当前位置:网站首页>Service mesh introduction, istio overview

Service mesh introduction, istio overview

2022-07-08 00:35:00 Zhang quandan, Foxconn quality inspector

Service Mesh

Service Mesh The Chinese translation of the Chinese version of “ Service Grid ” , Is a Handle services and communication between services The infrastructure layer of , It is responsible for delivering reliable network requests for building complex cloud native applications , The basic component functions required by microservices are realized for service communication , For example, service discovery 、 Load balancing 、 monitor 、 Traffic management 、 Access control, etc . In practice ,

Service grids are usually implemented as A set of lightweight network agents deployed with Applications , But it's transparent to the application .

Right picture , Green squares serve applications , The blue square is Sidecar Proxy, Application services through Sidecar Proxy communicate , The whole service communication forms the blue network connection in the diagram , All the blue parts in the figure form a network , This is the name of the service grid .

                                                Service Mesh Deployment network structure diagram

Sidecar It refers to an agent deployed with application services , If you visit your app, you have to go proxy To access , Can only go sidecar To communicate , You can't communicate between applications , Because all traffic of the application is proxy Taken over .

The essence of service grid is to take over business processes , Then by your own proxy The agent is responsible for data forwarding .

The blue squares above will have a control heart to uniformly manage the blue squares , For example, a configuration can be sent to it in the control center , Let these proxy To take effect .

You can also do access control , Specify that an application cannot access an application , such proxy Will not forward .

The administrator is only responsible for configuring the center , To configure the control of some traffic in the whole service grid , And a series of these functions .

Service Mesh characteristic  

 Service Mesh Has the following characteristics :

Independent governance (Sidecar To be responsible for the application traffic , Communication between them is also through sidecar)
Application is not aware ( Bound to the service in the form of side car , There is no need to modify the code of the application when using ,sidecar You can manage it directly )
The infrastructure layer of service communication ( Manage the communication facilities of the service )
Decouple application retries / Overtime 、 monitor 、 Tracking and service discovery

servicemesh Can be seen as nginx A more advanced mode on the application of the proxy backend , This mode is to increase the control system , These control systems can manage all agents in a unified way , It's not like the agent of traditional monomer applications .

Because the flow goes through sidecar, It took over , Then you can do many functions .

service mesh The goal of design and the principle of realization actually come from proxy, And a control center to manage .

Istio summary

Isito yes Service Mesh The product landing of , Is currently the most popular service grid , Rich in functions 、 High maturity .

Linkerd It is the first service grid product in the world .
Connect (Connect)
- Traffic management
- Load balancing
- Grayscale Publishing
Security (Secure)
- authentication
- authentication
control (Control)
- Current limiting
- ACL
Observe (Observe)
- monitor
- Call chain

Istio Version change

stay Istio1.5 A major change has taken place in the version , Completely overturn the structure of the original control plane , Integrate multiple existing components into Monomer structure “istiod”, At the same time Mixer Components , If you are using a previous version , These changes must be understood .

There were many components before , When deploying, deploy 7,8 A component , But I don't know the relationship between components , How to communicate , Some components may easily hang up .

listio Is based on kubernetes The above service grid governance platform , Early pursuit of purity of architecture , A control surface has many components , Many components are very clear in terms of architecture , The design is very good , Later, I fell into a dilemma , A control surface has many components , When you upgrade your system , This upgrade is in trouble , Which component to upgrade first , Which component to upgrade after , Whether there will be business interruption , This will cause a lot of trouble .

So make a choice , For example, some components are maintained by a team , Then merge , Change some components into one , The risk of such an upgrade is reduced , Lower maintenance costs , There are no absolute principles , It all depends on your business scenario .
 

After refactoring , The server control panel has istiod, The previous version has 4 A component , Now just one component .

Istio Architecture and components

Istio Service grid is logically divided into data plane and control plane .

Control plane : Use a new deployment mode :istiod, This component is responsible for processing Sidecar Inject 、 Certificate distribution 、 Configuration management and other functions , replace Original components , Reduce complexity , Improve ease of use .( take proxy Conduct management , Analyze the collected inlet and outlet flow , Provide monitoring , journal , Link tracking )( Integrate the original components into one component )
  • Pilot: Policy configuration component , by Proxy Provide service discovery 、 Intelligent routing 、 Error handling, etc . ( management proxy) 
  • Citadel: Security components , Provide certificate generation and distribution 、 Encrypted communication 、 Access control .
  • Galley: Configuration Management 、 verification 、 distribution .

Data plane : By a group Proxy form , these Proxy Responsible for all microservice network communications , Achieve efficient forwarding and policies . Use envoy Realization , envoy It's based on C++ Realized L4/L7 Proxy Transponder , yes Istio The only component in the data plane .

 ( It refers to the end of the micro service , It is the end of service deployment , Like deploying a Pod, This belongs to the data plane , He will implant a in the data plane proxy)(proxy Responsible for all microservice network communications , Communication between microservices will take this proxy, Or micro service access to the outside also need to go this proxy, Responsible for forwarding and configuring relevant policies )

You can see that the architecture is clear after the revision , Reduce more costs .

Istio Basic concepts

Istio Yes 4 Resource allocation , Implement all traffic management requirements :( Various functions are implemented according to these configuration resources )

  • VirtualService( A virtual service ): Realize the function of service request routing rules .
  • DestinationRule( Target rule ): Achieve load balancing of target services 、 Service discovery 、 Fault handling and fault injection functions .
  • Gateway( gateway ): Let the services in the service grid , Can be seen all over the world .
  • ServiceEntry( Service entrance ) : Allows the management of network traffic for extra services .( Use less )
原网站

版权声明
本文为[Zhang quandan, Foxconn quality inspector]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/189/202207072229467311.html

边栏推荐

猜你喜欢

随机推荐