2017年Servicemesh动态
- 1: 2017年Servicemesh布道
- 2: 2017年Linkerd动态
- 3: 2017年Envoy动态
- 4: 2017年Conduit动态
1 - 2017年Servicemesh布道
在2017年初,service mesh的概念基本成型
2 - 2017年Linkerd动态
2017-02-23 Linkerd 0.9.0 发布
https://github.com/linkerd/linkerd/releases/tag/0.9.0
2017-04-25 Linkerd 1.0.0 发布
https://github.com/linkerd/linkerd/releases/tag/1.0.0
以下组件不再是实验性:
- Marathon namer
- Consul dtab store
- K8s dtab store
- Zk dtab store
2017-06-13 Linkerd 1.1.0 发布
- 持续改进 TLS 、http2、k8s 、metrics、consul
2017-07-11 Linkerd 1.1.1 发布
- 新增和Istio的集成
- 升级到 Finagle 6.45
2017-09-08 Linkerd 1.2.0 发布
- 持续改进 TLS 、http2、k8s 、metrics、consul
- 新增DNS SRV Record namer
2017-10-06 Linkerd 1.3.0 发布
- 持续改进 k8s 、Prometheus、consul、Curator、DNS SRV Record namer
- 升级到Finagle 7.1
3 - 2017年Envoy动态
2017年,Envoy在平稳中逐渐走向成熟,xDS API逐渐成型
年度动态
2017-03-08 Envoy1.2.0版本发布
https://github.com/envoyproxy/envoy/releases/tag/v1.2.0
- Cluster discovery service (CDS) API.
- Outlier detection (passive health checking).
- Envoy configuration is now checked against a JSON schema.
- Ring hash consistent load balancer, as well as HTTP consistent hash routing based on a policy.
- Vastly enhanced global rate limit configuration via the HTTP rate limiting filter.
- HTTP routing to a cluster retrieved from a header.
- Weighted cluster HTTP routing.
- Auto host rewrite during HTTP routing.
- Regex header matching during HTTP routing.
- HTTP access log runtime filter.
- LightStep tracer parent/child span association.
- Route discovery service (RDS) API.
- HTTP router x-envoy-upstream-rq-timeout-alt-response header support.
- use_original_dst and bind_to_port listener options (useful for iptables based transparent proxy support).
- TCP proxy filter route table support.
- Configurable stats flush interval.
- Various third party library upgrades, including using BoringSSL as the default SSL provider.
- No longer maintain closed HTTP/2 streams for priority calculations. Leads to substantial memory savings for large meshes.
- Numerous small changes and fixes not listed here.
个人小结:
- 关键更新:CDS(Cluster discovery service)API 、RDS(Route discovery service) API、离群检测 (Outlier detection,被动健康检查).
- 重要更新:环形哈希一致性的负载均衡,以及基于策略的HTTP一致性哈希路由,HTTP 路由增强,TCP 路由增强,使用BoringSSL作为默认的SSL提供商
2017-05-18 Envoy1.3.0版本发布
https://github.com/envoyproxy/envoy/releases/tag/v1.3.0
- 各种细节更新,没有特别大的新feature
2017-08-25 Envoy1.4.0版本发布
https://github.com/envoyproxy/envoy/releases/tag/v1.4.0
- 关键更新:增加 LDS API
- 重要更新:直接支持yaml作为配置文件、新增 Original destination cluster and load balancer 、新增 websocket 支持
2017-12-05 Envoy1.5.0版本发布
https://github.com/envoyproxy/envoy/releases/tag/v1.5.0
- 关键更新:xds v2 API接近Production Ready,新增Lua filter
- 重要更新:直接支持yaml作为配置文件、新增 Original destination cluster and load balancer 、新增 websocket 支持,支持 subset load balancer,路由功能的各种优化和增强
年度总结
- xDS 的支持逐渐完善,xDS v2 API逐渐稳定
- 各种功能逐渐丰满
4 - 2017年Conduit动态
2017-12-05 Conduit 0.1.0 发布
https://github.com/linkerd/linkerd2/releases/tag/v0.1.0
- 仅支持HTTP2(后续版本增加了对HTTP1.1的支持)
- 仅仅支持k8s部署(到2021年都只支持k8s)
2017-12-05 博客:Introducing Conduit
https://linkerd.io/2017/12/05/introducing-conduit/
We’ve built Conduit from the ground up to be the fastest, lightest, simplest, and most secure service mesh in the world. It features an incredibly fast and safe data plane written in Rust, a simple yet powerful control plane written in Go, and a design that’s focused on performance, security, and usability. Most importantly, Conduit incorporates the many lessons we’ve learned from over 18 months of production service mesh experience with Linkerd.
我们从头开始打造Conduit,使其成为世界上最快、最轻、最简单、最安全的服务网格。它的特点是用Rust编写的令人难以置信的快速和安全的数据平面,用Go编写的简单而强大的控制平面,以及专注于性能、安全性和可用性的设计。最重要的是,Conduit融合了我们从Linkerd超过18个月的生产服务网格经验中获得的许多教训。
One thing we’ve learned is that there are deployment models where Linkerd’s resource footprint is simply too high. While Linkerd’s building blocks—widely-adopted, production-tested components like Finagle, Netty, Scala, and the JVM—allow Linkerd scale up to incredibly high workloads when given lots of CPU and RAM, they aren’t designed to scale down to environments that have limited resources—in particular, to sidecar-based Kubernetes deployments. So, earlier this year, we asked ourselves: if we could build the ideal service mesh, focused on ultra-low-resource environments, but with the benefit of everything we’ve learned from 18 months of production service mesh experience—what would we build?
我们学到的一点是,在某些部署模式下,Linkerd的资源占用率太高。虽然Linkerd的构建模块–广泛采用的、经过生产测试的组件,如Finagle、Netty、Scala和JVM–允许Linkerd在有大量CPU和内存的情况下扩展到令人难以置信的高工作负载,但它们并不是为了扩展到资源有限的环境–尤其是基于sidecar的Kubernetes部署。因此,今年早些时候,我们问自己:如果我们能建立一个理想的服务网格,专注于超低资源环境,但受益于我们从18个月的生产服务网经验中学到的一切,我们会建立什么?
The answer is Conduit. Conduit is a next generation service mesh that makes microservices safe and reliable. Just like Linkerd, it does this by transparently managing the runtime communication between services, automatically providing features for observability, reliability, security, and flexibility. And just like Linkerd, it’s deployed as a data plane of lightweight proxies that run alongside application code, and a control plane of highly available controller processes. Unlike Linkerd, however, Conduit is explicitly designed for low resource sidecar deployments in Kubernetes.
答案是Conduit。Conduit是下一代服务网格,使微服务安全可靠。就像Linkerd一样,它通过透明地管理服务之间的运行时通信,自动提供可观察性、可靠性、安全性和灵活性等功能来做到这一点。就像Linkerd一样,它被部署为一个轻量级代理的数据面,与应用程序代码一起运行,以及一个高可用的控制器进程的控制面。然而,与Linkerd不同的是,Conduit是明确为Kubernetes中的低资源sidecar部署而设计的。
Conduit的特点:
Blazingly fast and lightweight A single Conduit proxy has a sub-millisecond p99 latency and runs with less than 10mb RSS. 惊人的速度和重量 单一的Conduit代理的p99延迟为亚毫秒级,并以低于10MB的RSS运行。
Built for security From Rust’s memory safety guarantees to TLS by default, we’re focused on making sure Conduit has security in mind from the very beginning. 为安全而构建 从 Rust 的内存安全保证到默认的TLS,我们专注于确保 Conduit 从一开始就考虑到安全性。
Minimalist Conduit’s feature set is designed to be as minimal and as composable as possible, while allowing customization through gRPC plugins. 极简主义 Conduit 的功能集被设计为尽可能的简约和可组合,同时允许通过 gRPC 插件进行定制。