当前位置:网站首页>Knowledge and skills of isto concept in service grid

Knowledge and skills of isto concept in service grid

2020-11-10 16:04:27 Ali_ Simple

One 、 background

The recent architecture group is based on istio Developed a service grid (Service Mesh) platform , Take this opportunity to learn and record the relevant background knowledge , It's easy to look back .

The effect of the first edition :

Two 、istio

The official manual :https://istio.io/latest/zh/docs/concepts/what-is-istio/

1、Service Mesh brief introduction

istio As an implementation Service Mesh An open source project of , First of all, we have to deal with Service Mesh I understand .

In the last few years , Microservice architecture has become a popular style in software design . In this architecture , We decompose the application into independently deployable Services . These services are usually lightweight , Multilingual , And it is usually developed and deployed by various functional teams . When the number of certain services increases , When it's hard to manage and more complex , Microservice architecture will always work . But it's also managing security , Network traffic control and observability bring challenges .

Service Mesh It's a great way to help meet these challenges .

  • Service Mesh It is used to describe the interaction between applications . As the number of services increases and the complexity increases , It's becoming more and more difficult to expand and manage .Service Mesh It can provide service discovery for microservice architecture , Load balancing , Fault recovery , Indicators and monitoring .
  • Service Mesh Often it can also meet more complex needs , for example A/B test , Release of canary , Rate limit , Access control and end-to-end authentication .
  • Service Mesh Provides an easy way to create a service network , The network has load balancing , Service to service authentication , Monitoring and other functions , The microservice code changes little or no .

2、 Why use Istio?

Istio It provides the ability of behavior insight and operation control for the whole service grid , And a complete solution to meet the needs of micro service applications .

Istio Provides a simple way to network deployed Services , The network has load balancing 、 Service room Certification 、 Monitoring and other functions , Without any changes to the code of the service . Want service support Istio, Just deploy a special... In your environment sidecar agent , Use Istio Control plane function configuration and management agent , Block all network communication between microservices :

  • HTTP、gRPC、WebSocket and TCP Automatic load balancing of traffic .
  • Through rich routing rules 、 retry 、 Failover and fault injection , You can fine-grained control traffic behavior .
  • Pluggable policy layer and configuration API, Support access control 、 Rate limits and quotas .
  • An automatic measure of all traffic in and out of a cluster 、 Logging and tracking .
  • Through strong identity based authentication and Authorization , Secure inter service communication in a cluster .
  • Istio Designed for scalability , Meet all kinds of deployment requirements .

Core functions
Istio It provides many key functions in the service network :

Traffic management

Through simple rule configuration and traffic routing , You can control traffic between services and API call .Istio Simplified circuit breakers 、 Configuration of service level properties such as timeout and retry , And it's easy to set up A/B test 、 Canary deployment and phased deployment based on percentage traffic segmentation and other important tasks .

By better understanding your traffic and out of the box failback capabilities , You can find the problem before it occurs , Make the call more reliable , And make your network more powerful —— No matter what conditions you face .

Security

Istio The security capabilities of enable developers to focus on application level security .Istio Provide the underlying secure communication channel , And large-scale management of service communication authentication 、 Authorization and encryption . Use Istio, Service communication is secure by default , It allows you to consistently implement policies across multiple protocols and runtimes —— All of this requires little or no application change .

although Istio It's not about the platform , But compare it with Kubernetes( Or infrastructure ) Combination of network policies , Its advantages will be greater , Including protection in the network and application layer pod The ability to communicate between services .

Observability

Istio Powerful tracking 、 Monitoring and logging gives you insight into service grid deployment . adopt Istio The monitoring function of , You can really understand how service performance affects upstream and downstream functions , And its custom dashboard provides visibility into all service performance , And let you know how this performance affects your other processes .

Istio Of Mixer The component is responsible for policy control and telemetry collection . It provides back-end abstraction and mediation , take Istio The rest of is isolated from the implementation details of each infrastructure backend , And provide fine-grained control of all interactions between grid and infrastructure backend for operation and maintenance .

All of these features allow you to set up 、 Monitor and implement the SLO. Of course , most important of all , You can quickly and effectively detect and fix problems .

Platform support

Istio It's platform independent , Designed to run in a variety of environments , Including cross cloud 、 Internal deployment 、Kubernetes、Mesos etc. . You can go to Kubernetes Upper Department Istio Or have Consul Of Nomad Upper Department .Istio At present, we support :

stay Kubernetes Services of topside
Use Consul Registered services
Services deployed on virtual machines

Integration and customization

Policy execution components can be extended and customized , So that with the existing ACL、 journal 、 monitor 、 The quota 、 Audit and other program integration . 

Good article recommends :

https://www.cnblogs.com/xishuai/p/microservices-and-service-mesh.html( Microservices (Microservices) And service grid (Service Mesh) Architecture concept arrangement

https://www.kubernetes.org.cn/5556.html( Detailed explanation Istio The working principle of fusing and current limiting in practice

https://blog.csdn.net/luanpeng825485697/article/details/84560659(istio Introduction and basic component principle ( Service Grid Service Mesh))

https://blog.csdn.net/chenhaifeng2016/article/details/78609208( Depth analysis Service Mesh The new generation of service grid Istio)

https://zhuanlan.zhihu.com/p/101723832( Service governance of microservices :Envoy overall situation gRPC Speed limit service lyft/ratelimit Detailed explanation )

https://www.jianshu.com/p/bed143a1c886(istio brief introduction )

https://servicemesh.es/

版权声明
本文为[Ali_ Simple]所创,转载请带上原文链接,感谢