Shulou(Shulou.com)06/02 Report--

Recently, the open source API management platform Kong service provider recently released a new open source project Kuma. This article attempts to deploy the bookinfo application in the Kuma grid to help you better understand the Kuma project.

Kuma is a general control platform that can be used to manage the service network (Service Mesh). It solves the technical limitations of the first generation service network by seamlessly managing network traffic, micro-services and API at layer 4-7.

Kuma emphasizes its ease of use, ensures the security and observability of the underlying network, and even though it provides an advanced and simple control interface, users can still make more advanced configurations. Kuma integrates a fast data platform and an advanced control platform, allowing users to set permissions, expose metrics, and configure routing rules with simple instructions.

In addition, Kuma uses software-defined security, enables mTLS for all layer 4 traffic, and provides highly refined flow control functions to enhance layer 4 routing functions, while Kuma can also quickly implement tracking and logging functions, allowing users to analyze metrics for error troubleshooting. Kuma can be executed on any platform, including Kubernetes, virtual machines, containers, bare metal, and traditional environments, enabling the entire enterprise organization to practice native cloud applications.

Kuma is developed using the open source project Envoy, while Envoy is an agent designed for native cloud applications. Officials mentioned that Envoy is already the standard for edge agents and, together with service networks, has become an important implementation method for native cloud systems, because for more large-scale micro-service applications, monitoring, security and reliability become more important.

The code used in this article can be found in Github (https://github.com/waret/kuma-tutorial).

First configure the control plane with the following command, where a new Mesh named bookinfo is created.

The following figure shows the architecture of the Bookinfo application, which includes four services such as productpage, reviews, details and ratings, and three versions of the reviews service. In this test, we deployed an instance for each version.

In the data plane, in order to deploy all six instances in one server, to avoid conflicts, you need to consider reasonably allocating the ports of inbound and outbound for each instance, as shown below.

It should be noted that the deployment of multiple Sidecar on the same host is not supported in the kuma-v0.1.2 version, but changes have been made on the latest master branch, so the kuma-related command line programs used later in this article are all newly compiled from the master branch.

Execute the following command to configure the ratings-v1 service.

Execute the following command to configure the details-v1 service.

The bookinfo code in the Istio project has been modified to support the configuration of RATINGS_PORT parameters, including the following productpage service. Execute the following command to configure the reviews-v1 service.

Execute the following command to configure the reviews-v2 service.

Execute the following command to configure the reviews-v3 service.

Execute the following command to configure the productpage-v1 service.

Open the browser and type http://$IP:10501/productpage, and you can see the following result, that is, the bookinfo application has been released successfully. Refresh the page and you can see the change in the review score.

To test that the data plane can dynamically update the configuration, update the local port of the bookinfo/reviews service as follows, and execute.

Check the log of the corresponding data plane service, and you can see that the new configuration update takes effect. But the problem here is that the productpage instance itself still accesses the previous port 10504, and Sidecar is unable to forward this port at this time, which will cause an exception in the service itself. So generally speaking, under the Universal mode of Kuma, a better practice is to plan the application, service, instance, port and so on beforehand, and the upgrade will lead to a short interruption of the service.

Summary

Advantages of Kuma

Light weight, say the important things three times, a few executable programs can deploy the service grid infrastructure in many aspects

Support multiple Mesh in obvious ways, providing better isolation.

Unsolved problems

Important functions such as TrafficRoute and TrafficTracing are not supported, so basically Kuma is still unavailable.

Two-way authentication only supports built-in self-signed certificates and can only be configured within the scope of Mesh.

Since functions such as Ingress and Egress in Istio are not supported, when two-way authentication is enabled, the service cannot be released to the public, and the internal service cannot access the external service.

In order to support launching multiple Envoy in Universal mode, hot restart of Envoy is not supported. However, because the xDS configuration is hot updated, the impact is not significant.

In Universal mode, service registration and discovery are not supported, and users need to configure outbound portals that depend on applications for services one by one, and because there is no integrated DNS, inter-service access needs to be specified to IP:Port instead of Service Name like Istio. In Kubernetes mode, it relies on the mechanism of Service. You can parse Hostname or Service Name into ClusterIP, and then forward the HTTP/TCP request after it enters the Sidecar.

Try not to access dependent services during service startup. At this time, the service startup may fail because the Sidecar and data plane are not properly configured.

If you look at the config_dump of Envoy, you can see that it is currently managed in the mode of TCP connection, which does not give full play to the powerful capabilities of Envoy.

In Universal mode, configuring data plane objects and starting Sidecar services all require manual commands from administrators, and more convenient and user-friendly packaging is also necessary.

After this test, we can see that Kuma is still in the initial stage of the project, but overall the technical direction is good. It is not like Istio suddenly on a set of large and comprehensive functions, the learning curve is relatively smooth, so that we can have a good understanding of the convenience that service grid technology can bring to us, as well as the technical difficulties.

At present, one of the reasons hindering the application of service grid technology is the support of historical legacy systems. Generally speaking, we need to modify the old system twice, the first is containerization so that it can run on Kubernetes, and the second is to disassemble or completely replace the RPC framework.

If the service grid can support non-container scenarios, the work can be at least halved. We know that Istio began to support grid expansion starting with v1.3, which means that virtual machines or bare metal hosts are integrated into Isito clusters deployed in Kubernetes. Currently, two methods are supported, one is single network, that is, virtual machines or bare metal hosts are connected to the Kubernetes through * * or VPC, and the other is communication integration through ingress gateways in multiple networks. At present, because Istio itself is heavily dependent on Kubernetes, coupled with other functions of Istio itself have been relatively perfect, in order to increase the grid expansion function, the workload is relatively large, so these two methods are still in the state of development.

Relatively speaking, Kuma provides a new idea of using service grid in virtual machine or bare metal host scenario. Although the current functional completion is relatively low, it is still worthy of continuous attention.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.