Isingeniso
Singaphakathi waqala ukuthumela i-Istio njenge-mesh yesevisi. Empeleni, konke kuhamba kahle, ngaphandle kwento eyodwa: kuyabiza.
Π ngoba Istio ithi:
Nge-Istio 1.1, ummeleli usebenzisa cishe ama-vCPU angu-0,6 (ama-virtual cores) ngezicelo eziyi-1000 ngomzuzwana.
Esifundeni sokuqala ku-mesh yesevisi (ama-proxies angu-2 ohlangothini ngalunye loxhumo), sizoba nama-cores angu-1200 kummeleli nje, ngenani lezicelo eziyisigidi ngomzuzwana. Ngokusho kokubala kwezindleko ze-Google, kusebenza cishe u-$40/ngenyanga/okuyisisekelo ukuze kucushwe n1-standard-64, okungukuthi, lesi sifunda sisodwa sizosibiza ngaphezu kwama-dollar ayizinkulungwane ezingu-50 ngenyanga ngezicelo eziyizigidi ezingu-1 ngomzuzwana.
U-Ivan Sim () ukubambezeleka kwe-service mesh ngonyaka odlule futhi kwathembisa okufanayo ngenkumbulo neprosesa, kodwa akuzange kusebenze:
Ngokusobala, i-values-istio-test.yaml izokwandisa kakhulu izicelo ze-CPU. Uma ngenze izibalo zami ngendlela efanele, udinga cishe ama-CPU angu-24 ephaneli yokulawula kanye no-0,5 CPU kummeleli ngamunye. Anginakho okungako. Ngizophinda izivivinyo uma izinsiza ezengeziwe zabelwe mina.
Bengifuna ukuzibonela ngawami ukuthi ukusebenza kwe-Istio kufana kanjani kwenye i-mesh yesevisi yomthombo ovulekile: .
Ukufakwa kwe-mesh yesevisi
Okokuqala, ngiyifake kuqoqo :
$ supergloo init
installing supergloo version 0.3.12
using chart uri https://storage.googleapis.com/supergloo-helm/charts/supergloo-0.3.12.tgz
configmap/sidecar-injection-resources created
serviceaccount/supergloo created
serviceaccount/discovery created
serviceaccount/mesh-discovery created
clusterrole.rbac.authorization.k8s.io/discovery created
clusterrole.rbac.authorization.k8s.io/mesh-discovery created
clusterrolebinding.rbac.authorization.k8s.io/supergloo-role-binding created
clusterrolebinding.rbac.authorization.k8s.io/discovery-role-binding created
clusterrolebinding.rbac.authorization.k8s.io/mesh-discovery-role-binding created
deployment.extensions/supergloo created
deployment.extensions/discovery created
deployment.extensions/mesh-discovery created
install successful!Ngisebenzise i-SuperGloo ngoba yenza i-bootstrapping mesh yesevisi ibe lula kakhulu. Kwakungadingeki ngenze okuningi. Asisebenzisi iSuperGloo ekukhiqizeni, kodwa ilungele umsebenzi onjalo. Bekufanele ngisebenzise ngokoqobo imiyalo embalwa yesevisi ngayinye. Ngisebenzise amaqoqo amabili ukuze ngizihlukanise - elilodwa ele-Istio ne-Linkerd.
Ukuhlolwa kwenziwe ku-Google Kubernetes Engine. Ngisebenzise i-Kubernetes 1.12.7-gke.7 kanye nechibi lamanodi n1-standard-4 ngokukala kwenodi okuzenzakalelayo (ubuncane obungu-4, ubuningi obungu-16).
Ngabe sengifaka womabili ama-meshes wesevisi kusuka kulayini womyalo.
I-Linked yokuqala:
$ supergloo install linkerd --name linkerd
+---------+--------------+---------+---------------------------+
| INSTALL | TYPE | STATUS | DETAILS |
+---------+--------------+---------+---------------------------+
| linkerd | Linkerd Mesh | Pending | enabled: true |
| | | | version: stable-2.3.0 |
| | | | namespace: linkerd |
| | | | mtls enabled: true |
| | | | auto inject enabled: true |
+---------+--------------+---------+---------------------------+Khona-ke i-Istio:
$ supergloo install istio --name istio --installation-namespace istio-system --mtls=true --auto-inject=true
+---------+------------+---------+---------------------------+
| INSTALL | TYPE | STATUS | DETAILS |
+---------+------------+---------+---------------------------+
| istio | Istio Mesh | Pending | enabled: true |
| | | | version: 1.0.6 |
| | | | namespace: istio-system |
| | | | mtls enabled: true |
| | | | auto inject enabled: true |
| | | | grafana enabled: true |
| | | | prometheus enabled: true |
| | | | jaeger enabled: true |
+---------+------------+---------+---------------------------+I-crash-loop ithathe imizuzu embalwa, bese ama-control panel azinza.
(Qaphela: I-SuperGloo isekela i-Istio 1.0.x kuphela okwamanje. Ngiphinde ukuhlola nge-Istio 1.1.3, kodwa angizange ngiqaphele noma yimuphi umehluko obonakalayo.)
Isetha i-Istio Automatic Deployment
Ukwenza i-Istio ifake i-Sithunywa yenqola eseceleni, sisebenzisa i-injector ye-sidecar β MutatingAdmissionWebhook. Ngeke sikhulume ngakho kulesi sihloko. Ake ngisho ukuthi lesi yisilawuli esiqapha ukufinyelela kwawo wonke ama-pod amasha futhi sengeza ngamandla i-sidecar ne-initContainer, ebhekele imisebenzi. iptables.
Thina kwa-Shopify sibhale isilawuli sethu sokufinyelela ukuze sisebenzise ama-sidecars, kodwa kulokhu kulinganisa ngisebenzise isilawuli esiza ne-Istio. Isilawuli sifaka ama-sidecars ngokuzenzakalela uma kukhona isinqamuleli endaweni yamagama istio-injection: enabled:
$ kubectl label namespace irs-client-dev istio-injection=enabled
namespace/irs-client-dev labeled
$ kubectl label namespace irs-server-dev istio-injection=enabled
namespace/irs-server-dev labeledIsetha ukuthunyelwa kwe-Linkerd okuzenzakalelayo
Ukusetha ukushumeka kwe-Linkerd sidecar, sisebenzisa izichasiselo (ngizengeze mathupha nge kubectl edit):
metadata:
annotations:
linkerd.io/inject: enabled$ k edit ns irs-server-dev
namespace/irs-server-dev edited
$ k get ns irs-server-dev -o yaml
apiVersion: v1
kind: Namespace
metadata:
annotations:
linkerd.io/inject: enabled
name: irs-server-dev
spec:
finalizers:
- kubernetes
status:
phase: ActiveI-Istio Fault Tolerance Simulator
Sakhe isifanisi sokubekezelela amaphutha esibizwa nge-Istio ukuze sihlole ithrafikhi ehlukile kwaShopify. Besidinga ithuluzi lokudala i-topology yangokwezifiso ezomela ingxenye ethile yegrafu yesevisi yethu, elungiselelwe ngokuguqukayo ukuze ifane nemithwalo ethile yomsebenzi.
Ingqalasizinda yakwaShopify ingaphansi komthwalo osindayo ngesikhathi sokuthengiswa kwe-flash. Ngesikhathi esifanayo, Shopify . Amakhasimende amakhulu kwesinye isikhathi axwayisa ngokudayiswa kwe-flash okuhleliwe. Abanye basiphathela wona singalindele nganoma isiphi isikhathi emini noma ebusuku.
Besifuna isifanisi sethu sokuqina senze imodeli yokugeleza komsebenzi okufana nezihloko zezindaba kanye nomthwalo womsebenzi okhungathekise ingqalasizinda yakwaShopify esikhathini esidlule. Inhloso eyinhloko yokusebenzisa i-service mesh ukuthi sidinga ukwethembeka nokubekezelela amaphutha ezingeni lenethiwekhi, futhi kubalulekile kithi ukuthi i-service mesh ibhekane ngokuphumelelayo nemithwalo ephazamise izinsizakalo ngaphambilini.
Enhliziyweni yesifanisi sokubekezelela iphutha kunenodi yesisebenzi, esebenza njengenodi yemeshi yesevisi. I-node yesisebenzi ingamiswa ngokwezibalo ekuqaleni noma ngokuguqukayo nge-REST API. Sisebenzisa ukucushwa okuguquguqukayo kwamanodi ezisebenzi ukuze sidale ukugeleza komsebenzi ngendlela yokuhlolwa kokuhlehla.
Nasi isibonelo senqubo enjalo:
- Sethula amaseva ayi-10 njenge
barisevisi ebuyisela impendulo200/OKngemuva kwe-100 ms. - Sethula amaklayenti ayi-10 - ngalinye lithumela izicelo eziyi-100 ngomzuzwana
bar. - Njalo ngemizuzwana eyi-10 sikhipha iseva engu-1 futhi siqaphe amaphutha
5xxkwiklayenti.
Ekupheleni kokuhamba komsebenzi, sihlola amalogi namamethrikhi futhi sihlole ukuthi ukuhlolwa kuphumelele yini. Ngale ndlela sifunda ngokusebenza kwe-mesh yethu yesevisi futhi senza isivivinyo sokuhlehla ukuze sihlole ukucabangela kwethu mayelana nokubekezelela amaphutha.
(Qaphela: Sicubungula ukuthola isifanisi sokubekezelela iphutha se-Istio, kodwa asikakalungeli ukwenza njalo.)
I-Istio fault tolerance simulator ye-service mesh benchmark
Senza ama-node amaningana okusebenza esifanisi:
irs-client-loadgen: Izifaniso ezi-3 ezithumela izicelo eziyi-100 ngesekhondi ngayinyeirs-client.irs-client: Izifaniso ezi-3 ezithola isicelo, linda u-100ms bese udlulisela isicelo ku-irs-server.irs-server: Izifaniso ezi-3 ezibuyayo200/OKngemuva kwe-100 ms.
Ngalokhu kulungiselelwa, singakwazi ukukala ukugeleza kwethrafikhi okuzinzile phakathi kwamaphoyinti angu-9. Sidecars phakathi irs-client-loadgen ΠΈ irs-server thola izicelo eziyi-100 ngomzuzwana, futhi irs-client - 200 (angenayo naphumayo).
Silandelela ukusetshenziswa kwezinsiza ngokusebenzisa ngoba asinalo iqoqo le-Prometheus.
Imiphumela
Amaphaneli okulawula
Okokuqala, sihlole ukusetshenziswa kwe-CPU.
Iphaneli yokulawula ye-Linkerd ~ 22 millicore
Iphaneli yokulawula ye-Istio: ~ 750 millicore
Iphaneli yokulawula ye-Istio isebenzisa cishe Izinsiza ze-CPU eziphindwe izikhathi ezingama-35ngaphezu kwe-Linkerd. Yiqiniso, yonke into ifakwe ngokuzenzakalelayo, futhi i-istio-telemetry idla izinsiza eziningi zokucubungula lapha (ingakhutshazwa ngokukhubaza imisebenzi ethile). Uma sisusa le ngxenye, sisathola ngaphezu kwama-millicores angu-100, okungukuthi Izikhathi eziyi-4 ngaphezulungaphezu kwe-Linkerd.
Ummeleli we-Sidecar
Sibe sesihlola ukusetshenziswa kommeleli. Kufanele kube nobudlelwano bomugqa nenani lezicelo, kodwa ku-sidecar ngayinye kune-overhead ethile ethinta ijika.
I-Linkerd: ~100 millicores we-irs-client, ~50 millicores we-irs-client-loadgen
Imiphumela ibukeka inengqondo, ngoba ummeleli weklayenti uthola ithrafikhi ephindwe kabili kune-proxy ye-loadgen: kuso sonke isicelo esiphumayo esivela ku-loadgen, iklayenti linesidwa esingenayo nesiphumayo.
I-Istio/Inxusa: ~155 millicores we-irs-client, ~75 millicores we-irs-client-loadgen
Sibona imiphumela efanayo yezimoto eziseceleni ze-Istio.
Kodwa ngokuvamile, ama-proxies e-Istio/Envoy adla cishe izinsiza ze-CPU ezingu-50%.ngaphezu kwe-Linkerd.
Sibona uhlelo olufanayo ohlangothini lweseva:
I-Linkerd: ~50 millicore ye-irs-server
I-Istio/Inxusa: ~80 millicore ye-irs-server
Ohlangothini lweseva, i-sidecar Istio/Envoy iyadla cishe izinsiza ze-CPU ezingu-60%.ngaphezu kwe-Linkerd.
isiphetho
Ummeleli we-Istio Envoy udla i-CPU engaphezu kuka-50+% kune-Linkerd emthwalweni wethu wokusebenza olingisa. Iphaneli yokulawula ye-Linkerd idla izinsiza ezincane kakhulu kune-Istio, ikakhulukazi ezingxenyeni eziyinhloko.
Sisacabanga ukuthi sizokwehlisa kanjani lezi zindleko. Uma unemibono, sicela wabelane!
Source: www.habr.com