iPaaS在雲原生的思考和探索

{"type":"doc","content":[{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"開題：說實話，一開始決定寫這篇文章並把名字直接和“雲原生”這一在當下如此火熱和宏大的技術體系掛鉤，心裏着實有些忐忑不安。一是雲原生理念和技術體系如此浩瀚，作爲一個可能正在踏入雲原生大門的“新人”（雖然本人踏入軟件研發行業已經11年了），通過一篇文章，結合自己一兩年的經驗和思考，來講清楚雲原生是面臨巨大挑戰的；二是怕被別人冠以“蹭技術熱度”之帽，技術性領域尤其是軟件研發領域，開發者都有一種強烈的危機感和焦慮感，生怕在日新月異、快速迭代的技術洪流中，一不小心就被時代拋棄了。所以，這種文章標題容易讓同行覺得在務虛，反映的是內心焦慮，生怕自己不瞭解前沿技術，結果更多是飯後談資。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"然而隨着京東業務在快速發展，催生出了越來越多的新業務、新賽道和新站點，這些新業態很多都是集團戰略級的，而且京東技術商業化落地和價值輸出作爲集團增長的新曲線的訴求愈來愈強烈。iPaaS作爲京東零售前臺研發標準，在支撐公司新業態、新賽道運營體系的搭建和落地，支撐公司國際化站點、商業化項目等方面發揮了愈來愈重要的作用。但如何進一步抽象和屏蔽技術實施和技術複雜度，如何進一步讓開發者聚焦業務價值的快速交付，如何更進一步提升開發者開發效率和需求交付效率，如何賦予業務更敏捷的試錯能力和更強的創新能力，iPaaS需要來規劃和發揮的空間還是非常大的。當我們結合iPaaS的初衷、願景、價值和雲原生的理念和價值進行思考時，發現iPaaS和雲原生其理念和價值是不謀而合的。所以雲原生的理念和技術是iPaaS未來一個重要的方向，本文是對雲原生和雲原生落地iPaaS的一個初步思考。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"先簡單瞭解一下iPaaS。（iPaaS的詳細介紹可以參考另一篇文章：https:\/\/mp.weixin.qq.com\/s\/uMprW-dglk9SD_X_MV5CSQ。）"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"iPaaS是什麼？"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"iPaaS爲京東零售前臺研發標準，其定義爲：“iPaaS是一套開放、共生、智能、協同的技術標準體系，旨在把被海量業務和流量所成功驗證過的平臺化能力全面標準化和開放化，並提供覆蓋大前端到大後端的立體式和完整的技術開放體系，讓開發者從大量同質性勞動中解脫出來，最大程度聚焦在業務開發商，實現高效、靈活開發和定製業務的個性化需求。業務在iPaaS持續繁榮的生態圈中盡情享受了能力共享和技術創新的紅利，通過iPaaS，業務能夠極速構建運營體系，加速業務數字化升級和業務創新。”。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"iPaaS的價值"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"iPaaS面向開發者，其終極價值在於高效支撐業務，其價值總結來看包括："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"a. 讓開發者聚焦業務，提升開發者生產力。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"b. 降本提效。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"c. 賦予業務極速創新能力。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"d. 助力技術商業化落地。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"iPaaS的願景"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"iPaaS的願景是以技術和業務能力的標準化、規範化爲基礎，拉通智能協同鏈路，打造高度可集成、可連接外部系統和業務的能力，達到與開發者和業務開放共生，實現互利多贏，助力開發者聚焦業務價值和個性化需求定製，支撐業務快速搭建運營體系，實現快速試錯和業務創新。總結來看，iPaaS的最頂層願景是通過標準化能力和技術開放能力連接開發者、業務和iPaaS平臺，形成一個不斷繁榮、良性發展的生態圈，以實現開發者-業務-iPaaS的三贏局面。 "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/2d\/c8\/2db66588cbbf604b57cf105cb94917c8.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"  "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"雲原生"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"從雲原生業界比較認可的定義（“雲原生技術有利於各組織在公有云、私有云和混合雲等新型動態環境中，構建和運行可彈性擴展的應用。雲原生的代表技術包括容器、服務網格、微服務、不可變基礎設施和聲明式API。這些技術能夠構建容錯性好、易於管理和可觀測的松耦合系統。結合可靠的自動化手段，雲原生技術使工程師能夠輕鬆地對系統作出頻繁和可預測的重大變更。”）可以看出，雲原生是一種理念，生在雲上，長在雲上，最大化地發揮雲的能力和價值。也是一系列架構原則和設計模式的集合，旨在將雲應用中的非業務代碼的部分進行最大化的剝離，從而讓雲設施（IaaS、PaaS）接管應用中原有的大量非功能特性，讓開發者聚焦在業務價值交付上。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們剖析並總結iPaaS和雲原生的理念和價值，發現很多方面都是非常契合的，這堅定了我們未來融合雲原生理念和技術，本文算是對雲原生理論和落地iPaaS的一些淺層次的思考。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"最後需要給本文的讀者“打一劑預防針”，本文對雲原生的解讀只限在整體性和入門級的介紹，通過本文能知道雲原生是什麼？能瞭解其理念、思想、價值和技術棧，如果想通過本文來深度瞭解雲原生的技術原理和方案，那臣妾辦不到啊，還需要結合技術的官網進行進一步的學習和研究。最後本文會解讀一下iPaaS在雲原生落地的方向和規劃，可能存在誤區，也歡迎各位讀者能夠給到有意義的建議和提示。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"本文將重點講解以下5方面："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"1. 回顧軟件交付的發展歷程。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"2. 什麼是雲原生？雲原生能給我們帶來什麼？"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"3. 雲原生的架構原則和設計模式。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"4. 雲原生主要技術。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"5. iPaaS（京東前臺研發標準）在雲原生的思考和探索。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"1、軟件交付的發展歷程"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"作爲一個在軟件研發行業紮根超過11年的“老兵”，經歷過在中小公司通過shell腳本+配置文件+war包方式交付客戶軟件，到把程序和運行時打包到龐大虛擬機然後通過移動硬盤交付給客戶部署，在到現在在京東通過一站式的集成交付平臺只需要點幾個按鈕就可以管理和部署數千個應用實例，高峯期每天數十次的頻繁發佈交付的歷程。過去十年是互聯網行業快速和顛覆式發展的十年，也是雲計算和軟件交付技術快速發展的十年。讓我們把視線拉向過去，回顧一下軟件交付技術的發展歷程。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"Chroot Jail"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"虛擬化容器技術可以追溯到上個世紀，1979 年，貝爾實驗室爲Unix V7操作系統的發佈進行最後的開發和測試，爲了提高系統級別軟件構建和測試的效率，他們開始設計和構思在現有操作系統環境下“隔離”出一個可供軟件進行構建和測試的環境，通過一個簡單的命令就可以改變程序的“視圖”，每次只要在當前目錄裏放置一個完整操作系統文件系統部分，該軟件運行所需的所有依賴就完備了。這樣開發者間接擁有了應用基礎設施“快速銷燬和重現”的能力，而不需要在環境搭好之後進入到環境裏去進行應用所需的依賴安裝和配置。於是chroot（Change Root）的技術就誕生了，用來重定向進程及其子進程的根目錄到一個文件系統上的新位置，被隔離出來的環境被賦予了一個很形象的名字：Chroot Jail，Chroot也算是人類第一次進入“進程隔離”的大門。chroot也逐漸成爲了開發測試環境配置和應用依賴管理的一個重要工具。2000 年，同屬 Unix 家族的 FreeBSD 操作系統發佈了“jail”命令，把” 隔離“這個概念擴展到了進程的完整視圖，擁有獨立進程環境和用戶體系，分配獨立的 IP 地址。chroot 打開進程環境隔離的大門，但 FreeBSD Jails才實現真正進程的沙箱化，這種沙箱是通過操作系統級別的隔離與限制能力來實現而非硬件虛擬化技術。不過在Jails時代，“雲”的概念尚未普及， 進程沙箱技術一直侷限在了小衆的場景世界裏。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"LXC"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Google在2006年之間發佈了一個名爲Process Container 技術，提供操作系統級別的資源限制、優先級控制、資源審計能力和進程控制能力，與沙箱理念不謀而合，這個技術也是Google 內部基礎設施得以實現的基本訴求和基礎依賴，也成爲了 Google 眼中“容器”技術的雛形，Process Container推出後的第二年就進入了 Linux 內核主幹。但因Container在Linux內核中另有它用，Process Container 在 Linux 中被正式改名爲Cgroups。2008 年LXC把 Cgroups 的資源管理和限制能力和 Linux Namespace 的視圖隔離能力組合在一起，提交併正式進入Linux內核。並伴隨着Linux OS開始迅速佔領商用服務器市場的契機，LXC受到了chroot等未曾有的關注。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"PaaS"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2008年後世界上互聯網巨頭們AWS，Microsoft 開始持續加大在公有云的投入，思考和落地在 IaaS 之上構建新的技術與商業價值，催生出了我們現在都耳熟能詳的新興產業：PaaS。2009年開源項目Cloud Foundry發佈，第一次對PaaS的概念完成了清晰而完整的定義。PaaS定位是應用的託管服務，其理念“PaaS對應用的直接管理、編排和調度讓開發者專注於業務邏輯而非基礎設施”在雲計算行業得到了一致的認同，藉助PaaS離開發者足夠近的優勢，從而鎖定雲服務，這就要求PaaS必須不依賴IaaS底層技術基礎實施，能夠高效打包封裝用戶的應用，快速的部署到低層基礎設施上。開源、中立、輕量、敏捷的Linux容器技術成了PaaS實現應用託管和部署的絕佳選擇，Linux 容器已經跳出了進程沙箱的侷限性，開始扮演着“應用容器”的角色，容器和應用畫上了等號，這才最終使得平臺層系統能夠實現應用的全生命週期託管。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"Docker"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2013年一家叫dotCloud的公司發佈了一個顛覆性的開源項目Docker，Docker通過容器鏡像，將應用運行所需的完整環境（包括操作系統的文件系統）進行整體打包，實現“一次發佈、隨處運行”，比通過Buildpack把一個應用可運行文件如WAR包和腳本配置進行封裝，連製作一個開發和測試環境都無法統一的技術要先進高明的多。同時Docker借鑑Git的思想，通過 DockerHub 這樣的鏡像託管倉庫，能夠讓高效分發和交付你的軟件服務到世界任何地方。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"終極來看Docker其實一直在思考和解決的一個問題是：軟件究竟應該通過什麼樣的方式進行交付？容器鏡像給出一份完美的答案。就連Docker自己都說自己只是“站在巨人肩膀上”，確實沒有過去十幾年Linux 容器等技術的完善和發展，一個創業公司的開源項目就能顛覆整個行業恐怕是癡人說夢。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"Kubernetes"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"容器鏡像已經成爲了雲時代軟件交付與分發的事實標準。Docker、Mesosphere、Kubernetes在“應用”有着不同理解和頂層設計，Docker體系以“單一容器”爲核心的應用定義方式，而Kubernetes則提出了一整套容器化設計模式和對應的控制模型，從而明確瞭如何真正以容器爲核心構建能夠真正跟開發者對接起來的應用交付和開發範式，最終Kubernetes取得到了雲時代應用編排的關鍵領導地位。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"雲原生"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kubernetes已發展爲雲時代應用編排的事實標準，作爲連通“雲”與“應用”的高速公路，以標準、高效的方式將“應用”快速交付到世界上任何一個位置，既可以是最終用戶，也可以是PaaS\/Serverless從而催生出更加多樣化的應用託管生態。其背後的思想和目標就是最大程度的發揮容器和雲的價值，這正是整個“雲原生”的理念。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"2、什麼是雲原生？"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"雲原生定義"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"CNCF（Cloud Native Computing Foundation，成立於2015年，致力於雲原生技術普及和可持續發展的基金會）給出的定義："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“"},{"type":"text","marks":[{"type":"italic"}],"text":"Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach."}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"italic"}],"text":"These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil."},{"type":"text","text":"”"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"翻譯過來："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“"},{"type":"text","marks":[{"type":"italic"}],"text":"雲原生技術有利於各組織在公有云、私有云和混合雲等新型動態環境中，構建和運行可彈性擴展的應用。雲原生的代表技術包括容器、服務網格、微服務、不可變基礎設施和聲明式API。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"italic"}],"text":"這些技術能夠構建容錯性好、易於管理和可觀測的松耦合系統。結合可靠的自動化手段，雲原生技術使工程師能夠輕鬆地對系統作出頻繁和可預測的重大變更。“"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"你如果是第一次讀這個定義，會不會感覺有點晦澀難懂。構建彈性可擴展應用，容錯性好、易管理、可觀測系統，表達的太寬泛了，並不代表一種特定的概念和方法，這些目標我們用一系列方法論、設計思想和設計模式也可以達成，這個定義還是很難讓我們抓住雲原生的本質是什麼。我們先略過CNCF的官方定義，從雲原生的形態和終極價值的角度來解剖和理解雲原生。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"應用以原生形態被設計生在、長在雲上，以充分發揮雲的優勢"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"雲原生，從字面上拆成2個詞，“雲”和“原生”，雲就是強大的雲計算能力，也是前提。原生是對企業應用來講的，雲原生時代的應用被設計成“生在雲上，長在雲上”。應用是原生的，只包含業務代碼，意味着需要最大化剝離應用中非業務的代碼和功能，讓雲基礎設施來接管（包括IaaS、PaaS等），應用可最大化利用雲的優勢，充分享受雲計算的技術紅利。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"討論雲原生，是在討論一系列架構原則和模式的集合。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"開發者遵循一種新的軟件開發、發佈和運維模式，使得雲原生下的應用可以從大量非業務\/非功能性（高可用挑戰、自動擴縮容挑戰、安全挑戰、運維升級挑戰等）需求和挑戰中解脫出來，從而能夠最大化聚焦在業務價值交付上。用戶採用一條低心智負擔的、敏捷的，能夠以可擴展、可複製和自動化的方式最大化地利用雲的能力、發揮雲的價值的最佳路徑來構建和交付應用，開發複雜度和運維工作量都得到極大降低。雲原生背後的一個價值觀是：將複雜留給雲，將簡單留給應用。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"所以雲原生背後蘊含了一組架構原則，包括：服務化、彈性、可觀測性、韌性、自動化、零信任、架構持續演進。也包括了一組架構模式：微服務架構模式、Service Mesh架構模式、Serverless模式、存儲計算分離模式、分佈式事務模式、可觀測架構、事件驅動架構。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"討論雲原生，是在討論雲原生能給企業和用戶帶來什麼價值。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"雲把軟硬件的能力升級成服務，形成強大的技術服務能力和資源優化能力，讓用戶以低成本、敏捷的方式構建數字化應用，開發者聚焦在業務開發，系統天然具備高可用、高移植性、高彈性等特點，從而賦予企業和業務更敏捷的迭代和更高效的軟件交付能力，企業更快推出新的產品功能和點子到市場和用戶，幫助業務更快試錯和創新，在如今日新月異、競爭越來越劇烈的市場大環境下打造企業的核心競爭力。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"雲原生本質上也是一套“以利用雲計算技術爲用戶降本增效”的最佳實踐與方法論。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"討論雲原生，是在討論雲原生的技術。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"雲原生開源技術生態基本統一了軟件交付和運維的模式。容器技術和Kubernetes服務編排技術的結合，解決了應用部署自動化、標準化、配置化問題。微服務通過把巨石應用拆解爲若干單功能的服務，減少了服務間的耦合性，讓開發和部署更加便捷和靈活，可以有效降低開發週期。Service Mesh讓中間件的升級和應用系統的升級完全解耦，在運維和管控方面的靈活性獲得提升。Serverless讓運維對開發透明，對於應用所需資源進行自動伸縮。FaaS是Serverless的一種實現，則更加簡化了開發運維的過程，從開發到最後測試上線都可以在一個集成開發環境中完成。所以，雲原生代表一系列的技術（容器技術、雲原生微服務、Serverless、Service Mesh技術、DevOps），來最大化利用雲的能力，提升開發效率，提升應用交付質量和速度。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"所以，到底什麼是雲原生？"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我個人更願意這樣來解釋雲原生："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"雲原生代表着一種新的軟件設計理念，應用從一開始就被設計爲長在雲上、生在雲上，讓雲基礎設施來接管應用中的非業務性代碼和功能，用戶專注於真正有價值的業務代碼，充分發揮雲的優勢，以靈活、低成本的方式構建彈性、可擴展的應用；同時，雲原生也代表着一系列的方法論、實踐和技術，包括容器、微服務、Serverless、DevOps、服務網格等。這些方法論和技術，幫助我們構建韌性、彈性、可移植、可擴展的應用，提升企業的軟件交付能力，賦予企業敏捷迭代、快速試錯和創新的競爭力。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"什麼是雲原生或許會一直在變，也或許永遠沒有確切和標準的答案，但正是這種“永遠沒有確切定義”的特點讓雲原生保持了持續生命力，其理念和技術不斷革新和演進，推動雲計算向前發展。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"3、雲原生的架構原則和設計模式"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"雲原生也給出了若干應用架構原則和設計模式，作爲應用的架構控制面，引導和規範架構師設計出高容錯性、彈性和可擴展的應用。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"一、雲原生架構原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"1、服務化原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通過服務化把不同生命週期的模塊分離出來，獨立業務迭代，避免迭代頻繁的模塊被變化低的模塊拖慢，從而提升整體迭代速度和穩定性。服務化架構面向接口契約編程，服務內職責和功能高度內聚，通過提取應用中公共功能模塊大大提升了軟件的複用性。雲原生架構把服務化放在首位，還在於服務化從架構層面抽象化業務模塊之間的關係，標準化服務流量的傳輸，從而幫助業務模塊進行基於服務流量的策略控制和治理，服務是用什麼語言編寫的並不關心。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"2、彈性原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"彈性是指系統的部署規模可以隨着業務流量和容量變化而自動伸縮，無須根據事先的容量規劃準備固定的硬件和軟件資源。好的彈性能力不僅縮短了從採購到上線的時間，讓企業不用操心額外軟硬件資源的成本支出，無須爲閒置成本買單，降低了企業的IT 成本，最重要的是當業務面臨突發性的容量擴張和流量增長時，不會因爲軟硬件資源儲備不足而支撐不了，避免讓企業錯過業務和用戶增長的好機會，保障了企業收益。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"3、可觀測原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"建立可觀測性的主要目標是對服務SLO（Service Level Objective）進行度量，從而優化 SLA，因此架構設計上需要爲各個組件定義清晰的 SLO，包括併發度、耗時、可用時長、容量等。大規模集羣應用之間的調用關係、宕機和故障原因是極其複雜的，可觀測性可使運維、開發和業務人員實時掌握軟件運行情況，並結合多個維度的數據指標，獲得關聯分析和問題歸因分析的能力，不斷對業務健康度和用戶體驗進行數字化衡量和持續優化。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"4、韌性原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"韌性代表了當軟件所依賴的軟硬件組件出現各種異常時，軟件表現出來的抵禦能力，這些異常通常包括硬件故障、硬件資源瓶頸（如CPU\/ 網卡帶寬耗盡）、業務流量超出軟件設計能力、影響機房工作的故障和災難、軟件 bug、黑客攻擊等對業務不可用帶來致命影響的因素。韌性從多個維度詮釋了軟件持續提供業務服務的能力。從架構設計上，韌性包括服務異步化能力、重試 \/ 限流 \/ 降級 \/熔斷 \/ 反壓、主從模式、集羣模式、AZ 內的高可用、單元化、跨 region 容災、異地多活容災等。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"5、自動化原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"技術往往是把“雙刃劍”，容器、微服務、DevOps、大量第三方組件的使用，在降低分佈式複雜性和提升迭代速度的同時，因爲整體增大了軟件技術棧的複雜度和組件規模，所以不可避免地帶來了軟件交付的複雜性。GitOps、Kubernetes operator 和大量自動化交付工具在 CI\/CD 流水線中的實踐，一方面標準化企業內部的軟件交付過程，另一方面在標準化的基礎上進行自動化，通過配置數據自描述和麪向終態的交付過程，讓自動化工具理解交付目標和環境差異，實現整個軟件交付和運維的自動化。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"6、零信任原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"零信任是對系統安全架構和設計思想的重新審視，在默認情況下不應該信任網絡內外部的任何人\/設備\/系統，要通過認證和授權構建訪問控制的基礎。並且零信任也體現應用的高可用和容錯性建設思想中，假設一切上下游、中間件、網絡等都有可能出現故障，反推應用自身建立熔斷、限流、降級、兜底等能力，從而構建韌性、自愈和高容錯行的應用。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"7、架構持續演進原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"技術和業務的演進速度非常快，很少有一開始就清晰定義和設計並在整個軟件生命週期裏面都適用的架構，相反往往還需要對架構進行一定範圍內的重構，因此雲原生架構本身也應該和必須是一個具備持續演進能力的架構，而不是一個封閉式架構。增量迭代、目標選取，架構治理和風險控制。是在業務高速迭代情況下的架構、業務、實現平衡關係。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"二、雲原生架構模式"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"1、服務化架構模式"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"求以模塊爲顆粒度劃分一個軟件服務，分離模塊和部署關係，不同服務按需獨立縮擴容，按照業務屬性獨立升級迭代，提升整體迭代效率。微服務以接口契約定義彼此業務關係，以標準協議確保彼此的互聯互通，結合DDD（領域模型驅動）、TDD（測試驅動開發）、容器化部署提升每個接口的代碼質量和迭代速度。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"2、Mesh架構模式"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Mesh 化架構是把中間件框架（比如 RPC、緩存、異步消息等）從業務進程中分離，讓中間件 SDK與業務代碼進一步解耦，從而使得中間件升級對業務進程沒有影響，分離後在業務進程中只保留很“薄”的 Client 部分，Client 通常很少變化，只負責與 Mesh 進程通訊，原來需要在 SDK 中處理的流量控制、安全等邏輯由 Mesh 進程完成。實施 Mesh 化架構後，大量分佈式架構模式（熔斷、限流、降級、重試、反壓、隔倉⋯⋯）都由Mesh 進程完成，即使在業務代碼的製品中並沒有使用這些三方軟件包；同時獲得更好的安全性（比如零信任架構能力）、按流量進行動態環境隔離、基於流量做冒煙 \/ 迴歸測試等。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"3、Serverless模式"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Serverless 將“部署”這個動作從運維中“收走”，使開發者不用關心應用在哪裏運行，更不用關心裝什麼 OS、怎麼配置網絡、需要多少 CPU ⋯。是否適合於 Serverless 運算。如果應用是有狀態的，雲在進行調度時可能導致上下文丟失，畢竟Serverless 的調度不會幫助應用做狀態同步；如果應用是長時間後臺運行的密集型計算任務，會得不到太多 Serverless 的優勢；如果應用涉及到頻繁的外部 I\/O（網絡或者存儲，以及服務間調用），也因爲繁重的 I\/O 負擔、時延大而不適合。Serverless 非常適合於事件驅動的數據計算任務、計算時間短的請求 \/ 響應應用、沒有複雜相互調用的長週期任務。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"3、存儲計算分離模式"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在雲環境中，推薦把各類暫態數據（如session）、結構化和非結構化持久數據都採用雲服務來保存，從而實現存儲計算分離。一些狀態如果保存到遠端緩存，會造成交易性能的明顯下降，比如交易會話數據太大、需要不斷根據上下文重新獲取等，則可以考慮通過採用 Event Log + 快照（或 Check Point）的方式，實現重啓後快速增量恢復服務，減少不可用對業務的影響時長。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"4、事件驅動架構"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"本質上是一種應用\/ 組件間的集成架構模式。事件具有 schema，所以可以校驗 event 的有效性，同時 EDA 具備 QoS保障機制，也能夠對事件處理失敗進行響應。事件驅動模式一般用在下面場景下："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"增強服務韌性："},{"type":"text","text":"由於服務間是異步集成的，也就是下游的任何處理失敗甚至宕機都不會被上游感知。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"CQRS"},{"type":"text","text":"（Command Query Responsibility Segregation）：把對服務狀態有影響的命令用事件來發起，而對服務狀態沒有影響的查詢才使用同步調用的 API 接口；結合 EDA 中的 Event Sourcing 可以用於維護數據變更的一致性，當需要重新構建服務狀態時，把 EDA 中的事件重新“播放”一遍即可。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"構建開放式接口"},{"type":"text","text":"：在EDA 下，事件的提供者並不用關心有哪些訂閱者，不像服務調用的場景 —— 數據的產生者需要知道數據的消費者在哪裏並調用它，因此保持了接口的開放性；"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"事件流處理"},{"type":"text","text":"：應用於大量事件流（而非離散事件）的數據分析場景，典型應用是基於Kafka 的日誌處理。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"基於事件觸發的響應：在IoT 時代大量傳感器產生的數據，不會像人機交互一樣需要等待處理結果的返回，天然適合用 EDA 來構建數據處理應用。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"數據變化通知"},{"type":"text","text":"：在服務架構下，往往一個服務中的數據發生變化，另外的服務會感興趣，比如用戶訂單完成後，積分服務、信用服務等都需要得到事件通知並更新用戶積分和信用等級。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"5、可觀測架構"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"可觀測架構包括Logging、Tracing、Metrics 三個方面，其中 Logging 提供多個級別(verbose\/ debug\/warning\/error\/fatal)的詳細信息跟蹤，由應用開發者主動提供；Tracing 提供一個請求從前端 到後端的完整調用鏈路跟蹤，對於分佈式場景尤其有用；Metrics 則提供對系統量化的多維度度量。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"4、雲原生主要技術"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"雲原生背後包含了一系列的技術，通過在應用中採納和實踐這些技術，來讓我們享受雲計算的優勢和紅利，讓我們聚焦業務價值交付，提升企業敏捷性和創新能力。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"一、容器"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"爲了更好理解容器是什麼，有什麼價值，我們有必要回顧一下軟件部署架構和交付的歷史，下面這張圖（相信大家已經看過無數次了）可以很好的描述軟件部署的發展三階段："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/85\/29\/854ff5f17955ff51ffc845da18cac329.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"1、傳統部署時代"},{"type":"text","text":"："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"早期，各個組織機構在物理服務器上運行應用程序。無法爲物理服務器中的應用程序定義資源邊界，這會導致資源分配問題。例如，如果在物理服務器上運行多個應用程序，則可能會出現一個應用程序佔用大部分資源的情況，結果可能導致其他應用程序的性能下降。一種解決方案是在不同的物理服務器上運行每個應用程序，但是由於資源利用不足而無法擴展，並且維護許多物理服務器的成本很高。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"2、虛擬化部署時代"},{"type":"text","text":"："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"作爲解決方案，引入了虛擬化。虛擬化技術允許你在單個物理服務器的CPU 上運行多個虛擬機（VM）。 虛擬化允許應用程序在 VM 之間隔離，並提供一定程度的安全，因爲一個應用程序的信息 不能被另一應用程序隨意訪問。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"虛擬化技術能夠更好地利用物理服務器上的資源，並且因爲可輕鬆地添加或更新應用程序而可以實現更好的可伸縮性，降低硬件成本等等。每個VM 是一臺完整的計算機，在虛擬化硬件之上運行所有組件，包括其自己的操作系統。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"3、容器部署時代"},{"type":"text","text":"："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"容器也是一種沙箱思想的體現，屏蔽不同環境之間的差異，進而基於容器做標準化的軟件交付。開發者可以打包他們的應用以及依賴包到一個可移植的鏡像中，然後發佈到任何流行的Linux或Windows 機器上，所以也可以稱容器是一個視圖隔離、資源可限制、獨立文件系統（鏡像是容器所需的二進制文件、配置文件以及依賴的文件集合）的進程集合。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"VM是對硬件資源的虛擬，Docker是對操作系統的虛擬。相比VM，Docker比虛擬化少了兩層： hypervisor層和GuestOS層，使用 Docker Engine 進行調度和隔離，所有應用共用主機操作系統，因此在體量上，Docker較虛擬機更輕量級，在性能上優於虛擬化，接近裸機性能。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"正如集裝箱的出現加速了貿易全球化進程，以容器爲代表的技術作推動和加速雲計算和雲原生普及和發展。航運業使用物理容器（集裝箱）來打包和隔離不同的貨物，以便在輪船、火車、卡車和飛機上運輸，雲原生時代，把應用程序的代碼與相關配置文件、庫以及運行應用所需的依賴項捆綁在一起，讓應用可以跨雲平臺和技術設施，以一致和可靠的方式運行。這使得開發者和IT 專業人員能夠更快、更安全地創建和部署應用程序。容器技術在應用程序的整個生命週期工作流中提供了高隔離、可移植性、靈活性、可伸縮性和控制優勢。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"容器具有如下優勢："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"敏捷應用程序的創建和部署：與使用VM 鏡像相比，提高了容器鏡像創建的簡便性和效率。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"持續開發、集成和部署：通過快速簡單的回滾（由於鏡像不可變性），支持可靠且頻繁的容器鏡像構建和部署。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"關注開發與運維的分離：在構建\/發佈時而不是在部署時創建應用程序容器鏡像， 從而將應用程序與基礎架構分離。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"可觀察性不僅可以顯示操作系統級別的信息和指標，還可以顯示應用程序的運行狀況和其他指標信號。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"跨開發、測試和生產的環境一致性：在便攜式計算機上與在雲中相同地運行。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"跨雲和操作系統發行版本的可移植性：可在Ubuntu、RHEL、CoreOS、本地、 Google Kubernetes Engine 和其他任何地方運行。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"以應用程序爲中心的管理：提高抽象級別，從在虛擬硬件上運行OS 到使用邏輯資源在 OS 上運行應用程序。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"鬆散耦合、分佈式、彈性、解放的微服務：應用程序被分解成較小的獨立部分，並且可以動態部署和管理- 而不是在一臺大型單機上整體運行。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"資源隔離：可預測的應用程序性能。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"資源利用：高效率和高密度。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Docker 是一個典型的開源、流行應用容器引擎，已成爲雲時代應用分發和交付的事實標準。Docker使應用通過“自包含”的方式打包應用，使應用以敏捷、可擴展、可複製的方式發佈在雲上，極大提升應用的可移植性、部署密度和彈性，最大化發揮出雲的能力。這也就是容器技術對雲發揮出的革命性影響所在，容器技術讓管理應用等於管理容器本身，因此容器技術是雲原生技術的核心底盤。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"二、Kubernetes"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"1、什麼是Kubernetes？"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Docker體系是以“單一容器”爲核心的應用定義方式，而應用程序擴展到跨多個服務器部署的多個容器，因此對其進行操作變得更加複雜。如何協調和安排多個容器？應用程序中所有不同的容器之間如何實現相互通信？如何縮放多個容器實例？這就需要一個可以對應用進行編排和調度的計算。Kubernetes。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Docker、Mesosphere、Kubernetes在“應用”有着不同理解和頂層設計，而Kubernetes則提出了一整套容器化設計模式和對應的控制模型，從而明確瞭如何真正以容器爲核心構建能夠真正跟開發者對接起來的應用交付和開發範式，最終Kubernetes取得到了雲時代應用編排的關鍵領導地位。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kubernetes作爲大規模分佈式資源調度和編排的引擎，已成爲雲時代容器調度和編排的事實標準，現在很多人也稱Kubernetes爲雲原生的操作系統。Kubernetes 以一種可移植、可伸縮且可擴展的方式實現基於容器的應用程序，可實現自動化的資源調度、應用自動部署和回滾、彈性伸縮、服務發現和負載均衡、自我修復\/自愈，通過屏蔽了底層架構的複雜性和差異性，幫助應用平滑運行在不同基礎設施上。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"總結來說，Kunbernetes可以幫助我們："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"資源調度"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根據應用請求的資源量CPU、Memory，或者 GPU 等設備資源，在集羣中選擇合適的節點來運行應用。Kubernetes可以更加充分地利用硬件，最大程度獲取運行企業應用所需的資源。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"應用部署和管理"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"支持應用的自動發佈與應用的回滾，以及與應用相關的配置的管理。也可以自動化存儲卷的編排，讓存儲卷與容器應用的生命週期相關聯。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"自動修復"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kubernetes讓應用機器具備自愈能力，通過監測這個集羣中所有的宿主機，重新啓動失敗的容器、替換容器、殺死不響應用戶定義的運行狀況檢查的容器，實行機器自動修復。這一切對於客戶端來說都是透明和自動化的，極大簡化了運維管理的複雜性。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"服務發現和負責均衡"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通過Service 資源出現各種應用服務，結合 DNS 和多種負載均衡機制，支持容器化 應用之間的相互通信。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"彈性伸縮"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"K8s 可以監測業務上所承擔的負載，如果這個業務本身的 CPU 利用率過高，或者響應時間過長， 它可以對這個業務進行自動擴容。當發現CPU利用率過低，或QPS下降，K8s也可以觸發自動縮容，避免資源閒置。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"2、Kubernetes本質"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kubernetes的核心能力是容器調度和編排。定位是應用基礎設施，介於IaaS與PaaS之間，面向平臺開發者，讓每個人能夠開發自己的PaaS。對比 Linux 與 Kubernetes 的概念模型，他們都是定義了開放的、標準化的訪問接口：向下封裝資源，向上支撐應用，從某種意義上來講，Kubernetes 已經成爲雲時代的操作系統。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kubernetes架構的本質就是2個東西：聲明式API與控制器模式。聲明式API是對底層基礎實施各種能力的聲明式API定義，也就是建模成一份數據，理論上聲明式API可以對一切應用基礎實施“能力”進行建模，數據中的內容是對該應用基礎實施期望狀態的描述。數據的增刪查改會觸發控制器執行對應的運維邏輯，以此來驅動底層基礎實施向數據所定義的期望狀態逼近。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"3、Kubernetes架構和概念"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"3.1、架構"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/e0\/5e\/e03c77103251a0d55ceee22fa6b0cb5e.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一個K8s集羣由一組節點組成，這些節點可以是虛擬機也可以是物理機，從職責來看這些節點可以分爲2類。一類是負責管理整個K8s集羣的控制平面，通常運行在Master節點上，用來暴露API 和接口來定義、 部署容器和管理容器的生命週期。控制平面的組件對集羣做出全局決策(比如調度)，以及檢測和響應集羣事件（例如，當不滿足部署的 replicas 字段時，啓動新的 pod），包含了kube-apiserver、kube-controller-manager、kube-scheduler和ected；另一類是工作節點（Node），Node是Kubernetes集羣架構中運行Pod的服務節點，是Kubernetes集羣操作的單元，用來承載被分配Pod的運行，是Pod運行的宿主機。運行Docker Eninge服務，守護進程kunelet及負載均衡器kube-proxy。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"3.2、正常運行的Kubernetes 集羣所需的各種組件。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"控制平面組件"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"- kube-apiserver"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"作爲Kubernetes系統的入口，其封裝了核心對象的增刪改查操作，以RESTful API接口方式提供給外部客戶和內部組件調用，集羣內各個功能模塊之間數據交互和通信的中心樞紐。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"只有API Server 與存儲通信，其他模塊通過 API Server 訪問集羣狀態。這樣第一，是爲了保證集羣狀態訪問的安全。第二，是爲了隔離集羣狀態訪問的方式和後端存儲實現的方式：API Server 是狀態訪問的方式，不會因爲後端存儲技術 etcd 的改變而改變。加入以後將 etcd 更換成其他的存儲方式，並不會影響依賴依賴 API Server 的其他 K8s 系統模塊。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"- etcd"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"etcd 是兼具一致性和高可用性的輕量級鍵值數據庫，etcd是Kubernetes的關鍵組件，是K8s集羣運行的大腦，因爲它存儲了集羣的整個狀態：其配置，規格以及運行中的工作負載的狀態。主要使用場景包括："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"服務發現"},{"type":"text","text":"：分佈式系統中，需要成百上千個進程來提供一組對等的服務可以利用etc來解決資源註冊的問題，當這一組後端進程被調度，在進程內部啓動之後，可以將自身所在的地址註冊到 etcd。API 網關能夠通過 etcd 及時感知到後端進程的地址，這樣當後端進程發生故障遷移的時候，會重新註冊到 etcd 中，使得 API 網關能夠及時地感知到新的集羣地址。同時，因爲 etcd 提供的 Lease 操作，可以及時感知到進程狀態的變化，如果進程運行過程中死掉了，那麼網關可以及時感知到進程狀態的變化，從而將流量自動地切到其他的進程。（資源註冊，存活性檢測，API網關無狀態可水平擴展，支持上萬個進程的規模）"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"分佈式系統併發控制"},{"type":"text","text":"：執行一些計算任務的時候，通常情況下需要控制任務的併發度。因爲任務到了後端服務，通常是有容量瓶頸的（分佈式信號量，自動踢出故障節點，存儲進程的執行狀態）"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"Kubernetes元數據存儲"},{"type":"text","text":"：用於保存集羣所有的網絡配置和對象的狀態信息。通過watch機制，實時通知配置變化，通過raft算法保持系統數據的cp和強一致性。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"Leader選舉"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"- kube-scheduler"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kubernetes Scheduler確定如何在工作器節點之間部署 Pod 和 ReplicaSet，以及如何向這些節點分發流量。在整個系統中承擔了“承上啓下”的重要功能，“承上”是指它負責接收Controller Manager創建的新Pod，爲其調度至目標Node；“啓下”是指調度完成後，目標Node上的kubelet服務進程接管後繼工作，負責Pod接下來生命週期。在整個調度過程中涉及三個對象，分別是待調度Pod列表、可用Node列表，以及調度算法和策略。Kubernetes Scheduler通過調度算法調度爲待調度Pod列表中的每個Pod從Node列表中選擇一個最適合的Node來實現Pod的調度。隨後，目標節點上的kubelet通過API Server監聽到Kubernetes Scheduler產生的Pod綁定事件，然後獲取對應的Pod清單，下載Image鏡像並啓動容器。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"- kube-controller-manager"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"kube-controller-manager作爲集羣內部的管理控制中心，負責集羣內的Node、Pod副本、服務端點（Endpoint）、命名空間（Namespace）、服務賬號（ServiceAccount）、資源定額（ResourceQuota）的管理，當某個Node意外宕機時，Controller Manager會及時發現並執行自動化修復流程，確保集羣始終處於預期的工作狀態。每個控制器都是一個單獨的進程， 但是爲了降低複雜性，它們都被編譯到同一個可執行文件，並在一個進程中運行。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"每個Controller通過API Server提供的接口實時監控整個集羣的每個資源對象的當前狀態，當發生各種故障導致系統狀態發生變化時，會嘗試將系統狀態修復到“期望狀態”。一些典型的Controller有："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"節點控制器（Node Controller）: 定期檢查Node的健康狀態，標識出（失效|未失效）的Node節點，負責在節點出現故障時進行通知和響應。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"任務控制器（Job controller）: 監測代表一次性任務的 Job 對象，然後創建 Pods 來運行這些任務直至完成。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"端點控制器（Endpoints Controller）: 關聯Service和Pod，創建Endpoints爲Service的後端，當Pod發生變化時，實時更新Endpoints。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"服務帳戶和令牌控制器（Service Account & Token Controllers）: 爲新的命名空間創建默認帳戶和 API 訪問令牌。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"控制平面組件"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"- kubelet"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在Kubernetes集羣中，在每個Node（又稱Worker）上都會啓動一個kubelet服務進程。該進程用於處理Master下發到本節點的任務，管理Pod及Pod中的容器。每個kubelet進程都會在API Server上註冊節點自身的信息，定期向Master彙報節點資源的使用情況，並通過cAdvisor監控容器和節點資源。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"- kube-proxy"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"kube-proxy運行在所有節點上，它監聽apiserver中service和endpoint的變化情況，創建路由規則以提供服務IP和負載均衡功能。簡單理解此進程是Service的透明代理兼負載均衡器，其核心功能是將到某個Service的訪問請求轉發到後端的多個Pod實例上。iptables與IPVS都是基於Netfilter實現的，但因爲定位不同，二者有着本質的差別：iptables是爲防火牆而設計的；IPVS則專門用於高性能負載均衡，並使用更高效的數據結構（Hash表），允許幾乎無限的規模擴張。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"- 容器運行時（Container Runtime）"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"容器運行環境是負責運行容器的軟件。Kubernetes 支持多個容器運行環境: Docker、 containerd、CRI-O 以及任何實現 Kubernetes CRI (容器運行環境接口)。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"此外，K8s還有一系列的插件組件，可以參考："},{"type":"link","attrs":{"href":"https:\/\/kubernetes.io\/zh\/docs\/concepts\/cluster-administration\/addons\/","title":null,"type":null},"content":[{"type":"text","marks":[{"type":"underline"}],"text":"Kubernetes Addons"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"3.3、Kubernetes對象"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"API 對象是 K8s 集羣中的管理操作單元。K8s 集羣系統每支持一項新功能，引入一項新技術，一定會新引入對應的 API 對象，支持對該功能的管理操作。例如副本集 Replica Set 對應的 API 對象是 RS。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"每個API 對象都有 3 大類屬性：元數據 metadata、規範 spec 和狀態 status。元數據是用來標識 API 對象的，每個對象都至少有 3 個元數據：namespace，name 和 uid；除此以外還有各種各樣的標籤 labels 用來標識和匹配不同的對象。規範spec描述了用戶期望 K8s 集羣中的分佈式系統達到的理想狀態（Desired State），例如用戶可以通過複製控制器 Replication Controller 設置期望的 Pod 副本數爲 3；status 描述了系統實際當前達到的狀態（Status），例如系統當前實際的 Pod 副本數爲 2；那麼複製控制器當前的程序邏輯就是自動啓動新的 Pod，爭取達到副本數爲 3。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"K8s 中所有的配置都是通過 API 對象的 spec 去設置的，也就是用戶通過配置系統的理想狀態來改變系統，這是 k8s 重要設計理念之一，即所有的操作都是聲明式（Declarative）的而不是命令式（Imperative）的。聲明式的操作，相對於命令式操作，對於重複操作能實現冪等效果，這對於容易出現數據丟失或重複的分佈式環境來說是很重要的。另外，聲明式操作更容易被用戶使用，可以使系統向用戶隱藏實現的細節，隱藏實現的細節的同時，也就保留了系統未來持續優化的可能性。此外，聲明式的 API，同時隱含了所有的 API 對象都是名詞性質的，例如 Service、Volumn 這些 API 都是名詞，這些名詞描述了用戶所期望得到的一個目標分佈式對象。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"3.3.1、Pod"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Pod是Kubernetes進行創建、調度和管理的最小的原子單位，是Kubernetes集羣中的一個應用實例。Pod是一個或多個相關容器的組合，Pod 如果有是多個容器，這些容器一般是“超親密關係”，並共享存儲、網絡資源。一般Pod有2種使用方式。1是單容器Pod，最常見的應用方式；2是多容器Pod，對於多容器Pod，Kubernetes會保證所有的容器都在同一臺物理主機或虛擬主機中運行。多容器Pod是相對高階的使用方式，除非應用耦合特別嚴重，一般不推薦使用這種方式。一個Pod內的容器共享IP地址和端口範圍，容器之間可以通過 localhost 互相訪問。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Pod並不提供保證正常運行的能力，因爲可能遭受Node節點的物理故障、網絡分區等等的影響，整體的高可用是Kubernetes集羣通過在集羣內調度Node來實現的。通常情況下我們不要直接創建Pod，一般都是通過Controller來進行管理。Pod提供了比容器更高層次的抽象，是一個虛擬概念，能帶來明顯的好處："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"- "},{"type":"text","text":"Pod做爲一個可以獨立運行的服務單元，簡化了應用部署的難度，以更高的抽象層次爲應用部署管提供了極大的方便。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"- "},{"type":"text","text":"Pod做爲最小的應用實例可以獨立運行，因此可以方便的進行部署、水平擴展和收縮、方便進行調度管理與資源的分配。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"- "},{"type":"text","text":"Pod中的容器共享相同的數據和網絡地址空間，Pod之間也進行了統一的資源管理與分配。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"Sidecar"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們可以在一個Pod中按照順序啓動一個或多個輔助容器，來完成一些獨立於主進程（主容器）之外的工作，完成工作後這些輔助容器會依次退出，之後主容器纔會啓動，這種容器設計模式叫做sidecar。比如對於前端Web應用，如果把構建後的Js項目放到Nginx鏡像的\/usr\/share\/nginx\/html目錄下，Nginx和Js應用做成一個鏡像運行容器，每次應用有更新或者Nginx要做升級、更新配置操作都需要重新做一個鏡像，非常麻煩。有了Pod之後，這樣的問題就很容易解決了。我們可以把前端Web應用和Nginx分別做成鏡像，然後把它們作爲一個Pod裏的兩個容器\"組合\"在一起。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"所有spec.initContainers定義的容器，都會比spec.containers定義的用戶容器先啓動。並且，Init容器會按順序逐一啓動，直到它們都啓動並且退出了，用戶容器纔會啓動。這就是容器設計模式裏最常用的一種模式：sidecar。顧名思義，sidecar指的就是我們可以在一個Pod中，啓動一個輔助容器，來完成一些獨立於主進程（主容器）之外的工作。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"Pod 和控制器"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"你可以使用工作負載資源來創建和管理多個Pod。 資源的控制器能夠處理副本的管理、上線，並在 Pod 失效時提供自愈能力。 例如，如果一個節點失敗，控制器注意到該節點上的 Pod 已經停止工作， 就可以創建替換性的 Pod。調度器會將替身 Pod 調度到一個健康的節點執行。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"下面是一些管理一個或者多個Pod 的工作負載資源的示例："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"- ReplicaSet"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"ReplicaSet 是新一代的ReplicationController，擁有更強表達能力的pod標籤選擇器。目的是維護一組在任何時候都處於運行狀態的Pod 副本的穩定集合。 因此，它通常用來保證給定數量的、完全相同的 Pod 的可用性。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"- Deployment"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一個Deployment 爲 Pods 和 ReplicaSets 提供聲明式的更新能力。你負責描述 Deployment 中的 目標狀態，而 Deployment 控制器（Controller） 以受控速率更改實際狀態， 使其變爲期望狀態。你可以定義 Deployment 以創建新的 ReplicaSet，或刪除現有 Deployment， 並通過新的 Deployment 收養其資源。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"- StatefulSet"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"StatefulSet 是用來管理有狀態應用的工作負載 API 對象。StatefulSet 用來管理某 Pod 集合的部署和擴縮， 併爲這些 Pod 提供持久存儲和持久標識符。和 Deployment 類似， StatefulSet 管理基於相同容器規約的一組 Pod。但和 Deployment 不同的是， StatefulSet 爲它們的每個 Pod 維護了一個有粘性的 ID。這些 Pod 是基於相同的規約來創建的， 但是不能相互替換：無論怎麼調度，每個 Pod 都有一個永久不變的 ID。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"- DaemonSet"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"DaemonSet 確保全部（或者某些）節點上運行一個 Pod 的副本。 當有節點加入集羣時， 也會爲他們新增一個 Pod 。 當有節點從集羣移除時，這些 Pod 也會被回收。刪除 DaemonSet 將會刪除它創建的所有 Pod。DaemonSet 的一些典型用法：在每個節點上運行集羣守護進程，在每個節點上運行日誌收集守護進程，在每個節點上運行監控守護進程。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"3.4、kubernetes部署原理和流程案例"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/d3\/21\/d353aa14c85441417116381863326321.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"（1）創建一個描述集羣的所需狀態配置的YAML 文件。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"（2）通過kubectl（Kubernetes 命令行接口）將 YAML 文件應用到集羣。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"（3）Kubectl 將請求提交給 kube-apiserver，後者在將更改記錄到數據庫 etcd， 之前會對請求進行身份驗證和授權。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"（4）Kube-controller-manager 持續監視系統是否有新的請求，並努力將系統狀態調節至所需狀態 - 在此過程中創建 ReplicaSet、部署和 Pod。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"（5）在所有控制器都運行之後，kube-scheduler 會看到有 Pod 處於“掛起”狀態，因爲它們尚未被安排在節點上運行。scheduler程序會爲 Pod 查找合適的節點，然後與每個節點中的 kubelet 通信以控制並啓動部署。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"3.5、Kubernetes架構關鍵設計理念"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"（1）"},{"type":"text","marks":[{"type":"strong"}],"text":"聲明式API"},{"type":"text","text":"：開發者可以關注於應用自身，而非系統執行細節。比如Deployment(無狀態應用)、 StatefulSet(有狀態應用)、Job(任務類應用)等不同資源類型，提供了對不同類型工作負載的抽象;對 Kubernetes 實現而言，基於聲明式 API 可以提供更加健壯的分佈式系統實現。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"（2）"},{"type":"text","marks":[{"type":"strong"}],"text":"可擴展性架構"},{"type":"text","text":"：所有K8s 組件都是基於一致的、開放的 API 實現和交互;三方開發者也可通過 CRD(Custom Resource Definition)\/Operator 等方法提供領域相關的擴展實現，極大提升了 K8s 的能力。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"（3）"},{"type":"text","marks":[{"type":"strong"}],"text":"可移植性"},{"type":"text","text":"：K8s 通過一系列抽象如 Loadbalance Service(負載均衡服務)、CNI(容器網絡接口)、CSI(容 器存儲接口)，幫助業務應用可以屏蔽底層基礎設施的實現差異，實現容器靈活遷移的設計目標。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"三、雲原生微服務"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"多個“微服務”共同形成了一個物理獨立但邏輯完整的分佈式微服務體系。這些微服務相對獨立，通過解耦研發、測試與部署流程，提高整體迭代效率。微服務模式通過分佈式架構將應用水平擴展和冗餘部署，從根本上解決了單體應用在拓展性和穩定性上存在的先天架構缺陷。但也要注意到微服務模型也面臨着分佈式系統的典型挑戰: 如何高效調用遠程方法、如何實現可靠的系統容量預估、如何建立負載均衡體系、如何面向松耦合系統進行集成測試、如何面向大規模複雜關聯應用的部署與運維。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在雲原生時代，雲原生微服務體系將充分利用雲資源的高可用和安全體系，讓應用獲得更有保障的彈性、可用性與安全性。應用構建在雲所提供的基礎設施與基礎服務之上，充分利用雲服務所帶來的便捷性、穩定性，降低應用架構的複雜度。雲原生的微服務體系也將幫助應用架構全面升級，讓應用天然具有更好的可觀測性、可控制性、可容錯性等特性。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"自從微服務架構理念在2011 年提出以來，典型的架構模式按出現的先後順序大致分爲四代。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"第一代：應用自身需要解決上下游尋址、通訊、容錯等問題。隨着微服務規模擴大，服務尋址邏輯的處理變得越來越複雜，即使同一編程語言的另一個應用，上述微服務流量管理等的基礎能力無法複用，都需要重新實現一遍。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/6c\/ce\/6cb59013ee922479250ede9f79b4efce.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"第二代：引入了旁路服務註冊中心（如ZooKeeper）作爲協調者來完成服務的自動註冊和發現。服務之間的通訊以及容錯機制開始模塊化，形成獨立服務框架。但隨着服務框架內功能日益增多，跨語言的基礎功能複用顯得十分困難，使得微服務的開發者被迫被限定在某種特定語言上，這也違背了微服務的敏捷迭代原則。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/cc\/c7\/cc75ccb67f6fee88fc1d28ff52e00ac7.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"第三代：服務網格，原來被模塊化到服務框架裏的微服務基礎能力，被進一步的從一個SDK 演進成爲一個獨立進程 - Sidecar（邊車）。這個變化使得第二代架構中多語言支持問題得以徹底解決，微服務基礎能力演進和業務邏輯迭代徹底解耦。這個架構就是在雲原生時代的微服務架構 - Cloud Native Microservices，邊車（Sidecar）進程開始接管微服務應用之間的流量，承載第二代中服務框架的功能，包括服務發現、調用容錯、服務治理功能，例如：權重路由、灰度路由、流量重放、服務僞裝等。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/ae\/e6\/aebef7c43e9fce50a5aa17a98cb0fde6.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"第四代：Serverless微服務，微服務進一步由一個應用簡化爲微邏輯（Micrologic），從而對邊車模式提出了更高訴求，更多可複用的分佈式能力從應用中剝離，被下沉到邊車中，例如：狀態管理、資源綁定、鏈路追蹤、事 務管理、安全等。同時，在開發側提倡面向本地編程的理念，提供標準 API 屏蔽掉底層資源、服務、 基礎設施的差異，進一步降低微服務開發難度。也就是目前業界提出的多運行時微服務架構（Muti-Runtime Microservices）。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/27\/c1\/276d769896c972518dac7bdb17000dc1.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"四、Serverless"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"過去一直通過各種途徑學習、研究Serverless，當我想在這個章節給Serverless給一個官方的定義，發現百度百科竟然沒有Serverless這個詞條，也說明了Serverless在行業還是一個非常新的概念，仍然處於探索和發展階段，並且對於Serverless也沒有一個權威的定義，但我們可以從Serverless背後的願景和思想來理解Serverless是什麼？"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們看下AWS怎麼定義Serverless的："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"italic"}],"text":"Serverless的全稱是Serverless Computing無服務器運算，以平臺即服務（PaaS）爲基礎，讓用戶可以在不考慮服務器的情況下構建並運行應用程序和服務，開發者無需關注基礎設施管理任務，例如服務器或集羣配置、修補、操作系統維護和容量預置，能夠爲幾乎任何類型的應用程序或後端服務構建無服務器應用程序。無服務器應用程序是由事件驅動的，並通過與技術無關的API 或消息收發實現鬆散耦合。響應事件而執行事件驅動型代碼，例如狀態更改或終端節點請求，事件驅動型架構將代碼與狀態解耦，鬆散耦合組件之間的集成通常使用消息收發異步完成。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“Serverless”這個名字本身描繪了該技術的裏面：無服務器，這裏的less其含義不是說應用的運行不需要服務器，而是針對用戶的心智負擔和關注點來說的，用戶構建一個應用無需關心服務器、運行時、擴縮容等技術實施的負擔，通過Serverless平臺的託管服務和函數快速構建一個全新的應用。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“名可名，非常名”。Serverless可以翻譯爲無服務器，但卻無法完整闡述背後的本質、願景和價值。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們看Serverless給用戶帶來了什麼？"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"專注"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"“Less is more”"},{"type":"text","text":"。企業在搭建數字化應用的終極目的是實現商業價值的最大化回報，投入數字化應用搭建的資源和成本不是無限的，這些投入中能夠給企業帶來真正價值的是業務邏輯\/代碼，重複性的技術性工作（擴縮容、部署、容災、監控、日誌、安全補丁等）是來支撐業務代碼提供服務的，本身不產生任何業務價值。Serverless的Less就是讓用戶儘可能"},{"type":"text","marks":[{"type":"strong"}],"text":"少"},{"type":"text","text":"的關注和執行繁瑣且重複性的技術性工作，More就是用戶就能儘可能"},{"type":"text","marks":[{"type":"strong"}],"text":"多"},{"type":"text","text":"的把資源聚焦到能產出價值的業務代碼上。所以也可以說，"},{"type":"text","marks":[{"type":"strong"}],"text":"Serverless一種讓用戶專注於業務價值交付的方法"},{"type":"text","text":"。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"快"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"天下武功、唯快不破。尤其在當日快速變革的商業環境，是否能快速看準機遇、抓住機遇，企業的試錯能力是關鍵，企業能夠快速試錯，意味着可以快速創新，能夠快速創新能讓企業在複雜多變的競爭環境中獲得優勢和成功。快速試錯依賴於企業把功能和業務點子推到市場的速度，這個速度由企業交付軟件的週期決定，Serverless理念就是讓企業只關注業務，通過編排雲託管服務或直接部署代碼即可構建支撐應用，"},{"type":"text","marks":[{"type":"strong"}],"text":"縮短了從代碼開發到投入生產的時間"},{"type":"text","text":"，這樣企業可以獲得前所未有的交付軟件價值的速度。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"用戶如何實現無需關注技術設施，甚至無需部署應用就可以構建一個應用的呢？通過2種能力："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1、BaaS（Backend as a Service），公共的託管服務。公共的託管服務通常是雲廠商提供的通用的、跨場景、跟業務無緊密關係的共享服務。我們知道，對於很多初創企業來講，65%的應用QPM是小於100的，是典型的長尾應用，如果應用依賴所有服務都自建的話，會分散在覈心業務的投入，模糊他們對於創造業務價值和商業價值的注意力。諸如登錄、文件系統、對象存儲和數據倉庫、語音分析、身份驗證等能力通過託管形式共享給企業，企業不僅可以減少大量的成本，也加快應用的構建。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2、FaaS（Function as a Service），函數即服務。FaaS是一種構建和部署服務器端軟件的新方法，粒度細到能夠獨立的部署一個函數。我們通過傳統方式部署服務器端軟件時，我們從主機實例開始，通常是虛擬機（VM）實例或容器，在主機中部署我們的應用程序，如果我們的主機是VM或容器，那麼我們的應用程序是一個操作系統進程。FaaS改變了這種部署模式， 部署模型中少了主機實例和應用程序進程，我們只關注實現應用程序邏輯的各個操作和函數，我們將這些函數代碼單獨上傳到雲供應商提供的FaaS平臺。函數在雲服務託管的服務器進程中缺省處於空閒狀態，直到需要它們運行的時候纔會被激活， 通過配置FaaS平臺來監聽每個函數的激活事件。 當該事件發生時，FaaS平臺實例化函數，然後使用觸發事件調用它。所以FaaS本質上是一種事件驅動的模型，除了提供託管和執行代碼的平臺之外，FaaS平臺還集成了各種同步和異步事件源，HTTP API網關就是一種同步事件源，消息總線、對象存儲或類似於的定時器就是一種異步源。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"很多人說Serverless就是BaaS+FaaS，也是不無道理的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"總結來看，Serverless的價值有："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"1、提升迭代速度"},{"type":"text","text":"：通過加快構建和發佈週期以及減少運營開銷，開發人員可以快速構建新功能。自動化測試和發佈流程可以降低錯誤率，因此產品能夠更快地進入市場。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"2、加速創新"},{"type":"text","text":"：利用模塊化架構，開發人員可以快速更改任何單個應用程序組件，並降低整個應用程序面臨的風險，因此團隊可以更頻繁地試驗新想法。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"3、降低成本"},{"type":"text","text":"：按需付費，利用按價值付費的定價模式，現代應用程序可以減少過度配置和閒置資源，從而降低成本。開發者無需關注同質化的、負擔繁重的基於服務器等基礎設施的開發、運維、安全、高可用等工作，開發和維護成本也變得更低。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"4、彈性伸縮："},{"type":"text","text":"您的應用程序可自動擴展，或通過切換佔用資源（如吞吐量、內存）的單位數（而不是切換單個服務器的單位數）來調整容量，從而實現擴展。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"國內外比較出名的Serverless產品有阿里函數計算、騰訊Serverless、AWS Lambda、Azure Functions 等。近兩年來 Serverless 近年來呈加速發展趨勢，用戶使用 Serverless 架構在可靠性、成本和研發運維效率等方面獲得顯著收益，那在哪些場景是最適合Serverless？最能發揮Serverless優勢呢？"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"1、小程序\/Web\/Moible\/API 後端服務"},{"type":"text","text":"：在小程序、Web\/Moible 應用、API 服務等場景中，業務邏輯複雜多變，迭代上線速度要求高，而且這類在線應用，資源利用率通常小於 30%，尤其是小程序等長尾應用，資源利用率更是低於 10%。Serverless 免運維，按需付費的特點非常適合構建小程序 \/Web\/Mobile\/API 後端系統，通過預留計算資源 + 實時自動伸縮，開發者能夠快速構建延時穩定、能承載高頻訪問的在線應用。"}]},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/8f\/2d\/8fa22105b32f819cd0515c39a401f22d.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"2、物聯網"},{"type":"text","text":"：物聯網意味着成千上萬的設備會連入網絡，時刻在不斷的產生數據，這對數據的分析、處理的及時性提出了很高的挑戰。通過使用Serverless 架構，物聯網設備所採集的數據將可以作爲雲函數的觸發事件，而實現數據的實時處理、分析和應用。隨着物聯網設備計算能力的進一步提升，雲函數作爲最小粒度的計算單元，有機會被調度到設備端運行，實現邊緣計算，達到「端 - 雲」聯合的 Serverless 架構。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"3、任務批處理："},{"type":"text","text":"在構建典型任務批處理（如圖像處理、大規模音視頻文件轉碼）系統時，需要包含計算資源管理、任務優先級調度、任務編排、任務可靠執行等一系列功能。通過Serverless 計算平臺，用戶只需要專注於任務處理邏輯的處理，無需從機器或者容器層開始構建，也無需考慮使用消息隊列進行任務信息的持久化和計算資源分配，而且 Serverless 計算的極致彈性可以很好地滿足突發任務下對算力的需求，用戶無需使用 Kubernetes 等容器編排系統實現資源的伸縮和容錯，自行搭建或集成監控報警系統。通過將對象存儲服務化並和 Serverless 計算平臺集成的方式，能實時響應對象創建、刪除等操作，實現以對象存儲爲中心的大規模數據處理。用戶既可以通過增量處理對象存儲上的新增數據，也可以創建大量函數實例來並行處理存 量數據。"}]},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/20\/14\/20d6685af32ec26b3a38c14deddb3314.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"4、運維及集成："},{"type":"text","text":"通過對接雲函數以及雲上的各個產品、日誌服務、監控告警系統，雲時代的運維也都可以用雲函數來構建。定時觸發的雲函數，將可以方便地替代需要在主機上來運行的定時任務；而日誌或告警觸發的雲函數，將可以對雲中的事件作出立刻迴應及處理。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Serverless作爲一種全新的技術架構，具有很多的優點，如降低運營成本、降低運維需求、降低人力成本和減少資源開銷等。但技術沒有銀彈，Serverless也處在發展期，存在一些弊端，包括："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1、不適合處理複雜的業務邏輯，它更適合調用雲上的其他服務，粘合關鍵的產品。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2、冷啓動導致的高延遲問題。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"3、Serverless調用之間不能共享狀態讓編寫複雜程序變得極度困難。無狀態是現代應用追求的目標，“12要素”也倡導如此。但Serverless將無狀態進行的更加徹底，在不同的調用之間無法共享內存狀態。例如單機限流在本地是一個AtomicInteger變量，但在Serverless架構中它變成存儲在內存數據庫（Redis）中的一條記錄，更新成本、保證原子性等因素讓我們的編碼變得數倍複雜。對於大多雲原生的互聯網應用來說，這種徹底的無狀態架構是一個巨大的挑戰，而對於動輒有幾十萬、上百萬行代碼的、充滿了狀態的企業應用來說，Serverless的無狀態改造幾乎是一個無法完成的任務。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"4、 本地開發、測試困難，同時邏輯散落在各處，排查問題困難。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"5、廠商鎖定。雲計算是贏者通喫的行業，大而全的雲廠商優勢巨大，Serverless加劇了這種趨勢，用戶的函數代碼部署到FaaS後遷移工作量巨大，同時應用中依賴了大量雲公共服務，在新的雲平臺極有可能找不到替代，做不到平滑遷移。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"五、Service Mesh技術"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在上面雲原生微服務章節介紹了微服務流量控制和治理的技術發展歷程，總結來看分爲："}]},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/d6\/37\/d6a32a961990553e86f3996c34452f37.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Spring Cloud、Dubbo或京東JSF爲代表的第二代微服務框架所面臨的三個本質問題："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1、侵入性強。想要集成SDK 的能力，除了需要添加相關依賴，往往還需要在業務代碼中增加一部分的代碼、或註解、或配置；業務代碼與治理層代碼界限不清晰。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2、無法跨語言。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"3、中間件演變困難。由於版本碎片化嚴重，導致中間件向前演進的過程中就需要在代碼中兼容各種各樣的老版本邏輯，帶着“枷鎖” 前行，無法實現快速迭代。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"4、內容多、門檻高。Spring Cloud 被稱爲微服務治理的全家桶，包含大大小小几十個組件，內容相當之多，往往需要幾年時間去熟悉其中的關鍵組件。而要想使用 Spring Cloud 作爲完整的治理框架，則需要深入瞭解其中原理與實現，否則遇到問題還是很難定位。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"5、治理功能不全。不同於RPC 框架，Spring Cloud 作爲治理全家桶的典型，也不是萬能的，諸如協議轉換支持、多重授權機制、動態請求路由、故障注入、灰度發佈等高級功能並沒有覆蓋到。而這些功能往往是企業大規模落地不可獲缺的功能，因此公司往往還需要投入其它人力進行相關功能的自研或者調研其它組件作爲補充。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"微服務時代，Service Mesh應運而生，屏蔽了分佈式系統的諸多複雜性，讓開發者可以迴歸業務，聚焦真正的價值。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Service Mesh 一詞最早由開發 Linkerd 的 Buoyant 公司提出，並於 2016 年 9 月29 日第一次公開使用了這一術語。William Morgan，Buoyant CEO，對 Service Mesh 這一概念定義如下："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"italic"}],"text":"A Service Mesh is a dedicated infrastructure layer for handling service-to-service communication. It’s responsible for the reliable delivery of requests through the complex topology of services that comprise a modern, cloud native application. In practice, the Service Mesh is typically implemented as an array of lightweight network proxies that are deployed alongside application code, without the application needing to be aware."}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"翻譯一下："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"italic"}],"text":"服務網格（Service Mesh）是處理服務間通信的基礎設施層。它負責構成現代雲原生應用程序的複雜服務拓撲來可靠地交付請求。在實踐中，Service Mesh 通常以輕量級網絡代理陣列的形式實現，這些代理與應用程序代碼部署在一起，對應用程序來說無需感知代理的存在。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"從這段定義中可以讀出，Service Mesh的本質是基礎設施層，核心功能是請求分發，機制是通過網絡代理，特點是對應用透明。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"簡單地說，Service Mesh 是一個專注於處理服務間通信的基礎設施層。Service Mesh 是分佈式應用在微服務軟件架構之上發展起來的新技術，旨在將那些微服務間的連接、安全、流量控制和可觀測等通用功能下沉爲平臺基礎設施，實現應用與平臺基礎設施的解耦。解耦讓開發者聚焦於業務邏輯本身而無需關注微服務相關治理問題，提升應用開發效率並加速業務探索和創新。因爲大量非功能性從業務進程剝離到另外進程中，Service Mesh 以無侵入的方式實現了應用輕量化。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/d3\/4f\/d3c0018da63541fbfd4e1f3816b6114f.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"服務網格從總體架構上來講比較簡單，不過是一堆緊挨着各項服務的用戶代理，外加一組任務管理流程組成。代理在服務網格中被稱爲數據層或數據平面（data plane），管理流程被稱爲控制層或控制平面（control plane）。數據層截獲不同服務之間的調用並對其進行“處理”；控制層協調代理的行爲，併爲運維人員提供 API，用來操控和測量整個網絡。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"更進一步地說，服務網格是一個專用的基礎設施層，旨在“在微服務架構中實現可靠、快速和安全的服務間調用”。它不是一個“服務”的網格，而是一個“代理”的網格，服務可以插入這個代理，從而使網絡抽象化。在典型的服務網格中，這些代理作爲一個 sidecar（邊車）被注入到每個服務部署中。服務不直接通過網絡調用服務，而是調用它們本地的 sidecar 代理，而 sidecar 代理又代表服務管理請求，從而封裝了服務間通信的複雜性。相互連接的 sidecar 代理集實現了所謂的數據平面，這與用於配置代理和收集指標的服務網格組件（控制平面）形成對比。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"總而言之，Service Mesh 的基礎設施層主要分爲兩部分：控制平面與數據平面。當前流行的兩款開源服務網格 Istio 和 Linkerd 實際上都是這種構造。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/2f\/9e\/2fd0d17484fb950e619d8bce4a63ce9e.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"以Istio爲例"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1、控制平面：控制面是用來配置、監控、展示數據面網絡流量的一組程序。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"a) 不直接解析數據包。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"b) 與控制平面中的代理通信，下發策略和配置。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"c) 負責網絡行爲的可視化。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"d) 通常提供API 或者命令行工具可用於配置版本化管理，便於持續集成和部署。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2、數據平面"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"a) 直接處理入站和出站數據包，轉發、路由、健康檢查、負載均衡、認證、鑑權、產生監控數據等。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"b) Service Mesh的數據面是一個個sidecar應用程序，sidecar處理的是微服務的網絡數據轉發。Istio使用Enovy項目作爲sidecar的實現。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"c) 對應用來說透明，即可以做到無感知部署。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"d) 當Istio與Kubernetes一起用來構建Cloud Native應用時，sidecar本身作爲Kubernetes Pod中的一個容器運行。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"那麼Service Mesh帶來的真正價值有哪些呢？"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1、微服務治理與業務邏輯的解耦。服務網格把SDK 中的大部分能力從應用中剝離出來，拆解爲獨立進程，以 sidecar 的模式進行部署。服務網格通過將服務通信及相關管控功能從業務程序中分離並下沉到基礎設施層，使其和業務系統完全解耦，使開發人員更加專注於業務本身。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2、異構系統的統一治理。隨着新技術的發展和人員更替，在同一家公司中往往會出現不同語言、不同框架的應用和服務，爲了能夠統一管控這些服務，以往的做法是爲每種語言、每種框架都開發一套完整的SDK，維護成本非常之高，而且給公司的中間件團隊帶來了很大的挑戰。有了服務網格之後，通過將主體的服務治理能力下沉到基礎設施，多語言的支持就輕鬆很多了。只需要提供一個非常輕量級的 SDK，甚至很多情況下都不需要一個單獨的 SDK，就可以方便地實現多語言、多協議的統一流量管控、監控等需求。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"3、可觀察性。因爲服務網格是一個專用的基礎設施層，所有的服務間通信都要通過它，所以它在技術堆棧中處於獨特的位置，以便在服務調用級別上提供統一的遙測指標。這意味着，所有服務都被監控爲“黑盒”。服務網格捕獲諸如來源、目的地、協議、URL、狀態碼、延遲、持續時間等線路數據。這本質上等同於 web 服務器日誌可以提供的數據，但是服務網格可以爲所有服務捕獲這些數據，而不僅僅是單個服務的 web 層。需要指出的是，收集數據僅僅是解決微服務應用程序中可觀察性問題的一部分。存儲與分析這些數據則需要額外能力的機制的補充，然後作用於警報或實例自動伸縮等。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"4、流量控制。通過Service Mesh，可以爲服務提供智能路由（藍綠部署、金絲雀發佈、A\/B test）、超時重試、熔斷、故障注入、流量鏡像等各種控制能力。而以上這些往往是傳統微服務框架不具備，但是對系統來說至關重要的功能。例如，服務網格承載了微服務之間的通信流量，因此可以在網格中通過規則進行故障注入，模擬部分微服務出現故障的情況，對整個應用的健壯性進行測試。由於服務網格的設計目的是有效地將來源請求調用連接到其最優目標服務實例，所以這些流量控制特性是“面向目的地的”。這正是服務網格流量控制能力的一大特點。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"5、安全。在某種程度上，單體架構應用受其單地址空間的保護。然而，一旦單體架構應用被分解爲多個微服務，網絡就會成爲一個重要的攻擊面。更多的服務意味着更多的網絡流量，這對黑客來說意味着更多的機會來攻擊信息流。而服務網格恰恰提供了保護網絡調用的能力和基礎設施。服務網格的安全相關的好處主要體現在以下三個核心領域：服務的認證、服務間通訊的加密、安全相關策略的強制執行。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"Service Mesh和雲原生"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們知道雲原生的三駕馬車爲Serverless、Service Mesh、Kubernetes，而Istio已成爲了Sevice Mesh的事實標準，當我們理解Kubernetes和Istio名字的含義，發現其中的奧妙，Kubernetes名字意爲舵手，是雲原生的操作系統，Istio的意思爲船帆，意味着我們要到達終極雲原生目標，不僅要有舵手，還需要船帆。這也能揭示CNCF的野心和方向。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kubernetes 的本質是應用的生命週期管理，具體來說就是部署和管理（擴縮容、自動恢復、發佈），微服務提供了可擴展、高彈性的部署和管理平臺。Service Mesh 的基礎是透明代理，通過 sidecar proxy 攔截到微服務間流量後再通過控制平面配置管理微服務的行爲。Service Mesh 將流量管理從 Kubernetes 中解耦，Service Mesh 內部的流量無需 kube-proxy 組件的支持，通過爲更接近微服務應用層的抽象，管理服務間的流量、安全性和可觀察性。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果說Kubernetes 管理的對象是 Pod，那麼 Service Mesh 中管理的對象就是一個個 Service，所以說使用 Kubernetes 管理微服務後再應用 Service Mesh 就是水到渠成了，如果連 Service 你也不想管了，那你就需要Serverless了。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"就像之前說的軟件開發沒有銀彈，傳統微服務架構有許多痛點，而服務網格也不例外，也有它的侷限性。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1、增加了複雜度。服務網格將sidecar 代理和其它組件引入到已經很複雜的分佈式環境中，會極大地增加整體鏈路和操作運維的複雜性。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2、運維人員需要更專業。在容器編排器（如Kubernetes）上添加 Istio 之類的服務網格，通常需要運維人員成爲這兩種技術的專家，以便充分使用二者的功能以及定位環境中遇到的問題。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"3、延遲。從鏈路層面來講，服務網格是一種侵入性的、複雜的技術，可以爲系統調用增加顯著的延遲。這個延遲是毫秒級別的，但是在特殊業務場景下，這個延遲可能也是難以容忍的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"4、平臺的適配。服務網格的侵入性迫使開發人員和運維人員適應高度自治的平臺並遵守平臺的規則。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"六、DevOps"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"DevOps就是爲了提高軟件研發效率，快速應對變化，持續交付價值的的一系列理念和實踐，其基本思想就是持續部署（CD)，讓軟件的構建、測試、發佈能夠更加快捷可靠，以儘量縮短系統變更從提交到最後安全部署到生產系統的時間。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"要實現持續部署（CD)，就必須對業務進行端到端分析，把所有相關部門的操作統一考慮進行優化，利用所可用的技術和方法，用一種理念來整合資源。DevOps提倡打破開發、測試和運維之間的壁壘，利用技術手段實現各個軟件開發環節的自動化甚至智能化，被證實對提高軟件生產質量、安全，縮短軟件發佈週期等都有非常明顯的促進作用，也推動了 IT 技術的發展。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"DevOps原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"- 文化（Culture）"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一般大家關注的都是技術和工具，但實際上要解決的核心問題是和業務、和人相關的問題。提高效率，加強協作，就需要不同的團隊之間更好的溝通。如果每個人能夠更好的相互理解對方的目標和關切的對象，那麼協作的質量就可以明顯的提高。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"DevOps實施中面對的首要矛盾在於不同團隊的關注點完全不一樣。運維人員希望系統運行可靠，所以系統穩定性和安全性是第一位。而開發人員則想着如何儘快讓新功能上線，實現創新和突破，爲客戶提供更大價值。不同的業務視角，必然導致誤會和摩擦，導致雙方都覺得對方在阻撓自己完成工作。要實施DevOps，就首先要讓開發和運維人員認識到他們的目標是一致的，只是工作崗位不同，需要共擔責任。這就是DevOps需要首先在文化層面解決的問題。只有解決了認知問題，才能打破不同團隊之的鴻溝，實現流程自動化，把大家的工作融合成一體。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"- 自動化（Automation）"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"DevOps的持續集成的目標就是小步快跑，快速迭代，頻繁發佈。要把這個理念落實，就需要規範化和流程化，讓可以自動化的環節實現自動化。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"- 度量（Measurement）"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通過數據可以對每個活動和流程進行度量和分析，找到工作中存在的瓶頸和漏洞以及對於危急情況的及時報警等。通過分析，可以對團隊工作和系統進行調整，讓效率改進形成閉環。度量首先要解決數據準確性、完整性和及時性問題，其次要建立正確的分析指標。DevOps過程考覈的標準應該鼓勵團隊更加註重工具的建設，自動化的加速和各個環節優化，這樣才能最大可能發揮度量的作用。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"- 共享（Sharing）"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"要實現真正的協作，還需要團隊在知識層面達成一致。通過共享知識，讓團隊共同進步。可見度visibility，透明性 transparency，知識的傳遞 transfer of knowledge。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"IaC"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"IaC （Infrastructure as Code）提出系統建設的核心理念，兼顧高效和安全，讓運維繫統的建設更加有序。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"運維平臺一般都經歷過如下幾個發展階段：手工、腳本、工具、平臺、智能化運維等，但總體來說分爲兩類：指令式，聲明式。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在複雜的運維場景下，指令式的運維方式具有變更操作副作用：不透明、指令性接口一般不具有冪等性、難以實現複雜的變更控制、知識難以積累和分享、變更缺乏併發性等缺點。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"人們提出了聲明式的編程理念。用戶僅僅通過一種方式描述其要到達的目的，而並不具體說明如何達到目標。聲明式接口實際上代表了一種思維模式：把系統的核心功能進行抽象和封裝，讓用戶在一個更高的層次上進行操作。聲明式接口是一種和雲計算時代相契合的思維範式。前面列出的指令式的缺點都可以由聲明式接口來彌補。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"GitOps"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"GitOps作爲IaC運維理念的一種具體落地方式，就是使用Git來存儲關於應用系統的最終狀態的聲明式描述。GitOps的核心是一個GitOps引擎，它負責監控Git中的狀態，每當它發現狀態有改變，它就負責把目標應用系統中的狀態以安全可靠的方式遷移到目標狀態，實現部署、升級、配置修改、回滾等操作。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Git中存儲有對於應用系統的完整描述以及所有修改歷史。方便重建的同時，也便於對系統的更新歷史進行查看，符合DevOps所提倡的透明化原則。同時，GitOps也具有聲明式運維的所有優點。和GitOps配套的一個基本假設是不可變基礎設施，所以 GitOps 和 Kubernetes 運維可以非常好的配合。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"雲原生開源生態的建設，基本統一了軟件部署和運維的基本模式。更重要的是，雲原生技術的快速演進，技術複雜性不斷下沉到雲，賦能開發者個體能力，不斷提升了應用開發效率。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"首先是容器技術和Kubernetes服務編排技術的結合，解決了應用部署自動化、標準化、配置化問題。CNCF打破了雲上平臺的壁壘，使建設跨平臺的應用成爲可能，成爲事實上的雲上應用開發平臺的標準，極大簡化了多雲部署。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一個完整開發流程涉及到很多步驟，而環節越多，一次循環花費的時間越長，效率就越低。微服務通過把巨石應用拆解爲若干單功能的服務，減少了服務間的耦合性，讓開發和部署更加便捷，可以有效降低開發週期，提高部署靈活性。Service Mesh讓中間件的升級和應用系統的升級完全解耦，在運維和管控方面的靈活性獲得提升。Serverless讓運維對開發透明，對於應用所需資源進行自動伸縮。FaaS是Serverless的一種實現，則更加簡化了開發運維的過程，從開發到最後測試上線都可以在一個集成開發環境中完成。無論哪一種場景，後臺的運維平臺的工作都是不可以缺少的，只是通過技術讓擴容、容錯等技術對開發人員透明，讓效率更高。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"5、iPaaS（京東前臺研發標準）在雲原生的思考和探索"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"以下是iPaaS願景在能力圖譜中的貫徹。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/d9\/27\/d9476dca89e7246456ba6d6607ce6827.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"隨着iPaaS賦能開發者從試水階段正邁向賦能階段，我們對iPaaS的能力有了不同的理解和思考，從最初聚焦的5大能力，到我們從用戶角度、從業務場景出發或解剖iPaaS的內在價值來看，可以得出不一樣的能力和價值，我把這些能力形成不同的主線，以牽引我們能建設出一個有活力、以業務場景爲中心的iPaaS體系。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"a) iPaaS的核心思想和基礎是標準，跟具體實現方式劃清界限，意味着是抽象的、穩定的，也是開放和可擴展的。標準是iPaaS形成體系的理論基礎。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"b) iPaaS光有標準還不行，誰都可以搞一套標準來，如果我們能提供開發者基於標準下的立體式和一站式技術開發和共建平臺，讓開發者可以低門檻、靈活和高效定製和開發，這個對開發者的吸引力是無窮的。所以iPaaS技術開放體系是術，是工具。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"c) 但有標準和技術開放體系也不夠，能力都是點狀的，無法體系化解決業務的場景化需求。iPaaS的背後一個重大價值是一個強大的業務平臺，我們也稱爲SaaS，SaaS是土壤，讓標準和技術開放體系可以從樹木變成樹林，滋生出各種各樣的業務解決方案。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"d) iPaaS要形成持續繁榮的生態，一個搞笑能力沉澱和共享的體系必不可少，沉澱和共享讓iPaaS生態水池中的水越來越多。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"e) 京東業務快速發展，催生出了各種各樣的新站點和新賽道，通用版可以讓iPaaS快速完成獨立部署和交付。這也是iPaaS面臨的一個大的業務場景。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"f) iPaaS不但是技術，強調設計、研發、測試運維打破流程壁壘，統一目標，標準流程，提升協作效率和質量。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"g) 最後，是全場景的解決方案，解決方案其實是一種服務精神，標準、技術體系很重要，但如果我們能深入業務場景，形成清晰的解決方案矩陣，可以讓用戶高效滿足自己的需求。平臺化建設要脫離業務，解決方案孵化要深入業務。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們把iPaaS核心理念、價值、方向跟雲原生體系進行整體性分析，發現二者在很多方面是相同的，下面是梳理的iPaaS和雲原生價值和能力背後實現原理和理念的對比："}]},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/99\/ed\/99df212e309fa3cc30b3a5b666f5f9ed.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 對比雲原生的理念和技術，iPaaS在一些方面的建設做的尚可，包括："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1、建立了脫離了具體客戶和業務場景的通用體系化標準，該標準讓iPaaS變成一個高度開放的體系，同時可通過串聯設計平臺、測試平臺、監控平臺等形成一個一站式雲上開發和協作平臺；"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2、強大和立體式的技術開放共建體系，讓開發者無需關注重複性勞動和底層技術設施和技術複雜度，從而可聚焦和專注在業務代碼和個性化需求的定製上，開發者的研發效率和需求交付效率得到了明顯的提升。覆蓋從大前端（iHub）、Low Code、FaaS、通用版、微前端到中後臺管理系統解決方案（Drip水滴）；"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"3、iPaaS標準+共享能力的複用，在配套技術開放體系，可支撐快速滿足業務的各類需求，助力業務頻繁試錯和創新。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"4、iPaaS背後的系統和平臺支撐了10+個京東大促，大促期間無事故和問題，切高性能高可用的接口保證了大促業務的平穩運營。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"5、iPaaS已開始賦能京東在各個海外站點（泰國站、印尼站）和商業化項目，助力零售技術和業務能力走出公司。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"但同時我們發現iPaaS還存在薄弱的環節或亟待加強提升的地方，結合雲原生的理念和技術，以下是我們的思考和可能的規劃。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"1、應用“雲原生化”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"雲原生應用在構建之初就基於一個重要前提：生在雲上，長在雲上。這就要求應用如同新生兒一樣，除了保留業務代碼外，非功能性代碼和中間件代碼都應剝離出來，交由雲設施來接管，以實現雲原生的理念：應用誕生起就生\/長在雲上，能夠最大化地發揮雲的優勢和價值，實現不在關注非功能性需求的同時系統天然具備輕量、彈性、敏捷和自動化特點。縱觀iPaaS後端應用架構，應用的存儲、消息、服務流量治理、高可用、熔斷容錯、自動恢復能力都是通過相關集成在應用中代碼或中間件SDK來實現的，面臨升級困難、無法跨雲部署等問題。在雲原生時代，雲把三方軟硬件的能力升級成了服務，比如“如何獲取存儲”變成了若干服務，包括對象存儲服務、塊存儲服務等，這些服務把分佈式場景中的高可用挑戰、自動擴縮容挑戰、安全挑戰、運維升級挑戰等都處理了。所以應用需要經過對中間件直接依賴進行解耦，這個過程不是一蹴而就的，依賴應用運行的雲計算環境的水平，但是應用進行對技術基礎設施和技術中間件的直接依賴的解耦是必要的，通過一個標準技術中間層來隔離應用和具體的技術，能夠在條件成熟的時候，幫助應用快速實現雲原生化並部署在雲上。以下是iPaaS實現雲原生應用架構的轉變："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/3e\/a5\/3ee45de13f65a403b914d66717f820a5.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"2、Serverless"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"iPaaS體系在前臺，面對着很多邏輯密集型需求，這些需求變更頻繁，如數據格式化、數據字段轉換和加工、數據標準化處理等，這些需求用傳統的研發流程如Java交付週期會很長，頻繁上線頻繁變更導致線上系統運行穩定造成威脅，針對這些場景，iPaaS提供即寫即用、秒級上線的函數編寫平臺，通過把函數注入到應用程序中，提供本地調用，極大提升了邏輯性需求交付效率，同時也提供事件觸發的方式執行函數，即解耦了技術和平臺，又提升了資源利用率。不過現在的函數平臺只是面對是公司的開發者，用來實現快速交付和個性化邏輯需求的快速定製，要實現真正的FaaS，必須要能做到基於事件觸發機制、自動彈性伸縮、按需付費等特點。iPaaS在實現Serverless化的路上始終抱着開放的心態，利用雲或自研實現函數平臺的Serverless化，都是我們樂見的。以下是未來iPaaS函數平臺的方向和規劃："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/d7\/64\/d75a57dfc14a6ed54e9e0b32b76aa664.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"上圖標註了2種函數執行的方式，第一張是通過函數管理平臺把函數分發到應用本地，針對的是對函數執行延遲敏感的場景，應用直接調用分發到同一個進程中的函數，獲得相應結果或完成某個能力；第二種方式是iPaaS未來需要完善的能力，通過健全基於事件觸發的函數調用機制來實現按需付費，通過Kubernetes+Docker技術來構建可實現自動彈性伸縮能力的Serverless化架構。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"3、Service Mesh"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"面對RPC服務框架如JSF、Dubbo存在的侵入性強、無法跨語言、中間件演變困難、內容多、門檻高、治理功能不全等問題，微服務的發現、流量管理、流量可觀測性等能力完全可以讓跟應用策底解耦的Service Mesh技術來實現。作爲新一代Service Mesh 產品的領航者，Istio 創新性的在原有網格產品的基礎上，添加了控制平面這一結構，使其產品形態更加的完善。這也是爲什麼Istio被稱作第二代 Service Mesh 的原因。Istio能提供："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1) 爲HTTP、gRPC、WebSocket 和 TCP 流量自動負載均衡。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2) 通過豐富的路由規則、重試、故障轉移和故障注入對流量行爲進行細粒度控制。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"3) 提供完善的可觀察性方面的能力，包括對所有網格控制下的流量進行自動化度量、日誌記錄和追蹤。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"4) 提供身份驗證和授權策略，在集羣中實現安全的服務間通信。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/35\/ab\/35914e7589016c40c43f23cd92d72eab.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"iPaaS爲了適應各類雲環境和技術設施，藉助標準技術API來屏蔽應用和具體技術，通過統一適配器來適配不同的技術設施和中間件，使iPaaS可以在不同環境中實現低成本移植。所以以上方案不僅讓iPaaS不依賴Istio，同時集成Istio能夠給平臺帶來諸多如對應用透明、可擴展性、可移植性、策略一致性優勢。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"4、一鍵式商業化項目交付方案"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"1）通用版"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"iPaaS後端通用版能力已經經過了近1年半的改造和演進，目前核心能力通用性、按需根據Maven打包、SPI & BPaaS能力擴展和定製等方面已經發展到一定的水平，可以做到不需要花費很多研發資源下較快把體系遷移到新站點，前提是新站點要具備京東雲技術基礎設施，也就是京東IaaS和PaaS。本文前面也講到技術商業化作爲京東增長的新曲線，可以預見未來會催生越來越多的商業化賽道和項目，iPaaS整體體系解耦京東TPaaS勢在必行。所以爲了iPaaS通用版的方向是進行策底的解耦JD TPaaS改造，通過標準技術API+技術適配層來隔離&適配底層技術。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/e3\/69\/e3e13e6d8073cafbd59e2ba6c8786869.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "},{"type":"text","marks":[{"type":"strong"}],"text":"2）一鍵式交付方案"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"系統有了通用版能力後，我們發現在響應新的站點和商業化項目過程中最大的工作量和難題是如何快速移植、部署整體平臺體系到客戶環境，可能是公有云、私有云，甚至混合雲，這就需要我們依據雲原生技術設計出一套可以快速部署完整iPaaS體系到不同客戶雲環境的能力，且體系可以做到穩定和一致性的方式運行。以下是我們初步設計的方案："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/93\/37\/934f5b504671e5c368ff51d2d520af37.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"5、持續提升iPaaS平臺韌性"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"應用通過接入雲原生服務可以天然獲得可觀測性、高可用、容錯性、自愈等能力，從而構建韌性應用。同時雲原生的架構原則也同樣在我們開發者在開發和設計軟件架構時起到非常好的指導作用，包括服務化、彈性、可觀察性、韌性、自動化、零信任等原則，幫助我們更好的建設系統的高可用基礎能力，包括：從架構設計上，韌性包括服務異步化能力、重試\/限流\/降級\/熔斷 \/ 反壓、主從模式、集羣模式、AZ 內的高可用、單元化、跨 region 容災、異地多活容災等。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"iPaaS在雲原生領域還處在思索和探索的階段，本文只是希望能夠拋磚引玉，文中闡述的理解和想法可能存在紕漏、錯誤，也希望讀者們抱着寬容來閱讀和回覆，有任何問題、建議請回複本文或發送郵件到[email protected]。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"引用："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1、Kubernetes官網："},{"type":"link","attrs":{"href":"https:\/\/kubernetes.io\/","title":null,"type":null},"content":[{"type":"text","marks":[{"type":"underline"}],"text":"Kubernetes官網"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2、阿里雲原生白皮書"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"3、Istio Handbook"}]}]}