Siqala uchungechunge lokuthunyelwe okubonisa amanye amakhono amaningi we-Istio Service Mesh uma ehlanganiswe ne-Red Hat OpenShift kanye ne-Kubernetes.
Ingxenye yokuqala, namuhla:
- Ake sichaze umqondo weziqukathi ze-Kubernetes sidecar futhi sakhe i-leitmotif yalolu chungechunge lokuthunyelwe: "awudingi ukushintsha lutho kukhodi yakho".
- Ake sethule into eyisisekelo ye-Istio - imithetho yomzila. Zonke ezinye izici ze-Istio zakhelwe phezu kwazo, njengoba kuyimithetho ekuvumela ukuthi uqondise ithrafikhi kuma-microservices, usebenzisa amafayela e-YAML angaphandle kwekhodi yesevisi. Siphinde sicubungule uhlelo lokuthunyelwa kwe-Canary Deployment. Ibhonasi kaNcibijane – izifundo eziyi-10 ezisebenzisanayo ku-Istio
Ingxenye yesibili, iyeza maduze, izokutshela:
- I-Istio isebenzisa kanjani i-Pool Ejection ihlanganiswe ne-Circuit Breaker futhi izobonisa ukuthi i-Istio ikuvumela kanjani ukuthi ususe i-pod efile noma engasebenzi kahle kusekethe yokulinganisa.
- Sizophinde sibheke isihloko se-Circuit Breaker kusuka kokuthunyelwe kokuqala ukuze sibone ukuthi i-Istio ingasetshenziswa kanjani lapha. Sizokukhombisa ukuthi uthungatha kanjani ithrafikhi futhi uwaphathe kanjani amaphutha enethiwekhi usebenzisa amafayela okumisa e-YAML nemiyalo yetheminali ngaphandle koshintsho oluncane kukhodi yesevisi.
Ingxenye yesithathu:
- Indaba emayelana nokulandelela nokuqapha, osekwakhelwe ngaphakathi noma okwengezwe kalula ku-Istio. Sizokubonisa indlela yokusebenzisa amathuluzi afana ne-Prometheus, i-Jaeger, ne-Grafana ngokuhambisana nokukala kwe-OpenShift ukuze ulawule kalula izakhiwo zesevisi encane.
- Sisuka ekuqapheni nasekuphatheni amaphutha siye ekuwangeniseni ohlelweni ngenhloso. Ngamanye amazwi, sifunda indlela yokwenza umjovo wephutha ngaphandle kokushintsha ikhodi yomthombo, okubaluleke kakhulu endaweni yokubuka yokuhlola - njengoba uma ushintsha ikhodi ngokwayo kulokhu, kunengozi yokwethula amaphutha engeziwe.
Ekugcineni, kokuthunyelwe kokugcina ku-Istio Service Mesh:
- Masiye Ohlangothini Olumnyama. Ngokunemba kakhudlwana, sizofunda ukusebenzisa isikimu Sokuqalisa Okumnyama, lapho ikhodi isetshenziswa futhi ihlolwa ngokuqondile kudatha yokukhiqiza, kodwa akuthinti ukusebenza kwesistimu nganoma iyiphi indlela. Yilapho ikhono le-Istio lokuhlukanisa ithrafikhi lisiza khona. Futhi ikhono lokuhlola kudatha yokukhiqiza bukhoma ngaphandle kokuthinta ukusebenza kwesistimu yokulwa nganoma iyiphi indlela kuyindlela eqinisekisa kakhulu yokuqinisekisa.
- Ngokwakhela Ekuqalisweni Okumnyama, sizokukhombisa ukuthi ungasebenzisa kanjani imodeli ye-Canary Deployment ukuze unciphise ubungozi futhi senze kube lula ukuthola ikhodi entsha ekukhiqizeni. I-Canary Deployment ngokwayo isekude nokusha, kodwa i-Istio ikuvumela ukuthi usebenzise lolu hlelo ngamafayela alula we-YAML.
- Okokugcina, sizokukhombisa ukuthi ungasebenzisa kanjani i-Istio Egress ukuze unikeze ukufinyelela ezinsizeni kulabo abangaphandle kwamaqoqo akho ukuze usebenzise amakhono e-Istio lapho usebenza ne-inthanethi.
Ngakho, nakhu sihamba...
Amathuluzi okuqapha nokuphatha i-Istio - konke okudingayo ukuze uhlele ama-microservices kumeshi yesevisi .
Iyini i-Istio Service Mesh
I-service mesh isebenzisa imisebenzi efana nokuqapha ithrafikhi, ukulawula ukufinyelela, ukutholwa, ukuphepha, ukubekezelela amaphutha nezinye izinto eziwusizo zeqembu lezinsizakalo. I-Istio ikuvumela ukuthi wenze konke lokhu ngaphandle koshintsho oluncane kukhodi yezinsizakalo ngokwazo. Iyini imfihlo yomlingo? I-Istio inamathisela ummeleli wayo kusevisi ngayinye ngendlela yesiqukathi senqola eseceleni (inqola eseceleni iyinqola yesithuthuthu), ngemva kwalokho yonke ithrafikhi eya kule sevisi idlula kummeleli, okuthi, iqondiswa izinqubomgomo ezishiwo, inqume ukuthi le thrafikhi, nini, futhi. kufanele sifinyelele isevisi nhlobo. I-Istio futhi yenza kube nokwenzeka ukusebenzisa amasu e-DevOps athuthukile njengokuthunyelwa kwe-canary, ama-circuit breaker, umjovo wamaphutha nabanye abaningi.
Isebenza kanjani i-Istio ngeziqukathi kanye ne-Kubernetes
I-Istio service mesh iwukusetshenziswa kwe-sidecar yakho konke okudingekayo ukuze udale futhi uphathe ama-microservices: ukuqapha, ukulandelela, ama-circuit breaker, umzila, ukulinganisa ukulayisha, umjovo wephutha, ukuzama futhi, ukuphela kwesikhathi, ukwenza isibuko, ukulawula ukufinyelela, ukukhawulela izinga nokunye okuningi. Futhi nakuba namuhla kunethoni yemitapo yolwazi yokusebenzisa le misebenzi ngokuqondile ngekhodi, nge-Istio ungathola zonke izinto ezifanayo ngaphandle kokushintsha noma yini kukhodi yakho.
Ngokwemodeli ye-sidecar, i-Istio isebenza esitsheni se-Linux, esitholakala kwesinye -i-pod enesevisi elawulwayo futhi ijova futhi ikhiphe ukusebenza nolwazi ngokuya ngokucushwa okunikeziwe. Sigcizelela ukuthi lokhu ukucushwa kwakho, futhi kuhlala ngaphandle kwekhodi yakho. Ngakho-ke, ikhodi iba lula kakhulu futhi ibe mfushane.
Okubalulekile futhi ukuthi ingxenye yokusebenza yama-microservices ivele ingaxhumene nekhodi ngokwayo, okusho ukuthi ukusebenza kwabo kungadluliselwa ngokuphephile kochwepheshe be-IT. Ngempela, kungani umthuthukisi kufanele abe nesibopho sokuphulwa kwesekethe kanye nomjovo wamaphutha? Uyasabela, yebo, kodwa uwacubungule futhi uwadale? Uma ususa konke lokhu kukhodi, abahleli bazokwazi ukugxila ngokugcwele ekusebenzeni kohlelo lokusebenza. Futhi ikhodi ngokwayo izoba mfushane futhi ibe lula.
Isevisi ye-mesh
I-Istio, esebenzisa imisebenzi yokuphatha ama-microservices ngaphandle kwekhodi yawo, iwumqondo we-Service Mesh. Ngamanye amazwi, yiqembu elididiyelwe lokuhamba ngakubili okukodwa noma ngaphezulu elakha i-mesh yemisebenzi yenethiwekhi.
Isebenza kanjani i-Istio ngama-microservices
Yilokhu umsebenzi weziqukathi ze-sidecar ubukeka ngokuhambisana nakho и umbono wenyoni: vula isibonelo se-Minishift, dala iphrojekthi ye-Istio (asiyibize ngokuthi “istio-system”), faka futhi usebenzise zonke izingxenye ezihlobene ne-Istio. Bese, njengoba udala amaphrojekthi nama-pods, wengeza ulwazi lokucushwa kokuthunyelwe kwakho, futhi ama-pods akho aqala ukusebenzisa i-Istio. Umdwebo owenziwe lula ubukeka kanje:
Manje usungakwazi ukushintsha izilungiselelo ze-Istio ukuze, isibonelo, ukuhlela umjovo wephutha, ukusekela noma ezinye izici ze-Istio - nakho konke lokhu ngaphandle kokuthinta ikhodi yezinhlelo zokusebenza ngokwazo. Ake sithi ufuna ukuqondisa kabusha yonke ithrafikhi yewebhu ukusuka kubasebenzisi beklayenti lakho elikhulu (i-Foo Corporation) ukuya enguqulweni entsha yesayithi. Ukwenza lokhu, mane udale umthetho womzila we-Istio ozobheka [email protected] ku-ID yomsebenzisi bese uqondisa kabusha ngokufanele. Kubo bonke abanye abasebenzisi, akukho okuzoshintsha. Okwamanje, uzohlola ngokuthula inguqulo entsha yesayithi. Futhi qaphela ukuthi awudingi ukubandakanya onjiniyela nhlobo kulokhu.
Futhi ingabe kuzodingeka ukhokhe kanzima ngakho?
Lutho neze. I-Istio ishesha kakhulu futhi ibhalwe kuyo futhi yakha phezulu okuncane kakhulu. Ngaphezu kwalokho, ukulahlekelwa okungenzeka ekukhiqizeni ku-inthanethi kuxazululwa ukwanda kokukhiqiza konjiniyela. Okungenani ngombono: ungakhohlwa ukuthi isikhathi sonjiniyela sibalulekile. Ngokuqondene nezindleko zesofthiwe, i-Istio iyisofthiwe yomthombo ovulekile, ngakho ungayithola futhi uyisebenzise mahhala.
Kahle kahle wena
Ithimba le-Red Hat Developer Experience lenze ukusebenzisana okujulile ngu-Istio (ngesiNgisi). Isebenza ku-Linux, MacOS kanye ne-Windows, futhi ikhodi iyatholakala ku-Java naku-Node.js.
Izifundo eziyi-10 zokusebenzisana ku-Istio
Block 1 - Kwabaqalayo
Isingeniso se-Istio
Imizuzu ye-30
Ake sijwayelane ne-Service Mesh, sifunde ukufaka i-Istio kuqoqo le-OpenShift Kubernetes.
Kusetshenziswa ama-microservices e-Istio
Imizuzu ye-30
Sisebenzisa i-Istio ukuze siphakele ama-microservices amathathu nge-Spring Boot kanye ne-Vert.x.
I-block 2 - izinga eliphakathi
Ukuqapha nokulandelela e-Istio
Imizuzu ye-60
Sizohlola amathuluzi okuqapha akhelwe ngaphakathi e-Istio, amamethrikhi angokwezifiso, kanye ne-OpenTracing nge-Prometheus ne-Grafana.
Umzila olula e-Istio
Imizuzu ye-60
Funda ukuphatha umzila e-Istio usebenzisa imithetho elula.
Imithetho yomzila ethuthukisiwe
Imizuzu ye-60
Ake sibheke umzila ohlakaniphile we-Istio, ukulawula ukufinyelela, ukulinganisa ukulayisha kanye nokukhawulela izinga.
Block 3 - umsebenzisi othuthukile
I-Fault Injection e-Istio
Imizuzu ye-60
Sifunda izimo zokwehluleka ukuphatha izinhlelo zokusebenza ezisabalalisiwe, ukudala amaphutha e-HTTP nokubambezeleka kwenethiwekhi, futhi sifunde ukusebenzisa ubunjiniyela besiphithiphithi ukubuyisela imvelo.
I-Circuit Breaker e-Istio
Imizuzu ye-30
Sifaka i-Siege kumasayithi okuhlola ukucindezeleka futhi sifunde ukuthi ungaqinisekisa kanjani ukubekezelela iphutha elingemuva sisebenzisa ama-replays, i-circuit breaker kanye ne-pool ejection.
I-Egress kanye ne-Istio
Imizuzu ye-10
Sisebenzisa imizila ye-Egress ukuze sidale imithetho yokusebenzisana kwamasevisi angaphakathi nama-API angaphandle namasevisi.
Istio kanye ne-Kiali
Imizuzu ye-15
Funda ukusebenzisa i-Kiali ukuze uthole uhlolojikelele lwe-mesh yesevisi futhi uhlole isicelo nokugeleza kwedatha.
I-TLS ehlangene e-Istio
Imizuzu ye-15
Sakha i-Istio Gateway kanye ne-VirtualService, bese sifunda i-mutual TLS (mTLS) kanye nezilungiselelo zayo ngokuningiliziwe.
Block 3.1 - Deep Dive: Istio Service Mesh for Microservices
Imayelana nani le ncwadi:
- Iyini i-service mesh?
- Uhlelo lwe-Istio kanye nendima yalo ekwakhiweni kwe-microservice.
- Ukusebenzisa i-Istio ukuxazulula izinkinga ezilandelayo:
- Ukubekezelelana kwamaphutha;
- Umzila;
- Ukuhlolwa kwezinxushunxushu;
- Ukuphepha;
- Ukuqoqwa kwe-Telemetry kusetshenziswa ukulandelelwa, amamethrikhi kanye ne-Grafana.
Uchungechunge lwezindatshana ezimayelana nezinsizakusebenza kanye ne-Istio
Zizame wena
Lolu chungechunge lokuthunyelwe akuhloselwe ukunikeza ukujula okujulile emhlabeni we-Istio. Sifuna nje ukukwazisa ngomqondo futhi mhlawumbe sikukhuthaze ukuthi uzame i-Istio ngokwakho. Kumahhala ngokuphelele ukwenza, futhi i-Red Hat inikeza wonke amathuluzi owadingayo ukuze uqalise nge-OpenShift, Kubernetes, iziqukathi ze-Linux, ne-Istio, okuhlanganisa: , nezinye izinsiza zethu . Ungalibali, qala namuhla!
Imithetho yomzila ye-Istio: ukuqondisa izicelo zesevisi lapho zidinga ukuya khona
и wenze umsebenzi omuhle wokukhuluma kuhanjiswe kuma-pods adingekayo. Lesi ngesinye sezizathu zokuba khona kwe-Kubernetes - umzila nokulinganisa ukulayisha. Kodwa kuthiwani uma udinga umzila ocashile futhi oyinkimbinkimbi? Isibonelo, ukusebenzisa kanyekanye izinguqulo ezimbili ze-microservice. Imithetho ye-Istio Route ingasiza kanjani lapha?
Imithetho yomzila yimithetho enquma ukukhetha umzila. Kungakhathaliseki izinga lobunzima besistimu, isimiso sokusebenza esijwayelekile sale mithetho sihlala silula: izicelo zihanjiswa ngokusekelwe kumapharamitha athile kanye namanani esihloko se-HTTP.
Ake sibheke izibonelo:
Okuzenzakalelayo kwe-Kubernetes: okuncane "50/50"
Esibonelweni sethu, sizobonisa ukuthi ungasebenzisa kanjani ngasikhathi sinye izinguqulo ezimbili ze-microservice ku-OpenShift, masizibize i-v1 ne-v2. Inguqulo ngayinye isebenza nge-Kubernetes pod yayo, futhi ngokuzenzakalelayo isebenzisa umzila oyindilinga oyindilinga olinganiselayo. I-pod ngayinye ithola ingxenye yayo yezicelo ngokusekelwe enanini lezikhathi zayo zesevisi encane, ngamanye amazwi, izifaniso. I-Istio ikuvumela ukuthi uguqule le bhalansi mathupha.
Ake sithi sisebenzise izinguqulo ezimbili zensizakalo yethu yokuncoma ku-OpenShift, izincomo-v1 kanye nezincomo-v2.
Emfanekisweni. Umfanekiso 1 ubonisa ukuthi uma isevisi ngayinye imelelwe esimeni esisodwa, icela ukushintshanisa ngokulinganayo phakathi kwazo: 1-2-1-2-... Lena yindlela umzila we-Kubernetes osebenza ngayo ngokuzenzakalelayo:
Ukusabalalisa okunesisindo phakathi kwezinguqulo
Emfanekisweni. Umfanekiso wesi-2 ubonisa ukuthi kwenzekani uma ukhuphula inani lezifaniso zesevisi ye-v2 ukusuka kweyodwa ukuya kwezimbili (lokhu kwenziwa nge-oc scale —replicas=2 deployment/recommendation-v2 umyalo). Njengoba ubona, izicelo phakathi kwe-v1 kanye ne-v2 manje sezihlukaniswe ngesilinganiso sokukodwa kuya kokuthathu: 1-2-2-1-2-2-…:
Ziba inguqulo usebenzisa i-Istio
I-Istio yenza kube lula ukushintsha ukusatshalaliswa kwezicelo ngendlela esiyidingayo. Isibonelo, thumela yonke ithrafikhi kuphela kusincomo-v1 usebenzisa ifayela elilandelayo le-Istio yaml:
Lapha udinga ukunaka lokhu: ama-pods akhethwa ngokusho kwamalebula. Isibonelo sethu sisebenzisa ilebula v1. Ipharamitha "yesisindo: 100" isho ukuthi u-100% wethrafikhi uzohanjiswa kuwo wonke ama-pod wesevisi anelebula ye-v1.
Ukusatshalaliswa kweziqondiso phakathi kwezinguqulo (Ukuthunyelwa kwe-Canary)
Okulandelayo, usebenzisa ipharamitha yesisindo, ungakwazi ukuqondisa ithrafikhi kuwo womabili ama-pods, ungaziba inani lezehlakalo ze-microservice ezisebenza kuzo zonke. Isibonelo, lapha siqondisa u-90% wethrafikhi ku-v1 no-10% kuya ku-v2:
Umzila ohlukile wabasebenzisi beselula
Sengiphetha, sizobonisa indlela yokuphoqa ithrafikhi yomsebenzisi weselula ukuthi ihanjiswe kusevisi ye-v2, futhi wonke umuntu ku-v1. Ukwenza lokhu, sisebenzisa izinkulumo ezivamile ukuze sihlaziye inani le-ejenti yomsebenzisi kunhlokweni yesicelo:
Manje sekuyithuba lakho
Isibonelo esinezisho ezivamile zokuhlaziya izihloko kufanele zikukhuthaze ukuthi uthole ukusebenzisa kwakho imithetho ye-Istio yomzila. Ngaphezu kwalokho, amathuba lapha abanzi impela, ngoba amanani enhlokweni angakhiwa kukhodi yomthombo wohlelo lokusebenza.
Futhi khumbula ukuthi i-Ops, hhayi i-Dev
Konke esikubonise ezibonelweni ezingenhla kwenziwa ngaphandle koshintsho oluncane kukhodi yomthombo, kahle, ngaphandle kwalezo zimo lapho kudingekile ukukhiqiza izihloko zezicelo ezikhethekile. I-Istio izoba usizo kokubili kubathuthukisi, okuthi, ngokwesibonelo, bazokwazi ukuyisebenzisa esigabeni sokuhlola, nakubachwepheshe ekusebenzeni kwezinhlelo ze-IT, okuzosiza kakhulu kubo ekukhiqizeni.
Ngakho-ke ake siphinde i-leitmotif yalolu chungechunge lokuthunyelwe: awudingi ukushintsha lutho kukhodi yakho. Asikho isidingo sokwakha izithombe ezintsha noma ukwethula iziqukathi ezintsha. Konke lokhu kwenziwa ngaphandle kwekhodi.
Sebenzisa umcabango wakho
Cabanga nje amathuba okuhlaziya unhlokweni usebenzisa izinkulumo ezivamile. Ufuna ukuqondisa kabusha ikhasimende lakho elikhulu enguqulweni ekhethekile yakho ? Kalula! Udinga inguqulo ehlukile yesiphequluli se-Chrome? Ayikho inkinga! Ungakwazi ukuhambisa ithrafikhi ngokuya cishe nganoma yisiphi isici.
Zizame wena
Ukufunda nge-Istio, i-Kubernetes ne-OpenShift yinto eyodwa, kodwa kungani ungazithinti yonke into ngokwakho? Ithimba ilungiselele umhlahlandlela onemininingwane (ngesiNgisi) ozokusiza ukwazi lobu buchwepheshe ngokushesha okukhulu. Imanuwali futhi ingumthombo ovulekile we-100%, ngakho-ke ifakwa esizindeni somphakathi. Ifayela lisebenza ku-macOS, Linux kanye neWindows, futhi ikhodi yomthombo iyatholakala kuzinguqulo ze-Java ne-node.js (izinguqulo ngezinye izilimi ziyeza maduze). Vele uvule inqolobane ye-git ehambisanayo kusiphequluli sakho .
Eposini elilandelayo: sixazulula izinkinga kahle
Namuhla ubone ukuthi imithetho yomzila ye-Istio engayenza. Manje cabanga into efanayo, kodwa kuphela ngokuphathelene nokusingatha iphutha. Yilokhu esizokhuluma ngakho kokuthunyelwe okulandelayo.
Source: www.habr.com