Sanibonani! Lesi isihloko esifushane esiphendula imibuzo: "yini isithunywa?", "kungani sidingeka?" futhi "uzoqala kuphi?".
Kuyini
I-Envoy ibhalansi ye-L4-L7 ebhalwe nge-C++, egxile ekusebenzeni okuphezulu nokutholakala. Ngakolunye uhlangothi, lokhu ngandlela thile kuyi-analogue ye-nginx ne-haproxy, eqhathaniswa nokusebenza kwazo. Ngakolunye uhlangothi, iqondiswe kakhulu ekwakhiweni kwe-microservice futhi ayisebenzi kahle kune-java ne-go balancers, njenge-zuul noma i-traefik.
Ithebula lokuqhathanisa le-haproxy/nginx/envoy, alisho ukuthi liyiqiniso eliphelele, kodwa linikeza isithombe esijwayelekile.
nginx
i-haproxy
wathumela
I-traefik
izinkanyezi ku-github
11.2k/isibuko
1.1k/isibuko
12.4k
27.6k
ibhalwe ku
C
C
C ++
go
API
akukho
isokhethi kuphela/push
indiza yedatha/donsa
Donsa
ukuhlolwa kwezempilo okusebenzayo
akukho
yebo
yebo
yebo
Vula ukulandelela
i-plugin yangaphandle
akukho
yebo
yebo
I-JWT
i-plugin yangaphandle
akukho
yebo
akukho
Isandiso
Lua/C
Lua/C
Lua/C++
akukho
Kungani
Lena iphrojekthi encane, kunezinto eziningi ezingekho, ezinye ku-alpha yokuqala. Kodwa wathumela, futhi ngenxa yobusha bayo, ithuthuka ngokushesha futhi isivele inezici eziningi ezithakazelisayo: ukucushwa okuguquguqukayo, izihlungi eziningi ezenziwe ngomumo, isikhombimsebenzisi esilula sokubhala izihlungi zakho.
Izindawo zokufaka isicelo zilandela kulokhu, kodwa okokuqala kukhona ama-antipattern ama-2:
- Ukuhlehla okumile.
Iqiniso liwukuthi okwamanje ku wathumela akukho ukwesekwa kwe-caching. Abafana bakwaGoogle bayazama lokhu . Umbono uzosetshenziswa kanye wathumela zonke izinto ezicashile (izihloko ze-zoo) zokuthobela i-RFC, kanye nokusetshenziswa okukhethekile yenza isixhumi esibonakalayo. Kepha okwamanje akuyona ngisho i-alpha, ukwakhiwa kungaphansi kwengxoxo, evulekile (ngenkathi ngibhala i-athikili ye-PR, i-PR yaqina, kodwa leli phuzu lisasebenza).
Okwamanje, sebenzisa i-nginx kuma-statics.
- Ukucushwa okumile.
Ungayisebenzisa, kodwa wathumela Akukhona lokho okwakudalelwe kona. Izici ekucushweni okumile ngeke zidalulwe. Kunezikhathi eziningi:
Uma uhlela ukucushwa ku-yaml, uzokwenza iphutha, uthethise abathuthukisi nge-verbosity futhi ucabange ukuthi ukulungiselelwa kwe-nginx/haproxy, nakuba kungahlelekile kangako, kufushane kakhulu. Yilokho iphuzu. Ukumiswa kwe-Nginx ne-Haproxy kwadalelwa ukuhlelwa ngesandla, futhi wathumela ukukhiqiza kusuka kukhodi. Konke ukucushwa kuchazwe ku , ukuyikhiqiza kumafayela e-proto kunzima kakhulu ukwenza iphutha.
I-Canary, i-b/g izimo zokusebenzisa nokunye okuningi kuvamise ukusetshenziswa ekucushweni okuguquguqukayo. Angisho ukuthi lokhu ngeke kwenziwe ngokwezibalo, sikwenza sonke. Kodwa kulokhu udinga ukufaka izinduku, kunoma iyiphi ibhalansi, ku wathumela kufaka phakathi.
Imisebenzi lapho Inxusa lidingeka khona:
- Ukulinganisa kwethrafikhi kumasistimu ayinkimbinkimbi naguqukayo. Lokhu kufaka phakathi i-service mesh, kodwa akuyona yodwa.
- Isidingo sokusatshalaliswa kokulandela umkhondo, ukugunyazwa okuyinkimbinkimbi noma okunye ukusebenza okutholakala kuyo wathumela ngaphandle kwebhokisi noma kusetshenziswe kalula, kodwa ku-nginx/haproxy udinga ukuzungezwe ama-lua nama-plugin angabazisayo.
Kokubili, uma kunesidingo, hlinzeka ngokusebenza okuphezulu.
Kanjani lo msebenzi
Isithunywa sisatshalaliswa kuma-binaries kuphela njengesithombe sedokhu. Isithombe sesivele sinesibonelo sokucushwa okumile. Kodwa sinesithakazelo kuso kuphela ukuqonda isakhiwo.
ukumiswa okumile kwe-envoy.yaml
static_resources:
listeners:
- name: listener_0
address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match:
prefix: "/"
route:
host_rewrite: www.google.com
cluster: service_google
http_filters:
- name: envoy.router
clusters:
- name: service_google
connect_timeout: 0.25s
type: LOGICAL_DNS
# Comment out the following line to test on v6 networks
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: service_google
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: www.google.com
port_value: 443
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"@type": type.googleapis.com/envoy.api.v2.auth.UpstreamTlsContext
sni: www.google.comUkucushwa kwe-Dynamic
Iyiphi inkinga esifuna isixazululo sayo? Awukwazi ukuvele ulayishe kabusha ukucushwa kwesilinganisi somthwalo ngaphansi komthwalo; kuzovela izinkinga "ezincane":
- Ukuqinisekisa ukucushwa.
Ukulungiselelwa kungaba kukhulu, kungaba kukhulu kakhulu, uma sikulayisha ngokweqile ngesikhathi esisodwa, amathuba ephutha endaweni ethile ayanda.
- Ukuxhumana okuhlala isikhathi eside.
Lapho uqalisa isilaleli esisha, udinga ukunakekela ukuxhumana okusebenzayo komdala; uma izinguquko zenzeka njalo futhi kukhona ukuxhumana okuhlala isikhathi eside, kuzodingeka ubheke ukuyekethisa. Sawubona, kubernetes ingress ku-nginx.
- Ukuhlolwa kwezempilo okusebenzayo.
Uma sinokuhlolwa kwezempilo okusebenzayo, sidinga ukuphinda sikuhlole konke ekucushweni okusha ngaphambi kokuthumela ithrafikhi. Uma kunezindawo eziningi ezikhuphukayo, lokhu kuthatha isikhathi. Sawubona haproxy.
Kuxazululwa kanjani lokhu ku wathumelaNgokulayisha ukulungiselelwa ngokuguquguqukayo, ngokuya ngemodeli ye-pool, ungayihlukanisa ibe izingxenye ezihlukene futhi ungaqalisi kabusha ingxenye engashintshile. Ngokwesibonelo, isilaleli, okuyinto ebizayo reinitialize futhi kuyaqabukela izinguquko.
Ukucushwa wathumela (kusuka kufayela elingenhla) inalezi zinhlangano ezilandelayo:
- umlaleli β umlaleli ulenga ku-ip/port ethile
- umphathi we-virtual - I-virtual host ngegama lesizinda
- umzila - umthetho wokulinganisa
- iqoqo - iqoqo lemifula enamapharamitha okulinganisa
- ukuphetha - ikheli lesibonelo elikhuphukayo
Ngayinye yalezi zinhlangano kanye nezinye zingagcwaliswa ngokushintshashintshayo; kulokhu, ukulungiselelwa kucacisa ikheli lesevisi lapho kuzotholwa khona ukulungiselelwa. Isevisi ingaba yi-REST noma i-gRPC, i-gRPC iyakhethwa.
Amasevisi aqanjwe ngokulandelana kwawo: i-LDS, i-VHDS, i-RDS, i-CDS ne-EDS. Ungakwazi ukuhlanganisa ukumisa okumile nokuguquguqukayo, kanye nomkhawulo wokuthi insiza eguquguqukayo ayikwazi ukucaciswa kokukodwa.
Emisebenzini eminingi, kwanele ukusebenzisa izinsizakalo ezintathu zokugcina, zibizwa nge-ADS (Isevisi Yokutholwa Okuhlanganisiwe), ye futhi hamba kukhona ukuqaliswa okwenziwe ngomumo kwe-dataplane ye-gRPC lapho udinga nje ukugcwalisa izinto ezivela emthonjeni wakho.
Ukucushwa kuthatha ifomu elilandelayo:
ukumiswa okuguquguqukayo kwe-envoy.yaml
dynamic_resources:
ads_config:
api_type: GRPC
grpc_services:
envoy_grpc:
cluster_name: xds_clr
cds_config:
ads: {}
static_resources:
listeners:
- name: listener_0
address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
stat_prefix: ingress_http
rds:
route_config_name: local_route
config_source:
ads: {}
http_filters:
- name: envoy.router
clusters:
- name: xds_clr
connect_timeout: 0.25s
type: LOGICAL_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: xds_clr
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: xds
port_value: 6565Ekuqaliseni wathumela ngalokhu kulungiselelwa, izoxhuma endizeni yokulawula bese izama ukucela ukucushwa kwe-RDS, CDS kanye ne-EDS. Ukuthi inqubo yokusebenzisana yenzeka kanjani ichaziwe .
Kafushane, wathumela ithumela isicelo esibonisa uhlobo lwensiza ecelwayo, inguqulo nemingcele yenodi. Ukuphendula, ithola insiza nenguqulo; uma inguqulo kundiza yokulawula ingashintshile, ayiphenduli.
Kunezinketho ezi-4 zokusebenzisana:
- Ukusakaza okukodwa kwe-gRPC kwazo zonke izinhlobo zezisetshenziswa, isimo esigcwele sesisetshenziswa siyathunyelwa.
- Imifudlana ehlukene, isimo esigcwele.
- Ukusakaza okukodwa, isimo sokukhula.
- Ukusakaza okuhlukile, isimo esikhulayo.
I-xDS ekhuphukayo ikuvumela ukuthi unciphise ithrafikhi phakathi kwendiza yokulawula kanye wathumela, lokhu kuhambisana nokucushwa okukhulu. Kodwa kwenza kube nzima ukusebenzisana; isicelo siqukethe uhlu lwezinsiza zokuzikhipha ohlwini nokubhalisa.
Isibonelo sethu sisebenzisa i-ADS - ukusakaza okukodwa kwe-RDS, i-CDS, i-EDS kanye nemodi engakhuphuki. Ukuze unike amandla imodi yokukhuphuka, udinga ukucacisa api_type: DELTA_GRPC
Njengoba isicelo siqukethe imingcele ye-node, singathumela izinsiza ezihlukene endizeni yokulawula ngezimo ezihlukahlukene wathumela, lokhu kulungele ukwakha i-mesh yesevisi.
Kulungele
In wathumela ekuqaleni noma lapho uthola ukucushwa okusha kundiza yokulawula, inqubo yokufudumala kwensiza iyaqaliswa. Ihlukaniswe yaba i-warmup yomlaleli kanye ne-cluster warmup. Eyokuqala yethulwa lapho kunezinguquko ku-RDS/LDS, eyesibili lapho i-CDS/EDS. Lokhu kusho ukuthi uma kuphela izinguquko ezikhuphukayo, umlaleli akadalwa kabusha.
Ngesikhathi senqubo yokufudumala, izinsiza ezincikile zilindeleke kundiza yokulawula ngesikhathi sokuvala. Uma ukuphela kwesikhathi kwenzeka, ukuqalisa ngeke kuphumelele futhi umlaleli omusha ngeke aqale ukulalela embobeni.
I-oda lokuqalisa: I-EDS, i-CDS, isheke lezempilo elisebenzayo, i-RDS, i-LDS. Uma ukuhlolwa kwezempilo okusebenzayo kunikwe amandla, ithrafikhi izokhuphuka kuphela ngemva kokuhlolwa kwezempilo okukodwa okuyimpumelelo.
Uma umlaleli edalwe kabusha, endala iya kusimo se-DRAIN futhi izosuswa ngemva kokuba konke ukuxhumana kuvaliwe noma isikhathi sokuvala siphelelwe yisikhathi. --drain-time-s, okuzenzakalelayo imizuzu eyi-10.
Ukuze uqhubeke.
Source: www.habr.com