I-ProHoster > Блог > Ukuphatha > Iziqukathi, ama-microservices nama-meshes wesevisi

Iziqukathi, ama-microservices nama-meshes wesevisi

Kwi-Intanethi iqembu izihloko о service mesh (i-service mesh), nansi enye. Hooray! Kodwa kungani? Khona-ke, ngifuna ukuveza umbono wami wokuthi bekuyoba ngcono ukube ama-meshes esevisi avela eminyakeni eyi-10 edlule, ngaphambi kokufika kwamapulatifomu eziqukathi ezifana ne-Docker ne-Kubernetes. Angisho ukuthi umbono wami ungcono noma mubi kunabanye, kodwa njengoba ama-meshes esevisi eyizilwane eziyinkimbinkimbi, amaphuzu amaningi okubuka azosiza ukuwaqonda kangcono.

Ngizokhuluma ngeplatifomu ye-dotCloud, eyakhiwe phezu kwama-microservices angaphezu kwekhulu futhi yasekela izinkulungwane zezinhlelo zokusebenza ezifakwe iziqukathi. Ngizochaza izinselelo esibhekane nazo ekuyithuthukiseni nasekuyethuleni, nokuthi ama-meshes esevisi angasiza kanjani (noma awakwazanga) ukusiza.

Umlando we-dotCloud

Ngibhalile ngomlando we-dotCloud kanye nokukhetha kwezakhiwo zale nkundla, kodwa angikhulumanga kakhulu ngesendlalelo senethiwekhi. Uma ungafuni ukucwila ekufundeni isihloko sokugcina mayelana ne-dotCloud, nansi ingqikithi ngamafuphi: iyinkundla ye-PaaS-as-a-service evumela amakhasimende ukuthi asebenzise inhlobonhlobo yezinhlelo zokusebenza (i-Java, i-PHP, i-Python...), ngokusekelwa kohlu olubanzi lwedatha. amasevisi (i-MongoDB, i-MySQL, i-Redis...) nokugeleza komsebenzi okufana ne-Heroku: Ulayisha ikhodi yakho endaweni yesikhulumi, yakha izithombe zesiqukathi futhi izisebenzisela.

Ngizokutshela ukuthi ithrafikhi iqondiswe kanjani endaweni yesikhulumi se-dotCloud. Hhayi ngoba kwakupholile kakhulu (yize uhlelo lusebenze kahle ngesikhathi salo!), Kodwa ngokuyinhloko ngenxa yokuthi ngamathuluzi esimanje umklamo onjalo ungenziwa kalula ngesikhathi esifushane yiqembu elinesizotha uma lidinga indlela yokuhambisa ithrafikhi phakathi kwenqwaba. yama-microservices noma inqwaba yezinhlelo zokusebenza. Ngale ndlela, ungaqhathanisa izinketho: kwenzekani uma uthuthukisa yonke into ngokwakho noma usebenzisa i-mesh yesevisi ekhona. Inketho evamile ukuzenzela noma ukuyithenga.

Umzila wethrafikhi wezinhlelo zokusebenza ezisingethwe

Izinhlelo zokusebenza ku-dotCloud zingadalula izindawo zokugcina ze-HTTP ne-TCP.

Iziphetho ze-HTTP kwengezwe ngokuguqukayo ekucushweni kweqoqo lebhalansi yomthwalo I-Hipache. Lokhu kufana nalokho okwenziwa yizinsiza namuhla Ingress ku-Kubernetes kanye nesilinganisi somthwalo njenge Traefik.

Amaklayenti axhumeka ezindaweni zokugcina ze-HTTP ngokusebenzisa izizinda ezifanele, inqobo nje uma igama lesizinda likhomba kubalinganisi bokulayisha be-dotCloud. Akukho okukhethekile.

Iziphetho ze-TCP ehlotshaniswa nenombolo yembobo, ebese idluliselwa kuzo zonke iziqukathi kuleso sitaki ngokusebenzisa okuguquguqukayo kwendawo.

Amaklayenti angaxhuma ezindaweni zokugcina ze-TCP esebenzisa igama lomethuleli elifanele (into efana ne-gateway-X.dotcloud.com) kanye nenombolo yembobo.

Leli gama lomethuleli lixazulula iqoqo leseva elithi "nats" (elingahlobene ne AMANATS), okuzohambisa ukuxhumeka kwe-TCP okungenayo kusiqukathi esifanele (noma, esimweni sezinsizakalo ezilinganisiwe zomthwalo, kuya ezitsheni ezifanele).

Uma ujwayelene ne-Kubernetes, lokhu cishe kuzokukhumbuza Amasevisi INodePort.

Bezingekho izinsiza ezifanayo endaweni ye-dotCloud I-ClusterIP: Ukwenza kube lula, izinsiza bezifinyelelwa ngendlela efanayo kokubili ngaphakathi nangaphandle kweplatifomu.

Konke kwakuhlelwe kalula: ukuqaliswa kokuqala kwamanethiwekhi omzila we-HTTP kanye ne-TCP cishe kwakuyimigqa engamakhulu ambalwa yePython ngayinye. Ama-algorithms alula (ngingathi angenangqondo) aye acwengwa njengoba inkundla ikhula futhi kwavela izidingo ezengeziwe.

Ukucutshungulwa kabusha okubanzi kwekhodi ekhona bekungadingeki. Ngokuqondene, 12 factor zokusebenza angasebenzisa ngokuqondile ikheli elitholwe ngokuguquguquka kwemvelo.

Lokhu kuhluke kanjani kunemeshi yesevisi yesimanje?

Inomkhawulo ukubonakala. Besingenawo nhlobo amamethrikhi we-TCP routing mesh nhlobo. Uma kuziwa emzileni we-HTTP, izinguqulo zakamuva zethule amamethrikhi anemininingwane e-HTTP anamakhodi wephutha nezikhathi zokuphendula, kodwa ama-meshes wesevisi yesimanje aqhubekela phambili, enikeza ukuhlanganiswa nezinhlelo zokuqoqa amamethrikhi njenge-Prometheus, isibonelo.

Ukubonakala kubalulekile hhayi kuphela ngokombono wokusebenza (ukusiza ukuxazulula izinkinga), kodwa nalapho ukhulula izici ezintsha. Imayelana nokuphepha ukuthunyelwa okuluhlaza okwesibhakabhaka и ukuthunyelwa kwe-canary.

Ukusebenza kahle komzila ibuye ibe nomkhawulo. Kumeshi womzila we-dotCloud, yonke ithrafikhi bekufanele idlule kwiqoqo lamanodi omzila azinikele. Lokhu kusho ukuthi kungenzeka weqe imingcele eminingi ye-AZ (Indawo Etholakalayo) kanye nokubambezeleka okwandayo. Ngikhumbula ikhodi yokuxazulula inkinga eyayenza imibuzo ye-SQL engaphezu kwekhulu ekhasini ngalinye futhi ivula uxhumano olusha kuseva ye-SQL kumbuzo ngamunye. Lapho lisebenza endaweni, ikhasi lilayisha khona manjalo, kodwa ku-dotCloud kuthatha imizuzwana embalwa ukulayisha ngoba uxhumano ngalunye lwe-TCP (kanye nombuzo olandelayo we-SQL) kuthatha amashumi ama-millisecond. Kulesi simo, ukuxhumana okuqhubekayo kwaxazulula inkinga.

Ama-meshes wesevisi yesimanje angcono ekubhekaneni nezinkinga ezinjalo. Okokuqala, bahlola ukuthi ukuxhumana kuthuthiwe yini emthonjeni. Ukugeleza okunengqondo kuyafana: клиент → меш → сервис, kodwa manje i-mesh isebenza endaweni futhi hhayi kumanodi akude, ngakho-ke uxhumano клиент → меш ingeyasendaweni futhi ishesha kakhulu (ama-microsecond esikhundleni sama-millisecond).

Ama-meshes wesevisi yesimanje aphinde asebenzise ama-algorithms wokulinganisa umthwalo ahlakaniphile. Ngokuqapha impilo yama-backends, angathumela ithrafikhi eyengeziwe kuma-backends asheshayo, okuholela ekusebenzeni okuthuthukisiwe kukonke.

Ukuphepha kangcono futhi. I-dotCloud routing mesh isebenze ngokuphelele ku-EC2 Classic futhi ayizange ibethele ithrafikhi (ngokusekelwe emcabangweni wokuthi uma othile ekwazile ukufaka isiphunga kuthrafikhi yenethiwekhi ye-EC2, ubusuvele usenkingeni enkulu). Amameshi esevisi yesimanje avikela ngokusobala yonke ithrafikhi yethu, ngokwesibonelo, ngokufakazela ubuqiniso kwe-TLS kanye nokubethela okulandelayo.

Ithrafikhi yomzila yamasevisi engxenyekazi

Kulungile, sixoxile ngethrafikhi phakathi kwezinhlelo zokusebenza, kodwa kuthiwani ngenkundla ye-dotCloud ngokwayo?

Ipulatifomu ngokwayo yayinezinsizakalo ezincane ezingaba yikhulu ezibhekele imisebenzi ehlukahlukene. Abanye bamukele izicelo ezivela kwabanye, kanti abanye babengabasebenzi basemuva ababexhumeke kwezinye izinkonzo kodwa abakwamukeli ukuxhunywa bona ngokwabo. Kunoma ikuphi, isevisi ngayinye kufanele yazi izindawo zokugcina zamakheli edinga ukuxhuma kuwo.

Izinsizakalo eziningi ezisezingeni eliphezulu zingasebenzisa i-mesh yomzila echazwe ngenhla. Eqinisweni, iningi lama-microservices e-dotCloud angaphezu kwekhulu asetshenziswe njengezinhlelo zokusebenza ezivamile endaweni yesikhulumi se-dotCloud ngokwayo. Kodwa inani elincane lezinsizakalo ezisezingeni eliphansi (ikakhulukazi lezo ezisebenzisa le mesh yomzila) zazidinga okuthile okulula, ezinokuncika okumbalwa (njengoba zazingakwazi ukuthembela kuzona ukuze zisebenze - inkinga endala yenkukhu neqanda).

Lezi zinsizakalo ezisezingeni eliphansi, ezibaluleke kakhulu kumishini zasetshenziswa ngokuqhuba iziqukathi ngqo ezindaweni ezimbalwa ezibalulekile. Kulokhu, izinsizakalo zeplathifomu ezijwayelekile azisetshenziswanga: umxhumanisi, umhleli nomgijimi. Uma ufuna ukuqhathanisa nezinkundla zeziqukathi zesimanje, kufana nokusebenzisa indiza yokulawula nge docker run ngqo kumanodi, esikhundleni sokunikeza umsebenzi ku-Kubernetes. Kuyafana ngomqondo amamojula amile (ama-pods), eliyisebenzisayo kubeadm noma bootkube lapho uqalisa iqoqo elizimele.

Lezi zinsizakalo zivezwe ngendlela elula neluhlaza: ifayela le-YAML libhale amagama namakheli abo; futhi iklayenti ngalinye kwadingeka lithathe ikhophi yaleli fayela le-YAML ukuze lisetshenziswe.

Ngakolunye uhlangothi, ithembeke kakhulu ngoba ayidingi ukusekelwa kokhiye wangaphandle/isitolo senani njenge-Zookeeper (khumbula, njlld noma i-Consul yayingekho ngaleso sikhathi). Ngakolunye uhlangothi, kwenze kwaba nzima ukuhambisa izinkonzo. Ngaso sonke isikhathi lapho kususwa, wonke amaklayenti ayezothola ifayela le-YAML elibuyekeziwe (futhi okungenzeka liqalise kabusha). Ayikhululekile neze!

Ngokulandelayo, siqale ukusebenzisa uhlelo olusha, lapho iklayenti ngalinye lixhumeke kuseva elibamba lendawo. Esikhundleni sekheli nembobo, idinga kuphela ukwazi inombolo yembobo yesevisi, futhi ixhume nge localhost. Ummeleli wasendaweni uphatha lolu xhumano futhi uludlulisela kuseva yangempela. Manje, lapho uhambisa i-backend komunye umshini noma ukukala, esikhundleni sokubuyekeza wonke amaklayenti, udinga kuphela ukubuyekeza wonke lawa ma-proxies wendawo; futhi ukuqalisa phansi akusadingeki.

(Kwabuye kwahlelelwa ukuthi kuhlanganiswe ithrafikhi ekuxhumekeni kwe-TLS futhi kubekwe enye iseva elibamba ohlangothini lokwamukela, kanye nokuqinisekisa izitifiketi ze-TLS ngaphandle kokuhlanganyela kwesevisi yokwamukela, ehlelelwe ukwamukela ukuxhumana kuphela localhost. Okuningi ngalokhu kamuva).

Lokhu kufana kakhulu ne I-SmartStack kusuka ku-Airbnb, kodwa umehluko obalulekile ukuthi i-SmartStack isetshenziswa futhi yafakwa ekukhiqizweni, kuyilapho isistimu yomzila yangaphakathi ye-dotCloud yavalwa lapho i-dotCloud iba yi-Docker.

Mina ngokwami ​​ngithatha i-SmartStack njengomunye wabanduleli bezinhlelo ezifana ne-Istio, i-Linkerd ne-Consul Connect ngoba zonke zilandela iphethini efanayo:

  • Sebenzisa ummeleli endaweni ngayinye.
  • Amaklayenti axhumeka kummeleli.
  • Indiza yokulawula ibuyekeza ukulungiselelwa kommeleli lapho i-backends ishintsha.
  • ... Inzuzo!

Ukuqaliswa kwesimanje kwe-mesh yesevisi

Uma besidinga ukusebenzisa igridi efanayo namuhla, singasebenzisa izimiso ezifanayo. Isibonelo, lungiselela indawo ye-DNS yangaphakathi ngokwenza imephu amagama esevisi kumakheli asesikhaleni 127.0.0.0/8. Bese ugijima i-HAProxy endaweni ngayinye ku-cluster, wamukela ukuxhumana ekhelini ngalinye lesevisi (kuleyo subnet 127.0.0.0/8) kanye nokuqondisa kabusha/ukulinganisa umthwalo ezindaweni ezingemuva ezifanele. Ukucushwa kwe-HAProxy kungalawulwa confd, okukuvumela ukuthi ugcine imininingwane ye-backend ku- etcd noma ku-Consul futhi uphushe ngokuzenzakalelayo ukucushwa okubuyekeziwe ku-HAProxy lapho kudingeka.

Lokhu kuhle kakhulu ukuthi i-Istio isebenza kanjani! Kodwa ngezinye umehluko:

  • Isebenzisa Ummeleli wenxusa esikhundleni se-HAProxy.
  • Igcina ukulungiselelwa kwe-backend nge-Kubernetes API esikhundleni se- etcd noma i-Consul.
  • Amasevisi anikezwa amakheli ku-subnet yangaphakathi (amakheli e-Kubernetes ClusterIP) esikhundleni sika-127.0.0.0/8.
  • Inengxenye eyengeziwe (i-Citadel) yokwengeza ukufakazela ubuqiniso kwe-TLS phakathi kweklayenti namaseva.
  • Isekela izici ezintsha ezinjengokuphulwa kwesifunda, ukulandelela okusabalalisiwe, ukuthunyelwa kwe-canary, njll.

Ake sibheke ngokushesha eminye yomehluko.

Ummeleli wenxusa

Ummeleli Wezithunywa ubhalwe nguLyft [oqhudelana naye u-Uber emakethe yamatekisi - cishe. umzila]. Kuyafana ngezindlela eziningi kwamanye ama-proxies (isb. I-HAProxy, i-Nginx, i-Traefik...), kodwa i-Lyft ibhale eyabo ngoba idinga izici ezinye ama-proxies ayengenazo, futhi kubonakala kuhlakaniphe ukwenza entsha kunokunweba ekhona.

Inxusa lingasetshenziswa ngokwalo. Uma nginesevisi ethile edinga ukuxhuma kwezinye izinsiza, ngingakwazi ukuyilungisa ukuze ixhume ku-Envoy, bese ngilungisa ngokuguquguqukayo futhi ngilungise kabusha uMthunywa ngendawo yezinye izinsizakalo, kuyilapho ngithola imisebenzi eminingi eyengeziwe eyengeziwe, njengokubonakala. Esikhundleni selabhulali yeklayenti yangokwezifiso noma ukufaka umkhondo wekholi, sithumela ithrafikhi ku-Envoy, futhi isiqoqele amamethrikhi.

Kodwa uMthunywa naye uyakwazi ukusebenza njenge indiza yedatha (indiza yedatha) yemeshi yesevisi. Lokhu kusho ukuthi i-Envoy manje isilungiselelwe le mesh yesevisi indiza yokulawula (indiza yokulawula).

Lawula indiza

Ngendiza yokulawula, i-Istio incike ku-Kubernetes API. Lokhu akuhlukile kakhulu ekusebenziseni i-confd, ethembele ku- etcd noma ku-Consul ukuze ibuke isethi yokhiye esitolo sedatha. I-Istio isebenzisa i-Kubernetes API ukuze ibuke isethi yezinsiza ze-Kubernetes.

Phakathi kwalokhu kanye: Mina ngokwami ​​ngithole lokhu kuwusizo Incazelo ye-Kubernetes APIofundeka kanje:

I-Kubernetes API Server “iyiseva eyisimungulu” enikeza isitoreji, ukwenza inguqulo, ukuqinisekiswa, ukubuyekezwa, kanye nesemantics yezinsiza ze-API.

I-Istio yakhelwe ukusebenza noKubernetes; futhi uma ufuna ukuyisebenzisa ngaphandle kwe-Kubernetes, kuzomele usebenzise isibonelo seseva ye-Kubernetes API (kanye nensizakalo yomsizi njll).

Amakheli esevisi

I-Istio incike ekhelini le-ClusterIP elinikezwa u-Kubernetes, ngakho izinsiza ze-Istio zithola ikheli langaphakathi (hhayi ebangeni 127.0.0.0/8).

Ithrafikhi eya ekhelini le-ClusterIP yesevisi ethile kuqoqo le-Kubernetes ngaphandle kwe-Istio ibanjwa ummeleli we-kube bese ithunyelwa kulowo mmeleli ongemuva. Uma unentshisekelo emininingwaneni yobuchwepheshe, i-kube-proxy imisa imithetho ye-iptables (noma izilinganisi zokulayisha ze-IPVS, kuye ngokuthi ihlelwa kanjani) ukuze ibhale kabusha amakheli e-IP okuyiwa kuwo oxhumo oluya ekhelini le-ClusterIP.

Uma i-Istio isifakiwe kuqoqo le-Kubernetes, akukho lutho olushintshayo kuze kube yilapho inikwe amandla ngokusobala kumthengi othile, noma ngisho nendawo yonke yegama, ngokwethula isiqukathi. sidecar kumaphodi angokwezifiso. Lesi sitsha sizophenya isibonelo se-Envoy futhi simise isethi yemithetho ye-iptables ukuze sinqande ithrafikhi eya kwezinye izinsizakalo futhi siqondise kabusha leyo thrafikhi ku-Envoy.

Uma ihlanganiswe ne-Kubernetes DNS, lokhu kusho ukuthi ikhodi yethu ingaxhumeka ngegama lesevisi futhi yonke into "iyasebenza." Ngamanye amazwi, ikhodi yethu ikhipha imibuzo efana nokuthi http://api/v1/users/4242ke api xazulula isicelo 10.97.105.48, imithetho ye-iptables izonqamula ukuxhumeka kusuka ku-10.97.105.48 futhi iwadlulisele kummeleli wendawo Yezithunywa, futhi lowo mmeleli wasendaweni uzodlulisela isicelo ku-API yangempela yasemuva. Phew!

Ama-frills engeziwe

I-Istio iphinde inikeze ukubethela kokuphela uye ekupheleni kanye nokuqinisekisa nge-mTLS (mutual TLS). Kubizwe ingxenye citadel.

Kukhona futhi ingxenye I-mixer, okuyinto uMthunywa angacela yona ngamunye isicelo sokwenza isinqumo esikhethekile mayelana naleso sicelo ngokuya ngezinto ezahlukahlukene ezifana nezihloko, umthwalo ongemuva, njll.. (ungakhathazeki: kunezindlela eziningi zokugcina i-Mixer isebenza, futhi noma iphahlazeka, isithunywa sizoqhubeka nokusebenza kuhle njengommeleli).

Futhi, kunjalo, sishilo ukubonakala: Isithunywa siqoqa inani elikhulu lamamethrikhi ngenkathi sinikeza ukulandelela okusabalalisiwe. Esakhiweni se-microservices, uma isicelo esisodwa se-API kufanele sidlule kuma-microservices A, B, C, kanye no-D, lapho-ke ungena ngemvume, ukulandelela okusabalalisiwe kuzongeza isihlonzi esihlukile esicelweni futhi kugcine lesi sihlonzi ngezicelo ezingaphansi kuzo zonke lezi zinsiza ezincane, okuvumela wonke amakholi ahlobene azobanjwa. ukubambezeleka, njll.

Thuthukisa noma uthenge

I-Istio inedumela lokuba yinkimbinkimbi. Ngokuphambene, ukwakha i-mesh yomzila engiyichaze ekuqaleni kwalokhu okuthunyelwe kulula kakhulu usebenzisa amathuluzi akhona. Ngakho-ke, ingabe kunengqondo ukudala i-mesh yakho yesevisi esikhundleni?

Uma sinezidingo ezinesizotha (asidingi ukubonakala, i-circuit breaker nezinye izinto ezicashile), imicabango iza ekuthuthukiseni ithuluzi lethu. Kodwa uma sisebenzisa i-Kubernetes, ingase ingadingeki ngoba i-Kubernetes isivele ihlinzeka ngamathuluzi ayisisekelo okuthola isevisi nokulinganisa ukulayisha.

Kodwa uma sinezidingo ezithuthukisiwe, khona-ke "ukuthenga" i-mesh yesevisi kubonakala kuyinketho engcono kakhulu. (Lokhu akukhona njalo "ukuthenga" ngoba i-Istio iwumthombo ovulekile, kodwa sisadinga ukutshala isikhathi sobunjiniyela ukuze sikuqonde, sikuphakele, futhi sikulawule.)

Ingabe kufanele ngikhethe i-Istio, i-Linkerd noma i-Consul Connect?

Kuze kube manje sikhulume kuphela nge-Istio, kodwa lena akuyona kuphela i-mesh yesevisi. Okunye okudumile - Linkerd, futhi kukhona okwengeziwe I-Consul Connect.

Yini ongayikhetha?

Thembeka, angazi. Okwamanje angiziboni nginekhono ngokwanele ukuphendula lo mbuzo. Kukhona abambalwa ezithakazelisayo izihloko ngokuqhathanisa la mathuluzi ngisho amabhentshimakhi.

Enye indlela ethembisayo ukusebenzisa ithuluzi elinjalo I-SuperGloo. Isebenzisa isendlalelo se-abstraction ukwenza lula nokuhlanganisa ama-API adalulwe amameshi esevisi. Esikhundleni sokufunda ama-API athile (futhi, ngokubona kwami, ayinkimbinkimbi) yama-meshes esevisi ahlukene, singasebenzisa ukwakheka okulula kwe-SuperGloo - futhi sishintshe kalula sisuka kwesinye siye kwesinye, njengokungathi sinefomethi yokumisa ephakathi echaza ukuxhumana kwe-HTTP nama-backends anamandla. yokukhiqiza ukucushwa kwangempela kwe-Nginx, i-HAProxy, i-Traefik, i-Apache...

Ngike ngadlala kancane nge-Istio kanye ne-SuperGloo, futhi esihlokweni esilandelayo ngifuna ukukhombisa indlela yokwengeza i-Istio noma i-Linkerd kuqoqo elikhona lisebenzisa i-SuperGloo, nokuthi lo wakamuva uwenza kanjani umsebenzi, okungukuthi, ikuvumela ukuthi usuke isevisi enezikhala eyodwa iye kwenye ngaphandle kokubhala ngaphezulu ukulungiselelwa.

Source: www.habr.com

Engeza amazwana