Izimo zokusebenzisa i-service mesh

Qaphela. transl.: Umbhali walesi sihloko (uLuc Perkins) ungummeli wonjiniyela enhlanganweni ye-CNCF, okuyikhaya lamaphrojekthi we-Open Source njenge-Linkerd, i-SMI (Service Mesh Interface) kanye ne-Kuma (ngendlela, ingabe uke wazibuza ukuthi kungani i-Istio awukho kulolu hlu? .). Ezama futhi ukuletha umphakathi we-DevOps ukuqonda okungcono kwe-hype yemfashini ebizwa ngokuthi "i-service mesh", ubala amakhono ayi-16 anikezwa yilezo zixazululo.

Namuhla service mesh ― esinye sezihloko ezishisa izikhotha emkhakheni wobunjiniyela besoftware (futhi kufanele!). Ngicabanga ukuthi lobu buchwepheshe buthembisa ngendlela emangalisayo futhi ngingathanda ukububona bamukelwa kabanzi (uma bunengqondo, kunjalo). Kodwa-ke, isazungezwe i-aura yemfihlakalo kubantu abaningi. Ngesikhathi esifanayo, ngisho nalabo owaziwayo ngayo, kuvame ukuba nzima ukuchaza izinzuzo zayo nokuthi iyini ngempela (kuhlanganise neyakho ngempela). Kulesi sihloko ngizozama ukulungisa isimo ngokubhala uhlu oluhlukahlukene sebenzisa amacala "izinsiza zesevisi"*.

* Qaphela transl.: lapha nangaphezulu esihlokweni lokhu kuhumusha (“i-service mesh”) kuzosetshenziselwa i-mesh yesevisi yethemu entsha namanje.

Kodwa okokuqala ngifuna ukubeka amazwana ambalwa:

• Angikaze ngisebenze ngama-meshes wesevisi noma ngiwasebenzise ngaphandle kwamaphrojekthi aqalwe eyami imfundo. Ngakolunye uhlangothi, yimina owabhala inqwaba yemibhalo ye-Twitter's service mesh in 2015 (yayingabizwanga ngokuthi "i-service mesh" ngaleso sikhathi) futhi ngabamba iqhaza ekwakhiweni kwewebhusayithi kanye nemibhalo ye Linkerd, ngakho lokho kusho okuthile.
• Uhlu lwami luyalinganiselwa futhi aluphelele. Kungase kube nezimo zokusebenzisa engingazi, futhi izinketho ezintsha zingase zivele ngokuhamba kwesikhathi njengoba ubuchwepheshe buthuthuka nokuthandwa kwabo kukhula.
• Ngasikhathi sinye, akuwona wonke ukuqaliswa kwe-service mesh okusekela zonke izimo zokusetshenziswa ezisohlwini. Ngakho-ke, izitatimende zami ezinjengokuthi "i-service mesh can..." kufanele zifundwe ngokuthi "ngabanye, futhi mhlawumbe konke ukuqaliswa kwesevisi ye-mesh edumile kungakwazi...".
• Ukuhleleka kwezibonelo akwenzi mehluko.

Uhlu olufushane:

• ukutholwa kwesevisi;
• ukubethela;
• ukuqinisekiswa nokugunyazwa;
• ukulinganisa komthwalo;
• ukuphulwa kwesifunda;
• i-autoscaling;
• ukuthunyelwa kwe-canary;
• ukuthunyelwa okuluhlaza okwesibhakabhaka;
• ukuhlolwa kwezempilo;
• ukucisha umthwalo;
• isibuko sethrafikhi;
• ukwahlukanisa;
• isicelo sokukhawulelwa kwezinga, ukuzama futhi nokuvala isikhathi;
• i-telemetry;
• ukucwaningwa kwamabhuku;
• ukubona ngeso lengqondo.

1. Ukutholwa kwesevisi

TL;DR: Xhuma kwezinye izinsiza kunethiwekhi usebenzisa amagama alula.

Amasevisi kufanele akwazi “ukutholana” ngokuzenzakalelayo esebenzisa amagama anele - isibonelo, service.api.production, pets/staging noma cassandra. Izindawo zamafu ziyanwebeka, futhi igama elilodwa lingafihla izimo eziningi zesevisi. Kuyacaca ukuthi esimweni esinjalo akunakwenzeka ngokwenyama ukufaka ama-hardcode wonke amakheli e-IP.

Futhi, lapho insizakalo eyodwa ithola enye, kufanele ikwazi ukuthumela izicelo kuleyo sevisi ngaphandle kokwesaba ukuthi zizogcina zisesimweni esiphukile. Ngamanye amazwi, i-service mesh kufanele iqaphe impilo yazo zonke izimo zesevisi futhi igcine uhlu lwabasingathi lusesikhathini samanje ngangokunokwenzeka.

Imeshi ngayinye yesevisi isebenzisa indlela yokutholwa kwesevisi ngendlela ehlukile. Okwamanje, indlela evame kakhulu ukuthumela ezinqubweni zangaphandle njenge-Kubernetes DNS. Esikhathini esedlule kuTwitter sasebenzisa uhlelo lokuqamba amagama ngale njongo I-Finagle. Ngaphezu kwalokho, ubuchwepheshe be-mesh yesevisi benza kube nokwenzeka ukuthi kuvele izindlela zokuqamba ngokwezifiso (yize ngingakaboni noma yikuphi ukuqaliswa kwe-SM ngokusebenza okunjalo).

2. Ukubethela

TL;DR: Lahla ithrafikhi engabetheliwe phakathi kwamasevisi futhi wenze le nqubo izenzekele futhi ikhule.

Kuhle ukwazi ukuthi abahlaseli abakwazi ukungena kunethiwekhi yakho yangaphakathi. Ama-firewall enza umsebenzi omuhle kulokhu. Kodwa kwenzekani uma i-hacker ingena ngaphakathi? Ingabe uzokwazi ukwenza noma yini ayifunayo ngethrafikhi ye-intra-service? Asethembe ukuthi ngeke kwenzeke lokhu phela. Ukuze uvimbele lesi simo, kufanele usebenzise inethiwekhi ye-zero-trust lapho yonke ithrafikhi phakathi kwamasevisi ibethelwa. Iningi lezinsiza zesimanje lifinyelela lokhu ngokusebenzisana TLS (mutual TLS, mTLS). Kwezinye izimo, i-mTLS isebenza kuwo wonke amafu namaqoqo (ngicabanga ukuthi ukuxhumana phakathi kwamaplanethi kuzohlelwa ngendlela efanayo ngelinye ilanga).

Kunjalo, nge-mTLS service mesh ngokuzikhethela. Isevisi ngayinye ingakwazi ukunakekela i-TLS yayo, kodwa lokhu kusho ukuthi uzodinga ukuthola indlela yokwenza izitifiketi, uzisabalalise kubo bonke abasingathi besevisi, futhi ufake ikhodi kuhlelo lokusebenza ezolayisha lezi zitifiketi ukusuka kumafayela. Yebo, ungakhohlwa ukuvuselela lezi zitifiketi ngezikhathi ezithile. Isevisi ye-meshes yenza i-mTLS ngokuzenzakalelayo ngamasistimu afana I-SPIFFE, okuyinto, yona, eyenza inqubo yokukhipha nokuzungeza izitifiketi.

3. Ukuqinisekisa kanye Nokugunyazwa

TL;DR: Thola ukuthi ubani ocelayo futhi uchaze ukuthi yini abavunyelwe ukuyenza ngaphambi kokuthi isicelo sifinyelele ngisho nakusevisi.

Amasevisi ngokuvamile afuna ukwazi ubani yenza isicelo (ukuqinisekisa), futhi isebenzisa lolu lwazi, inquma lokho ibhizinisi elinikeziwe livunyelwe ukwenza (ukugunyazwa). Kulokhu, isabizwana esithi “ubani” esingacasha:

1. Ezinye izinkonzo. Lokhu kubizwa ngokuthi "ukuqinisekisa" untanga" Isibonelo, isevisi web ifuna ukufinyelela isevisi db. Amameshi esevisi ngokuvamile axazulula izinkinga ezinjalo kusetshenziswa i-mTLS: izitifiketi kulesi simo zisebenza njengesihlonzi esidingekayo.
2. Abanye abasebenzisi abangabantu. Lokhu kubizwa ngokuthi "ukuqinisekisa" isicelo" Ngokwesibonelo, umsebenzisi haxor69 ufuna ukuthenga isibani esisha. Amameshe esevisi ahlinzeka ngezindlela ezihlukahlukene, isb. Izimpawu ze-JSON Web.

   Abaningi bethu bakwenzile lokhu ngekhodi yesicelo. Isicelo siyangena, sibheke etafuleni users, thola umsebenzisi bese uqhathanisa iphasiwedi, bese uhlola ikholomu permissions njll. Esimeni se-mesh yesevisi, lokhu kwenzeka ngaphambi kokuba isicelo sifinyelele ngisho nesevisi.

Uma sesitholile ukuthi isicelo sivela kubani, sidinga ukunquma ukuthi leli bhizinisi livunyelwe ukwenzani. Amanye amameshi esevisi akuvumela ukuthi usethe izinqubomgomo eziyisisekelo (mayelana nokuthi ubani ongenza ini) njengamafayela e-YAML noma emugqeni womyalo, kuyilapho amanye enikeza ukuhlanganiswa nezinhlaka ezifana Vula Umenzeli Wenqubomgomo. Umgomo omkhulu uwukuba izinsiza zakho zamukele noma yisiphi isicelo, ngokuphepha sicabanga ukuthi sivela kumthombo othembekile и lesi senzo sivunyelwe.

4. Ukulinganisa umthwalo

TL;DR: Sabalalisa umthwalo kuzo zonke izimo zesevisi ngokuya ngephethini ethile.

"Isevisi" ngaphakathi kwesigaba sesevisi ngokuvamile iqukethe izimo eziningi ezifanayo. Ngokwesibonelo, namuhla inkonzo cache inamakhophi angu-5, futhi kusasa isibalo sawo singase senyuke siye ku-11. Izicelo ezithunyelwa ku cache, kufanele isatshalaliswe ngokuvumelana nenjongo ethile. Isibonelo, nciphisa ukubambezeleka noma wandise amathuba okufinyelela esimweni sokusebenza. I-algorithm evame ukusetshenziswa kakhulu i-Round-robin, kodwa kunezinye eziningi - isibonelo, indlela enesisindo (kaliwe) imibuzo (ungakhetha okuhlosiwe okuncamelayo), khala (ring) i-hashing (usebenzisa i-hashing engaguquki kubo bonke ababungazi abakhuphuka nomfula) noma indlela encane yokucela (okuncanyelwayo kunikezwa isibonelo ngezicelo ezimbalwa kakhulu).

Izilinganisi zakudala zineminye imisebenzi, efana ne-HTTP caching kanye nokuvikelwa kwe-DDoS, kodwa azihambisani kakhulu nethrafikhi yempumalanga-ntshonalanga (okungukuthi, kuthrafikhi egeleza ngaphakathi kwesikhungo sedatha - approx. transl.) (ububanzi obujwayelekile bemeshi yesevisi). Yiqiniso, akudingekile ukusebenzisa i-mesh yesevisi yokulinganisa umthwalo, kodwa ikuvumela ukuthi usethe futhi ulawule izinqubomgomo zokulinganisa zesevisi ngayinye kusuka kusendlalelo sokulawula esimaphakathi, ngaleyo ndlela ususa isidingo sokusebenzisa nokumisa izilinganisi zomthwalo ezihlukene kusitaki senethiwekhi. .

5. Ukuqhekeka kwesekethe

TL; DR: Misa ithrafikhi eya kusevisi eyinkinga futhi ulawule umonakalo ezimeni ezimbi kakhulu.

Uma ngesizathu esithile isevisi ayikwazi ukubhekana ne-traffic, i-mesh yesevisi inikeza izinketho eziningana zokuxazulula le nkinga (ezinye kuzoxoxwa ngazo ezigabeni ezifanele). Ukwehlukana kwesekethe kuyindlela enzima kakhulu yokunqamula isevisi kuthrafikhi. Nokho, ngokwako akuwenzi umqondo - uhlelo lokusekelayo luyadingeka. Ingcindezi yasemuva ingase ihlinzekwe (i-backpressure) ezinsizeni ezenza izicelo (ungakhohlwa nje ukulungiselela i-mesh yesevisi yakho yalokhu!), noma, isibonelo, ukufaka umbala obomvu ekhasini lesimo bese uqondisa kabusha abasebenzisi kwenye inguqulo yekhasi “ngomkhomo owelayo” (“i-Twitter phansi").

Izinsizakusebenza azikuvumeli kuphela ukuthi uchaze lapho ukuvala shaqa kuzolandela futhi lokho lokhu kuzolandela. Kulokhu, "nini" kungabandakanya noma iyiphi inhlanganisela yemingcele ecacisiwe: inani eliphelele lezicelo zesikhathi esithile, inombolo yokuxhumeka okuhambisanayo, izicelo ezilindile, ukuzama kabusha okusebenzayo, njll.

Cishe awufuni ukusebenzisa kabi ukwephulwa kwesekethe, kodwa kuhle ukwazi ukuthi unohlelo oluyisipele esimweni esiphuthumayo.

6. Ukukala okuzenzakalelayo

TL;DR: Nyusa noma unciphise inani lezenzakalo zesevisi kuye ngemibandela eshiwo.

Omameshe besevisi ababona abahleli, ngakho abakwenzi yenza kusebenze uzikala. Nokho, banganikeza ulwazi ngokuthi yibaphi abahleli abazosekela izinqumo zabo. Njengoba ama-meshes esevisi efinyelela kuwo wonke ama-traffic phakathi kwezinsizakalo, anolwazi oluningi mayelana nokuthi kwenzekani: yiziphi izinsizakalo ezibhekene nezinkinga, yiziphi izinsizakalo ezilayishwa kancane kakhulu (umthamo owabelwe wona uchithwa), njll.

Isibonelo, i-Kubernetes ikala izinsiza ngokusekelwe ku-pods' CPU kanye nokusetshenziswa kwememori (bona umbiko wethu"Ukukala okuzenzakalelayo nokuphathwa kwezinsiza ku-Kubernetes"- cishe. transl.), kodwa uma unquma ukukala ngokusekelwe kunoma iyiphi enye imethrikhi (kithi, ehlobene nethrafikhi), uzodinga imethrikhi ekhethekile. Abaphathi kanje ikhombisa ukuthi kwenziwa kanjani lokhu nge isithunywa, Istio и Prometheus, kodwa inqubo ngokwayo iyinkimbinkimbi kakhulu. Singathanda ukuthi i-service mesh yenze lokhu kube lula ngokusivumela ukuthi sibeke izimo ezifana “nokukhulisa inani lezikhathi zesevisi auth, uma inani lezicelo ezilindile lidlula umkhawulo phakathi neminithi."

7. Ukuthunyelwa kwe-Canary

TL;DR: Hlola izici ezintsha noma izinguqulo zesevisi kusethi engaphansi yabasebenzisi.

Ake sithi uthuthukisa umkhiqizo we-SaaS futhi uhlose ukukhipha inguqulo yawo entsha epholile. Ukuhlolile esiteji futhi kusebenze kahle. Kodwa kusenokukhathazeka okuthile mayelana nokuziphatha kwakhe ezimweni zangempela. Ngamanye amazwi, udinga ukuhlola inguqulo entsha ezinkingeni zangempela ngaphandle kokufaka engcupheni ukwethenjwa komsebenzisi. Ukuthunyelwa kwe-Canary kuhle kulokhu. Zikuvumela ukuthi ubonise isici esisha kusethi yabasebenzisi. Lesi siqeshana singase sibe nabasebenzisi abathembeke kakhulu noma labo abasebenza ngenguqulo yamahhala yomkhiqizo, noma abasebenzisi abazwakalise isifiso sokuba “izingulube ze-guinea”.

Ama-meshes wesevisi asebenzisa lokhu ngokukuvumela ukuthi ucacise imibandela enquma ukuthi ubani ozobona ukuthi iyiphi inguqulo yohlelo lokusebenza, futhi ahambise ithrafikhi ngendlela efanele. Nokho, akukho okushintshile kumasevisi ngokwawo. Inguqulo engu-1.0 yesevisi ikholelwa ukuthi zonke izicelo zivela kubasebenzisi okufanele bayibone, futhi inguqulo 1.1 ikholelwa okufanayo kubasebenzisi bayo. Ngaleso sikhathi, ungashintsha iphesenti lethrafikhi phakathi kwezinguqulo ezindala nezintsha, uqondise kabusha inombolo ekhulayo yabasebenzisi iye kwentsha uma isebenza ngokuzinzile futhi "izingulube ze-Guinea" zakho zinikeza imvume yokuya phambili.

8. Ukuthunyelwa okuluhlaza okwesibhakabhaka

TL; DR: Khipha isici esisha esihle, kodwa zilungiselele ukubuyisela yonke into ngokushesha.

Izincazelo ukuthunyelwa okuluhlaza okwesibhakabhaka owokukhipha isevisi entsha “eluhlaza okwesibhakabhaka,” eyethula ngokuhambisana nendala, “eluhlaza”. Uma konke kuhamba kahle futhi isevisi entsha yenza kahle, khona-ke endala ingakhutshazwa kancane kancane. (Maye, ngolunye usuku le sevisi entsha "eluhlaza okwesibhakabhaka" izophinda isiphetho "saluhlaza" futhi inyamalale...) Ukuthunyelwa okuluhlaza okwesibhakabhaka nokuluhlaza kuyahluka kune-canary ngoba umsebenzi omusha uhlanganisa wonke kanyekanye abasebenzisi (hhayi ingxenye); Iphuzu lapha ukuthi kube “nechweba eliphephile” elilungile uma kwenzeka kukhona okungahambi kahle.

Amameshi esevisi anikeza indlela elula kakhulu yokuhlola isevisi "eluhlaza okwesibhakabhaka" futhi ushintshele ngokushesha kweyokusebenza "eluhlaza" uma kwenzeka kuba nezinkinga. Ingasaphathwa eyokuthi endleleni bahlinzeka ngolwazi oluningi (bona "i-Telemetry" ngezansi) mayelana nomsebenzi "oluhlaza okwesibhakabhaka", okusiza ukuqonda ukuthi isilungele ukusebenza ngokugcwele.

Qaphela. transl.: Ungafunda kabanzi mayelana namasu ahlukene okuthunyelwa e-Kubernetes (okubandakanya i-canary eshiwo, eluhlaza okwesibhakabhaka/eluhlaza kanye nokunye) lesi sihloko.

9. Ukuhlola impilo

TL;DR: Gcina umkhondo wokuthi yiziphi izimo zesevisi ezisebenzayo futhi uphendule lezo ezingasasebenzi.

Ukuhlolwa kwezempilo (hlola impilo) isiza ukunquma ukuthi izimo zesevisi zikulungele yini ukwamukela nokucubungula ithrafikhi. Isibonelo, esimweni samasevisi e-HTTP, ukuhlolwa kwezempilo kungase kubukeke njengesicelo se-GET ekugcineni /health. Phendula 200 OK kuzosho ukuthi isibonelo sinempilo, noma yikuphi okunye - ukuthi asikakakulungeli ukuthola ithrafikhi. Ama-meshes wesevisi akuvumela ukuthi ucacise kokubili indlela ukusebenza okuzobhekwa ngayo kanye nemvamisa lokhu kuhlolwa okuzokwenziwa ngayo. Lolu lwazi lungase lusetshenziselwe ezinye izinjongo - isibonelo, ukulinganisa umthwalo kanye nokuphulwa kwesifunda.

Ngakho-ke, ukuhlolwa kwezempilo akusona isimo sokusebenzisa sodwa, kodwa ngokuvamile sisetshenziselwa ukufeza ezinye izinjongo. Futhi, kuye ngemiphumela yokuhlolwa kwezempilo, izenzo zangaphandle (ngokuhlobene nokunye okuhlosiwe kwe-mesh yesevisi) zingadingeka: isibonelo, ukubuyekeza ikhasi lesimo, ukudala inkinga ku-GitHub, noma ukugcwalisa ithikithi le-JIRA. Futhi i-service mesh inikeza indlela elula yokwenza konke lokhu ngokuzenzakalelayo.

10. Ukuchithwa kwemithwalo

TL;DR: Qondisa kabusha ithrafikhi ngokuphendula ukukhuphuka kwesikhashana kokusetshenziswa.

Uma isevisi ethile igcwele ithrafikhi, ungakwazi ukuqondisa kabusha enye yale thrafikhi kwenye indawo (okungukuthi, “lahla”, “dlulisa” (ishede) naye lapho). Isibonelo, kusevisi yokusekelayo noma isikhungo sedatha, noma kwaphakade Pulsar isihloko. Ngenxa yalokho, isevisi izoqhubeka nokucubungula ezinye izicelo esikhundleni sokuphahlazeka nokumisa ukucubungula yonke into ngokuphelele. Ukuchithwa kwemithwalo kungcono kunokwephula isekethe, kodwa namanje akukaluleki ukuyisebenzisa kabi. Isiza ukuvimbela ukwehluleka kwe-cascading okubangela ukuthi izinsizakalo ezingezansi ziphahlazeke.

11. Ukufana kwethrafikhi/ukubukisa

TL;DR: Thumela isicelo esisodwa ezindaweni ezimbalwa ngesikhathi esisodwa.

Ngezinye izikhathi kunesidingo sokuthumela isicelo (noma ukukhetha okuthile kwezicelo) kumasevisi amaningana ngesikhathi esisodwa. Isibonelo esijwayelekile ukuthumela ingxenye yethrafikhi yokukhiqiza kusevisi yesiteji. Iseva yewebhu yokukhiqiza eyinhloko ithumela isicelo kusevisi engezansi products.production futhi kuye kuphela. Futhi i-service mesh ikopisha ngobuhlakani lesi sicelo futhi isithumele ku products.staging, iseva yewebhu engazi ngisho nayo.

Okunye okuhlobene nokusetshenziswa kwe-mesh yesevisi okungase kusetshenziswe phezu kokufana kwethrafikhi ukuhlolwa kokuhlehla. Kubandakanya ukuthumela izicelo ezifanayo ezinguqulweni ezahlukene zesevisi kanye nokuhlola ukuthi ingabe zonke izinguqulo ziziphatha ngendlela efanayo. Angikakahlangani nokusetshenziswa kwemeshi yesevisi ngesistimu yokuhlola ukuhlehla edidiyelwe njenge I-Diffy, kodwa umqondo ngokwawo ubonakala uthembisa.

12. I-insulation

TL;DR: Hlukanisa isevisi yakho enezikhala zibe amanethiwekhi amancane.

Obeye aziwe njengo ukuhlukaniswaUkuzihlukanisa kuwubuciko bokuhlukanisa i-mesh yesevisi ibe amasegimenti ahlukene angazi lutho ngomunye. Ukuzihlukanisa kufana nokudala amanethiwekhi ayimfihlo abonakalayo. Umehluko oyisisekelo ukuthi usengajabulela zonke izinzuzo ze-mesh yesevisi (njengokutholwa kwesevisi), kodwa ngokuvikeleka okwengeziwe. Isibonelo, uma umhlaseli ekwazi ukungena kusevisi ku-subnet eyodwa, ngeke akwazi ukubona ukuthi yimaphi amasevisi asebenzayo kwamanye amanethi angaphansi noma abambe ithrafikhi yawo.

Ngaphezu kwalokho, izinzuzo zingase futhi zibe zenhlangano. Ungase ufune ukufaka ngaphansi kwezinsizakalo zakho ngokusekelwe esakhiweni senkampani yakho futhi ukhulule abathuthukisi bomthwalo wokuqonda wokuthi kufanele ukhumbule yonke inetha lesevisi.

13. Isicelo sokukhawulelwa kwezinga, ukuzama futhi nokuphelelwa yisikhathi

TL;DR: Akusadingeki ukuthi ufake imisebenzi yokuphatha isicelo ngokucindezela ku-codebase.

Zonke lezi zinto zingase zibhekwe njengezimo ezihlukene zokusetshenziswa, kodwa nginqume ukuzihlanganisa ngenxa yesici esisodwa esivamile: zithatha imisebenzi yokuphatha umjikelezo wempilo yesicelo evame ukuphathwa imitapo yolwazi yezinhlelo zokusebenza. Uma uthuthukisa iseva yewebhu ku-Ruby on Rails (engahlanganisiwe ne-service mesh) eyenza izicelo zokuhlehlisa izinsizakalo nge gRPC, isicelo kuzodingeka sinqume ukuthi yini okufanele siyenze uma izicelo zika-N zehluleka. Kuzodingeka futhi uthole ukuthi ingakanani ithrafikhi lezi zinsizakalo ezizokwazi ukuyicubungula futhi i-hardcode le mingcele isebenzisa umtapo wolwazi okhethekile. Futhi, uhlelo lokusebenza kuyodingeka linqume ukuthi sekuyisikhathi sokuyeka futhi livumele isicelo siphele (ngokusekelwe ekuphelelweni kwesikhathi). Futhi ukuze uguqule noma yimiphi imingcele engenhla, iseva yewebhu kuzodingeka imiswe, imiswe kabusha futhi iqalwe futhi.

Ukulayisha le misebenzi kumeshi yesevisi akusho nje kuphela ukuthi abathuthukisi besevisi ngeke kudingeke bacabange ngayo, kodwa futhi ukuthi ingabukwa ngendlela yomhlaba wonke. Uma kusetshenziswa uchungechunge lwezinsizakalo eziyinkimbinkimbi, yithi A -> B -> C -> D -> E, umjikelezo wokuphila wonke wesicelo kufanele ucatshangelwe. Uma umsebenzi uwukwelula isikhathi sokuvala kusevisi C, kunengqondo ukwenza lokhu konke ngesikhathi esisodwa, hhayi izingxenye: ngokubuyekeza ikhodi yesevisi nokulinda kuze kube yilapho isicelo sokudonsa samukelwe futhi uhlelo lwe-CI lusebenzisa isevisi ebuyekeziwe.

14. I-Telemetry

TL; DR: Qoqa lonke ulwazi oludingekayo (hhayi ngempela) oluvela kumasevisi.

I-Telemetry yitemu elivamile elihlanganisa amamethrikhi, ukulandelela okusabalalisiwe, namalogi. Izinsizakusebenza zinikeza izindlela zokuqoqa nokucubungula zonke izinhlobo ezintathu zedatha. Yilapho izinto ziba nokufiphala kancane ngoba inani lezinketho ezingenzeka likhulu kakhulu. Ukuqoqa amamethrikhi kukhona Prometheus kanye namanye amathuluzi angasetshenziswa ukuqoqa izingodo eqephuzayo, Loki, Vector nabanye. (ngokwesibonelo ClickHouse nge yethu indlu yezigodo kuma-K8s - cishe. transl.), ukulandelela okusatshalalisiwe kukhona Hunter njalo njalo. Imeshi ngayinye yesevisi ingase isekele amathuluzi athile hhayi amanye. Kuyoba okuthakazelisayo ukubona ukuthi iphrojekthi ingakwazi yini Vula i-Telemetry ukunikeza ukuhlangana okuthile.

Kulokhu, inzuzo yobuchwepheshe be-mesh yesevisi ukuthi iziqukathi ze-sidecar, empeleni, zingaqoqa yonke idatha engenhla kumasevisi azo. Ngamanye amazwi, unohlelo olulodwa lokuqoqwa kwe-telemetry onawo, futhi i-mesh yesevisi ingacubungula lonke lolu lwazi ngezindlela ezihlukahlukene. Ngokwesibonelo:

• izingodo zomsila ezivela kusevisi ethile ku-CLI;
• qapha umthamo wezicelo ezivela kudeshibhodi ye-mesh yesevisi;
• qoqa imikhondo esabalalisiwe bese uyidlulisela ohlelweni olufana no-Jaeger.

Ukunaka, ukwahlulela okuqondile: Ngokuvamile, i-telemetry iyindawo lapho ukuphazamiseka okunamandla okuvela kumeshi wesevisi kungafuneki. Ukuqoqa ulwazi oluyisisekelo nokulandelela lapho undiza amanye amamethrikhi egolide afana nezinga lempumelelo yesicelo nokubambezeleka kulungile, kodwa asethembe ukuthi asiziboni izitaki ze-Frankenstein zivela ezizama ukufaka esikhundleni samasistimu akhethekile, amanye asezibonakalise kakade futhi afundelwa kahle. .

15. Ukucwaningwa kwamabhuku

TL; DR: Labo abakhohlwa izifundo zomlando bazoziphinda.

Ukucwaningwa kwamabhuku kuwubuciko bokubona izehlakalo ezibalulekile ohlelweni. Esimeni se-mesh yesevisi, lokhu kungase kusho ukulandelela ukuthi ubani owenze izicelo ezindaweni ezithile ukuze uthole amasevisi athile, noma ukuthi umcimbi ohlobene nokuvikeleka wenzeke izikhathi ezingaki enyangeni edlule.

Kuyacaca ukuthi ukuhlolwa kwamabhuku kuhlobene kakhulu ne-telemetry. Umehluko ukuthi i-telemetry ivamise ukuhlotshaniswa nezinto ezifana nokukhiqiza nokufaneleka kobuchwepheshe, kuyilapho ukucwaninga kwamabhuku kungase kuhlobane nezindaba ezingokomthetho nezinye ezidlulela ngalé kwesigaba sobuchwepheshe esiqinile (ngokwesibonelo, ukuthobela i-GDPR - I-EU General Regulation on the data protection).

16. Ukubona ngeso lengqondo

TL;DR: Long Live React.js - umthombo ongashi wezindawo zokusebenzelana ezinhle.

Kungase kube negama elingcono, kodwa angilazi. Ngimane ngiqonde ukumelwa okuyisithombe kwe-mesh yesevisi noma ezinye zezingxenye zayo. Lokhu kuboniswa kungabandakanya izinkomba ezifana nokubambezeleka okumaphakathi, imininingwane yokumisa imoto eseceleni, imiphumela yokuhlolwa kwezempilo, nezixwayiso.

Ukusebenza endaweni egxile kwisevisi kubandakanya umthwalo wokuqonda ophakeme kakhulu uma uqhathaniswa noMhlonishwa Wakhe uMonolith. Ngakho-ke, ukucindezeleka kwengqondo kufanele kuncishiswe ngazo zonke izindleko. Isixhumi esibonakalayo esilula se-mesh yesevisi esinekhono lokuchofoza inkinobho futhi uthole umphumela oyifunayo singanquma ukukhula kokuduma kwalobu buchwepheshe.

Abazange bafakwe ohlwini

Ekuqaleni ngangihlose ukufaka ezinye izimo ezimbalwa zokusetshenziswa ohlwini, kodwa ngase nginquma ukungakwenzi. Nazi, kanye nezizathu zesinqumo sami:

• Isikhungo sedatha eminingi. Ngokubona kwami, lokhu akuyona into esetshenziswa kakhulu njengendawo encane futhi ethize yokusetshenziswa kwamameshi esevisi noma isethi yemisebenzi efana nokutholwa kwesevisi.
• Ukungena nokuphuma. Lena indawo ehlobene, kodwa ngizikhawulele (mhlawumbe ngokuzenzela) esimweni sokusebenzisa "ithrafikhi yasempumalanga-ntshonalanga". I-Ingress ne-egress ifanelwe isihloko esihlukile.

isiphetho

Yilokho kuphela okwamanje! Futhi, lolu hlu alunangqondo futhi cishe aluphelele. Uma ucabanga ukuthi ngiphuthelwe okuthile noma kukhona okungalungile, ngicela ungithinte ku-Twitter (@luckerkins). Sicela uhloniphe imithetho yokuziphatha.

I-PS evela kumhumushi

Umdwebo wesihloko se-athikili usekelwe esithombeni esivela esihlokweni esithi “Iyini i-Service Mesh (futhi isetshenziswa nini)?"(nguGregory MacKinnon). Ibonisa ukuthi okunye ukusebenza okuvela ezinhlelweni zokusebenza (okuluhlaza) kuthuthele kumeshi yesevisi enikeza ukuxhumana phakathi kwazo (okuluhlaza okwesibhakabhaka).

Funda futhi kubhulogi yethu:

• «I-Service Mesh: Lokho Wonke Unjiniyela Wesoftware Odinga Ukukwazi Mayelana Nobuchwepheshe Obushisa Kakhulu";
• «Iyini i-mesh yesevisi futhi kungani ngiyidinga [ngohlelo lokusebenza lwefu olunama-microservices]?";
• «Emuva kuma-microservices nge-Istio. Ingxenye 1".

Source: www.habr.com