Shulou(Shulou.com)06/03 Report--

This article mainly explains "how to avoid a pit in Service Mesh practice". The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "how to avoid a pit in Service Mesh practice".

Service Mesh has become a hot topic in the field of micro-services, and it is also widely regarded as the guiding architecture of cloud native applications. Service Mesh environment can theoretically enhance the traffic management and security level of micro-service communication, and provide comprehensive information about the running state of applications, but it is often difficult to manage and overly complex in practice. In order to avoid falling into the trap, we must take a series of steps to simplify the process.

Identify priorities and plan a journey of exploration

Before embarking on the Service Mesh journey, we first need to identify the most important things and plan the way forward.

For most enterprises, it has become an urgent task to establish zero-trust communication between micro-services, but the needs of different organizations are often different. Maybe you want Service Mesh to provide advanced traffic management capabilities, or you may want to enhance observability through side car agents.

Whatever your needs, you must first prioritize and focus on your work with the understanding and support of developers, SRE engineers, and security operations (SecOps) teams before you get started. Please note that do not expect the whole process to be achieved overnight, otherwise the implementation of Service Mesh will inevitably get into trouble.

Once we have identified the right goal priorities, we can establish a road map for the Service Mesh journey. As a guide to moving forward, the road map should set out the specific sequence of actions to be implemented and determine how each step should be aligned with IT and business goals. For example, you can order the directions of observability you want to enhance to speed up problem resolution and improve the uptime of your application, thereby exceeding predetermined traffic management goals. With this ranking, you can focus on what Service Mesh should achieve and get the corresponding returns.

Choose Service Mesh solution wisely

At present, there are many kinds of Service Mesh control planes on the market, and there are always advantages and disadvantages among different solutions. When choosing Service Mesh, first make sure that it supports your running environment. If you already have a system such as Mesos, an internal proprietary / legacy architecture, or a specific public cloud platform, make sure that the Service Mesh you choose is compatible with it.

Second, determine which Service Mesh control plane to deploy. Although various Service Mesh control planes provide similar basic functionality, different scenarios always differ in terms of functionality and maturity. Determine whether the control plane of Service Mesh is appropriate for your use case, and explore how to design the entire technology stack. In these areas, Istio performed better overall. For example, Istio takes the lead in serving two-way TLS, while the zero-trust implementation capabilities of other Service Mesh microservices still need to be improved.

Third, assess how many complexity factors you can manage with your existing skills and resources. When adding functions, the whole system will become more and more complex as the size of Service Mesh and the number of clusters grow. Please note that we tend to underestimate the level of complexity in the development process. In fact, it is difficult for us to predict what will happen in the future, so we must set limits and leave buffers.

When choosing Service Mesh, pay attention to several "essential factors": observability, security and traffic management, skills already available in the organization, choosing the best Service Mesh architecture, and so on. Also ask yourself if you really need to provide a side car agent for each pod, or whether you need to meet the requirements of alternative or variant architectures such as Citrix ®Service Mesh lite.

Plan for accident and complexity

No matter how carefully planned, you will always encounter accidents when implementing Service Mesh. But this is not to say that the plan is useless-the more well planned you are, the more comfortable you will be in dealing with accidents.

The agent is not that transparent.

Sometimes, the transparency of agents can be quite poor. In general, a timeout is raised when a microservice attempts to invoke a resource that does not exist or is temporarily under a heavy load. However, the presence of a proxy can distort the application timeout, causing each microservice to mistakenly think that its request has been received immediately. To do this, we must carefully adjust the timeout mechanism in the application.

In addition, proxies are also not transparent to HTTP traffic. Many agents convert HTTP headers to lowercase to maintain compliance, consistency, and reduce resource consumption. In fact, the HTTP/2 specification requires headers to be lowercase. If your application still distinguishes HTTP headers by case, the intervention of the agent is likely to undermine its basic functionality. Make sure that the nuances caused by agent communication do not damage your application, while starting to adjust the agent or application ontology to match the actual characteristics of the ecosystem.

Early testing and diligent testing

We cannot predict the future, nor can we foresee which components will go wrong. Service Mesh is a complex distributed system that contains a large number of active components, each of which may fail. If there is a problem with the application, we are faced with application ontologies, associated tools, and even other sources of failure. To this end, you must gradually implement, continuously monitor and ensure frequent testing.

To do this, you need to set up a complete observability stack, covering logging, metrics, distributed traces, and service graphs. Distributed tracking and service graph is the key element of service observability. Distributed tracking can monitor the flow of requests through the micro-service architecture and establish delay mapping through various micro-service hops to help you quickly solve the delay problem. The service diagram is a dynamic graphical representation of the dependencies and running states of the microservices, which can visualize the environment in a simple way and help you find all problems.

It is also important to note that you must adhere to the deployment of continuous testing and guide the project on the right track. You may want to consider setting up an end-to-end 24x7 testing service to continuously test your micro-service system.

Prepare for a large number of revisions

Today's small workshop may develop into a big enterprise tomorrow, and we must make preparations in advance. You may need to adjust the default CPU and memory allocation mechanisms to minimize resource consumption. Similarly, once Service Mesh is deployed, revision requirements will flood in. If there is no sound plan, the continuous operation of the application will soon upgrade to countless side car agents, absolutely can not fight an uncertain battle.

Wisdom is to learn from mistakes, but true wisdom is to learn from the mistakes of others. Service Mesh has a solid commitment to security, advanced traffic management, and even observability, but its implementation is often extremely complex. Please plan carefully, be prepared, and try your best to find a smooth and even fulfilling path of exploration.

Thank you for your reading, the above is the content of "how to avoid the pit in Service Mesh practice". After the study of this article, I believe you have a deeper understanding of the problem of how to avoid the pit in Service Mesh practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.