{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"服務網格是Kubernetes世界的一個熱門話題,但許多潛在的採用者已經失望地離開了。服務網格的採用受到了難以承受的複雜性和看似無窮無盡的供應商解決方案的限制。在我瞭解了這個領域之後,我發現採用服務網格有着巨大的價值,但它必須以輕量級的方式進行,以避免不必要的複雜性。儘管人們普遍感到失望,但服務網格的未來依舊光明。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"邊用邊學"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我進入服務網格的世界,始於我在一家歷史悠久的財富500強科技公司擔任雲架構師。當我們開始實現服務網格時,我身邊有很多優秀的工程師,但他們大部分在雲開發方面幾乎沒有經驗。我們的組織誕生於雲之前,而且充分認識雲的價值需要時間。我們的傳統業務線主要聚焦於技術棧的硬件元素上,雲決策最初是由爲交付硬件或爲該硬件提供固件和驅動程序而開發的流程驅動的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"隨着該組織經歷“數字化轉型”,它越來越依賴於交付高質量的軟件服務,並逐漸開發出更好的方法。但作爲雲架構師,我仍然在瞭解那些優先考慮硬件的業務流程,以及擁有不同技能、流程和理念的工程團隊。隨着時間的推移,我和我的團隊在將.NET應用程序遷移到Linux、採用Docker、遷移到AWS以及伴隨這些的最佳實踐(例如持續集成、自動部署、不可改變的基礎設施、監控等)方面變得熟練而成功。但挑戰仍然存在。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在此期間,我們開始將應用程序拆分爲一組微服務。起初,這是一個緩慢的轉變,但最終這種方法流行起來,開發人員開始傾向於構建新服務,而不是添加到現有的服務。我們這些基礎設施團隊成員認爲這是一個成功。唯一的問題是,與網絡相關的問題數量激增,開發人員找我們尋求解決方案,而我們還沒有準備好有效地應對這一衝擊。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"我們的服務網格實現"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我第一次聽說服務網格是在2015年,那時我正在修補服務發現工具並尋找與Consul集成的簡便方法。我喜歡將應用程序的責任轉移到“sidecar”容器中的想法,並找到了一些可以幫助實現這一點的工具。大約在這段時間,Docker有一個名爲“連接(linking)”的功能,可以將兩個應用程序放在一個共享的網絡中,以便他們可以通過localhost進行通信。這個功能提供了一種類似於我們現在在Kubernetes pod中的體驗:兩個服務,獨立構建,可以在部署時組合起來,以實現一些額外的功能。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我總是抓住機會,用簡單的方案解決大問題,因此這些新功能的能力立刻打動了我。雖然這個工具是爲了與Consul集成而構建的,但實際上,它可以做任何你想要做的事情。這是屬於我們的一個基礎設施層,可以用來一次性爲所有人解決問題。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這方面的一個具體例子出現在我們採用過程的早期。當時,我們正致力於跨多個不同的服務來標準化日誌輸出。通過採用服務網格和這種新的設計模式,我們能夠將人員問題(讓開發人員標準化他們的日誌)轉換爲技術問題(將所有服務流量傳遞給可以爲它們記錄日誌的代理)。這是我們團隊向前邁出的重要一步。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們對服務網格的實現非常實用,並且與該技術的核心特性非常一致。然而,許多營銷宣傳集中在需求較少的邊緣案例上,在評估服務網格是否適合您時,能夠識別這些干擾因素非常重要。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"核心功能"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"服務網格可以提供的核心功能分爲四個關鍵領域:可觀察性、安全性、連接性和可靠性。這些功能包括:"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"標準化監控"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們取得的最大勝利之一是標準化監控,這也是最容易採用的功能。它有一個非常低的運維成本,可以使其適合您正在使用的任何監控系統。它使組織能夠捕獲其所有HTTP或gRPC指標,並在整個系統中以標準方式存儲它們。這控制了複雜性,減輕了應用程序團隊的負擔,他們不再需要實現Prometheus指標端點或標準化日誌格式。它還允許用戶對其應用程序的“"},{"type":"link","attrs":{"href":"https:\/\/sre.google\/sre-book\/monitoring-distributed-systems\/#xref_monitoring_golden-signals","title":"","type":null},"content":[{"type":"text","text":"黃金信號"}]},{"type":"text","text":"”有一個公正的看法。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"自動加密和身份驗證"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"證書管理很難做到正確。如果一個組織還沒有在這方面投資,他們應該用一個網格來爲他們做這件事。證書管理需要維護複雜的基礎設施代碼,伴隨巨大的安全隱患。相反,網格能夠與編排系統集成,以瞭解在需要時可用於實施策略的工作負載的標識。這造就了一個真正強大的安全處理方式,與那些由功能強大的CNI(如Calico或Cilium)提供的處理方式相當,甚至更好。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"智能路由"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"智能路由是另一項功能,使網格能夠在發送請求時“做正確的事”。用例包括:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"numberedlist","attrs":{"start":1,"normalizeStart":1},"content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"使用一種延遲加權算法優化流量"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"拓撲感知路由來增強性能並降低成本"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":3,"align":null,"origin":null},"content":[{"type":"text","text":"根據請求成功的可能性對請求進行超時處理"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":4,"align":null,"origin":null},"content":[{"type":"text","text":"與編排系統集成來實現IP解析,而不是依賴DNS"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":5,"align":null,"origin":null},"content":[{"type":"text","text":"傳輸升級,例如HTTP升級到HTTP\/2"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這些功能可能不會讓每一個人都感到興奮,但隨着時間的推移,它們會從根本上增加價值。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"可靠的重試"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在分佈式系統中重試請求可能會很麻煩,但是,這對於服務網格實現幾乎總是需要的。分佈式系統通常會將一個客戶端請求轉換爲多個下游請求,這意味着“尾部”場景(例如出現異常失敗的請求)的可能性會大大增加。對此最簡單的緩解措施是重試失敗的請求。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"困難來自於避免“重試風暴”或“重試DDoS”,即處於降級狀態的系統觸發重試,隨着重試次數的增加,負載增加,並且性能進一步降低。簡單的實現不會考慮這種情況,因爲它可能需要與緩存或其它通信系統集成,來了解一個重試是否值得執行。服務網格可以通過爲整個系統允許的重試總數提供一個界限來實現這一點。網格還可以在重試發生時報告這些重試,在用戶注意到之前就可能提醒你發生了系統降級。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"網絡擴展性"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"服務網格的最佳屬性可能是其可擴展性。它提供了一個附加的適應性層,可以承擔接下來的任何挑戰。sidecar代理的設計模式是另一個令人興奮的強大功能,即使有時候它被過度銷售和過度設計來做用戶和技術還沒有準備好的事情。當社區等待看哪個網格“獲勝”時(這反應了之前過度炒作的編排戰),我們將不可避免地看到未來會有更多專門構建的網格,並且可能會有更多的最終用戶構建屬於他們自己的控制面板和代理來滿足他們的用例。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"服務網格分散關注點的功能"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"平臺或基礎設施控制層的價值怎麼強調都不爲過。然而,瞭解服務網格世界讓我認識到,入門的一個主要挑戰是,服務網格解決的核心問題往往甚至不是大多數服務網格項目溝通的焦點!"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"相反,來自服務網格項目的大部分溝通都圍繞着聽起來功能強大或令人興奮但最終會分散關注點的功能。這包括:"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"強大的(即,“複雜的”)控制面板"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"很好地運行復雜的軟件是非常困難的。這就是爲什麼如此多的組織使用雲(通過使用完全託管的服務)來減輕這一負擔。那麼,爲什麼服務網格項目會讓我們負責運維如此複雜的系統呢?系統的複雜性不是一種資產,而是一種負債,然而大多數項目都在兜售它們的特性集和可配置性。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"多集羣支持"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"多集羣是當前的熱門話題。最終,大多數團隊將運行多個Kubernetes集羣。但是多集羣的主要痛點是,Kubernets管理的網絡被削減了一半。服務網格有助於解決Kubernetes的擴展問題,但這最終無法實現任何新功能。是的,多集羣支持是必要的,但它對服務網格的承諾被過度推銷了。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"Envoy"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Envoy是一個很好的工具,但它被視爲某種標準呈現,這是有問題的。Envoy是衆多開箱即用的代理之一,你可以將其作爲服務網格的基礎。但是Envoy本身並沒有什麼特殊之處,能夠使其成爲正確的選擇。採用Envoy爲你的組織提出了一系列重要問題,包括:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"運行時成本和性能(所有這些過濾器加起來!)"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"計算資源需求以及資源需求如何隨負載擴展"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如何調試錯誤或意外行爲"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"網格如何與Envoy交互以及配置生命週期是什麼"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"運維成熟期的時間(可能比您預期的時間長)"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在服務網格中選擇代理應該是一項實現細節,而不是一項產品需求。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"WASM"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我是Web Assembly(WASM)的超級粉絲,已經成功用它在"},{"type":"link","attrs":{"href":"https:\/\/dotnet.microsoft.com\/apps\/aspnet\/web-apps\/blazor","title":"","type":null},"content":[{"type":"text","text":"Blazor"}]},{"type":"text","text":"構建了前端應用程序。然而,WASM作爲一種自定義服務網格代理行爲的工具,使您完全處於與現有軟件生命週期完全不同的全新軟件生命週期!如果您的組織還沒有準備好構建、測試、部署、維護、監控、回滾和版本代碼,(影響通過其系統運行的每個請求),那麼你還沒有準備好WASM。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"A\/B測試"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"A\/B測試實際上是一個應用程序級別的問題。在基礎設施層提供語言來啓用A\/B測試是可以的,但是沒有簡單的方法可以完全自動化大多數組織所需的A\/B測試級別。通常,應用程序需要定義唯一的指標,即定義測試的積極信號。如果一個組織想要在服務網格級別投資A\/B測試,解決方案需要支持:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"numberedlist","attrs":{"start":1,"normalizeStart":1},"content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"對部署和回滾的精細控制,因爲可能會同時進行多個不同的“測試”"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"能夠捕獲系統已知的自定義指標,並根據這些指標做出決策"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":3,"align":null,"origin":null},"content":[{"type":"text","text":"根據請求的特徵揭示流量方向的控制,這可能包括解析整個請求體"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這需要實現很多東西,沒有現成的服務網格可以做到這一點。最終,我們的組織選擇了網格之外的特性標記解決方案,以最小的努力獲得了極大的成功,實現了這一點。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"我們的最終方案"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"最終,我們面臨的挑戰並不是服務網格所獨有的。我們工作的組織有一套約束條件,要求我們對我們解決的問題以及如何解決這些問題保持務實態度。我們面臨的問題包括:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一個擁有許多不同技能的開發人員的大型組織"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通常不成熟的雲和SaaS功能"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"針對非雲軟件優化的流程"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"零碎的軟件工程方法和理念"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"有限的資源"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"激進的最後期限"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"總而言之,我們人少,問題多,需要快速展現價值。我們必須支持那些不是主要進行Web或雲開發的開發人員,我們需要進行擴展來支持大型工程組織使用不同的方法和流程來進行雲計算。我們需要將大部分精力集中在解決成熟度曲線較低的基本問題上。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"最後,當我們面臨自己的服務網格決策時,我們決定以"},{"type":"link","attrs":{"href":"https:\/\/linkerd.io\/","title":"","type":null},"content":[{"type":"text","text":"Linkerd服務網格"}]},{"type":"text","text":"爲基礎,因爲它最符合我們的優先事項:低運維成本(計算成本和人力成本)、低認知負擔、能夠給予支持的社區、透明的管理,同時滿足了我們的功能需求和預算。在Linkerd指導委員會(他們喜歡誠實的反饋和社區參與)工作了一小段時間後,我瞭解到它與我自己的工程原理是多麼緊密地契合。Linkerd最近"},{"type":"link","attrs":{"href":"https:\/\/www.cncf.io\/announcements\/2021\/07\/28\/cloud-native-computing-foundation-announces-linkerd-graduation\/","title":"","type":null},"content":[{"type":"text","text":"在CNCF達到了畢業狀態"}]},{"type":"text","text":",這是一個漫長的過程,強調了該項目的成熟度及其廣泛採用。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"作者介紹:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/www.infoq.com\/profile\/Chris-Campbell\/","title":"","type":null},"content":[{"type":"text","text":"Chris Campbell"}]},{"type":"text","text":" 已經擔任軟件工程師和架構師十多年了,與多個團隊和組織合作來採用雲原生技術和最佳實踐。他將自己的時間分爲兩部分:一是與業務領導者合作,採用軟件交付策略,加速業務;二是與工程團隊合作,交付可擴展的雲基礎設施。他最感興趣的是提高開發人員生產力和經驗的技術。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"原文鏈接:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/www.infoq.com\/articles\/service-mesh-unnecessary-complexity\/","title":"","type":null},"content":[{"type":"text","text":"How Unnecessary Complexity Gave the Service Mesh a Bad Name"}]}]}]}
如何在服務網格中避免複雜性問題
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"服務網格是Kubernetes世界的一個熱門話題,但許多潛在的採用者已經失望地離開了。服務網格的採用受到了難以承受的複雜性和看似無窮無盡的供應商解決方案的限制。在我瞭解了這個領域之後,我發現採用服務網格有着巨大的價值,但它必須以輕量級的方式進行,以避免不必要的複雜性。儘管人們普遍感到失望,但服務網格的未來依舊光明。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"邊用邊學"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我進入服務網格的世界,始於我在一家歷史悠久的財富500強科技公司擔任雲架構師。當我們開始實現服務網格時,我身邊有很多優秀的工程師,但他們大部分在雲開發方面幾乎沒有經驗。我們的組織誕生於雲之前,而且充分認識雲的價值需要時間。我們的傳統業務線主要聚焦於技術棧的硬件元素上,雲決策最初是由爲交付硬件或爲該硬件提供固件和驅動程序而開發的流程驅動的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"隨着該組織經歷“數字化轉型”,它越來越依賴於交付高質量的軟件服務,並逐漸開發出更好的方法。但作爲雲架構師,我仍然在瞭解那些優先考慮硬件的業務流程,以及擁有不同技能、流程和理念的工程團隊。隨着時間的推移,我和我的團隊在將.NET應用程序遷移到Linux、採用Docker、遷移到AWS以及伴隨這些的最佳實踐(例如持續集成、自動部署、不可改變的基礎設施、監控等)方面變得熟練而成功。但挑戰仍然存在。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在此期間,我們開始將應用程序拆分爲一組微服務。起初,這是一個緩慢的轉變,但最終這種方法流行起來,開發人員開始傾向於構建新服務,而不是添加到現有的服務。我們這些基礎設施團隊成員認爲這是一個成功。唯一的問題是,與網絡相關的問題數量激增,開發人員找我們尋求解決方案,而我們還沒有準備好有效地應對這一衝擊。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"我們的服務網格實現"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我第一次聽說服務網格是在2015年,那時我正在修補服務發現工具並尋找與Consul集成的簡便方法。我喜歡將應用程序的責任轉移到“sidecar”容器中的想法,並找到了一些可以幫助實現這一點的工具。大約在這段時間,Docker有一個名爲“連接(linking)”的功能,可以將兩個應用程序放在一個共享的網絡中,以便他們可以通過localhost進行通信。這個功能提供了一種類似於我們現在在Kubernetes pod中的體驗:兩個服務,獨立構建,可以在部署時組合起來,以實現一些額外的功能。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我總是抓住機會,用簡單的方案解決大問題,因此這些新功能的能力立刻打動了我。雖然這個工具是爲了與Consul集成而構建的,但實際上,它可以做任何你想要做的事情。這是屬於我們的一個基礎設施層,可以用來一次性爲所有人解決問題。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這方面的一個具體例子出現在我們採用過程的早期。當時,我們正致力於跨多個不同的服務來標準化日誌輸出。通過採用服務網格和這種新的設計模式,我們能夠將人員問題(讓開發人員標準化他們的日誌)轉換爲技術問題(將所有服務流量傳遞給可以爲它們記錄日誌的代理)。這是我們團隊向前邁出的重要一步。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們對服務網格的實現非常實用,並且與該技術的核心特性非常一致。然而,許多營銷宣傳集中在需求較少的邊緣案例上,在評估服務網格是否適合您時,能夠識別這些干擾因素非常重要。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"核心功能"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"服務網格可以提供的核心功能分爲四個關鍵領域:可觀察性、安全性、連接性和可靠性。這些功能包括:"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"標準化監控"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們取得的最大勝利之一是標準化監控,這也是最容易採用的功能。它有一個非常低的運維成本,可以使其適合您正在使用的任何監控系統。它使組織能夠捕獲其所有HTTP或gRPC指標,並在整個系統中以標準方式存儲它們。這控制了複雜性,減輕了應用程序團隊的負擔,他們不再需要實現Prometheus指標端點或標準化日誌格式。它還允許用戶對其應用程序的“"},{"type":"link","attrs":{"href":"https:\/\/sre.google\/sre-book\/monitoring-distributed-systems\/#xref_monitoring_golden-signals","title":"","type":null},"content":[{"type":"text","text":"黃金信號"}]},{"type":"text","text":"”有一個公正的看法。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"自動加密和身份驗證"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"證書管理很難做到正確。如果一個組織還沒有在這方面投資,他們應該用一個網格來爲他們做這件事。證書管理需要維護複雜的基礎設施代碼,伴隨巨大的安全隱患。相反,網格能夠與編排系統集成,以瞭解在需要時可用於實施策略的工作負載的標識。這造就了一個真正強大的安全處理方式,與那些由功能強大的CNI(如Calico或Cilium)提供的處理方式相當,甚至更好。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"智能路由"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"智能路由是另一項功能,使網格能夠在發送請求時“做正確的事”。用例包括:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"numberedlist","attrs":{"start":1,"normalizeStart":1},"content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"使用一種延遲加權算法優化流量"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"拓撲感知路由來增強性能並降低成本"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":3,"align":null,"origin":null},"content":[{"type":"text","text":"根據請求成功的可能性對請求進行超時處理"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":4,"align":null,"origin":null},"content":[{"type":"text","text":"與編排系統集成來實現IP解析,而不是依賴DNS"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":5,"align":null,"origin":null},"content":[{"type":"text","text":"傳輸升級,例如HTTP升級到HTTP\/2"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這些功能可能不會讓每一個人都感到興奮,但隨着時間的推移,它們會從根本上增加價值。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"可靠的重試"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在分佈式系統中重試請求可能會很麻煩,但是,這對於服務網格實現幾乎總是需要的。分佈式系統通常會將一個客戶端請求轉換爲多個下游請求,這意味着“尾部”場景(例如出現異常失敗的請求)的可能性會大大增加。對此最簡單的緩解措施是重試失敗的請求。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"困難來自於避免“重試風暴”或“重試DDoS”,即處於降級狀態的系統觸發重試,隨着重試次數的增加,負載增加,並且性能進一步降低。簡單的實現不會考慮這種情況,因爲它可能需要與緩存或其它通信系統集成,來了解一個重試是否值得執行。服務網格可以通過爲整個系統允許的重試總數提供一個界限來實現這一點。網格還可以在重試發生時報告這些重試,在用戶注意到之前就可能提醒你發生了系統降級。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"網絡擴展性"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"服務網格的最佳屬性可能是其可擴展性。它提供了一個附加的適應性層,可以承擔接下來的任何挑戰。sidecar代理的設計模式是另一個令人興奮的強大功能,即使有時候它被過度銷售和過度設計來做用戶和技術還沒有準備好的事情。當社區等待看哪個網格“獲勝”時(這反應了之前過度炒作的編排戰),我們將不可避免地看到未來會有更多專門構建的網格,並且可能會有更多的最終用戶構建屬於他們自己的控制面板和代理來滿足他們的用例。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"服務網格分散關注點的功能"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"平臺或基礎設施控制層的價值怎麼強調都不爲過。然而,瞭解服務網格世界讓我認識到,入門的一個主要挑戰是,服務網格解決的核心問題往往甚至不是大多數服務網格項目溝通的焦點!"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"相反,來自服務網格項目的大部分溝通都圍繞着聽起來功能強大或令人興奮但最終會分散關注點的功能。這包括:"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"強大的(即,“複雜的”)控制面板"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"很好地運行復雜的軟件是非常困難的。這就是爲什麼如此多的組織使用雲(通過使用完全託管的服務)來減輕這一負擔。那麼,爲什麼服務網格項目會讓我們負責運維如此複雜的系統呢?系統的複雜性不是一種資產,而是一種負債,然而大多數項目都在兜售它們的特性集和可配置性。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"多集羣支持"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"多集羣是當前的熱門話題。最終,大多數團隊將運行多個Kubernetes集羣。但是多集羣的主要痛點是,Kubernets管理的網絡被削減了一半。服務網格有助於解決Kubernetes的擴展問題,但這最終無法實現任何新功能。是的,多集羣支持是必要的,但它對服務網格的承諾被過度推銷了。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"Envoy"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Envoy是一個很好的工具,但它被視爲某種標準呈現,這是有問題的。Envoy是衆多開箱即用的代理之一,你可以將其作爲服務網格的基礎。但是Envoy本身並沒有什麼特殊之處,能夠使其成爲正確的選擇。採用Envoy爲你的組織提出了一系列重要問題,包括:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"運行時成本和性能(所有這些過濾器加起來!)"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"計算資源需求以及資源需求如何隨負載擴展"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如何調試錯誤或意外行爲"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"網格如何與Envoy交互以及配置生命週期是什麼"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"運維成熟期的時間(可能比您預期的時間長)"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在服務網格中選擇代理應該是一項實現細節,而不是一項產品需求。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"WASM"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我是Web Assembly(WASM)的超級粉絲,已經成功用它在"},{"type":"link","attrs":{"href":"https:\/\/dotnet.microsoft.com\/apps\/aspnet\/web-apps\/blazor","title":"","type":null},"content":[{"type":"text","text":"Blazor"}]},{"type":"text","text":"構建了前端應用程序。然而,WASM作爲一種自定義服務網格代理行爲的工具,使您完全處於與現有軟件生命週期完全不同的全新軟件生命週期!如果您的組織還沒有準備好構建、測試、部署、維護、監控、回滾和版本代碼,(影響通過其系統運行的每個請求),那麼你還沒有準備好WASM。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"A\/B測試"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"A\/B測試實際上是一個應用程序級別的問題。在基礎設施層提供語言來啓用A\/B測試是可以的,但是沒有簡單的方法可以完全自動化大多數組織所需的A\/B測試級別。通常,應用程序需要定義唯一的指標,即定義測試的積極信號。如果一個組織想要在服務網格級別投資A\/B測試,解決方案需要支持:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"numberedlist","attrs":{"start":1,"normalizeStart":1},"content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"對部署和回滾的精細控制,因爲可能會同時進行多個不同的“測試”"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"能夠捕獲系統已知的自定義指標,並根據這些指標做出決策"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":3,"align":null,"origin":null},"content":[{"type":"text","text":"根據請求的特徵揭示流量方向的控制,這可能包括解析整個請求體"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這需要實現很多東西,沒有現成的服務網格可以做到這一點。最終,我們的組織選擇了網格之外的特性標記解決方案,以最小的努力獲得了極大的成功,實現了這一點。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"我們的最終方案"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"最終,我們面臨的挑戰並不是服務網格所獨有的。我們工作的組織有一套約束條件,要求我們對我們解決的問題以及如何解決這些問題保持務實態度。我們面臨的問題包括:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一個擁有許多不同技能的開發人員的大型組織"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通常不成熟的雲和SaaS功能"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"針對非雲軟件優化的流程"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"零碎的軟件工程方法和理念"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"有限的資源"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"激進的最後期限"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"總而言之,我們人少,問題多,需要快速展現價值。我們必須支持那些不是主要進行Web或雲開發的開發人員,我們需要進行擴展來支持大型工程組織使用不同的方法和流程來進行雲計算。我們需要將大部分精力集中在解決成熟度曲線較低的基本問題上。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"最後,當我們面臨自己的服務網格決策時,我們決定以"},{"type":"link","attrs":{"href":"https:\/\/linkerd.io\/","title":"","type":null},"content":[{"type":"text","text":"Linkerd服務網格"}]},{"type":"text","text":"爲基礎,因爲它最符合我們的優先事項:低運維成本(計算成本和人力成本)、低認知負擔、能夠給予支持的社區、透明的管理,同時滿足了我們的功能需求和預算。在Linkerd指導委員會(他們喜歡誠實的反饋和社區參與)工作了一小段時間後,我瞭解到它與我自己的工程原理是多麼緊密地契合。Linkerd最近"},{"type":"link","attrs":{"href":"https:\/\/www.cncf.io\/announcements\/2021\/07\/28\/cloud-native-computing-foundation-announces-linkerd-graduation\/","title":"","type":null},"content":[{"type":"text","text":"在CNCF達到了畢業狀態"}]},{"type":"text","text":",這是一個漫長的過程,強調了該項目的成熟度及其廣泛採用。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"作者介紹:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/www.infoq.com\/profile\/Chris-Campbell\/","title":"","type":null},"content":[{"type":"text","text":"Chris Campbell"}]},{"type":"text","text":" 已經擔任軟件工程師和架構師十多年了,與多個團隊和組織合作來採用雲原生技術和最佳實踐。他將自己的時間分爲兩部分:一是與業務領導者合作,採用軟件交付策略,加速業務;二是與工程團隊合作,交付可擴展的雲基礎設施。他最感興趣的是提高開發人員生產力和經驗的技術。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"原文鏈接:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/www.infoq.com\/articles\/service-mesh-unnecessary-complexity\/","title":"","type":null},"content":[{"type":"text","text":"How Unnecessary Complexity Gave the Service Mesh a Bad Name"}]}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章
4場和Zabbix春日約會,“承包”四月天
在全國各地和Zabbix相遇互動,4月活動集錦,來約會吧! 時間 活動名稱 城市 4/20(週六) KCD雲原生社區日 上海 4/20(週六) OceanBase開發者大會