2017-09-20 21:55:19 +08:00
<!DOCTYPE HTML>
< html lang = "zh-hans" >
< head >
< meta charset = "UTF-8" >
< meta content = "text/html; charset=utf-8" http-equiv = "Content-Type" >
< title > 5.2 Service Mesh 服务网格 · Kubernetes Handbook< / title >
< meta http-equiv = "X-UA-Compatible" content = "IE=edge" / >
< meta name = "description" content = "" >
< meta name = "generator" content = "GitBook 3.2.2" >
< meta name = "author" content = "Jimmy Song" >
< link rel = "stylesheet" href = "../gitbook/style.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-splitter/splitter.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-page-toc-button/plugin.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-image-captions/image-captions.css" >
2017-10-09 15:28:05 +08:00
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-back-to-top-button/plugin.css" >
2017-09-20 21:55:19 +08:00
2017-10-09 15:28:05 +08:00
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-search-plus/search.css" >
2017-09-20 21:55:19 +08:00
2017-10-09 15:28:05 +08:00
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-tbfed-pagefooter/footer.css" >
2017-09-20 21:55:19 +08:00
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-highlight/website.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-fontsettings/website.css" >
2017-10-09 15:28:05 +08:00
2017-09-20 21:55:19 +08:00
< meta name = "HandheldFriendly" content = "true" / >
< meta name = "viewport" content = "width=device-width, initial-scale=1, user-scalable=no" >
< meta name = "apple-mobile-web-app-capable" content = "yes" >
< meta name = "apple-mobile-web-app-status-bar-style" content = "black" >
< link rel = "apple-touch-icon-precomposed" sizes = "152x152" href = "../gitbook/images/apple-touch-icon-precomposed-152.png" >
< link rel = "shortcut icon" href = "../gitbook/images/favicon.ico" type = "image/x-icon" >
< link rel = "next" href = "istio.html" / >
< link rel = "prev" href = "service-discovery-in-microservices.html" / >
2017-10-09 15:28:05 +08:00
< link rel = "shortcut icon" href = '../favicon.ico' type = "image/x-icon" >
< link rel = "bookmark" href = '../favicon.ico' type = "image/x-icon" >
< style >
@media only screen and (max-width: 640px) {
.book-header .hidden-mobile {
display: none;
}
}
< / style >
< script >
window["gitbook-plugin-github-buttons"] = {"repo":"rootsongjc/kubernetes-handbook","types":["star"],"size":"small"};
< / script >
2017-09-20 21:55:19 +08:00
< / head >
< body >
< div class = "book" >
< div class = "book-summary" >
< div id = "book-search-input" role = "search" >
< input type = "text" placeholder = "输入并搜索" / >
< / div >
< nav role = "navigation" >
< ul class = "summary" >
2017-10-09 15:28:05 +08:00
< li >
< a href = "https://jimmysong.io" target = "_blank" class = "custom-link" > Home< / a >
< / li >
2017-09-20 21:55:19 +08:00
2017-10-09 15:28:05 +08:00
< li class = "divider" > < / li >
2017-09-20 21:55:19 +08:00
< li class = "chapter " data-level = "1.1" data-path = "../" >
< a href = "../" >
1. 前言
< / a >
< / li >
< li class = "chapter " data-level = "1.2" data-path = "../concepts/" >
< a href = "../concepts/" >
2. 概念原理
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.2.1" data-path = "../concepts/concepts.html" >
< a href = "../concepts/concepts.html" >
2.1 设计理念
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2" data-path = "../concepts/objects.html" >
< a href = "../concepts/objects.html" >
2.2 Objects
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.2.2.1" data-path = "../concepts/pod-overview.html" >
< a href = "../concepts/pod-overview.html" >
2.2.1 Pod
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.2.2.1.1" data-path = "../concepts/pod.html" >
< a href = "../concepts/pod.html" >
2.2.1.1 Pod解析
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.1.2" data-path = "../concepts/init-containers.html" >
< a href = "../concepts/init-containers.html" >
2.2.1.2 Init容器
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.1.3" data-path = "../concepts/pod-security-policy.html" >
< a href = "../concepts/pod-security-policy.html" >
2.2.1.3 Pod安全策略
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.1.4" data-path = "../concepts/pod-lifecycle.html" >
< a href = "../concepts/pod-lifecycle.html" >
2.2.1.4 Pod的生命周期
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.2.2.2" data-path = "../concepts/node.html" >
< a href = "../concepts/node.html" >
2.2.2 Node
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.3" data-path = "../concepts/namespace.html" >
< a href = "../concepts/namespace.html" >
2.2.3 Namespace
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.4" data-path = "../concepts/service.html" >
< a href = "../concepts/service.html" >
2.2.4 Service
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.5" data-path = "../concepts/volume.html" >
< a href = "../concepts/volume.html" >
2.2.5 Volume和Persistent Volume
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.6" data-path = "../concepts/deployment.html" >
< a href = "../concepts/deployment.html" >
2.2.6 Deployment
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.7" data-path = "../concepts/secret.html" >
< a href = "../concepts/secret.html" >
2.2.7 Secret
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.8" data-path = "../concepts/statefulset.html" >
< a href = "../concepts/statefulset.html" >
2.2.8 StatefulSet
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.9" data-path = "../concepts/daemonset.html" >
< a href = "../concepts/daemonset.html" >
2.2.9 DaemonSet
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.10" data-path = "../concepts/serviceaccount.html" >
< a href = "../concepts/serviceaccount.html" >
2.2.10 ServiceAccount
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.11" data-path = "../concepts/replicaset.html" >
< a href = "../concepts/replicaset.html" >
2.2.11 ReplicationController和ReplicaSet
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.12" data-path = "../concepts/job.html" >
< a href = "../concepts/job.html" >
2.2.12 Job
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.13" data-path = "../concepts/cronjob.html" >
< a href = "../concepts/cronjob.html" >
2.2.13 CronJob
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.14" data-path = "../concepts/ingress.html" >
< a href = "../concepts/ingress.html" >
2.2.14 Ingress
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.15" data-path = "../concepts/configmap.html" >
< a href = "../concepts/configmap.html" >
2.2.15 ConfigMap
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.16" data-path = "../concepts/horizontal-pod-autoscaling.html" >
< a href = "../concepts/horizontal-pod-autoscaling.html" >
2.2.16 Horizontal Pod Autoscaling
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.17" data-path = "../concepts/label.html" >
< a href = "../concepts/label.html" >
2.2.17 Label
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.18" data-path = "../concepts/garbage-collection.html" >
< a href = "../concepts/garbage-collection.html" >
2.2.18 垃圾收集
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.19" data-path = "../concepts/network-policy.html" >
< a href = "../concepts/network-policy.html" >
2.2.19 NetworkPolicy
< / a >
< / li >
< / ul >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.3" data-path = "../guide/" >
< a href = "../guide/" >
3. 用户指南
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.3.1" data-path = "../guide/resource-configuration.html" >
< a href = "../guide/resource-configuration.html" >
2017-09-28 21:20:49 +08:00
3.1 资源对象配置
2017-09-20 21:55:19 +08:00
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.3.1.1" data-path = "../guide/configure-liveness-readiness-probes.html" >
< a href = "../guide/configure-liveness-readiness-probes.html" >
3.1.1 配置Pod的liveness和readiness探针
< / a >
< / li >
< li class = "chapter " data-level = "1.3.1.2" data-path = "../guide/configure-pod-service-account.html" >
< a href = "../guide/configure-pod-service-account.html" >
3.1.2 配置Pod的Service Account
< / a >
2017-09-28 21:20:49 +08:00
< / li >
< li class = "chapter " data-level = "1.3.1.3" data-path = "../guide/secret-configuration.html" >
< a href = "../guide/secret-configuration.html" >
3.1.3 Secret配置
< / a >
2017-10-10 14:51:45 +08:00
< / li >
< li class = "chapter " data-level = "1.3.1.4" data-path = "../guide/resource-quota-management.html" >
< a href = "../guide/resource-quota-management.html" >
3.2.3 管理namespace中的资源配额
< / a >
2017-09-20 21:55:19 +08:00
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.3.2" data-path = "../guide/command-usage.html" >
< a href = "../guide/command-usage.html" >
3.2 命令使用
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.3.2.1" data-path = "../guide/using-kubectl.html" >
< a href = "../guide/using-kubectl.html" >
3.2.1 使用kubectl
< / a >
< / li >
< li class = "chapter " data-level = "1.3.2.2" data-path = "../guide/docker-cli-to-kubectl.html" >
< a href = "../guide/docker-cli-to-kubectl.html" >
3.2.2 docker用户过度到kubectl命令行指南
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.3.3" data-path = "../guide/cluster-security-management.html" >
< a href = "../guide/cluster-security-management.html" >
3.3 集群安全性管理
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.3.3.1" data-path = "../guide/managing-tls-in-a-cluster.html" >
< a href = "../guide/managing-tls-in-a-cluster.html" >
3.3.1 管理集群中的TLS
< / a >
< / li >
< li class = "chapter " data-level = "1.3.3.2" data-path = "../guide/kubelet-authentication-authorization.html" >
< a href = "../guide/kubelet-authentication-authorization.html" >
3.3.2 kubelet的认证授权
< / a >
< / li >
< li class = "chapter " data-level = "1.3.3.3" data-path = "../guide/tls-bootstrapping.html" >
< a href = "../guide/tls-bootstrapping.html" >
3.3.3 TLS bootstrap
< / a >
< / li >
< li class = "chapter " data-level = "1.3.3.4" data-path = "../guide/kubectl-user-authentication-authorization.html" >
< a href = "../guide/kubectl-user-authentication-authorization.html" >
3.3.4 kubectl的用户认证授权
< / a >
< / li >
< li class = "chapter " data-level = "1.3.3.5" data-path = "../guide/rbac.html" >
< a href = "../guide/rbac.html" >
3.3.5 RBAC——基于角色的访问控制
< / a >
< / li >
< li class = "chapter " data-level = "1.3.3.6" data-path = "../guide/ip-masq-agent.html" >
< a href = "../guide/ip-masq-agent.html" >
3.3.6 IP伪装代理
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.3.4" data-path = "../guide/access-kubernetes-cluster.html" >
< a href = "../guide/access-kubernetes-cluster.html" >
3.4 访问 Kubernetes 集群
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.3.4.1" data-path = "../guide/access-cluster.html" >
< a href = "../guide/access-cluster.html" >
3.4.1 访问集群
< / a >
< / li >
< li class = "chapter " data-level = "1.3.4.2" data-path = "../guide/authenticate-across-clusters-kubeconfig.html" >
< a href = "../guide/authenticate-across-clusters-kubeconfig.html" >
3.4.2 使用 kubeconfig 文件配置跨集群认证
< / a >
< / li >
< li class = "chapter " data-level = "1.3.4.3" data-path = "../guide/connecting-to-applications-port-forward.html" >
< a href = "../guide/connecting-to-applications-port-forward.html" >
3.4.3 通过端口转发访问集群中的应用程序
< / a >
< / li >
< li class = "chapter " data-level = "1.3.4.4" data-path = "../guide/service-access-application-cluster.html" >
< a href = "../guide/service-access-application-cluster.html" >
3.4.4 使用 service 访问群集中的应用程序
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.3.5" data-path = "../guide/application-development-deployment-flow.html" >
< a href = "../guide/application-development-deployment-flow.html" >
3.5 在kubernetes中开发部署应用
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.3.5.1" data-path = "../guide/deploy-applications-in-kubernetes.html" >
< a href = "../guide/deploy-applications-in-kubernetes.html" >
3.5.1 适用于kubernetes的应用开发部署流程
< / a >
< / li >
< li class = "chapter " data-level = "1.3.5.2" data-path = "../guide/migrating-hadoop-yarn-to-kubernetes.html" >
< a href = "../guide/migrating-hadoop-yarn-to-kubernetes.html" >
3.5.2 迁移传统应用到kubernetes中——以Hadoop YARN为例
< / a >
< / li >
< / ul >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.4" data-path = "../practice/" >
< a href = "../practice/" >
4. 最佳实践
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.4.1" data-path = "../practice/install-kbernetes1.6-on-centos.html" >
< a href = "../practice/install-kbernetes1.6-on-centos.html" >
4.1 在CentOS上部署kubernetes1.6集群
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.4.1.1" data-path = "../practice/create-tls-and-secret-key.html" >
< a href = "../practice/create-tls-and-secret-key.html" >
4.1.1 创建TLS证书和秘钥
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.2" data-path = "../practice/create-kubeconfig.html" >
< a href = "../practice/create-kubeconfig.html" >
4.1.2 创建kubeconfig文件
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.3" data-path = "../practice/etcd-cluster-installation.html" >
< a href = "../practice/etcd-cluster-installation.html" >
4.1.3 创建高可用etcd集群
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.4" data-path = "../practice/kubectl-installation.html" >
< a href = "../practice/kubectl-installation.html" >
4.1.4 安装kubectl命令行工具
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.5" data-path = "../practice/master-installation.html" >
< a href = "../practice/master-installation.html" >
4.1.5 部署master节点
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.6" data-path = "../practice/node-installation.html" >
< a href = "../practice/node-installation.html" >
4.1.6 部署node节点
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.7" data-path = "../practice/kubedns-addon-installation.html" >
< a href = "../practice/kubedns-addon-installation.html" >
4.1.7 安装kubedns插件
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.8" data-path = "../practice/dashboard-addon-installation.html" >
< a href = "../practice/dashboard-addon-installation.html" >
4.1.8 安装dashboard插件
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.9" data-path = "../practice/heapster-addon-installation.html" >
< a href = "../practice/heapster-addon-installation.html" >
4.1.9 安装heapster插件
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.10" data-path = "../practice/efk-addon-installation.html" >
< a href = "../practice/efk-addon-installation.html" >
4.1.10 安装EFK插件
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.4.2" data-path = "../practice/service-discovery-and-loadbalancing.html" >
< a href = "../practice/service-discovery-and-loadbalancing.html" >
4.2 服务发现与负载均衡
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.4.2.1" data-path = "../practice/traefik-ingress-installation.html" >
< a href = "../practice/traefik-ingress-installation.html" >
4.2.1 安装Traefik ingress
< / a >
< / li >
< li class = "chapter " data-level = "1.4.2.2" data-path = "../practice/distributed-load-test.html" >
< a href = "../practice/distributed-load-test.html" >
4.2.2 分布式负载测试
< / a >
< / li >
< li class = "chapter " data-level = "1.4.2.3" data-path = "../practice/network-and-cluster-perfermance-test.html" >
< a href = "../practice/network-and-cluster-perfermance-test.html" >
4.2.3 网络和集群性能测试
< / a >
< / li >
< li class = "chapter " data-level = "1.4.2.4" data-path = "../practice/edge-node-configuration.html" >
< a href = "../practice/edge-node-configuration.html" >
4.2.4 边缘节点配置
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.4.3" data-path = "../practice/operation.html" >
< a href = "../practice/operation.html" >
4.3 运维管理
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.4.3.1" data-path = "../practice/service-rolling-update.html" >
< a href = "../practice/service-rolling-update.html" >
4.3.1 服务滚动升级
< / a >
< / li >
< li class = "chapter " data-level = "1.4.3.2" data-path = "../practice/app-log-collection.html" >
< a href = "../practice/app-log-collection.html" >
4.3.2 应用日志收集
< / a >
< / li >
< li class = "chapter " data-level = "1.4.3.3" data-path = "../practice/configuration-best-practice.html" >
< a href = "../practice/configuration-best-practice.html" >
4.3.3 配置最佳实践
< / a >
< / li >
< li class = "chapter " data-level = "1.4.3.4" data-path = "../practice/monitor.html" >
< a href = "../practice/monitor.html" >
4.3.4 集群及应用监控
< / a >
< / li >
< li class = "chapter " data-level = "1.4.3.5" data-path = "../practice/jenkins-ci-cd.html" >
< a href = "../practice/jenkins-ci-cd.html" >
4.3.5 使用Jenkins进行持续构建与发布
< / a >
< / li >
< li class = "chapter " data-level = "1.4.3.6" data-path = "../practice/data-persistence-problem.html" >
< a href = "../practice/data-persistence-problem.html" >
4.3.6 数据持久化问题
< / a >
< / li >
< li class = "chapter " data-level = "1.4.3.7" data-path = "../practice/manage-compute-resources-container.html" >
< a href = "../practice/manage-compute-resources-container.html" >
4.3.7 管理容器的计算资源
< / a >
2017-09-25 21:41:08 +08:00
< / li >
< li class = "chapter " data-level = "1.4.3.8" data-path = "../practice/using-prometheus-to-monitor-kuberentes-cluster.html" >
< a href = "../practice/using-prometheus-to-monitor-kuberentes-cluster.html" >
4.3.8 使用Prometheus监控kubernetes集群
< / a >
2017-09-20 21:55:19 +08:00
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.4.4" data-path = "../practice/storage.html" >
< a href = "../practice/storage.html" >
4.4 存储管理
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.4.4.1" data-path = "../practice/glusterfs.html" >
< a href = "../practice/glusterfs.html" >
4.4.1 GlusterFS
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.4.4.1.1" data-path = "../practice/using-glusterfs-for-persistent-storage.html" >
< a href = "../practice/using-glusterfs-for-persistent-storage.html" >
4.4.1.1 使用GlusterFS做持久化存储
< / a >
< / li >
< li class = "chapter " data-level = "1.4.4.1.2" data-path = "../practice/storage-for-containers-using-glusterfs-with-openshift.html" >
< a href = "../practice/storage-for-containers-using-glusterfs-with-openshift.html" >
4.4.1.2 在OpenShift中使用GlusterFS做持久化存储
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.4.4.2" data-path = "../practice/cephfs.html" >
< a href = "../practice/cephfs.html" >
4.4.2 CephFS
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.4.4.2.1" data-path = "../practice/using-ceph-for-persistent-storage.html" >
< a href = "../practice/using-ceph-for-persistent-storage.html" >
4.4.2.1 使用Ceph做持久化存储
< / a >
< / li >
< / ul >
< / li >
< / ul >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.5" data-path = "./" >
< a href = "./" >
5. 领域应用
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.5.1" data-path = "microservices.html" >
< a href = "microservices.html" >
5.1 微服务架构
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.5.1.1" data-path = "service-discovery-in-microservices.html" >
< a href = "service-discovery-in-microservices.html" >
5.1.1 微服务中的服务发现
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter active" data-level = "1.5.2" data-path = "service-mesh.html" >
< a href = "service-mesh.html" >
5.2 Service Mesh 服务网格
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.5.2.1" data-path = "istio.html" >
< a href = "istio.html" >
5.1.1 Istio
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.5.2.1.1" data-path = "istio-installation.html" >
< a href = "istio-installation.html" >
5.1.1.1 安装istio
< / a >
< / li >
< li class = "chapter " data-level = "1.5.2.1.2" data-path = "configuring-request-routing.html" >
< a href = "configuring-request-routing.html" >
5.1.1.2 配置请求的路由规则
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.5.2.2" data-path = "linkerd.html" >
< a href = "linkerd.html" >
5.1.2 Linkerd
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.5.2.2.1" data-path = "linkerd-user-guide.html" >
< a href = "linkerd-user-guide.html" >
5.1.2.1 Linkerd 使用指南
< / a >
< / li >
< / ul >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.5.3" data-path = "big-data.html" >
< a href = "big-data.html" >
5.2 大数据
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.5.3.1" data-path = "spark-standalone-on-kubernetes.html" >
< a href = "spark-standalone-on-kubernetes.html" >
5.2.1 Spark standalone on Kubernetes
< / a >
< / li >
< li class = "chapter " data-level = "1.5.3.2" data-path = "running-spark-with-kubernetes-native-scheduler.html" >
< a href = "running-spark-with-kubernetes-native-scheduler.html" >
5.2.2 运行支持kubernetes原生调度的Spark程序
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.5.4" data-path = "serverless.html" >
< a href = "serverless.html" >
5.3 Serverless架构
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.6" data-path = "../develop/" >
< a href = "../develop/" >
6. 开发指南
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.6.1" data-path = "../develop/developing-environment.html" >
< a href = "../develop/developing-environment.html" >
6.1 开发环境搭建
< / a >
< / li >
< li class = "chapter " data-level = "1.6.2" data-path = "../develop/testing.html" >
< a href = "../develop/testing.html" >
6.2 单元测试和集成测试
< / a >
< / li >
< li class = "chapter " data-level = "1.6.3" data-path = "../develop/client-go-sample.html" >
< a href = "../develop/client-go-sample.html" >
6.3 client-go示例
< / a >
< / li >
< li class = "chapter " data-level = "1.6.4" data-path = "../develop/contribute.html" >
< a href = "../develop/contribute.html" >
6.4 社区贡献
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.7" data-path = "../appendix/" >
< a href = "../appendix/" >
7. 附录
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.7.1" data-path = "../appendix/docker-best-practice.html" >
< a href = "../appendix/docker-best-practice.html" >
7.1 Docker最佳实践
< / a >
< / li >
< li class = "chapter " data-level = "1.7.2" data-path = "../appendix/issues.html" >
< a href = "../appendix/issues.html" >
7.2 问题记录
< / a >
< / li >
< li class = "chapter " data-level = "1.7.3" data-path = "../appendix/tricks.html" >
< a href = "../appendix/tricks.html" >
7.3 使用技巧
< / a >
2017-09-21 15:00:54 +08:00
< / li >
< li class = "chapter " data-level = "1.7.4" data-path = "../appendix/debug-kubernetes-services.html" >
< a href = "../appendix/debug-kubernetes-services.html" >
7.4 kubernetes service中的故障排查
< / a >
2017-09-20 21:55:19 +08:00
< / li >
< / ul >
< / li >
< li class = "divider" > < / li >
< li >
< a href = "https://www.gitbook.com" target = "blank" class = "gitbook-link" >
本书使用 GitBook 发布
< / a >
< / li >
< / ul >
< / nav >
< / div >
< div class = "book-body" >
< div class = "body-inner" >
< div class = "book-header" role = "navigation" >
<!-- Title -->
< h1 >
< i class = "fa fa-circle-o-notch fa-spin" > < / i >
< a href = ".." > 5.2 Service Mesh 服务网格< / a >
< / h1 >
< / div >
< div class = "page-wrapper" tabindex = "-1" role = "main" >
< div class = "page-inner" >
< div class = "search-plus" id = "book-search-results" >
< div class = "search-noresults" >
< section class = "normal markdown-section" >
< h1 id = "service-mesh-服务网格" > Service Mesh 服 务 网 格 < / h1 >
< p > Service mesh 又 译 作 ” 服 务 网 格 “ , 作 为 服 务 间 通 信 的 基 础 设 施 层 。 Buoyant 公 司 的 CEO Willian Morgan 在 他 的 这 篇 文 章 < a href = "https://buoyant.io/2017/04/25/whats-a-service-mesh-and-why-do-i-need-one/" target = "_blank" > WHAT’ S A SERVICE MESH? AND WHY DO I NEED ONE?< / a > 中 解 释 了 什 么 是 Service Mesh, 为 什 么 云 原 生 应 用 需 要 Service Mesh。 < / p >
< blockquote >
< p > A service mesh is a dedicated infrastructure layer for handling service-to-service communication. It’ s responsible for the reliable delivery of requests through the complex topology of services that comprise a modern, cloud native application. In practice, the service mesh is typically implemented as an array of lightweight network proxies that are deployed alongside application code, without the application needing to be aware.< / p >
< / blockquote >
< h2 id = "什么是-service-mesh?" > 什 么 是 service mesh? < / h2 >
< p > Service mesh 有 如 下 几 个 特 点 : < / p >
< ul >
< li > 应 用 程 序 间 通 讯 的 中 间 层 < / li >
< li > 轻 量 级 网 络 代 理 < / li >
< li > 应 用 程 序 无 感 知 < / li >
< li > 解 耦 应 用 程 序 的 重 试 /超 时 、 监 控 、 追 踪 和 服 务 发 现 < / li >
< / ul >
< p > 目 前 两 款 流 行 的 service mesh 开 源 软 件 < a href = "https://istio.io" target = "_blank" > Istio< / a > 和 < a href = "https://linkerd.io" target = "_blank" > Linkerd< / a > 都 可 以 直 接 在 kubernetes 中 集 成 , 其 中 Linkerd 已 经 成 为 CNCF 成 员 。 < / p >
< h2 id = "理解-service-mesh" > 理 解 Service Mesh< / h2 >
< p > 如 果 用 一 句 话 来 解 释 什 么 是 Service Mesh, 可 以 将 它 比 作 是 应 用 程 序 或 者 说 微 服 务 间 的 TCP/IP, 负 责 服 务 之 间 的 网 络 调 用 、 限 流 、 熔 断 和 监 控 。 对 于 编 写 应 用 程 序 来 说 一 般 无 须 关 心 TCP/IP 这 一 层 ( 比 如 通 过 HTTP 协 议 的 RESTful 应 用 ) , 同 样 使 用 Service Mesh 也 就 无 须 关 系 服 务 之 间 的 那 些 原 来 是 通 过 应 用 程 序 或 者 其 他 框 架 实 现 的 事 情 , 比 如 Spring Cloud、 OSS, 现 在 只 要 交 给 Service Mesh 就 可 以 了 。 < / p >
< p > < a href = "http://philcalcado.com/" target = "_blank" > Phil Calç ado< / a > 在 他 的 这 篇 博 客 < a href = "http://philcalcado.com/2017/08/03/pattern_service_mesh.html" target = "_blank" > Pattern: Service Mesh< / a > 中 详 细 解 释 了 Service Mesh 的 来 龙 去 脉 : < / p >
< ol >
< li > 从 最 原 始 的 主 机 之 间 直 接 使 用 网 线 相 连 < / li >
< li > 网 络 层 的 出 现 < / li >
< li > 集 成 到 应 用 程 序 内 部 的 控 制 流 < / li >
< li > 分 解 到 应 用 程 序 外 部 的 控 制 流 < / li >
< li > 应 用 程 序 的 中 集 成 服 务 发 现 和 断 路 器 < / li >
< li > 出 现 了 专 门 用 于 服 务 发 现 和 断 路 器 的 软 件 包 /库 , 如 < a href = "https://finagle.github.io/" target = "_blank" > Twitter 的 Finagle< / a > 和 < a href = "https://code.facebook.com/posts/1503205539947302" target = "_blank" > Facebook 的 Proxygen< / a > , 这 时 候 还 是 集 成 在 应 用 程 序 内 部 < / li >
< li > 出 现 了 专 门 用 于 服 务 发 现 和 断 路 器 的 开 源 软 件 , 如 < a href = "http://netflix.github.io/" target = "_blank" > Netflix OSS< / a > 、 Airbnb 的 < a href = "https://github.com/airbnb/synapse" target = "_blank" > synapse< / a > 和 < a href = "https://github.com/airbnb/nerve" target = "_blank" > nerve< / a > < / li >
< li > 最 后 作 为 微 服 务 的 中 间 层 service mesh 出 现 < / li >
< / ol >
< p > Service mesh 的 架 构 如 下 图 所 示 : < / p >
2017-10-09 15:28:05 +08:00
< figure id = "fig1.5.2.1" > < img src = "../images/serivce-mesh-control-plane.png" alt = "Service Mesh 架构图" > < figcaption > 图 片 - Service Mesh 架 构 图 < / figcaption > < / figure >
2017-09-20 21:55:19 +08:00
< p > 图 片 来 自 : < a href = "http://philcalcado.com/2017/08/03/pattern_service_mesh.html" target = "_blank" > Pattern: Service Mesh< / a > < / p >
< p > Service mesh 作 为 sidecar 运 行 , 对 应 用 程 序 来 说 是 透 明 , 所 有 应 用 程 序 间 的 流 量 都 会 通 过 它 , 所 以 对 应 用 程 序 流 量 的 控 制 都 可 以 在 serivce mesh 中 实 现 。 < / p >
< h2 id = "service-mesh如何工作?" > Service mesh如 何 工 作 ? < / h2 >
< p > 下 面 以 Linkerd 为 例 讲 解 service mesh 如 何 工 作 , Istio 作 为 service mesh 的 另 一 种 实 现 原 理 与 linkerd 基 本 类 似 , 后 续 文 章 将 会 详 解 Istio 和 Linkerd 如 何 在 kubernetes 中 工 作 。 < / p >
< ol >
< li > Linkerd 将 服 务 请 求 路 由 到 目 的 地 址 , 根 据 中 的 参 数 判 断 是 到 生 产 环 境 、 测 试 环 境 还 是 staging 环 境 中 的 服 务 ( 服 务 可 能 同 时 部 署 在 这 三 个 环 境 中 ) , 是 路 由 到 本 地 环 境 还 是 公 有 云 环 境 ? 所 有 的 这 些 路 由 信 息 可 以 动 态 配 置 , 可 以 是 全 局 配 置 也 可 以 为 某 些 服 务 单 独 配 置 。 < / li >
< li > 当 Linkerd 确 认 了 目 的 地 址 后 , 将 流 量 发 送 到 相 应 服 务 发 现 端 点 , 在 kubernetes 中 是 service, 然 后 service 会 将 服 务 转 发 给 后 端 的 实 例 。 < / li >
< li > Linkerd 根 据 它 观 测 到 最 近 请 求 的 延 迟 时 间 , 选 择 出 所 有 应 用 程 序 的 实 例 中 响 应 最 快 的 实 例 。 < / li >
< li > Linkerd 将 请 求 发 送 给 该 实 例 , 同 时 记 录 响 应 类 型 和 延 迟 数 据 。 < / li >
< li > 如 果 该 实 例 挂 了 、 不 响 应 了 或 者 进 程 不 工 作 了 , Linkerd 将 把 请 求 发 送 到 其 他 实 例 上 重 试 。 < / li >
< li > 如 果 该 实 例 持 续 返 回 error, Linkerd 会 将 该 实 例 从 负 载 均 衡 池 中 移 除 , 稍 后 再 周 期 性 得 重 试 。 < / li >
< li > 如 果 请 求 的 截 止 时 间 已 过 , Linkerd 主 动 失 败 该 请 求 , 而 不 是 再 次 尝 试 添 加 负 载 。 < / li >
< li > Linkerd 以 metric 和 分 布 式 追 踪 的 形 式 捕 获 上 述 行 为 的 各 个 方 面 , 这 些 追 踪 信 息 将 发 送 到 集 中 metric 系 统 。 < / li >
< / ol >
< h2 id = "为何使用-service-mesh?" > 为 何 使 用 service mesh? < / h2 >
< p > Service mesh 并 没 有 给 我 们 带 来 新 功 能 , 它 是 用 于 解 决 其 他 工 具 已 经 解 决 过 的 问 题 , 只 不 过 这 次 是 在 Cloud Native 的 kubernetes 环 境 下 的 实 现 。 < / p >
< p > 在 传 统 的 MVC 三 层 Web 应 用 程 序 架 构 下 , 服 务 之 间 的 通 讯 并 不 复 杂 , 在 应 用 程 序 内 部 自 己 管 理 即 可 , 但 是 在 现 今 的 复 杂 的 大 型 网 站 情 况 下 , 单 体 应 用 被 分 解 为 众 多 的 微 服 务 , 服 务 之 间 的 依 赖 和 通 讯 十 分 复 杂 , 出 现 了 twitter 开 发 的 < a href = "https://twitter.github.io/finagle/" target = "_blank" > Finagle< / a > 、 Netflix 开 发 的 < a href = "https://github.com/Netflix/Hystrix" target = "_blank" > Hystrix< / a > 和 Google 的 Stubby 这 样 的 ” 胖 客 户 端 “ 库 , 这 些 就 是 早 期 的 service mesh, 但 是 它 们 都 近 适 用 于 特 定 的 环 境 和 特 定 的 开 发 语 言 , 并 不 能 作 为 平 台 级 的 service mesh 支 持 。 < / p >
< p > 在 Cloud Native 架 构 下 , 容 器 的 使 用 给 予 了 异 构 应 用 程 序 的 更 多 可 行 性 , kubernetes 增 强 的 应 用 的 横 向 扩 容 能 力 , 用 户 可 以 快 速 的 编 排 出 复 杂 环 境 、 复 杂 依 赖 关 系 的 应 用 程 序 , 同 时 开 发 者 又 无 须 过 分 关 心 应 用 程 序 的 监 控 、 扩 展 性 、 服 务 发 现 和 分 布 式 追 踪 这 些 繁 琐 的 事 情 而 专 注 于 程 序 开 发 , 赋 予 开 发 者 更 多 的 创 造 性 。 < / p >
< h2 id = "参考" > 参 考 < / h2 >
< p > < a href = "https://buoyant.io/2017/04/25/whats-a-service-mesh-and-why-do-i-need-one/" target = "_blank" > WHAT’ S A SERVICE MESH? AND WHY DO I NEED ONE?< / a > < / p >
< p > < a href = "http://redmonk.com/jgovernor/2017/05/31/so-what-even-is-a-service-mesh-hot-take-on-istio-and-linkerd" target = "_blank" > So what even is a Service Mesh? Hot take on Istio and Linkerd< / a > < / p >
< p > < a href = "https://medium.com/attest-engineering/linkerd-a-service-mesh-for-aws-ecs-937f201f847a" target = "_blank" > linkerd: A service mesh for AWS ECS< / a > < / p >
< p > < a href = "https://istio.io/blog/istio-service-mesh-for-microservices.html" target = "_blank" > Introducing Istio: A robust service mesh for microservices< / a > < / p >
< p > < a href = "http://blog.christianposta.com/microservices/application-network-functions-with-esbs-api-management-and-now-service-mesh/" target = "_blank" > Application Network Functions With ESBs, API Management, and Now.. Service Mesh?< / a > < / p >
< p > < a href = "http://philcalcado.com/2017/08/03/pattern_service_mesh.html" target = "_blank" > Pattern: Service Mesh< / a > < / p >
2017-10-09 15:28:05 +08:00
< p > < a href = "https://istio.doczh.cn/" target = "_blank" > Istio官 方 文 档 中 文 版 < / a > < / p >
< footer class = "page-footer" > < span class = "copyright" > Copyright © jimmysong.io 2017 all right reserved, powered by Gitbook< / span > < span class = "footer-modification" > Updated:
2017-09-20 21:55:29
< / span > < / footer >
2017-09-20 21:55:19 +08:00
< / section >
< / div >
< div class = "search-results" >
< div class = "has-results" >
< h1 class = "search-results-title" > < span class = 'search-results-count' > < / span > results matching "< span class = 'search-query' > < / span > "< / h1 >
< ul class = "search-results-list" > < / ul >
< / div >
< div class = "no-results" >
< h1 class = "search-results-title" > No results matching "< span class = 'search-query' > < / span > "< / h1 >
< / div >
< / div >
< / div >
< / div >
< / div >
< / div >
< a href = "service-discovery-in-microservices.html" class = "navigation navigation-prev " aria-label = "Previous page: 5.1.1 微服务中的服务发现" >
< i class = "fa fa-angle-left" > < / i >
< / a >
< a href = "istio.html" class = "navigation navigation-next " aria-label = "Next page: 5.1.1 Istio" >
< i class = "fa fa-angle-right" > < / i >
< / a >
< / div >
< script >
var gitbook = gitbook || [];
gitbook.push(function() {
2017-10-11 17:30:58 +08:00
gitbook.page.hasChanged({"page":{"title":"5.2 Service Mesh 服务网格","level":"1.5.2","depth":2,"next":{"title":"5.1.1 Istio","level":"1.5.2.1","depth":3,"path":"usecases/istio.md","ref":"usecases/istio.md","articles":[{"title":"5.1.1.1 安装istio","level":"1.5.2.1.1","depth":4,"path":"usecases/istio-installation.md","ref":"usecases/istio-installation.md","articles":[]},{"title":"5.1.1.2 配置请求的路由规则","level":"1.5.2.1.2","depth":4,"path":"usecases/configuring-request-routing.md","ref":"usecases/configuring-request-routing.md","articles":[]}]},"previous":{"title":"5.1.1 微服务中的服务发现","level":"1.5.1.1","depth":3,"path":"usecases/service-discovery-in-microservices.md","ref":"usecases/service-discovery-in-microservices.md","articles":[]},"dir":"ltr"},"config":{"plugins":["github","codesnippet","splitter","page-toc-button","image-captions","editlink","back-to-top-button","-lunr","-search","search-plus","github-buttons@2.1.0","favicon@^0.0.2","tbfed-pagefooter@^0.0.1"],"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"pluginsConfig":{"tbfed-pagefooter":{"copyright":"Copyright © jimmysong.io 2017","modify_label":"Updated:","modify_format":"YYYY-MM-DD HH:mm:ss"},"github":{"url":"https://github.com/rootsongjc/kubernetes-handbook"},"editlink":{"label":"编辑本页","multilingual":false,"base":"https://github.com/rootsongjc/kubernetes-handbook/blob/master/"},"splitter":{},"codesnippet":{},"fontsettings":{"theme":"white","family":"sans","size":2},"highlight":{},"favicon":{"shortcut":"favicon.ico","bookmark":"favicon.ico"},"page-toc-button":{},"back-to-top-button":{},"github-buttons":{"repo":"rootsongjc/kubernetes-handbook","types":["star"],"size":"small"},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false},"search-plus":{},"image-captions":{"caption":"图片 - _CAPTION_","variable_name":"_pictures"}},"theme":"default","author":"Jimmy Song","pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"variables":{"_pictures":[{"backlink":"concepts/index.html#fig1.2.1","level":"1.2","list_caption":"Figure: Borg架构","alt":"Borg架构","nro":1,"url":"../images/borg.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Borg架构","attributes":{},"skip":false,"key":"1.2.1"},{"backlink":"concepts/index.html#fig1.2.2","level":"1.2","list_caption":"Figure: Kubernetes架构","alt":"Kubernetes架构","nro":2,"url":"../images/architecture.png","index":2,"caption_template":"图片 - _CAPTION_","label":"Kubernetes架构","attributes":{},"skip":false,"key":"1.2.2"},{"backlink":"concepts/index.html#fig1.2.3","level":"1.2","list_caption":"Figure: kubernetes整体架构示意图","alt":"kubernetes整体架构示意图","nro":3,"url":"../images/kubernetes-whole-arch.png","index":3,"caption_template":"图片 - _CAPTION_","label":"kubernetes整体架构示意图","attributes":{},"skip":false,"key":"1.2.3"},{"backlink":"concepts/index.html#fig1.2.4","level":"1.2","list_caption":"Figure: Kubernetes master架构示意图","alt":"Kubernetes master架构示意图","nro":4,"url":"../images/kubernetes-master-arch.png","index":4,"caption_template":"图片 - _CAPTION_","label":"Kubernetes master架构示意图","attributes":{},"skip":false,"key":"1.2.4"},{"backlink":"concepts/index.html#fig1.2.5","level":"1.2","list_caption":"Figure: kubernetes node架构示意图","alt":"kubernetes node架构示意图","nro":5,"url":"../images/kubernetes-node-arch.png","in
2017-09-20 21:55:19 +08:00
});
< / script >
< / div >
< script src = "../gitbook/gitbook.js" > < / script >
< script src = "../gitbook/theme.js" > < / script >
< script src = "../gitbook/gitbook-plugin-github/plugin.js" > < / script >
< script src = "../gitbook/gitbook-plugin-splitter/splitter.js" > < / script >
< script src = "../gitbook/gitbook-plugin-page-toc-button/plugin.js" > < / script >
< script src = "../gitbook/gitbook-plugin-editlink/plugin.js" > < / script >
< script src = "../gitbook/gitbook-plugin-back-to-top-button/plugin.js" > < / script >
< script src = "../gitbook/gitbook-plugin-search-plus/jquery.mark.min.js" > < / script >
< script src = "../gitbook/gitbook-plugin-search-plus/search.js" > < / script >
2017-10-09 15:28:05 +08:00
< script src = "../gitbook/gitbook-plugin-github-buttons/plugin.js" > < / script >
2017-09-20 21:55:19 +08:00
< script src = "../gitbook/gitbook-plugin-sharing/buttons.js" > < / script >
< script src = "../gitbook/gitbook-plugin-fontsettings/fontsettings.js" > < / script >
< / body >
< / html >