Sanibonani! Lesi sihloko esifushane siphendula imibuzo: "Iyini Inxusa?", "Kungani ngiyidinga?", Futhi "Ngiqala kuphi?"
Kuyini
I-Envoy iyisilinganisi somthwalo we-L4-L7 esibhalwe nge-C++, sigxile ekusebenzeni okuphezulu nokutholakala. Ngakolunye uhlangothi, iyafana ne-nginx ne-haproxy, iqhathaniseka ekusebenzeni. Ngakolunye uhlangothi, iqondiswe kakhulu ekwakhiweni kwe-microservice futhi inikeza ukusebenza okuqhathaniswa nezilinganisi zokulayisha ze-Java ne-Go, njenge-zuul noma i-traefik.
Ithebula lokuqhathanisa le-haproxy/nginx/inxusa alisho ukuthi liyiqiniso eliphelele, kodwa linikeza isithombe esijwayelekile.
nginx
i-haproxy
wathumela
I-traefik
izinkanyezi ku-GitHub
11.2k/isibuko
1.1k/isibuko
12.4k
27.6k
ibhalwe ku
C
C
C ++
go
API
akukho
isokhethi kuphela/push
indiza yedatha/donsa
Donsa
ukuhlolwa kwezempilo okusebenzayo
akukho
yebo
yebo
yebo
Vula ukulandelela
i-plugin yangaphandle
akukho
yebo
yebo
I-JWT
i-plugin yangaphandle
akukho
yebo
akukho
Isandiso
Lua/C
Lua/C
Lua/C++
akukho
Kungani
Lena iphrojekthi encane, kunezinto eziningi ezingekho, ezinye zazo zinge-alpha yokuqala. Kodwa wathumela, ngokwengxenye ngenxa yobusha bayo, ithuthuka ngokushesha futhi isivele inezici eziningi ezithakazelisayo: ukucushwa okuguquguqukayo, izihlungi eziningi ezenziwe ngomumo, isikhombimsebenzisi esilula sokubhala izihlungi zakho.
Izindawo zokusetshenziswa zilandela kulokhu, kodwa okokuqala, amaphethini amabili aphikisanayo:
- Ukuhlehla okumile.
Into ewukuthi okwamanje ku wathumela Alukho usekelo lwenqolobane. Abafana bakwa-Google bazama ukukulungisa. Umqondo uwukuwenza kanye ngesikhathi wathumela Zonke izinto ezicashile (i-zoo yezihloko) zokuthobela i-RFC, futhi udale isixhumi esibonakalayo sokusetshenziswa okuthile. Kodwa lokhu akukabi ngisho ne-alfa; i-architecture isaxoxwa. vula (ngenkathi ngibhala isihloko, i-PR ihlanganisiwe, kodwa leli phuzu lisabalulekile).
Okwamanje, sebenzisa i-nginx kuma-statics.
- Ukucushwa okumile.
Ungayisebenzisa, kodwa wathumela Awudalelwanga le njongo. Amandla okumiswa okumile ngeke abonakale ngokugcwele. Kunamaphuzu amaningi:
Lapho uhlela ukucushwa kwe-YAML, uzokwenza amaphutha, uqalekise onjiniyela ngokuba nezwi kakhulu, futhi ucabange ukuthi ukulungiselelwa kwe-nginx/haproxy, kuyilapho kungahlelwanga kangako, kufushane kakhudlwana. Yilokho iphuzu. Ukulungiselelwa kwe-Nginx ne-Haproxy kwadalelwa ukuhlela okwenziwa ngesandla, ngenkathi wathumela ukukhiqiza kusuka kukhodi. Konke ukucushwa kuchazwe ku , ukuyikhiqiza ngamafayela e-proto kwenza kube nzima kakhulu ukwenza iphutha.
Izimo ze-Canary, ukuthunyelwa kwe-b/g, nezinye izinto eziningi zingasetshenziswa kuphela ngendlela efanele ekucushweni okuguquguqukayo. Angisho ukuthi azinakwenziwa ngokwezibalo; sonke siyakwenza lokho. Kepha ukwenza kanjalo, kuzofanela uphendukele kwezinye izindlela zokusebenza, kunoma iyiphi ibhalansi, ku wathumela kufaka phakathi.
Imisebenzi lapho Inxusa lidingeka khona:
- Ukulinganisa kwethrafikhi kumasistimu ayinkimbinkimbi naguqukayo. Lokhu kufaka i-service mesh, kodwa ayikhawulelwe kuyo.
- Isidingo sokulandelela okusabalalisiwe, ukugunyazwa okuyinkimbinkimbi, noma okunye ukusebenza okutholakala kuyo wathumela Kulula ukukusebenzisa ngaphandle kwebhokisi noma kalula, kuyilapho ku-nginx/haproxy udinga ukuzisonga nge-lua nama-plugin anemibuzo.
Zombili ziyatholakala ukuze zinikeze ukusebenza okuphezulu lapho kudingeka.
Kanjani lo msebenzi
Umthunywa usatshalaliswa njengesithombe se-Docker kanambambili kuphela. Isithombe sesivele sihlanganisa isampula yokucushwa okumile, kodwa sinentshisekelo kuso kuphela ukuze siqonde isakhiwo.
ukumiswa okumile kwe-envoy.yaml
static_resources:
listeners:
- name: listener_0
address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match:
prefix: "/"
route:
host_rewrite: www.google.com
cluster: service_google
http_filters:
- name: envoy.router
clusters:
- name: service_google
connect_timeout: 0.25s
type: LOGICAL_DNS
# Comment out the following line to test on v6 networks
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: service_google
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: www.google.com
port_value: 443
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"@type": type.googleapis.com/envoy.api.v2.auth.UpstreamTlsContext
sni: www.google.comUkucushwa kwe-Dynamic
Iyiphi inkinga esibheke ukuyixazulula? Asikwazi ukuvele silayishe kabusha ukucushwa kwesilinganisi somthwalo; ezinye izinkinga "ezincane" zizovela:
- Ukuqinisekisa ukucushwa.
Ukulungiselelwa kungaba kukhulu, kungaba kukhulu kakhulu, uma sikulayisha ngokweqile ngesikhathi esisodwa, amathuba ephutha endaweni ethile ayanda.
- Izinhlanganisela ezihlala isikhathi eside.
Lapho uqalisa isilaleli esisha, udinga ukunakekela ukuxhumana okusebenza kwesindala. Uma izinguquko zenzeka njalo futhi kukhona ukuxhumana okuhlala isikhathi eside, kuzodingeka uthole ukuvumelana. Sawubona, u-Kubernetes uyangena ku-nginx.
- Ukuhlolwa kwezempilo okusebenzayo.
Uma sihlola impilo esebenzayo, kufanele siwahlole kabusha wonke ekucushweni okusha ngaphambi kokuthumela ithrafikhi. Uma kunezindawo eziningi ezikhuphukayo, lokhu kuthatha isikhathi. Sawubona, haproxy.
Kuxazululwa kanjani lokhu ku wathumelaNgokulayisha ngamandla ukulungiselelwa usebenzisa imodeli yokubhukuda, ungakwazi ukuyihlukanisa ibe izingxenye ezihlukene futhi ugweme ukuqalisa kabusha izingxenye ezingakashintshi. Isibonelo, isilaleli, esibiza kakhulu ukuvuselela futhi okungajwayelekile ukushintsha, singasetshenziswa.
Ukucushwa wathumela (kusuka kufayela elingenhla) inalezi zinhlangano ezilandelayo:
- umlaleli — umlaleli olenga ku-IP/port ethile
- umphathi we-virtual - host virtual ngegama lesizinda
- umzila - umthetho wokulinganisa
- iqoqo - iqoqo lemifula enamapharamitha okulinganisa
- ukuphetha - ikheli lesibonelo elikhuphukayo
Ngalinye kulawa mabhizinisi, kanye namanye, lingagcwaliswa ngokushintshashintshayo ngokucacisa ikheli lesevisi lapho ukulungiselelwa kuzobuyiswa khona ekucushweni. Isevisi ingaba yi-REST noma i-gRPC, kodwa i-gRPC iyakhethwa.
Amasevisi aqanjwe ngokufanele: i-LDS, i-VHDS, i-RDS, i-CDS, ne-EDS. Ukucushwa okumile nokuguquguqukayo kungahlanganiswa, ne-caveat yokuthi insiza eguqukayo ayikwazi ukucaciswa ngaphakathi kwe-static.
Emisebenzini eminingi kwanele ukusebenzisa izinsizakalo ezintathu zokugcina, zibizwa nge-ADS (Isevisi Yokutholwa Okuhlanganisiwe), ye futhi i-go inokuqaliswa okwenziwe ngomumo kwe-dataplane ye-gRPC, lapho udinga kuphela ukugcwalisa izinto kusuka kumthombo wakho.
Ukucushwa kuthatha ifomu elilandelayo:
ukumiswa okuguquguqukayo kwe-envoy.yaml
dynamic_resources:
ads_config:
api_type: GRPC
grpc_services:
envoy_grpc:
cluster_name: xds_clr
cds_config:
ads: {}
static_resources:
listeners:
- name: listener_0
address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
stat_prefix: ingress_http
rds:
route_config_name: local_route
config_source:
ads: {}
http_filters:
- name: envoy.router
clusters:
- name: xds_clr
connect_timeout: 0.25s
type: LOGICAL_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: xds_clr
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: xds
port_value: 6565Ekuqaliseni wathumela Ngalokhu kumiswa, izoxhuma endizeni yokulawula futhi izame ukucela ukulungiswa kwe-RDS, CDS, ne-EDS. Inqubo yokusebenzisana ichazwe ngezansi. .
Kafushane, wathumela Ithumela isicelo esicacisa uhlobo lwensiza eceliwe, inguqulo, namapharamitha wenodi. Ithola insiza nenguqulo njengempendulo. Uma inguqulo endizeni yokulawula ingashintshile, ayiphenduli.
Kunezinketho ezi-4 zokusebenzelana:
- Ukusakaza okukodwa kwe-gRPC kwazo zonke izinhlobo zensiza, isimo esigcwele sensiza siyathunyelwa.
- Imifudlana ehlukene, isimo esigcwele.
- Ukusakaza okukodwa, isimo sokukhula.
- Ukusakaza okuhlukile, isimo esikhulayo.
I-xDS ekhuphukayo ivumela ukunciphisa ithrafikhi phakathi kwendiza yokulawula kanye wathumelaLokhu kuhambisana nokucushwa okukhulu. Nokho, kwenza kube nzima ukusebenzisana, njengoba isicelo sidinga uhlu lwezinsiza ukuze uzikhiphe ohlwini futhi uzibhalisele.
Isibonelo sethu sisebenzisa i-ADS—ukusakaza okukodwa kwe-RDS, i-CDS, i-EDS, kanye nemodi engakhuphuki. Ukuze unike amandla imodi yokukhuphuka, udinga ukucacisa api_type: DELTA_GRPC
Njengoba isicelo siqukethe imingcele ye-node, singathumela izinsiza ezihlukene endizeni yokulawula ngezimo ezihlukahlukene. wathumela, lokhu kulungele ukwakha i-mesh yesevisi.
Kulungele
In wathumela Ekuqaleni noma lapho uthola ukucushwa okusha endizeni yokulawula, kuqalwa inqubo yokufudumala kwensiza. Ihlukaniswe yaba i-warmup yomlaleli kanye ne-cluster warmup. Eyangaphambili yethulwa lapho i-RDS/LDS ishintsha, eyokugcina lapho i-CDS/EDS ishintsha. Lokhu kusho ukuthi uma kuphela izinguquko ezikhuphukayo, umlaleli akadalwa kabusha.
Phakathi nenqubo yokufudumala, izinsiza ezincikile ezivela endizeni yokulawula ziyalindwa ngesikhathi sokuvala. Uma isikhathi sokuvala siphela, ukuqalisa kuzohluleka, futhi umlaleli omusha ngeke aqale ukulalela embobeni.
I-oda lokuqalisa: I-EDS, i-CDS, isheke lezempilo elisebenzayo, i-RDS, i-LDS. Uma ukuhlolwa kwezempilo okusebenzayo kunikwe amandla, ithrafikhi izokhuphuka kuphela ngemva kokuhlolwa kwezempilo okukodwa okuyimpumelelo.
Uma umlaleli edalwe kabusha, endala iya kusimo se-DRAIN futhi izosuswa ngemva kokuba konke ukuxhumeka kuvaliwe noma isikhathi sokuvala siphelelwe yisikhathi. --drain-time-s, okuzenzakalelayo imizuzu eyi-10.
Ukuze uqhubeke.
Source: www.habr.com
