"Ingozi igama lami eliphakathi," u-Austin Powers, indoda engaziwa emhlabeni wonke, wayevame ukusho. Kodwa lokho okuhlonishwa kakhulu ama-super agents kanye nezinsizakalo zezobunhloli akufanele neze kumasevisi ekhompyutha, lapho isithukuthezi singcono kakhulu kunengozi.
Futhi i-Istio, kanye ne-OpenShift kanye ne-Kubernetes, yenza ukuthunyelwa kwama-microservices kube yisicefe futhi kubikezelwe - futhi kuhle lokho. Sizokhuluma ngalokhu nokunye okuningi kokuthunyelwe kwesine nesokugcina ochungechungeni lwe-Istio.
Lapho isithukuthezi silungile
Esimweni sethu, isithukuthezi sivela kuphela esigabeni sokugcina, lapho okusele kuwukuhlala ubukele inqubo. Kodwa ngenxa yalokhu udinga ukulungisa yonke into kuqala, futhi izinto eziningi ezithakazelisayo zikulindele lapha.
Lapho usebenzisa inguqulo entsha yesofthiwe yakho, kufanelekile ukucabangela zonke izinketho zokunciphisa ubungozi. Ukugijima ngokuhambisana kuyindlela enamandla kakhulu futhi efakazelwe yokuhlola, futhi i-Istio ikuvumela ukuthi usebenzise "isevisi eyimfihlo" (inguqulo efihliwe ye-microservice yakho) ukwenza lokhu ngaphandle kokuphazamisa uhlelo lokukhiqiza. Kukhona ngisho negama elikhethekile lalokhu - "Ukwethulwa Okumnyama", okubuye kucushwe umsebenzi onegama lenhloli elilinganayo "i-traffic mirroring".
Sicela uqaphele ukuthi umusho wokuqala wesigaba esandulele usebenzisa igama elithi "sebenzisa" kunokuba "khulula". Kufanele ukwazi ngempela ukusebenzisa—futhi, vele, usebenzise—i-microservice yakho kaningi ngendlela ofuna ngayo. Le sevisi kufanele ikwazi ukwamukela nokucubungula ithrafikhi, ikhiqize imiphumela, futhi ibhalele izingodo nokuqapha. Kodwa ngesikhathi esifanayo, le sevisi ngokwayo ayidingi ukukhululwa ekukhiqizeni. Ukukhipha nokukhipha isofthiwe akuyona into efanayo ngaso sonke isikhathi. Ungakwazi ukusebenzisa noma nini lapho ufuna, kodwa ukhulule kuphela uma usulungile.
Ukuhlela isithukuthezi kuyathakazelisa
Bheka umthetho olandelayo womzila we-Istio, ohambisa zonke izicelo ze-HTTP kusincomo se-microservice v1 (zonke izibonelo ezithathwe ku- ), ngenkathi ngasikhathi sinye uzifanisela kusincomo se-v2 microservice:
Naka ilebula mirror: phansi kwesikrini - yilokhu okusetha isibuko sethrafikhi. Yebo, kulula kanjalo!
Umphumela walo mthetho uzoba ukuthi isistimu yakho yokukhiqiza (v1) izoqhubeka nokucubungula izicelo ezingenayo, kodwa izicelo ngokwazo zizofaniswa ngokulinganayo ku-v2, okungukuthi, izimpinda zazo eziphelele zizoya lapho. Ngale ndlela, ungahlola i-v2 ezimeni zangempela - kudatha yangempela kanye nethrafikhi - ngaphandle kokuphazamisa nganoma iyiphi indlela ekusebenzeni kwesistimu yokukhiqiza. Ingabe lokhu kwenza ukuhlela ukuhlola kube yisicefe? Yebo, nakanjani. Kodwa kwenziwa ngendlela ethokozisayo.
Ake sengeze idrama
Sicela uqaphele ukuthi kukhodi ye-v2 kuyadingeka ukuhlinzeka ngezimo lapho izicelo ezingenayo zingaholela ekushintsheni kwedatha. Izicelo ngokwazo ziboniswa kalula futhi ngokusobala, kodwa ukukhetha indlela yokucubungula ekuhlolweni kukuwe - futhi lokhu kuyakhathaza kancane.
Ake siphinde iphuzu elibalulekile
Ukwethulwa okuyimfihlo nge-traffic mirroring (I-Dark Launch/Request Mirroring) kungenziwa ngaphandle kokuthikameze ikhodi nganoma iyiphi indlela.
Ukudla komcabango
Kuthiwani uma indawo lapho izicelo ziboniswa khona ithumela ezinye zazo hhayi ku-v1, kodwa ku-v2? Isibonelo, iphesenti elilodwa lazo zonke izicelo noma izicelo kuphela ezivela eqenjini elithile labasebenzisi. Futhi-ke, usuvele ubheka ukuthi i-v2 isebenza kanjani, kancane kancane udlulisele zonke izicelo kunguqulo entsha. Noma ngokuphambene nalokho, buyisela yonke into ku-v1 uma kukhona okungahambi kahle nge-v2. Ngicabanga ukuthi kubizwa ngeCanary Deployment. , futhi ukube ibingowaseRussia, cishe ibiyoqukatha inkomba kuyo ), futhi manje sizobheka lokhu ngokuningiliziwe.
Ukuthunyelwa kwe-Canary e-Istio: ukwenza lula ukuthunyelwa
Ngokucophelela futhi kancane kancane
Ingqikithi yemodeli yokuphakelwa kwe-Canary Deployment ilula kakhulu: lapho wethula inguqulo entsha yesofthiwe yakho (kithi, i-microservice), unikeza kuqala ukufinyelela kuyo eqenjini elincane labasebenzisi. Uma konke kuhamba kahle, kancane kancane ukhulisa leli qembu kuze kube yilapho inguqulo entsha iqala ukusebenza, noma - uma ingenzeki - ekugcineni uthuthele bonke abasebenzisi kuyo. Ngokwethula inguqulo entsha ngokucabangisisa futhi kancane kancane futhi ushintshele abasebenzisi kuyo ngendlela elawulwayo, unganciphisa ubungozi futhi wandise impendulo.
Vele, i-Istio yenza lula i-Canary Deployment ngokunikeza izinketho ezimbalwa ezinhle zomzila wesicelo ohlakaniphile. Futhi yebo, konke lokhu kungenziwa ngaphandle kokuthinta ikhodi yakho yomthombo nganoma iyiphi indlela.
Ihlunga isiphequluli
Enye yezindlela ezilula zokunquma ukuqondisa kabusha okusekelwe kusiphequluli. Ake sithi ufuna kuphela izicelo ezivela kuziphequluli zeSafari zokuya ku-v2. Nansi indlela okwenziwa ngayo:
Masisebenzise lo mthetho womzila bese sisebenzisa umyalo curl Sizolingisa izicelo zangempela ku-microservice in a loop. Njengoba ubona kusithombe-skrini, bonke baya ku-v1:
Ikuphi ithrafikhi ku-v2? Njengoba esibonelweni sethu zonke izicelo zivela kulayini wethu womyalo kuphela, azikho nje. Kodwa naka imigqa engezansi esikrinini esingenhla: lokhu kusabela eqinisweni lokuthi senze isicelo esivela kusiphequluli se-Safari, esakhiqiza lokhu:
Amandla angenamkhawulo
Sesibhale kakade ukuthi izinkulumo ezivamile zinikeza amandla anamandla ezicelo zomzila. Bheka isibonelo esilandelayo (sicabanga ukuthi uzoqonda ukuthi senzani):
Manje kungenzeka ukuthi unombono wokuthi izinkulumo ezijwayelekile zingenzani.
Yenza Okuhlakaniphile
Umzila ohlakaniphile, ikakhulukazi ukucubungula izihloko zephakethe usebenzisa izinkulumo ezivamile, kukuvumela ukuthi uqondise ithrafikhi ngendlela ofuna ngayo. Futhi lokhu kulula kakhulu ukuqaliswa kwekhodi entsha - ilula, ayidingi ukushintsha ikhodi ngokwayo, futhi uma kunesidingo, konke kungabuyiselwa ngokushesha njengoba kwakunjalo.
Unentshisekelo?
Ingabe ulangazelela ukuzama i-Istio, i-Kubernetes ne-OpenShift kukhompyutha yakho? Ithimba walungisa okuhle kakhulu kulesi sihloko futhi wenza wonke amafayela ahambisana naso atholakale esidlangalaleni. Ngakho-ke qhubeka futhi ungaziphiki lutho.
I-Istio Egress: phuma ngesitolo sezikhumbuzo
Ngokusebenzisa i-Istio kanye ne-Red Hat OpenShift kanye ne-Kubernetes, ungenza ukuphila kwakho ngamasevisi amancane kube lula kakhulu. I-mesh yesevisi ye-Istio ifihliwe ngaphakathi kwe-Kubernetes pods, futhi ikhodi yakho isebenza (ikakhulukazi) yodwa. Ukusebenza, ukushintsha kalula, ukulandelela, njll. - konke lokhu kulula ukukusebenzisa ngenxa yokusetshenziswa kweziqukathi ze-sidecar. Kodwa kuthiwani uma i-microservice yakho idinga ukuxhumana nezinye izinsiza ezitholakala ngaphandle kohlelo lwakho lwe-OpenShift-Kubernetes?
Kulapho u-Istio Egress esiza khona. Kafushane, ivele ikuvumela ukuthi ufinyelele izinsiza (funda: "izinsizakalo") ezingeyona ingxenye yesistimu yakho ye-Kubernetes pods. Uma ungenzi ukumisa okwengeziwe, khona-ke ithrafikhi yemvelo ye-Istio Egress ihanjiswa kuphela ngaphakathi kweqoqo lama-pods naphakathi kwamaqoqo anjalo ngokusekelwe kumathebula angaphakathi e-IP. Futhi ukuzala okunjalo kusebenza kahle inqobo nje uma ungakudingi ukufinyelela ezinsizeni ezivela ngaphandle.
I-Egress ikuvumela ukuthi udlule amathebula e-IP angenhla, okusekelwe emithethweni ye-Egress noma kuhlu lwamakheli e-IP.
Ake sithi sinohlelo lwe-Java olwenza isicelo se-GET ku-httpbin.org/headers.
(I-httpbin.org iyinsiza elula yokuhlola izicelo zesevisi eziphumayo.)
Uma ufaka kulayini womyalo curl http://httpbin.org/headers, sizobona okulandelayo:
Noma ungavula ikheli elifanayo esipheqululini:
Njengoba ubona, isevisi etholakala lapho ivele ibuyisele izihloko ezidluliselwe kuyo.
Sithatha indawo yokungenisa ngqo
Manje ake sithathe ikhodi ye-Java yale sevisi, ngaphandle kwesistimu yethu, futhi siyiqhube sodwa, lapho, khumbula, i-Istio ifakiwe. (Ungakwenza lokhu ngokwakho ngokuxhumana .) Ngemva kokwakha isithombe esifanele futhi sisethule endaweni yesikhulumi se-OpenShift, sizobiza le sevisi ngomyalo curl egresshttpbin-istioegress.$(minishift ip).nip.io, ngemuva kwalokho sizobona lokhu esikrinini:
Eshu, kwenzekeni? Konke kwavele kwasebenza. Kusho ukuthini Ukungatholakali? Simenzele nje curl.
Ukunweba amathebula e-IP ku-inthanethi yonke
U-Istio kufanele asolwe (noma abongwe) ngalokhu. Phela, i-Istio iziqukathi ze-sidecar ezinesibopho sokutholwa nezindlela (kanye nezinye izinto eziningi esikhulume ngazo ngaphambili). Ngalesi sizathu, amathebula e-IP azi kuphela ukuthi yini engaphakathi kwesistimu yakho yeqoqo. Futhi i-httpbin.org itholakala ngaphandle ngakho-ke ayifinyeleleki. Futhi kulapho u-Istio Egress esiza khona - ngaphandle koshintsho oluncane kukhodi yakho yomthombo.
Umthetho we-Egress ngezansi uphoqa i-Istio ukuthi iseshe (uma kunesidingo, bese kuyo yonke i-inthanethi) ukuthola isevisi edingekayo, kulokhu, httpbin.org. Njengoba ubona kuleli fayela (egress_httpbin.yml), ukusebenza lapha kulula kakhulu:
Okusele ukusebenzisa lo mthetho:
istioctl create -f egress_httpbin.yml -n istioegress
Ungabuka imithetho ye-Egress ngomyalo istioctl get egressrules:
Futhi ekugcineni, siqhuba umyalo futhi i-curl - futhi siyabona ukuthi konke kuyasebenza:
Sicabanga ngokusobala
Njengoba ubona, i-Istio ikuvumela ukuthi uhlele ukuxhumana nezwe langaphandle. Ngamanye amazwi, usengakwazi ukudala izinsiza ze-OpenShift futhi uzilawule nge-Kubernetes, ugcine yonke into kuma-pods akhuphuka naphansi njengoba kudingeka. Futhi ngesikhathi esifanayo, ungakwazi ukufinyelela ngokuphephile izinsiza ezingaphandle kwendawo yakho. Futhi yebo, siyaphinda futhi ukuthi konke lokhu kungenziwa ngaphandle kokuthinta ikhodi yakho nganoma iyiphi indlela.
Lokhu bekuwukuthunyelwe kokugcina ochungechungeni lwe-Istio. Hlala ubukele - kunezinto eziningi ezithakazelisayo ezizayo!
Source: www.habr.com