Emuva kuma-microservices nge-Istio. Ingxenye 2

Qaphela. transl.: Ingxenye yokuqala Lolu chungechunge lunikezelwe ekwethuleni amakhono e-Istio futhi siwabonise ngesenzo. Manje sizokhuluma ngezici eziyinkimbinkimbi kakhulu zokucushwa nokusetshenziswa kwale mesh yesevisi, futhi ikakhulukazi, mayelana nomzila oshunwe kahle kanye nokuphathwa kwethrafikhi yenethiwekhi.

Siphinde sikukhumbuze ukuthi i-athikili isebenzisa ukucushwa (izimpawu ze-Kubernetes ne-Istio) kusuka endaweni yokugcina. istio-mastery.

Ukuphathwa Kwethrafikhi

Nge-Istio, amandla amasha avela kuqoqo ukuze ahlinzeke:

• Isicelo esinamandla somzila: ukukhishwa kwe-canary, ukuhlolwa kwe-A/B;
• Ukulayisha ukulinganisa: elula futhi engaguquki, esekelwe kuma-hashes;
• Ukubuyisela ngemva kokuwa: ukuphela kwesikhathi, ukuzama futhi, ama-circuit breaker;
• Ukufaka amaphutha: ukubambezeleka, izicelo ezehlisiwe, njll.

Njengoba isihloko siqhubeka, lawa makhono azovezwa kusetshenziswa uhlelo lokusebenza olukhethiwe njengesibonelo futhi imiqondo emisha izokwethulwa endleleni. Umqondo onjalo wokuqala uzoba DestinationRules (okungukuthi imithetho mayelana nomamukeli wethrafikhi/izicelo - cishe. transl.), ngosizo esenza kusebenze ukuhlola kwe-A/B.

Ukuhlolwa kwe-A/B: Imithetho Yendawo esetshenziswayo

Ukuhlola kwe-A/B kusetshenziswa ezimeni lapho kukhona izinguqulo ezimbili zohlelo lokusebenza (imvamisa zihlukile ngokubukeka) futhi asinaso isiqiniseko esingu-100% sokuthi iyiphi ezothuthukisa ulwazi lomsebenzisi. Ngakho-ke, sisebenzisa zombili izinguqulo ngesikhathi esisodwa futhi siqoqa amamethrikhi.

Ukuze usebenzise inguqulo yesibili ye-frontend, edingekayo ukuze ubonise ukuhlolwa kwe-A/B, sebenzisa umyalo olandelayo:

$ kubectl apply -f resource-manifests/kube/ab-testing/sa-frontend-green-deployment.yaml
deployment.extensions/sa-frontend-green created

I-manifest yokuthunyelwa yenguqulo eluhlaza ihluka ezindaweni ezimbili:

1. Isithombe sisekelwe kumaka ahlukile - istio-green,
2. Amaphodi anelebula version: green.

Njengoba kokubili ukuthunyelwa kunelebula app: sa-frontend,izicelo ezihanjiswa isevisi ebonakalayo sa-external-services ngenkonzo sa-frontend, izoqondiswa kabusha kuzo zonke izimo zayo futhi umthwalo uzosatshalaliswa i-algorithm ye-round-robin, okuzoholela kulesi simo esilandelayo:

Amafayela aceliwe awatholakalanga

Lawa mafayela awatholakalanga ngoba aqanjwe ngendlela ehlukile ezinguqulweni ezihlukene zohlelo lokusebenza. Masiqinisekise lokhu:

$ curl --silent http://$EXTERNAL_IP/ | tr '"' 'n' | grep main
/static/css/main.c7071b22.css
/static/js/main.059f8e9c.js
$ curl --silent http://$EXTERNAL_IP/ | tr '"' 'n' | grep main
/static/css/main.f87cd8c9.css
/static/js/main.f7659dbb.js

Kusho ukuthi index.html, icela inguqulo eyodwa yamafayela amile, ingathunyelwa yi-balancer yomthwalo kuma-pods anenguqulo ehlukile, lapho, ngenxa yezizathu ezicacile, amafayela anjalo awekho. Ngakho-ke, ukuze isicelo sisebenze, sidinga ukubeka umkhawulo: “inguqulo efanayo yohlelo lokusebenza olunikeze i-index.html kufanele inikeze izicelo ezilandelayo".

Sizofika lapho ngokulinganisa okungaguquguquki komthwalo okususelwa ku-hash (I-Hash Loadbalancing engaguquki). Kulokhu izicelo ezivela kuklayenti elifanayo zithunyelwa esimweni esifanayo esingemuva, okusetshenziselwa indawo echazwe ngaphambilini - isibonelo, unhlokweni we-HTTP. Kwenziwa kusetshenziswa iDestinationRules.

Imithetho Yendawo

Emva I-VirtualService ithumele isicelo kusevisi efunekayo, sisebenzisa i-DestinationRules singachaza izinqubomgomo ezizosetshenziswa kuthrafikhi eqondiswe ezimweni zale sevisi:

Ukuphathwa kwethrafikhi ngezinsiza ze-Istio

Ukubhala: Umthelela wezinsiza ze-Istio kuthrafikhi yenethiwekhi uvezwa lapha ngendlela eqondakala kalula. Ukunemba, isinqumo sokuthi isicelo uzothunyelwa kusiphi isimo senziwa Inxusa Ku-Ingress Gateway elungiselelwe ku-CRD.

Ngemithetho Yendawo, singamisa ukulinganisa kokulayisha ukuze sisebenzise ama-hashes angashintshi futhi siqinisekise ukuthi isenzakalo esifanayo sesevisi siphendula kumsebenzisi ofanayo. Ukucushwa okulandelayo kukuvumela ukuthi ufeze lokhu (destinationrule-sa-frontend.yaml):

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: sa-frontend
spec:
  host: sa-frontend
  trafficPolicy:
    loadBalancer:
      consistentHash:
        httpHeaderName: version   # 1

1 - i-hash izokhiqizwa ngokusekelwe kokuqukethwe kwesihloko se-HTTP version.

Sebenzisa ukumisa ngomyalo olandelayo:

$ kubectl apply -f resource-manifests/istio/ab-testing/destinationrule-sa-frontend.yaml
destinationrule.networking.istio.io/sa-frontend created

Manje sebenzisa umyalo ongezansi futhi uqiniseke ukuthi uthola amafayela alungile lapho ucacisa unhlokweni version:

$ curl --silent -H "version: yogo" http://$EXTERNAL_IP/ | tr '"' 'n' | grep main

Ukubhala: Ukwengeza amanani ahlukene kunhlokweni futhi uhlole imiphumela ngokuqondile kusiphequluli, ungasebenzisa lesi sandiso ku-Chrome (noma ngalokhu yeFirefox - cishe. transl.).

Ngokuvamile, i-DestinationRules inamakhono amaningi endaweni yokulinganisa umthwalo - hlola imininingwane imibhalo esemthethweni.

Ngaphambi kokuqhubeka nokufunda i-VirtualService, ake sisuse "inguqulo eluhlaza" yohlelo lokusebenza kanye nomthetho wendlela yomgwaqo ohambisanayo ngokusebenzisa imiyalo elandelayo:

$ kubectl delete -f resource-manifests/kube/ab-testing/sa-frontend-green-deployment.yaml
deployment.extensions “sa-frontend-green” deleted
$ kubectl delete -f resource-manifests/istio/ab-testing/destinationrule-sa-frontend.yaml
destinationrule.networking.istio.io “sa-frontend” deleted

I-Mirroring: Izinsizakalo Ezibonakalayo Ezisebenzayo

Ukukhombisa (“ukuvikela”) noma Ukubukisa (“izibuko”) esetshenziswa ezimeni lapho sifuna ukuhlola ushintsho ekukhiqizweni ngaphandle kokuthikameza abasebenzisi bokugcina: ukwenza lokhu, siphinda (“isibuko”) izicelo esimeni sesibili lapho kwenziwe khona izinguquko ezifiselekayo, bese sibheka imiphumela. Kalula nje, yilapho osebenza naye ekhetha udaba olubucayi kakhulu futhi enze isicelo sokudonsa ngendlela yesigaxa esikhulu sokungcola kangangokuthi akekho ongakwazi ukusibuyekeza.

Ukuhlola lesi simo sisebenza, masidale isibonelo sesibili se-SA-Logic esineziphazamisi (buggy) ngokusebenzisa umyalo olandelayo:

$ kubectl apply -f resource-manifests/kube/shadowing/sa-logic-service-buggy.yaml
deployment.extensions/sa-logic-buggy created

Futhi manje ake sisebenzise umyalo wokuqinisekisa ukuthi zonke izimo nge app=sa-logic Futhi banamalebula anezinguqulo ezihambisanayo:

$ kubectl get pods -l app=sa-logic --show-labels
NAME                              READY   LABELS
sa-logic-568498cb4d-2sjwj         2/2     app=sa-logic,version=v1
sa-logic-568498cb4d-p4f8c         2/2     app=sa-logic,version=v1
sa-logic-buggy-76dff55847-2fl66   2/2     app=sa-logic,version=v2
sa-logic-buggy-76dff55847-kx8zz   2/2     app=sa-logic,version=v2

service sa-logic iphokophele amaphodi anelebula app=sa-logic, ngakho zonke izicelo zizosatshalaliswa kuzo zonke izimo:

... kodwa sifuna ukuthi izicelo zithunyelwe ezimweni ze-v1 futhi zifaniswe nezimo ze-v2:

Sizokufeza lokhu nge-VirtualService sihlangene ne-DestinationRule, lapho imithetho izonquma amasethi angaphansi kanye nemizila ye-VirtualService eya kwesethiwe elincane.

Ukuchaza Amasethi Angaphansi Emithethweni Yendawo

Amasethi angaphansi (ama-subset) kunqunywa ukucushwa okulandelayo (sa-logic-subsets-destinationrule.yaml):

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: sa-logic
spec:
  host: sa-logic    # 1
  subsets:
  - name: v1        # 2
    labels:
      version: v1   # 3
  - name: v2
    labels:
      version: v2

1. Umsingathi (host) ichaza ukuthi lo mthetho usebenza kuphela ezimeni lapho umzila uya kusevisi sa-logic;
2. Izihloko (name) ama-subsets asetshenziswa lapho kuthuthelwa ezimweni ezingaphansi;
3. Ilebula (label) ichaza amapheya enani elingukhiye okufanele izimo zifane ukuze zibe yingxenye yesethi engaphansi.

Sebenzisa ukumisa ngomyalo olandelayo:

$ kubectl apply -f resource-manifests/istio/shadowing/sa-logic-subsets-destinationrule.yaml
destinationrule.networking.istio.io/sa-logic created

Manje njengoba ama-subset esechaziwe, singaqhubekela phambili futhi silungiselele i-VirtualService ukuze sisebenzise imithetho kuzicelo ku-sa-logic ukuze:

1. Kuhanjiswe kusethi engaphansi v1,
2. Ifaniswe kusethi engaphansi v2.

Imanifesto elandelayo ikuvumela ukuthi ufeze izinhlelo zakho (sa-logic-subsets-shadowing-vs.yaml):

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: sa-logic
spec:
  hosts:
    - sa-logic          
  http:
  - route:
    - destination:
        host: sa-logic  
        subset: v1      
    mirror:             
      host: sa-logic     
      subset: v2

Ayikho incazelo edingekayo lapha, ngakho-ke ake siyibone isebenza:

$ kubectl apply -f resource-manifests/istio/shadowing/sa-logic-subsets-shadowing-vs.yaml
virtualservice.networking.istio.io/sa-logic created

Ake sengeze umthwalo ngokubiza umyalo olandelayo:

$ while true; do curl -v http://$EXTERNAL_IP/sentiment 
    -H "Content-type: application/json" 
    -d '{"sentence": "I love yogobella"}'; 
    sleep .8; done

Ake sibheke imiphumela eGrafana, lapho ungabona khona ukuthi inguqulo enezimbungulu (buggy) kubangela ukwehluleka ku-~60% wezicelo, kodwa akukho nokukodwa kwalokhu kwehluleka okuthinta abasebenzisi bokugcina njengoba bephendulwa isevisi esebenzayo.

Izimpendulo eziyimpumelelo zezinguqulo ezihlukene zesevisi ye-sa-logic

Lapha siqale sabona ukuthi i-VirtualService isetshenziswa kanjani kubaThunywa bezinsizakalo zethu: nini sa-web-app yenza isicelo ku sa-logic, idlula ku-sidecar Envoy, okuthi - nge-VirtualService - ilungiselelwe ukuhambisa isicelo kusethi engaphansi ye-v1 futhi ibonise isicelo kusethi engaphansi ye-v2 yesevisi. sa-logic.

Ngiyazi, ungase ucabange ukuthi i-Virtual Services ilula. Esigabeni esilandelayo, sizokwandisa lokho ngokuthi nazo zinhle ngempela.

Ukukhishwa kwe-Canary

I-Canary Deployment inqubo yokukhipha inguqulo entsha yohlelo lokusebenza enanini elincane labasebenzisi. Isetshenziselwa ukwenza isiqiniseko sokuthi azikho izinkinga ekukhishweni futhi kuphela ngemva kwalokho, kakade uqiniseka ngekhwalithi yayo (yokukhishwa), ukusabalalisa kwabanye abasebenzisi.оizethameli ezinkulu.

Ukuze sibonise ukukhishwa kwe-canary, sizoqhubeka nokusebenza nesethi encane buggy у sa-logic.

Masingachithi isikhathi ezintweni ezincane futhi ngokushesha sithumele u-20% wabasebenzisi enguqulweni neziphazamisi (lokhu kuzomela ukukhishwa kwethu kwe-canary), kanye nama-80% asele kusevisi evamile. Ukuze wenze lokhu, sebenzisa i-VirtualService elandelayo (sa-logic-subsets-canary-vs.yaml):

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: sa-logic
spec:
  hosts:
    - sa-logic    
  http:
  - route: 
    - destination: 
        host: sa-logic
        subset: v1
      weight: 80         # 1
    - destination: 
        host: sa-logic
        subset: v2
      weight: 20 # 1

1 isisindo (weight), ecacisa iphesenti lezicelo ezizoqondiswa kumamukeli noma isethi engaphansi yomamukeli.

Ake sibuyekeze ukucushwa kwe-VirtualService kwangaphambilini sa-logic ngomyalo olandelayo:

$ kubectl apply -f resource-manifests/istio/canary/sa-logic-subsets-canary-vs.yaml
virtualservice.networking.istio.io/sa-logic configured

... futhi sizobona ngokushesha ukuthi ezinye izicelo ziholela ekuhlulekeni:

$ while true; do 
   curl -i http://$EXTERNAL_IP/sentiment 
   -H "Content-type: application/json" 
   -d '{"sentence": "I love yogobella"}' 
   --silent -w "Time: %{time_total}s t Status: %{http_code}n" 
   -o /dev/null; sleep .1; done
Time: 0.153075s Status: 200
Time: 0.137581s Status: 200
Time: 0.139345s Status: 200
Time: 30.291806s Status: 500

I-VirtualServices inika amandla ukukhishwa kwe-canary: Kulokhu, sinciphise umthelela ongaba khona wezinkinga waba ngu-20% wesisekelo sabasebenzisi. Kuhle! Manje, kuzo zonke izimo lapho singaqiniseki ngekhodi yethu (ngamanye amazwi - njalo...), singasebenzisa i-mirroring kanye nokukhishwa kwe-canary.

Ukuphela kwesikhathi nokuzama futhi

Kodwa izimbungulu azigcini njalo kukhodi. Ohlwini oluvela ku-"8 Imibono Engalungile mayelana ne-Distributed ComputingOkokuqala, inkolelo eyiphutha yokuthi "inethiwekhi ithembekile." Eqinisweni inethiwekhi hhayi okuthembekile, futhi ngenxa yalesi sizathu sidinga ukuphela kwesikhathi (isikhathi sokuvala) futhi iyazama futhi (uyazama futhi).

Ukuze sibonise, sizoqhubeka nokusebenzisa inguqulo yenkinga efanayo sa-logic (buggy), futhi sizolingisa ukungathembeki kwenethiwekhi ngokuhluleka okungahleliwe.

Vumela isevisi yethu enezimbungulu ibe nethuba elingu-1/3 lokuthatha isikhathi eside ukuphendula, ithuba elingu-1/3 lokuphela Ngephutha Leseva Yangaphakathi, kanye nethuba elingu-1/3 lokubuyisela ikhasi ngempumelelo.

Ukunciphisa umthelela wezinkinga ezinjalo nokwenza impilo ibe ngcono kubasebenzisi, singakwazi:

1. engeza isikhathi sokuvala uma isevisi ithatha isikhathi esingaphezu kwamasekhondi angu-8 ukuphendula,
2. zama futhi uma isicelo sehluleka.

Ukuze sisebenzise, ​​sizosebenzisa incazelo yensiza elandelayo (sa-logic-retries-timeouts-vs.yaml):

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: sa-logic
spec:
  hosts:
    - sa-logic
  http:
  - route: 
    - destination: 
        host: sa-logic
        subset: v1
      weight: 50
    - destination: 
        host: sa-logic
        subset: v2
      weight: 50
    timeout: 8s           # 1
    retries:
      attempts: 3         # 2
      perTryTimeout: 3s # 3

1. Isikhathi sokuvala isicelo sisethelwe kumasekhondi ayi-8;
2. Izicelo zizanywa kabusha izikhathi ezi-3;
3. Futhi umzamo ngamunye uthathwa njengongaphumeleli uma isikhathi sokuphendula sidlula imizuzwana emi-3.

Lokhu ukulungiselelwa ngoba umsebenzisi ngeke kudingeke alinde ngaphezu kwamasekhondi angu-8 futhi sizokwenza imizamo emithathu emisha yokuthola impendulo uma kwenzeka kuba nokwehluleka, okwandisa ithuba lokuphendula ngempumelelo.

Sebenzisa ukucushwa okubuyekeziwe ngomyalo olandelayo:

$ kubectl apply -f resource-manifests/istio/retries/sa-logic-retries-timeouts-vs.yaml
virtualservice.networking.istio.io/sa-logic configured

Futhi hlola emagrafu e-Grafana ukuthi inani lezimpendulo eziyimpumelelo lenyuke ngenhla:

Ukuthuthukiswa kwezibalo zempendulo eziyimpumelelo ngemva kokwengeza izikhathi zokuvala nokuzama futhi

Ngaphambi kokudlulela esigabeni esilandelayo (noma kunalokho, engxenyeni elandelayo ye-athikili, ngoba kulokhu ngeke kusaba khona ukuhlola okungokoqobo - cishe. transl.), susa sa-logic-buggy kanye ne-VirtualService ngokusebenzisa imiyalo elandelayo:

$ kubectl delete deployment sa-logic-buggy
deployment.extensions “sa-logic-buggy” deleted
$ kubectl delete virtualservice sa-logic
virtualservice.networking.istio.io “sa-logic” deleted

I-Circuit Breaker kanye namaphethini e-Bulkhead

Sikhuluma ngamaphethini amabili abalulekile ekwakhiweni kwe-microservice akuvumela ukuthi uzuze ukuzitakula (ukuzelapha) nezinsizakalo.

I-circuit breaker ("I-circuit breaker") esetshenziselwa ukunqamula izicelo eziza esimweni sesevisi ebhekwa njengengenampilo futhi iyibuyisele kuyilapho izicelo zamaklayenti ziqondiswa kabusha ezimeni ezinempilo zaleyo sevisi (okwenyusa iphesenti lezimpendulo eziyimpumelelo). (Qaphela: Incazelo enemininingwane eyengeziwe yephethini ingatholakala, isibonelo, lapha.)

I-Bulkhead ("i-partition") ihlukanisa ukwehluleka kwesevisi ekuthinteni lonke uhlelo. Isibonelo, Isevisi B iphukile futhi enye isevisi (iklayenti Lesevisi B) yenza isicelo Kusevisi B, okuyenza iqede uchungechunge lwayo futhi ingakwazi ukusevisa ezinye izicelo (ngisho noma zingaveli kusevisi B). (Qaphela: Incazelo enemininingwane eyengeziwe yephethini ingatholakala, isibonelo, lapha.)

Ngizoyiyeka imininingwane yokusetshenziswa kwala maphethini ngoba kulula ukuyithola kuwo imibhalo esemthethweni, futhi ngifuna ngempela ukukhombisa ubuqiniso nokugunyazwa, okuzoxoxwa ngakho engxenyeni elandelayo yesihloko.

I-PS evela kumhumushi

Funda futhi kubhulogi yethu:

• "Buyela kuma-microservices nge-Istio": ingxenye 1 (isingeniso sezici eziyinhloko), Ingxenye 3 (ukuqinisekisa nokugunyazwa);
• «I-Conduit - isevisi enemeshi engasindi ye-Kubernetes";
• «Iyini i-mesh yesevisi futhi kungani ngiyidinga [ngohlelo lokusebenza lwefu olunama-microservices]?".

Source: www.habr.com