当前位置：网站首页>Service mesh introduction, istio overview

Service mesh introduction, istio overview

2022-07-08 00:35:00 【Zhang quandan, Foxconn quality inspector】

Service Mesh

Service Mesh The Chinese translation of the Chinese version of “ Service Grid ” , Is a Handle services and communication between services The infrastructure layer of , It is responsible for delivering reliable network requests for building complex cloud native applications , The basic component functions required by microservices are realized for service communication , For example, service discovery 、 Load balancing 、 monitor 、 Traffic management 、 Access control, etc . In practice ,

Service grids are usually implemented as A set of lightweight network agents deployed with Applications , But it's transparent to the application .

Right picture , Green squares serve applications , The blue square is Sidecar Proxy, Application services through Sidecar Proxy communicate , The whole service communication forms the blue network connection in the diagram , All the blue parts in the figure form a network , This is the name of the service grid .

Service Mesh Deployment network structure diagram

Sidecar It refers to an agent deployed with application services , If you visit your app, you have to go proxy To access , Can only go sidecar To communicate , You can't communicate between applications , Because all traffic of the application is proxy Taken over .

The essence of service grid is to take over business processes , Then by your own proxy The agent is responsible for data forwarding .

The blue squares above will have a control heart to uniformly manage the blue squares , For example, a configuration can be sent to it in the control center , Let these proxy To take effect .

You can also do access control , Specify that an application cannot access an application , such proxy Will not forward .

The administrator is only responsible for configuring the center , To configure the control of some traffic in the whole service grid , And a series of these functions .

Service Mesh characteristic

Service Mesh Has the following characteristics ：

• Independent governance （Sidecar To be responsible for the application traffic , Communication between them is also through sidecar）

• Application is not aware （ Bound to the service in the form of side car , There is no need to modify the code of the application when using ,sidecar You can manage it directly ）

• The infrastructure layer of service communication （ Manage the communication facilities of the service ）

• Decouple application retries / Overtime 、 monitor 、 Tracking and service discovery

servicemesh Can be seen as nginx A more advanced mode on the application of the proxy backend , This mode is to increase the control system , These control systems can manage all agents in a unified way , It's not like the agent of traditional monomer applications .

Because the flow goes through sidecar, It took over , Then you can do many functions .

service mesh The goal of design and the principle of realization actually come from proxy, And a control center to manage .

Istio summary

Isito yes Service Mesh The product landing of , Is currently the most popular service grid , Rich in functions 、 High maturity .

Linkerd It is the first service grid product in the world .

• Connect （Connect）

- Traffic management

- Load balancing

- Grayscale Publishing

• Security （Secure）

- authentication

• control （Control）

- Current limiting

- ACL

• Observe （Observe）

- monitor

- Call chain

Istio Version change

stay Istio1.5 A major change has taken place in the version , Completely overturn the structure of the original control plane , Integrate multiple existing components into Monomer structure “istiod”, At the same time Mixer Components , If you are using a previous version , These changes must be understood .

There were many components before , When deploying, deploy 7,8 A component , But I don't know the relationship between components , How to communicate , Some components may easily hang up .

listio Is based on kubernetes The above service grid governance platform , Early pursuit of purity of architecture , A control surface has many components , Many components are very clear in terms of architecture , The design is very good , Later, I fell into a dilemma , A control surface has many components , When you upgrade your system , This upgrade is in trouble , Which component to upgrade first , Which component to upgrade after , Whether there will be business interruption , This will cause a lot of trouble .

So make a choice , For example, some components are maintained by a team , Then merge , Change some components into one , The risk of such an upgrade is reduced , Lower maintenance costs , There are no absolute principles , It all depends on your business scenario .

After refactoring , The server control panel has istiod, The previous version has 4 A component , Now just one component .

Istio Architecture and components

Istio Service grid is logically divided into data plane and control plane .

Control plane ： Use a new deployment mode ：istiod, This component is responsible for processing Sidecar Inject 、 Certificate distribution 、 Configuration management and other functions , replace Original components , Reduce complexity , Improve ease of use .（ take proxy Conduct management , Analyze the collected inlet and outlet flow , Provide monitoring , journal , Link tracking ）（ Integrate the original components into one component ）

Pilot： Policy configuration component , by Proxy Provide service discovery 、 Intelligent routing 、 Error handling, etc . （ management proxy）
Citadel： Security components , Provide certificate generation and distribution 、 Encrypted communication 、 Access control .
Galley： Configuration Management 、 verification 、 distribution .

Data plane ： By a group Proxy form , these Proxy Responsible for all microservice network communications , Achieve efficient forwarding and policies . Use envoy Realization , envoy It's based on C++ Realized L4/L7 Proxy Transponder , yes Istio The only component in the data plane .

（ It refers to the end of the micro service , It is the end of service deployment , Like deploying a Pod, This belongs to the data plane , He will implant a in the data plane proxy）（proxy Responsible for all microservice network communications , Communication between microservices will take this proxy, Or micro service access to the outside also need to go this proxy, Responsible for forwarding and configuring relevant policies ）

You can see that the architecture is clear after the revision , Reduce more costs .

Istio Basic concepts

Istio Yes 4 Resource allocation , Implement all traffic management requirements ：（ Various functions are implemented according to these configuration resources ）

VirtualService（ A virtual service ）： Realize the function of service request routing rules .
DestinationRule（ Target rule ）： Achieve load balancing of target services 、 Service discovery 、 Fault handling and fault injection functions .
Gateway（ gateway ）： Let the services in the service grid , Can be seen all over the world .
ServiceEntry（ Service entrance ）： Allows the management of network traffic for extra services .（ Use less ）

原网站

版权声明
本文为[Zhang quandan, Foxconn quality inspector]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/189/202207072229467311.html