文档章节

[翻译]什么是Istio? 它是服务网格。棒极了,那什么是服务网格?

thomaslwq
 thomaslwq
发布于 2017/11/07 06:49
字数 2855
阅读 599
收藏 9

我不知道在技术社区中有多少人有这样的观点,35年之后,我们的生活就会像是“银翼杀手”的续集。“银翼杀手”向我们展现了一个技术的未来,其中的许多视觉建筑,像动画广告板,视频通话,现在都是那么的普通,而这些是我们小的时候想都不会想到的东西。“银翼杀手”里面的场景竟然如此充分地实现了,这使得像我一样的人开始在思考云能做的事情,如果我们用心地在上面思考的话。

许多年来,这意味着大规模的应用-和许多可持续的工作。没有更多的东西了。其中一个当我们的技术深入到云原生架构的结果,就是我们更加强调基于微服务的应用,这意味这一个单一的服务可以微多个应用提供难以评估的益处-有点像是“代码复用”的终极版本。

但是,当你已经有了一个应用,这个应用包含了成千上完的独立服务,你这样才能管理好你的架构,以至于不让你的应用,至少你的理智-完全脱离轨道呢?我们需要的是一个架构,可以帮助我们连接,管理,还有保证这些微服务的安全,同事提供了负载均衡,身份验证和监控等等功能。

如果有这个的事情存在,你当然愿意参与进来,不是吗?当然你会。好的,你的机会来了。

Istio就是这样的一个开源项目,它完成了所有的这些事情。在周一,就是9月25号的时候,它们已经举办了一次用户测试的“黑客马拉松”活动。我想我们可以直接从那些参与到这项活动的人身上获得更多的细节,所以我们将会和Google的软件工程师Douglas Reid和Mandar Jog交流一下,他们一直致力于领导这些开发成果。

Nick Chase:先生们,非常谢谢今天花时间和我会谈。对于那么还不知道什么是Istio的人来说,请解释一下它。

Mandar Jog: Istio是一个服务网格,它提供了所有微服务需要的交叉功能。例如,你需要流量管理。你需要找到那些你需要触及的服务,有人必须决定你需要和那些服务对接。

然后接下来是可观测的,基本上就是遥测和指标。所以你需要找到某些东西被调用了多少次,同样的,可以追溯。日志都记录在同样的区域。

然后就是强制策略,就是访问控制,或者是任何种类的特定策略的制定,例如在什么样的条件下,一个特定的服务应该和另外一个通信。

最后,Istio验证提供了身份验证,所以你可以基于你整体的身份和身份验证故事实现服务对服务的验证和中央的验证。

Douglas Reid:这些只是一些功能上的东西,但是从另外一个不同的角度来看,我认为Istio是Lyft,IBM和Google这些公司在分布式环境中部署,管理和服务应用软件中用户经验积累的产品。这有些像是这些年来如何简单地去管理规模化,特别是分布式系统,积累的一些最佳实践。

NC: 所以基本上来讲,你拥有的就是这种微服务,Istio就是这样的一个请求编排器?

MJ:Istio 处于不同的服务之间。它解释了这些我们之前提到的请求。

NC:我很多时候同时听到关于Envoy和Istio的很多事情,这两者之间有什么区别?

DR:Envoy是Istio的一个组件.Envoy是服务的代理。它是Istio的数据平面层。Istio同样也有一个控制面板,叫做Pilot.Pilot控制Envoy的部署,然后帮助配置它们,同样的还有Mixer,帮助做出决策。Envoy 在请求时间调用Mixer。PPilot还控制Envoy用来保护流量的所有其他部分的部署。

NC: Istio 是专注于自己的领域,还是你们正和其它的项目建立联系来打造一个生态呢?

MJ:还无疑问。例如,LinkerD 现在也可以和Istio一起运行。它们可以调用Mixer,所以基本上LinkerD,从最简单的的角度上来说,可以取代 Envoy作为这个请求的解释器或者代理,然后正如Envoy调用Mixer去做决策,LinderD同样也可以调用Mixer去做决策。Nginx同样还是运行着,或者已经被通知,它们将会和Mixer进行通信,所有你可以使用Ngix作为你的代理,而不是Envoy.

事实上,Mixer和Envoy之间的协议是很好的被定义和发布的,这意味着理论上是不可替换的。所以作为Istio,我们定义的就是配置的界面,还有Envoy是如何和Mixer进行通信的。

DR:Mixer采用了Prometheus作为它内置的度量报告机制,我们同样也有给StatsD的插件,我确定这里会有其它的专有指标和遥测方案的插件。我们正在打算实行配额系统。我们有了一个配额系统。我认为现在它是建立在Redis上面,我们期待看到更多的第三方的开发,正如我们允许编写适配器的生态系统,从而建立和其它项目更多的联系。

MJ:同样的,从策略层面上来说,Istio正在和其它的几个伙伴一起合作。例如开放政策机构(OPA)就是我们正在合作的第一个策略适配者,你可以在新的半标准语言中去实现你的策略,这和社区工作的标准是一致的。

DR: 然后还有其它值得一提的项目就是,Istio正在和SPIFFE紧密合作,支持SPIFFE作为Istio的一项认证协议。

Me:所以Istio有点像是包罗万象的伞。

MJ:从一个运营者的角度,Istio是操作者可以进行交互的配置。你可以配置Istio去做一些网络工作,这里也有一些Istio支持的网络功能,例如路由规则,目的地策略,还有其它的事情。同样在策略管理和度量方面,这里也有其它的功能,是可以作为插件的。所以当它们发展的时候,Istio支持它们。有点像是Istio的大伞。(未完待续)

 

There is also the matter of how the proxy is being configured. Pilot also exposes a configuration interface that Envoy calls out to, so that’s kind of the third interface. The umbrella defines things in terms of interfaces and protocols, and then we have implementations of all those components in action for a working system.

NC: So what it what this Istio user hackathon all about?

DR:  So as we work towards the next release of Istio, we’re getting closer to what we think are release candidates for all the components, and we are writing up the documentation and all the changes we’ve made over the last couple of months. This event is really to get early adopters to take a look at it, try to run through the documentation, tell us where we might have certain bugs that need to be closed before we consider the release blessed, and see where feature gaps are and so we can start planning for future work on Istio.

NC: What is the next Istio release, and when do you expect to have it?

DR: Our goal is to have it ready by the end of September.

NC: Do you have need to have like kubernetes experience or any other particular prerequisites in order to participate in this event?

MJ:  Some kubernetes would be helpful but it’s not required. We have setup instructions, and we will kind of walk you through how to set up a kubernetes cluster and get things started, so that it shouldn’t be a real impediment.

NC: Are there any particular hardware prerequisites?

DR: What I think what we’re going to do is Google is going to provide a bunch of experimental projects so you can set up clusters, so you shouldn’t need to provide any hardware. I think IBM is going to do that as well on Bluemix, so there should be a fair amount of available infrastructure for testing. So you need a laptop and the ability to run Git, or even just the installer and that should be enough. So I think there aren’t any real hardware requirements that I know of.

NC: Once this release is out, where do you think Istio is on the production-ready scale?

MJ: Istio 0.2 is the release where we have enough features that people can actually get something done, so I’m really looking forward to feedback. Production-readiness, performance, and all that are goals for 0.3.

DR:  In some ways, it’s like the difference between Istio and Envoy and the various components. Certain components of Istio have been used in production environments, and we are well aware of their characteristics. Others have gone through big rewrites over the last couple of months as we learned some things, and we’re still starting to get a feel for what needs to be hardened and what needs to be addressed. So depending on what you’re trying to do with it, you might have different opinions about production-readiness. I think we’re getting close to beta-type status, but we’re not quite there yet.

NC: So where do you think Istio is going?

DR: Well, the Silicon Valley answer is that ultimately Istio will help power all of the world’s services, but I think we’re we’re a long way from that. We’ve got a lot of stuff to do before we get there. I mean one of the features that we were doing for this cycle was just an enabling of VMs that aren’t part of any Kubernetes cluster to join a mesh. So we want to keep working on doing that and expanding to more environments, as well as supporting multiple environments at the same time. Sort of a hybrid scenario. So those are some of our near-term goals.

MJ:  I think Doug covered the really long term and the near term. There are several intermediate goals, but they they kind of get into the nitty-gritty of what’s what’s important. One of the things that we really would like to see is a is a robust kind of vendor community that is building on top of Istio, or on the side of Istio. There are certain things that Istio does foundationally, and we would like to see where those belong to the stack, and then there are also areas and tasks on the side of Istio, and we would also like to see something come up there.

DR:  We’re really focused on getting more community engagement. We’ve been trying to get stuff out, but I think we need to start focusing more on how do we enable community, how do we excite the community, how do we meet the community’s needs now that we’ve sort of got the initial foothold out in the world?

NC: So what do what kind of engagement do you need the most in the community?

DR:  We could use development support, documentation support, design support, process support…

MJ:  We also want to see people do scenario testing to see whether the things we think are relevant are relevant to what people are actually doing. Then we’d like to see people actually trying them out and giving us some feedback. We would really like to get feedback, especially on configuration because that is the surface that an operator touches, and that is how an operator interacts with the system, so so that that feedback is extremely valuable to us

Also, Mixer has an adapter framework, which is the extensibility mechanism for Istio, and it’s how you can write new adapters to enable new functions. That has gone through a big rewrite between 0.1 and 0.2, so it’s another place where we really want feedback from users. For this event it’s unlikely that we’ll be able to get that feedback, but I’m just kind of laying that out there. For 0.2 these are some of the things that we really want some feedback for

DR: There’s a lot of stuff that we want to see happen but probably don’t have the experience to make happen ourselves, like the expertise to make this work on Amazon’s Cloud or different environments like that. I think we could really use community support. So that’s what I’d like to see.

If you’d like to participate in the user testing hackathon, you can sign up here to get instructions and access to donated hardware resources. Missed the date?  You can still help out by executing the test tasks and providing feedback.

© 著作权归作者所有

共有 人打赏支持
thomaslwq
粉丝 7
博文 35
码字总数 31692
作品 0
广州
高级程序员
《Istio官方文档》综述

《Istio官方文档》综述 并发编程网 – ifeve.com2018-01-042 阅读 架构service 原文链接 译者:carvendy 综述 本文介绍Istio:开源的连接,管理和安全的微服务。Istio提供了一种简单方式,让...

并发编程网 – ifeve.com
01/04
0
0
《Istio官方文档》综述

原文链接  译者:carvendy 综述   本文介绍Istio:开源的连接,管理和安全的微服务。Istio提供了一种简单方式,让发布的服务创建连接并实现负载均衡,服务间的认证,监控,还有更多,而在...

魔术师Carvendy
01/04
0
0
《Linkerd官方文档》与Istio一起运行Linkerd

与Istio一起运行 Istio是一个连接,管理和保护微服务的开放平台。Linkerd是云本机应用程序的开源服务网格。Istio和Linkerd可以一起工作,Istio可作为跨Linkerd实例的控制平面。 Linkerd的Ist...

萍韵众生
01/19
0
0
《Istio官方文档》设计理念

原文链接  译者:carvendy 设计理念   这页概述了Istio的核心设计理念。   Istio的架构里有一些关键的设计理念,是在服务在一定规模上和高性能的标准上,系统必备的能力。 公开透明。为...

魔术师Carvendy
01/07
0
0
《Istio官方文档》设计理念

《Istio官方文档》设计理念 并发编程网 – ifeve.com2018-01-071 阅读 service 原文链接 译者:carvendy 设计理念 这页概述了Istio的核心设计理念。 Istio的架构里有一些关键的设计理念,是在...

并发编程网 – ifeve.com
01/07
0
0

没有更多内容

加载失败,请刷新页面

加载更多

docker update:更新一个或多个容器的配置

更新容器的配置 docker update:更新一个或多个容器的配置。 具体内容请访问:https://docs.docker.com/engine/reference/commandline/update/#options 语法:docker update [OPTIONS] CONTA...

lwenhao
27分钟前
1
0
unload事件

unload事件不触发的原因分析 1.代码位置不对,应该优先加载,不能放到回调函数中 2.浏览器不支持 3.最可能的原因,unload事件中触发的函数是一个异步执行的函数,浏览器是不允许在窗口关闭之后在...

狮子狗
40分钟前
1
0
DbForge Schema Compare for MySQL入门教程:如何连接到数据库

【dbForge Schema Compare for MySQL下载】 要创建连接: 1. 在“Connection” 工具栏上单击“New Connection”按钮 。 2. 在“Host” 框中输入主机名。 3. 在“Port” 框中输入端口信息。默...

Miss_Hello_World
42分钟前
1
0
公众号关联微信小程序

公众号关联小程序发送关联通知,对于推广小程序有着很大的帮助。所以问题来了,怎么做到在公众号关联小程序发送关联通知呢? 一:开发中遇到的问题 之前在开发过程中发现,公众号已经关联小程...

Code辉
55分钟前
1
0
并发编程基础之JMM学习摘要

一、JMM定义 Java内存模型即Java Memory Model(JMM),JMM决定一个线程对共享变量的写入何时对另一个线程可见(内存可见性),从抽象的角度来看,JMM定义了线程和主内存之间的抽象关系:线程...

狠一点
今天
1
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部