekane ngokuphumelelayo nemithwalo ephazamise izinsizakalo ngaphambilini.
Enhliziyweni yesifanisi sokubekezelela iphutha kunenodi yesisebenzi, esebenza njengenodi yemeshi yesevisi. I-node yesisebenzi ingamiswa ngokwezibalo ekuqaleni noma ngokuguqukayo nge-REST API. Sisebenzisa ukucushwa okuguquguqukayo kwamanodi ezisebenzi ukuze sidale ukugeleza komsebenzi ngendlela yokuhlolwa kokuhlehla.
Nasi isibonelo senqubo enjalo:
- Sethula amaseva ayi-10 njenge
bar
isevisi ebuyisela impendulo200/OK
ngemuva kwe-100 ms. - Sethula amaklayenti ayi-10 - ngalinye lithumela izicelo eziyi-100 ngomzuzwana
bar
. - Njalo ngemizuzwana eyi-10 sikhipha iseva engu-1 futhi siqaphe amaphutha
5xx
kwiklayenti.
Ekupheleni kokuhamba komsebenzi, sihlola amalogi namamethrikhi futhi sihlole ukuthi ukuhlolwa kuphumelele yini. Ngale ndlela sifunda ngokusebenza kwe-mesh yethu yesevisi futhi senza isivivinyo sokuhlehla ukuze sihlole ukucabangela kwethu mayelana nokubekezelela amaphutha.
(Qaphela: Sicubungula ukuthola isifanisi sokubekezelela iphutha se-Istio, kodwa asikakalungeli ukwenza njalo.)
I-Istio fault tolerance simulator ye-service mesh benchmark
Senza ama-node amaningana okusebenza esifanisi:
irs-client-loadgen
: Izifaniso ezi-3 ezithumela izicelo eziyi-100 ngesekhondi ngayinyeirs-client
.irs-client
: Izifaniso ezi-3 ezithola isicelo, linda u-100ms bese udlulisela isicelo ku-irs-server
.irs-server
: Izifaniso ezi-3 ezibuyayo200/OK
ngemuva kwe-100 ms.
Ngalokhu kulungiselelwa, singakwazi ukukala ukugeleza kwethrafikhi okuzinzile phakathi kwamaphoyinti angu-9. Sidecars phakathi irs-client-loadgen
ΠΈ irs-server
thola izicelo eziyi-100 ngomzuzwana, futhi irs-client
- 200 (angenayo naphumayo).
Silandelela ukusetshenziswa kwezinsiza ngokusebenzisa
Imiphumela
Amaphaneli okulawula
Okokuqala, sihlole ukusetshenziswa kwe-CPU.
Iphaneli yokulawula ye-Linkerd ~ 22 millicore
Iphaneli yokulawula ye-Istio: ~ 750 millicore
Iphaneli yokulawula ye-Istio isebenzisa cishe Izinsiza ze-CPU eziphindwe izikhathi ezingama-35ngaphezu kwe-Linkerd. Yiqiniso, yonke into ifakwe ngokuzenzakalelayo, futhi i-istio-telemetry idla izinsiza eziningi zokucubungula lapha (ingakhutshazwa ngokukhubaza imisebenzi ethile). Uma sisusa le ngxenye, sisathola ngaphezu kwama-millicores angu-100, okungukuthi Izikhathi eziyi-4 ngaphezulungaphezu kwe-Linkerd.
Ummeleli we-Sidecar
Sibe sesihlola ukusetshenziswa kommeleli. Kufanele kube nobudlelwano bomugqa nenani lezicelo, kodwa ku-sidecar ngayinye kune-overhead ethile ethinta ijika.
I-Linkerd: ~100 millicores we-irs-client, ~50 millicores we-irs-client-loadgen
Imiphumela ibukeka inengqondo, ngoba ummeleli weklayenti uthola ithrafikhi ephindwe kabili kune-proxy ye-loadgen: kuso sonke isicelo esiphumayo esivela ku-loadgen, iklayenti linesidwa esingenayo nesiphumayo.
I-Istio/Inxusa: ~155 millicores we-irs-client, ~75 millicores we-irs-client-loadgen
Sibona imiphumela efanayo yezimoto eziseceleni ze-Istio.
Kodwa ngokuvamile, ama-proxies e-Istio/Envoy adla cishe izinsiza ze-CPU ezingu-50%.ngaphezu kwe-Linkerd.
Sibona uhlelo olufanayo ohlangothini lweseva:
I-Linkerd: ~50 millicore ye-irs-server
I-Istio/Inxusa: ~80 millicore ye-irs-server
Ohlangothini lweseva, i-sidecar Istio/Envoy iyadla cishe izinsiza ze-CPU ezingu-60%.ngaphezu kwe-Linkerd.
isiphetho
Ummeleli we-Istio Envoy udla i-CPU engaphezu kuka-50+% kune-Linkerd emthwalweni wethu wokusebenza olingisa. Iphaneli yokulawula ye-Linkerd idla izinsiza ezincane kakhulu kune-Istio, ikakhulukazi ezingxenyeni eziyinhloko.
Sisacabanga ukuthi sizokwehlisa kanjani lezi zindleko. Uma unemibono, sicela wabelane!
Source: www.habr.com