Ukuhunyushwa kwalesi sihloko kulungiselelwe ngokukhethekile abafundi bezifundo . Unentshisekelo yokuthuthuka ngale ndlela? Buka ikilasi lika-Egor Zuev (TeamLead ku-InBit) bese ujoyina iqembu elilandelayo lesifundo: liqala ngoSepthemba 26.
Abantu abaningi bathuthela ku-AWS Lambda ukuze balinganisele, ukusebenza, ukonga, kanye nekhono lokusingatha izigidi noma izigidigidi zezicelo ngenyanga. Ukwenza lokhu, awudingi ukuphatha ingqalasizinda lapho isevisi isebenza khona. Futhi i-autoscaling ikuvumela ukuthi unikeze izinkulungwane zezicelo ngasikhathi sinye ngomzuzwana. Ngicabanga ukuthi i-AWS Lambda ingabizwa ngokufanele njengenye yezinsizakalo ezidume kakhulu ze-AWS.
I-AWS Lambda
I-AWS Lambda iyisevisi yekhompuyutha engenamaseva eqhutshwa umcimbi ekuvumela ukuthi usebenzise ikhodi ngaphandle kokuhlinzeka noma ukuphatha amaseva futhi wandise ezinye izinsizakalo ze-AWS usebenzisa ingqondo yangokwezifiso. I-Lambda iphendula ngokuzenzakalelayo ezenzakalweni ezihlukahlukene (ezibizwa ngokuthi i-triggers), njengezicelo ze-HTTP nge-Amazon API Gateway, izinguquko kudatha kumabhakede e-Amazon S3 noma amatafula e-Amazon DynamoDB; noma ungasebenzisa ikhodi yakho ngamakholi we-API usebenzisa i-AWS SDK futhi wenze izinguquko ku-AWS Step Functions.
I-Lambda isebenzisa ikhodi kungqalasizinda yekhompuyutha etholakala kakhulu futhi inesibopho esigcwele sokuphatha inkundla eyisisekelo, okuhlanganisa ukugcinwa kweseva nesistimu yokusebenza, ukuhlinzekwa kwezinsiza, ukukala okuzenzakalelayo, ukuqapha amakhodi, nokugawulwa kwemithi. Okusho ukuthi, udinga nje ukulayisha ikhodi yakho futhi ulungiselele ukuthi kufanele yenziwe kanjani futhi nini. Ngokulandelayo, isevisi izonakekela ukwethulwa kwayo futhi iqinisekise ukutholakala okuphezulu kohlelo lwakho lokusebenza.
Ungashintshela nini ku-Lambda?
I-AWS Lambda iyinkundla yekhompuyutha elula elungele izimo ezihlukahlukene zokusetshenziswa, inqobo nje uma ulimi nesikhathi sokusebenza sekhodi yakho kusekelwa isevisi. Uma ufuna ukugxila kukhodi yakho kanye nengqondo yebhizinisi ngenkathi ukhipha ukugcinwa kweseva, ukuhlinzeka, kanye nokukala ngezindleko ezifanele, i-AWS Lambda iyindlela okufanele uhambe ngayo.
I-Lambda ilungele ukudala izixhumanisi zokuhlela, futhi uma isetshenziswa ngokuhambisana ne-API Gateway, unganciphisa kakhulu izindleko futhi ufike emakethe ngokushesha. Kunezindlela ezihlukene zokusebenzisa imisebenzi ye-Lambda nezinketho zokuhlela i-architecture engenaseva - wonke umuntu angakhetha okuthile okufanelekile ngokusekelwe emgomweni wakhe.
I-Lambda ikuvumela ukuthi wenze imisebenzi eminingi. Ngakho-ke, ngenxa yokusekelwa kwe-CloudWatch, ungakha imisebenzi ehlehlisiwe futhi wenze izinqubo ngazinye. Ayikho imingcele kuhlobo nobukhulu bokusetshenziswa kwesevisi (ukusetshenziswa kwenkumbulo nesikhathi kuyacatshangelwa), futhi akukho okukuvimbela ukuthi usebenze ngokuhlelekile ku-microservice egcwele ngokugcwele esekelwe ku-Lambda.
Lapha ungakha izenzo ezigxile kusevisi ezingaqhubeki. Isibonelo esijwayelekile ukukalwa kwesithombe. Ngisho nasezimeni zezinhlelo ezisabalalisiwe, imisebenzi ye-Lambda ihlala ibalulekile.
Ngakho-ke, uma ungafuni ukubhekana nokwabiwa nokuphatha izinsiza zekhompyutha, zama i-AWS Lambda; uma ungadingi izibalo ezinzima, ezidinga izinsiza, zama futhi i-AWS Lambda; uma ikhodi yakho isebenza ngezikhathi ezithile, kunjalo, kufanele uzame i-AWS Lambda.
Ukuphepha
Okwamanje azikho izikhalo ngokuphepha. Ngakolunye uhlangothi, njengoba izinqubo eziningi zangaphakathi nezici zokuqalisa zale modeli zifihliwe kumsebenzisi we-AWS Lambda ephethwe imvelo yesikhathi sokusebenza, eminye imithetho eyamukelwa ngokuvamile yokuphepha kwamafu iba yinto engasho lutho.
Njengamasevisi amaningi e-AWS, i-Lambda ihlinzekwa ngokuvikeleka okwabiwe kanye nokuhambisana phakathi kwe-AWS nekhasimende. Lesi simiso sinciphisa umthwalo wokusebenza kuklayenti, njengoba i-AWS ithatha imisebenzi yokugcina, yokuphatha nokuqapha izingxenye zesevisi - kusukela ohlelweni lokusebenza lomsingathi kanye nongqimba lwe-virtualization kuya ekuvikelekeni ngokomzimba kwempahla yengqalasizinda.
Uma sikhuluma ngokuqondile nge-AWS Lambda, i-AWS inesibopho sokuphatha ingqalasizinda eyisisekelo, izinsiza ezihambisanayo, isistimu yokusebenza, kanye nenkundla yohlelo lokusebenza. Nakuba iklayenti inesibopho sokuphepha kwekhodi yalo, igcina idatha eyimfihlo, ilawula ukufinyelela kuyo, kanye nesevisi ye-Lambda nezinsiza (I-Identity and Access Management, i-IAM), okuhlanganisa ngaphakathi kwemingcele yemisebenzi esetshenzisiwe.
Umdwebo ongezansi ubonisa imodeli yemfanelo eyabiwe njengoba isebenza ku-AWS Lambda. Isibopho se-AWS siwolintshi futhi Isibopho Sekhasimende siluhlaza okwesibhakabhaka. Njengoba ubona, i-AWS ithatha umthwalo owengeziwe wezinhlelo zokusebenza ezifakwe kusevisi.
Imodeli Yesibopho Esabiwe Isebenza ku-AWS Lambda
Isikhathi sokusebenza se-Lambda
Inzuzo enkulu yeLambda ukuthi ngokwenza umsebenzi egameni lakho, isevisi ngokwayo inikezela ngezinsiza ezidingekayo. Ungagwema ukuchitha isikhathi nomzamo ekuphathweni kwesistimu futhi ugxile kumqondo webhizinisi nokubhala ikhodi.
Inkonzo yeLambda ihlukaniswe izindiza ezimbili. Esokuqala yindiza yokulawula. Ngokusho kwe-Wikipedia, indiza yokulawula iyingxenye yenethiwekhi enesibopho sokuthutha ithrafikhi ekhombisa izimpawu kanye nomzila. Yingxenye eyinhloko eyenza izinqumo zomhlaba wonke mayelana nokuhlinzeka, ukusevisa, nokusabalalisa imithwalo yemisebenzi. Ngaphezu kwalokho, indiza elawulayo isebenza njenge-topology yenethiwekhi yomhlinzeki wesixazululo, ebhekele umzila nokuphatha ithrafikhi.
Indiza yesibili iyindiza yedatha. Yona, njengendiza yokulawula, inemisebenzi yayo. Indiza yokulawula inikeza ama-API okuphatha imisebenzi (CreateFunction, UpdateFunctionCode) futhi ilawula ukuthi i-Lambda ixhumana kanjani namanye amasevisi e-AWS. Indiza yedatha ilawula i-Invoke API, esebenzisa imisebenzi ye-Lambda. Ngemuva kokuthi kubizwe umsebenzi, indiza yokulawula inikezela noma ikhethe indawo ekhona yesikhathi sokusebenza elungiselelwe lowo msebenzi, bese ikhipha ikhodi kuyo.
I-AWS Lambda isekela izilimi ezihlukahlukene zokuhlela, okuhlanganisa i-Java 8, i-Python 3.7, i-Go, i-NodeJS 8, i-NET Core 2, nezinye, ngokusebenzisa izindawo zazo zesikhathi sokusebenza. I-AWS ihlale iwabuyekeza, isabalalise iziqephu zokuphepha, futhi yenza eminye imisebenzi yokulungisa kulezi zindawo. I-Lambda ikuvumela ukuthi usebenzise nezinye izilimi, inqobo nje uma usebenzisa isikhathi sokusebenza esifanele wena ngokwakho. Futhi-ke kuzodingeka unakekele ukugcinwa kwayo, kuhlanganise nokuqapha ukuphepha kwayo.
Konke kusebenza kanjani futhi isevisi izoyenza kanjani imisebenzi yakho?
Umsebenzi ngamunye usebenza endaweni eyodwa noma ngaphezulu ezinikezele, ezikhona kuphela empilweni yalowo msebenzi bese ziyabhujiswa. Indawo ngayinye yenza ikholi eyodwa kuphela ngesikhathi, kodwa iphinda isetshenziswe uma kukhona amakholi amaningi e-serial kumsebenzi ofanayo. Zonke izindawo zesikhathi sokusebenza zisebenza emishinini ebonakalayo ene-Hardware virtualization - lokho okubizwa ngama-microVM. I-microVM ngayinye yabelwa i-akhawunti ethile ye-AWS futhi ingasetshenziswa kabusha izindawo ukuze yenze imisebenzi ehlukene kuleyo akhawunti. Ama-MicroVM apakishwa abe amabhlogo wokwakha weplathifomu yehardware ye-Lambda Worker, ephethwe futhi esetshenziswa yi-AWS. Isikhathi esifanayo asikwazi ukusetshenziswa imisebenzi ehlukene, futhi ama-microVM awafani nama-akhawunti ahlukene e-AWS.
I-AWS Lambda Isolation Model
Ukuhlukaniswa kwezindawo zesikhathi sokusebenza kusetshenziswa izindlela ezimbalwa. Ezingeni eliphezulu lendawo ngayinye kunamakhophi ahlukene ezingxenye ezilandelayo:
- Ikhodi yomsebenzi
- Noma yiziphi izendlalelo ze-Lambda ezikhethelwe umsebenzi
- Indawo yokwenza umsebenzi
- Isikhala esincane somsebenzisi esisekelwe ku-Amazon Linux
Lezi zindlela ezilandelayo zisetshenziselwa ukuhlukanisa izindawo ezihlukene zokwenziwa:
- ama-cgroups - khawulela ukufinyelela ku-CPU, inkumbulo, isitoreji kanye nezinsiza zenethiwekhi endaweni ngayinye yokugijima;
- izikhala zamagama - ama-ID enqubo yokuqoqa, ama-ID wabasebenzisi, izixhumanisi zenethiwekhi nezinye izinsiza eziphethwe i-Linux kernel. Isikhathi sokusebenza ngasinye sisebenza endaweni yaso;
- i-seccomp-bpf - ikhawulela izingcingo zesistimu ezingasetshenziswa ngesikhathi sokusebenza;
- ama-iptables namathebula omzila - ukuhlukaniswa kwezindawo zokubulawa komunye nomunye;
- chroot - inikeza ukufinyelela okulinganiselwe kusistimu yefayela engaphansi.
Kuhlanganiswe nobuchwepheshe bokuhlukaniswa bobunikazi be-AWS, lezi zindlela ziqinisekisa ukuhlukaniswa okuthembekile kwesikhathi sokusebenza. Izindawo ezihlukaniswe ngale ndlela azikwazi ukufinyelela noma ukuguqula idatha evela kwezinye izindawo.
Nakuba izikhathi zokusebenza eziningi ze-akhawunti efanayo ye-AWS zingasebenza ku-microVM eyodwa, akukho ngaphansi kwezimo lapho ama-microVM angakwazi ukwabelwa khona phakathi kwama-akhawunti ahlukene e-AWS. I-AWS Lambda isebenzisa izindlela ezimbili kuphela ukuhlukanisa ama-microVM: izehlakalo ze-EC2 kanye ne-Firecracker. Ukuhlukaniswa kwezihambeli e-Lambda okusekelwe ezimweni ze-EC2 kukhona kusukela ngo-2015. I-Firecracker iyi-hypervisor entsha yomthombo ovulekile eklanywe ngokukhethekile yi-AWS yemithwalo yemisebenzi engenaseva futhi yethulwa ngo-2018. Izingxenyekazi zekhompuyutha eziphathekayo ezisebenzisa ama-microVM zabiwa phakathi kwemithwalo yomsebenzi kuwo wonke ama-akhawunti ahlukene.
Ukulondoloza izindawo kanye nezimo zokucubungula
Nakuba izikhathi zokusebenza ze-Lambda zihlukile emisebenzini ehlukene, zingabiza umsebenzi ofanayo ngokuphindaphindiwe, okusho ukuthi isikhathi sokusebenza singaphila amahora ambalwa ngaphambi kokuba sibhujiswe.
Isikhathi ngasinye sokusebenza se-Lambda sinohlelo lwefayela olubhalekayo olufinyeleleka ngohlu lwemibhalo lwe-/tmp. Okuqukethwe kwakho akukwazi ukufinyelelwa kwezinye izikhathi zokusebenza. Mayelana nokuphikelela kombuso wenqubo, amafayela abhalelwe ku-/tmp akhona kuwo wonke umjikelezo wempilo wendawo yesikhathi sokusebenza. Lokhu kuvumela imiphumela yamakholi amaningi ukuthi aqoqwe, okuwusizo ikakhulukazi emisebenzini ebizayo njengokulayisha amamodeli okufunda omshini.
Shayela ukudluliswa kwedatha
I-Invoke API ingasetshenziswa ngezindlela ezimbili: imodi yomcimbi kanye nemodi yokuphendula isicelo. Kumodi yomcimbi, ucingo lwengezwa emgqeni ukuze lwenziwe kamuva. Kumodi yempendulo yesicelo, umsebenzi ubizwa ngokushesha nomthwalo wokukhokha onikeziwe, ngemva kwalokho impendulo ibuyiselwa. Kuzo zombili izimo, umsebenzi usebenza endaweni ye-Lambda, kodwa ngezindlela ezihlukene zokulayisha.
Phakathi nezingcingo zokuphendula izicelo, umthwalo okhokhelwayo ugeleza usuka ku-API yokucutshungulwa kwesicelo (I-API Yomshayeli), njenge-AWS API Gateway noma i-AWS SDK, iye kusilinganisi sokulayisha, bese kuya kusevisi yekholi ye-Lambda (Isevisi Yokunxenxa). Lesi sakamuva sinquma indawo efanelekile yokwenza umsebenzi futhi sidlulise umthwalo okhokhelwayo lapho ukuze kuqedelwe ucingo. Isilinganisi somthwalo sithola ithrafikhi evikelwe yi-TLS nge-inthanethi. Ithrafikhi ngaphakathi kwesevisi ye-Lambda—ngemuva kokuba isilinganisi somthwalo—idlula ku-VPC yangaphakathi endaweni ethile ye-AWS.
Imodeli Yokucubungula Ucingo ye-AWS Lambda: Imodi Yesicelo-Impendulo
Izingcingo zomcimbi zingenziwa ngokushesha noma zengezwe kulayini. Kwezinye izimo, ulayini usetshenziswa kusetshenziswa i-Amazon SQS (Isevisi Yomugqa Olula I-Amazon), edlulisela izingcingo kusevisi yokugcwaliswa kwezingcingo ze-Lambda ngenqubo yokuvota yangaphakathi. Ithrafikhi edluliswayo ivikelwe yi-TLS, futhi akukho ukubethela okwengeziwe kwedatha egcinwe ku-Amazon SQS.
Izingcingo zomcimbi azibuyiseli izimpendulo—Isisebenzi se-Lambda simane singanaki noma yiluphi ulwazi lokuphendula. Izingcingo ezisuselwe kumcimbi ezivela ku-Amazon S3, Amazon SNS, CloudWatch, neminye imithombo zicutshungulwa yiLambda kumodi yomcimbi. Izingcingo ezivela ekusakazweni kwe-Amazon Kinesis ne-DynamoDB, olayini be-SQS, i-Application Load Balancer, kanye nezingcingo ze-API Gateway zicutshungulwa ngendlela yokuphendula isicelo.
Ukuqapha
Ungakwazi ukugada futhi uhlole imisebenzi ye-Lambda usebenzisa izinhlobonhlobo zezindlela namasevisi e-AWS, kuhlanganise nalokhu okulandelayo.
I-Amazon CloudWatch
Iqoqa izibalo ezihlukahlukene ezifana nenani lezicelo, ubude besikhathi bezicelo, kanye nenani lezicelo ezihlulekile.
I-Amazon CloudTrail
Ikuvumela ukuthi ungene, ugade, futhi ulondoloze ulwazi lomsebenzi we-akhawunti oluhlotshaniswa nengqalasizinda yakho ye-AWS. Uzoba nomlando ophelele wezenzo ezenziwe kusetshenziswa i-AWS Management Console, i-AWS SDK, amathuluzi omugqa womyalo, nezinye izinsiza ze-AWS.
I-AWS X-Ray
Inikeza ukubonakala okuphelele kuzo zonke izigaba zokucutshungulwa kwesicelo kuhlelo lwakho lokusebenza ngokusekelwe kumephu yezingxenye zayo zangaphakathi. Ikuvumela ukuthi uhlaziye izinhlelo zokusebenza ngesikhathi sokuthuthukiswa nasezindaweni zokukhiqiza.
I-AWS Config
Uzokwazi ukulandelela izinguquko ekucushweni komsebenzi we-Lambda (okuhlanganisa nokususwa) kanye nezikhathi zokusebenza, amathegi, amagama esibambi, usayizi wekhodi, isabelo sememori, izilungiselelo zokuvala isikhathi nezilungiselelo zokuvumelana, kanye nendima yokwenza i-Lambda IAM, i-subnetting, nezibopho zeqembu lezokuphepha. .
isiphetho
I-AWS Lambda inikezela ngamathuluzi anamandla okwakha izinhlelo zokusebenza ezivikelekile nezingakala. Izindlela eziningi zokuphepha nokuthobela ku-AWS Lambda ziyafana nakwezinye izinsiza ze-AWS, nakuba kukhona okuhlukile. Kusukela ngoMashi 2019, i-Lambda ithobela ukuthotshelwa kwe-SOC 1, SOC 2, SOC 3, PCI DSS, Health Insurance Portability and Accountability Act (HIPAA), neminye imithetho. Ngakho-ke, uma ucabanga ukusebenzisa uhlelo lwakho lokusebenza olulandelayo, cabanga ngesevisi ye-AWS Lambda - ingase ifaneleke kakhulu ngomsebenzi wakho.
Source: www.habr.com