1、传统微服务架构
传统微服务遇到的挑战:
2、service mesh新一代微服务架构
微服务业务逻辑和治理分离,sidecar实现了基础设施与业务逻辑的解耦,为每个微服务配一个sidecar,实现网络通信。
服务网格把微服务的通信下沉到基础设施,降低微服务处理通信的复杂度,开发者无需关心通信层的具体实现。
3、服务网格框架:
Istio微服务治理框架
https://istio.io/
Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio’s control plane provides an abstraction layer over the underlying cluster management platform, such as Kubernetes.
Istio is composed of these components:
Envoy - Sidecar(Proxy) proxies per microservice to handle ingress/egress traffic between services in the cluster and from a service to external services. The proxies form a secure microservice mesh providing a rich set of functions like discovery, rich layer-7 routing, circuit breakers, policy enforcement and telemetry recording/reporting functions.
Note: The service mesh is not an overlay network. It simplifies and enhances how microservices in an application talk to each other over the network provided by the underlying platform.
Istiod - The Istio control plane. It provides service discovery, configuration and certificate management. It consists of the following sub-components:
Pilot - Responsible for configuring the proxies at runtime.
Citadel - Responsible for certificate issuance and rotation.
Galley - Responsible for validating, ingesting, aggregating, transforming and distributing config within Istio.
Operator - The component provides user friendly options to operate the Istio service mesh.
istio两个核心概念:
虚拟服务:(在服务网格内配置了网络请求到目标请求的路由规则)
虚拟服务(Vistrual Service)是 Istio 重要的资源对象之一,作用是将流量路由到网格中的服务。支持基于权重、http header条件等优先级的路由,比Kuberentes service对于流量的管控更加的丰富,颗粒度更加精细。
有了 Kubernetes Service,为什么还需要 Istio Virtual Service?
简单来说,基于 Kubernetes Service,只可以实现简单的流量负载均衡,如果想实现基于HTTP Header,负载百分比等等复杂的流量控制就无从下手了,Istio Vistrual Service在原本 Kubernetes Service 的功能之上,提供了更加丰富的路由控制。
目标规则:
目标规则(Destination Rule)是 Istio 重要的资源对象之一,它不能独自使用,必须跟 Virtual Service 共同发挥作用,作用是将流量标记分组并路由到具体服务。
Destination Rule 还可以做什么?
通常在生产场景下,用使用 Destination Rule 对用户进行身份、地址位置等条件的识别后的流量路由,例如部分用户优先享用新版本,则可以通过HTTP Header附加相关的字段进行识别,路由到新版本的服务上。或者在版本更新的时候,使用灰度发布,对新旧版本标记子集,按照不同的负载百分比进行调整逐步迭代。
先定义目标规则,再在虚拟服务中引用。
可以通过kiali查看流量拓扑图。
在部署的微服务中启用istio微服务治理,启动istio之后,在集群上部署的服务会被注入istio proxy
服务网格的应用-灰度发布,降低版本升级的风险:蓝绿部署、金丝雀发布、流量镜像