Comments (4)
The shadow service needs to support the creation of requests from other services, such as easeload, or users through command-line operations. Therefore, it needs to:
- Provide API interface for other service calls.
- Provide emctl subcommand for managers to call.
In addition to the deployment object created by meshdeployment, easemesh also supports native deployment, so we only need to copy the deployment. Copy all or a single qualified deployment of a namespace by specifying the namespace and deployname.
Deployment replication rules are as follows:
-
- The specified namespace must conform to the mutatehook configuration.
-
- Copy only the Deployment where the easemesh-sidecar container exists in the Deployment.Spec.
-
- Remove sidecarcontainer, initcontainer, volume and other elements injected by the operator.
-
- Modify the original name, selector and annotations, and add the shadow tag.
Examples are as follows:
- Original Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "1"
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{"mesh.megaease.com/alive-probe-url":"http://localhost:9900/health","mesh.megaease.com/service-name":"vets-service"},"name":"vets-service","namespace":"spring-petclinic"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"vets-service"}},"template":{"metadata":{"labels":{"app":"vets-service"}},"spec":{"containers":[{"args":["-c","java -server -Xmx1024m -Xms1024m -Dspring.profiles.active=sit -Djava.security.egd=file:/dev/./urandom org.springframework.boot.loader.JarLauncher"],"command":["/bin/sh"],"image":"megaease/spring-petclinic-vets-service:latest","imagePullPolicy":"IfNotPresent","lifecycle":{"preStop":{"exec":{"command":["sh","-c","sleep 10"]}}},"name":"vets-service","ports":[{"containerPort":8080}],"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"200m","memory":"256Mi"}},"volumeMounts":[{"mountPath":"/application/application-sit.yml","name":"configmap-volume-0","subPath":"application-sit.yml"}]}],"restartPolicy":"Always","volumes":[{"configMap":{"defaultMode":420,"items":[{"key":"application-sit-yml","path":"application-sit.yml"}],"name":"vets-service"},"name":"configmap-volume-0"}]}}}}
mesh.megaease.com/alive-probe-url: http://localhost:9900/health
mesh.megaease.com/service-name: vets-service
name: vets-service
namespace: spring-petclinic
spec:
replicas: 1
selector:
matchLabels:
app: vets-service
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: vets-service
spec:
containers:
- args:
- -c
- java -server -Xmx1024m -Xms1024m -Dspring.profiles.active=sit -Djava.security.egd=file:/dev/./urandom org.springframework.boot.loader.JarLauncher
command:
- /bin/sh
env:
- name: JAVA_TOOL_OPTIONS
value: ' -javaagent:/agent-volume/easeagent.jar -Deaseagent.log.conf=/agent-volume/log4j2.xml '
image: megaease/spring-petclinic-vets-service:latest
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- sh
- -c
- sleep 10
name: vets-service
ports:
- containerPort: 8080
protocol: TCP
resources:
limits:
cpu: "2"
memory: 1Gi
requests:
cpu: 200m
memory: 256Mi
volumeMounts:
- mountPath: /application/application-sit.yml
name: configmap-volume-0
subPath: application-sit.yml
- mountPath: /agent-volume
name: agent-volume
- command:
- /bin/sh
- -c
- /opt/easegress/bin/easegress-server -f /sidecar-volume/sidecar-config.yaml
env:
- name: APPLICATION_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
image: 172.20.2.189:5001/megaease/easegress:server-sidecar
imagePullPolicy: IfNotPresent
name: easemesh-sidecar
ports:
- containerPort: 13001
name: sidecar-ingress
protocol: TCP
- containerPort: 13002
name: sidecar-egress
protocol: TCP
- containerPort: 13009
name: sidecar-eureka
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /sidecar-volume
name: sidecar-volume
initContainers:
- command:
- sh
- -c
- "set -e\ncp -r /easeagent-volume/* /agent-volume\n\necho 'name: vets-service\ncluster-join-urls:
http://easemesh-controlplane-svc.easemesh:2380\ncluster-request-timeout:
10s\ncluster-role: reader\ncluster-name: easemesh-control-plane\nlabels:\n
\ alive-probe: http://localhost:9900/health\n application-port: 8080\n
\ mesh-service-labels: \n mesh-servicename: vets-service\n' > /sidecar-volume/sidecar-config.yaml"
image: 172.20.2.189:5001/megaease/easeagent-initializer:latest
imagePullPolicy: IfNotPresent
name: initializer
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /agent-volume
name: agent-volume
- mountPath: /sidecar-volume
name: sidecar-volume
volumes:
- configMap:
defaultMode: 420
items:
- key: application-sit-yml
path: application-sit.yml
name: vets-service
name: configmap-volume-0
- emptyDir: {}
name: agent-volume
- emptyDir: {}
name: sidecar-volume
- Shadow Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "1"
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{"mesh.megaease.com/alive-probe-url":"http://localhost:9900/health","mesh.megaease.com/service-name":"vets-service"},"name":"vets-service","namespace":"spring-petclinic"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"vets-service"}},"template":{"metadata":{"labels":{"app":"vets-service"}},"spec":{"containers":[{"args":["-c","java -server -Xmx1024m -Xms1024m -Dspring.profiles.active=sit -Djava.security.egd=file:/dev/./urandom org.springframework.boot.loader.JarLauncher"],"command":["/bin/sh"],"image":"megaease/spring-petclinic-vets-service:latest","imagePullPolicy":"IfNotPresent","lifecycle":{"preStop":{"exec":{"command":["sh","-c","sleep 10"]}}},"name":"vets-service","ports":[{"containerPort":8080}],"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"200m","memory":"256Mi"}},"volumeMounts":[{"mountPath":"/application/application-sit.yml","name":"configmap-volume-0","subPath":"application-sit.yml"}]}],"restartPolicy":"Always","volumes":[{"configMap":{"defaultMode":420,"items":[{"key":"application-sit-yml","path":"application-sit.yml"}],"name":"vets-service"},"name":"configmap-volume-0"}]}}}}
mesh.megaease.com/alive-probe-url: http://localhost:9900/health
mesh.megaease.com/service-name: vets-service
// 1. Add shadow service-label
mesh.megaease.com/service-labels: "version=shadow"
// 2. change Deployment name
name: vets-service-shadow
namespace: spring-petclinic
spec:
replicas: 1
selector:
matchLabels:
app: vets-service
// 3. add new selector for shadow pods
mesh.megaease.com/mesh-shadow-service: true
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: vets-service
// 4. add new label for shadow pods
mesh.megaease.com/mesh-shadow-service: true
spec:
containers:
- args:
- -c
- java -server -Xmx1024m -Xms1024m -Dspring.profiles.active=sit -Djava.security.egd=file:/dev/./urandom org.springframework.boot.loader.JarLauncher
command:
- /bin/sh
env:
- name: JAVA_TOOL_OPTIONS
value: ' -javaagent:/agent-volume/easeagent.jar -Deaseagent.log.conf=/agent-volume/log4j2.xml '
image: megaease/spring-petclinic-vets-service:latest
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- sh
- -c
- sleep 10
name: vets-service
ports:
- containerPort: 8080
protocol: TCP
resources:
limits:
cpu: "2"
memory: 1Gi
requests:
cpu: 200m
memory: 256Mi
volumeMounts:
- mountPath: /application/application-sit.yml
name: configmap-volume-0
subPath: application-sit.yml
volumes:
- configMap:
defaultMode: 420
items:
- key: application-sit-yml
path: application-sit.yml
name: vets-service
name: configmap-volume-0
from easemesh.
Let me clarify the shadow service architecture through a diagram:
There are several parts in the architecture:
Shadow service: It is an in-cluster service, which accepts requests forward from the EaseMesh control plane (Easegress). When a request is incoming, the Shadow service will fetch the deployment information in the K8s cluster, After rendering a new shadow deployment with annotation, it will send create to the K8s API server to deploy new deployments.
MeshController: It's the endpoint of the EaseMesh control plane, which manages the specifications and service registry of the Mesh. The emctl
and other services could integrate EaseMesh via it.
Why do we need a standalone Shadow service.
First, The logic implemented by the Shadow service doesn't belong to the scope of the common Mesh. Second, it's heavily communicated with K8s and very different from EaseMesh controller implementation. Thirdly, like K8s, the EaseMesh control plane needs a mechanism to allow developers to customize the EaseMesh. After several days of study, I found the K8s has a mechanism to extend the K8s API server which is API Aggregation layer [1]. I think we could leverage its design extending the EaseMesh control plane and implement the requirement.
[1]https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation
from easemesh.
Some Q&A:
- Can emctl communicate with customized service (currently only shadow service) directly?
We use k8s apiserver as one and only one gate for all APIs, and MeshController will also support extensional APIs, so it's better to use unique access gate.
- Does a new customized service means adding a new API (new image) for MeshController (in Easegress)?
No, the extensible APIs of MeshController will cover it from start.
- Does EaseMesh send all information for the shadow service instead of itself fetching?
It depends, we need to design a general APIs(Mesh service dedicated info, general storage, etc) for customized serviced.
from easemesh.
Related to #107, It will be closed after #109 is accepted
from easemesh.
Related Issues (20)
- Deprecated MeshDeployment HOT 1
- ShadowService Topology graph
- The response data type of the management interface is not uniform HOT 6
- Dynamically configure sidecar inject parameters
- should support KUBECONFIG environment variable when install easemesh HOT 1
- what's the different between sidecar and javaAgent? HOT 1
- Golang monkey patching library utilized against terms of license HOT 2
- Support mutable config for all kinds of shadowed services HOT 1
- Cannot change the image names easeagent-initializer and imagePullPolicy in initContainers HOT 1
- 建议megaease官方出一个使用自己系列产品开发的一个云原生demo web应用。 HOT 1
- A Chinese version for README HOT 3
- Support sidecar injection for Pod, DaemonSet, StatefulSet, etc
- Easily mock a service HOT 1
- Support query service instance registered in the registry via emctl
- Install will meet resource invalid problem when there are existed resources HOT 1
- The api certificates.k8s.io/v1beta1 is deprecated in v1.19+, unavailable in v1.22+
- Missing license statement in some source files HOT 2
- Supporting mTLS in EaseMesh HOT 5
- [bug] Caching in sidecar worker won't be updated HOT 1
- Support traffic access control HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from easemesh.