EDAS应用管理引擎升级了新的应用模型,同时支持原生K8s工作负载结合策略配置CR管理应用生命周期。此外,基于原生K8s工作负载转换后的EDAS应用也默认集成了可观测、服务治理能力,结合EDAS控制台可快速实现应用监控的可视化。本操作步骤流程以Deployment工作负载为例。
将K8s Deployment转换为EDAS应用
前提条件:请您确保该集群已导入EDAS。具体操作,请参见在EDAS控制台导入Kubernetes集群和使用Helm方式导入Kubernetes集群。
使用
kubectl命令安装一份原生K8s Deployment。apiVersion: apps/v1 kind: Deployment metadata: name: native-deploy-a namespace: default spec: replicas: 2 selector: matchLabels: app: native-deploy-a template: metadata: labels: app: native-deploy-a test: "aaa" spec: containers: - name: group-1 image: registry.cn-hangzhou.aliyuncs.com/edas_unified_test/sc-mq-a:headers imagePullSecrets: - name: testkubectl apply -f native-deploy.yaml编辑Deployment,增加一个labels,标识需要将此Deployment转换为EDAS应用。
说明应用名需要与Deployment名称一致。
apiVersion: apps/v1 kind: Deployment metadata: labels: cloudapp.alibabacloud.com/app: native-deploy-a name: native-deploy-a namespace: default spec: replicas: 2 selector: matchLabels: app: native-deploy-a template: metadata: labels: app: native-deploy-a test: "aaa" spec: containers: - name: group-1 image: registry.cn-hangzhou.aliyuncs.com/edas_unified_test/sc-mq-a:headers imagePullSecrets: - name: testkubectl apply -f native-deploy.yaml检查新建Pod是否已注入EDAS环境变量。默认情况下,当前应用已注册至EDAS托管的注册配置中心。
kubectl get pod native-deploy-b-7795bdfb5f-nvfbz -oyaml | grep EDAS
登录EDAS控制台查看,当前Deployment已转换为EDAS应用。
请您检查服务列表,以查看已注册的微服务。
检查应用监控详情,进行应用JVM性能的监控检查、SQL分析、调用链分析等。
使用原生K8s工作负载进行人工可控的分批发布
前提条件:请您确保需要接管的应用部署的集群已导入EDAS。具体操作,请参见在EDAS控制台导入Kubernetes集群和使用Helm方式导入Kubernetes集群。
使用
kubectl命令创建一份应用发布配置CR。该实例配置描述了按两批进行应用发布。说明请您确保此处的批次数量小于副本数量。
apiVersion: cloudapp.alibabacloud.com/v1 kind: CanaryReleasePolicy metadata: name: test-canary-release-policy spec: config: batch: 2使用
kubectl命令安装一份原生K8s Deployment,并配置标签转换为EDAS应用。apiVersion: apps/v1 kind: Deployment metadata: labels: cloudapp.alibabacloud.com/app: native-deploy-a name: native-deploy-a namespace: default spec: replicas: 2 selector: matchLabels: app: native-deploy-a template: metadata: labels: app: native-deploy-a test: "aaa" spec: containers: - name: group-1 image: registry.cn-hangzhou.aliyuncs.com/edas_unified_test/sc-mq-a:headers imagePullSecrets: - name: test为Deployment配置annotation,关联步骤 1中的发布配置,并调整Template触发应用发布。
apiVersion: apps/v1 kind: Deployment metadata: labels: cloudapp.alibabacloud.com/app: native-deploy-a annotations: cloudapp.alibabacloud.com/canary-release-policy: test-canary-release-policy name: native-deploy-a namespace: default spec: replicas: 2 selector: matchLabels: app: native-deploy-a template: metadata: labels: app: native-deploy-a test: "aaa" spec: containers: - name: group-1 image: registry.cn-hangzhou.aliyuncs.com/edas_unified_test/sc-mq-a:headers imagePullSecrets: - name: test检查应用发布状态,发现应用新版本的Pod只发布了一个Pod,仍有一个Pod处于旧版本。
移除Deployment的
cloudapp.alibabacloud.com/release-paused注解,触发下一批次的实例发布。
使用原生K8s工作负载进行按内容金丝雀灰度发布
当前金丝雀发布仅支持Java微服务应用,金丝雀灰度分批默认为第一批次。
使用
kubectl命令创建一份应用金丝雀发布策略配置,其中包含灰度实例数量、发布批次、灰度流量规则。apiVersion: cloudapp.alibabacloud.com/v1 kind: CanaryReleasePolicy metadata: name: test-canary-content-policy spec: config: batch: 2 canaryReplicas: 1 canaryConfig: http: - matches: - headers: - name: env type: Equal values: - grey matchPolicy: OR path: type: Equal values: - /b在本示例配置中,设置了发布批次为两批,金丝雀灰度批次发布实例一台,则后续剩余一台实例将分为一批进行发布。此外,配置了灰度流量规则:当请求路径为
/b,并且请求头中的env值为grey时,消费者实例的流量将被转发至灰度实例。在部署过程中,存在应用调用关系的测试应用包括A、B、C。其中,应用B为待进行金丝雀发布的对象,其副本数量为2。
apiVersion: apps/v1 kind: Deployment metadata: labels: cloudapp.alibabacloud.com/app: native-deploy-a name: native-deploy-a namespace: default spec: replicas: 1 selector: matchLabels: app: native-deploy-a template: metadata: labels: app: native-deploy-a test: "aaa" spec: containers: - name: group-1 image: registry.cn-hangzhou.aliyuncs.com/edas_unified_test/sc-mq-a:headers imagePullSecrets: - name: test --- apiVersion: apps/v1 kind: Deployment metadata: labels: cloudapp.alibabacloud.com/app: native-deploy-b name: native-deploy-b namespace: default spec: replicas: 2 selector: matchLabels: app: native-deploy-b template: metadata: labels: app: native-deploy-b test: "aaa" spec: containers: - name: group-1 image: registry.cn-hangzhou.aliyuncs.com/edas_unified_test/sc-mq-b:headers imagePullSecrets: - name: test --- apiVersion: apps/v1 kind: Deployment metadata: labels: cloudapp.alibabacloud.com/app: native-deploy-c name: native-deploy-c namespace: default spec: replicas: 1 selector: matchLabels: app: native-deploy-c template: metadata: labels: app: native-deploy-c test: "aaa" spec: containers: - name: group-1 image: registry.cn-hangzhou.aliyuncs.com/edas_unified_test/sc-mq-c:headers imagePullSecrets: - name: test连接到应用A实例中,验证当前未关联规则时,应用间的调用关系。
for i in {1..10000}; do curl http://127.0.0.1:8080/a?tag=zone ; echo ""; done
根据结果可以看到应用A请求会轮询访问应用B实例(XX.XX.0.24、XX.XX.0.62)。
为应用B配置Annotation关联发布策略,同时更新应用B的Template模板触发应用发布(本示例中新增了label)。
apiVersion: apps/v1 kind: Deployment metadata: annotations: cloudapp.alibabacloud.com/canary-release-policy: test-canary-content-policy labels: cloudapp.alibabacloud.com/app: native-deploy-b name: native-deploy-b namespace: default spec: replicas: 2 selector: matchLabels: app: native-deploy-b template: metadata: labels: app: native-deploy-b newlabel: newlabelvalue spec: containers: - name: group-1 image: registry.cn-hangzhou.aliyuncs.com/edas_unified_test/sc-mq-b:headers imagePullSecrets: - name: test查看当前应用B的更新状态,可以发现仅在步骤1中配置的一台金丝雀实例进行了灰度批次的发布,剩余一台仍保持在旧版本的稳定状态。
kubectl get pod -l app=native-deploy-b
新版本Pod IP(灰度):XX.XX.0.13,旧版本Pod IP:XX.XX.0.54
验证灰度过程中的流量,登录应用A实例中,调用接口验证流量转发按策略进行转发。
# 基线流量 for i in {1..10}; do curl http://127.0.0.1:8080/a?tag=zone ; echo ""; done # 灰度流量 for i in {1..10}; do curl -H "env: grey" http://127.0.0.1:8080/a?tag=zone ; echo ""; done
移除Deployment上的发布挂起注解
cloudapp.alibabacloud.com/release-paused,以触发下一批次的实例更新,并验证流量。
使用原生K8s工作负载进行按比例金丝雀灰度发布
操作步骤与使用原生K8s工作负载进行按内容金丝雀灰度发布相同,仅调整其步骤1中设置发布模板配置。其中
percentage需要配置为小于100的字符串。在本配置示例中,设置了比例为10%,即有10%流量进入灰度的实例中。apiVersion: cloudapp.alibabacloud.com/v1 kind: CanaryReleasePolicy metadata: name: test-canary-content-policy spec: config: batch: 2 canaryReplicas: 1 canaryConfig: percentage: "10"更新应用B的Deployment中关联配置的
annotation及template。apiVersion: apps/v1 kind: Deployment metadata: annotations: cloudapp.alibabacloud.com/namespace: cn-hangzhou cloudapp.alibabacloud.com/canary-release-policy: test-canary-percent-policy labels: cloudapp.alibabacloud.com/app: native-deploy-b name: native-deploy-b namespace: default spec: replicas: 2 selector: matchLabels: app: native-deploy-b template: metadata: annotations: testanno: testannovalue labels: app: native-deploy-b newlabel: newlabelvalue newlabel.percent: newlabelvalue spec: containers: - name: group-1 image: registry.cn-hangzhou.aliyuncs.com/edas_unified_test/sc-mq-b:headers imagePullSecrets: - name: test检查当前实例更新状态。
新版本Pod IP(灰度):XX.XX.0.9,旧版本Pod IP:XX.XX.0.87
登录应用A检查流量转发比例(可多次调用取样验证比例),如下图所示。根据结果,可以确认流量转发比例符合灰度规则。
移除应用B的Deployment上的发布阻塞注解
cloudapp.alibabacloud.com/release-paused,检查应用实例的变更状态及流量分发比例符合预期。
使用原生K8s工作负载配置同可用区优先策略
创建应用运行时配置策略,指定应用运行时启用同可用区优先配置,并设置阈值为0.2(当服务提供者与消费者实例在同可用区的实例数量大于20%,同可用区优先策略生效)。
apiVersion: cloudapp.alibabacloud.com/v1 kind: CloudAppRuntimePolicy metadata: name: demo-cloudapp-runtime-policy spec: localityLoadBalancer: enable: true threshold: "0.2"部署存在微服务调用关系的应用A、B、C, 且应用B部署副本数为2,可以通过Pod反亲和策略配置Pod分布到不同的可用区Node节点上。
apiVersion: apps/v1 kind: Deployment metadata: labels: cloudapp.alibabacloud.com/app: native-deploy-a name: native-deploy-a namespace: default spec: replicas: 1 selector: matchLabels: app: native-deploy-a template: metadata: labels: app: native-deploy-a test: "aaa" spec: containers: - name: group-1 image: registry.cn-hangzhou.aliyuncs.com/edas_unified_test/sc-mq-a:headers imagePullSecrets: - name: test --- apiVersion: apps/v1 kind: Deployment metadata: labels: cloudapp.alibabacloud.com/app: native-deploy-b name: native-deploy-b namespace: default spec: replicas: 2 selector: matchLabels: app: native-deploy-b template: metadata: labels: app: native-deploy-b test: "aaa" spec: containers: - name: group-1 image: registry.cn-hangzhou.aliyuncs.com/edas_unified_test/sc-mq-b:headers imagePullSecrets: - name: test --- apiVersion: apps/v1 kind: Deployment metadata: labels: cloudapp.alibabacloud.com/app: native-deploy-c name: native-deploy-c namespace: default spec: replicas: 1 selector: matchLabels: app: native-deploy-c template: metadata: labels: app: native-deploy-c test: "aaa" spec: containers: - name: group-1 image: registry.cn-hangzhou.aliyuncs.com/edas_unified_test/sc-mq-c:headers imagePullSecrets: - name: test验证应用B未关联应用配置策略时,请求调用链路与可用区的关系。
for i in {1..20}; do curl http://127.0.0.1:8080/a?tag=zone ; sleep 0.3; echo ""; done
由验证效果可见,当未关联运行时策略时,应用A实例(
cn-hangzhou-j)访问应用B会交替在cn-hangzhou-i和cn-hangzhou-j两个可用区的实例轮询访问。应用B通过Annotation与应用运行时策略关联。该配置动态生效。
apiVersion: apps/v1 kind: Deployment metadata: annotations: cloudapp.alibabacloud.com/namespace: cn-hangzhou cloudapp.alibabacloud.com/runtime-policy: demo-cloudapp-runtime-policy labels: cloudapp.alibabacloud.com/app: native-deploy-b name: native-deploy-b namespace: default spec: replicas: 2 selector: matchLabels: app: native-deploy-b template: metadata: annotations: testanno: testannovalue labels: app: native-deploy-b newlabel: newlabelvalue newlabel.percent: newlabelvalue2 spec: containers: - name: group-1 image: registry.cn-hangzhou.aliyuncs.com/edas_unified_test/sc-mq-b:headers imagePullSecrets: - name: test验证此时应用A与应用B调用请求链路的可用区关系分布。应用A(
cn-hangzhou-j)会优先访问应用B中(cn-hangzhou-j)的实例。
移除应用B Deployment上步骤4添加的注解。
apiVersion: apps/v1 kind: Deployment metadata: annotations: cloudapp.alibabacloud.com/namespace: cn-hangzhou labels: cloudapp.alibabacloud.com/app: native-deploy-b name: native-deploy-b namespace: default spec: replicas: 2 selector: matchLabels: app: native-deploy-b template: metadata: annotations: testanno: testannovalue labels: app: native-deploy-b newlabel: newlabelvalue newlabel.percent: newlabelvalue2 spec: containers: - name: group-1 image: registry.cn-hangzhou.aliyuncs.com/edas_unified_test/sc-mq-b:headers imagePullSecrets: - name: test验证此时流量调用链路的可用区分布。可见移除配置策略关联后,应用A(cn-hangzhou-j)重新在可用区(
cn-hangzhou-i和cn-hangzhou-j)间轮询访问。
使用原生K8s工作负载配置无损上线策略
创建应用更新时策略配置,启用应用更新时服务上线预热配置。在示例配置中,启用了服务上线预热并配置预热时长为180秒,接收流量比例变化曲度为2。
apiVersion: cloudapp.alibabacloud.com/v1 kind: CloudAppUpdatePolicy metadata: name: demo-cloudapp-update-policy spec: online: enable: true readinessAfterRegister: true readinessAfterWarmup: true registerDelaySecs: 0 warmupCurvature: 2 warmupDurationSecs: 180创建存在微服务调用关系的应用A、B、C应用。
说明此时配置的应用副本数均为1,后续应用的服务预热效果通过扩容应用B的副本数为2,并检查新扩容Pod接收流量。
apiVersion: apps/v1 kind: Deployment metadata: labels: cloudapp.alibabacloud.com/app: native-deploy-a name: native-deploy-a namespace: default spec: replicas: 1 selector: matchLabels: app: native-deploy-a template: metadata: labels: app: native-deploy-a test: "aaa" spec: containers: - name: group-1 image: registry.cn-hangzhou.aliyuncs.com/edas_unified_test/sc-mq-a:headers imagePullSecrets: - name: test --- apiVersion: apps/v1 kind: Deployment metadata: labels: cloudapp.alibabacloud.com/app: native-deploy-b name: native-deploy-b namespace: default spec: replicas: 1 selector: matchLabels: app: native-deploy-b template: metadata: labels: app: native-deploy-b test: "aaa" spec: containers: - name: group-1 image: registry.cn-hangzhou.aliyuncs.com/edas_unified_test/sc-mq-b:headers imagePullSecrets: - name: test --- apiVersion: apps/v1 kind: Deployment metadata: labels: cloudapp.alibabacloud.com/app: native-deploy-c name: native-deploy-c namespace: default spec: replicas: 1 selector: matchLabels: app: native-deploy-c template: metadata: labels: app: native-deploy-c test: "aaa" spec: containers: - name: group-1 image: registry.cn-hangzhou.aliyuncs.com/edas_unified_test/sc-mq-c:headers imagePullSecrets: - name: test登录应用A实例中持续发起流量,登录EDAS控制台观察应用B接收流量。当前应用B总实例数为1,且稳定接收流量中。
配置应用B关联应用更新时配置支持服务优雅上线预热配置,并调整应用B实例的副本数为2。
apiVersion: apps/v1 kind: Deployment metadata: annotations: cloudapp.alibabacloud.com/namespace: cn-hangzhou cloudapp.alibabacloud.com/update-policy: demo-cloudapp-update-policy labels: cloudapp.alibabacloud.com/app: native-deploy-b name: native-deploy-b namespace: default spec: replicas: 2 selector: matchLabels: app: native-deploy-b template: metadata: labels: app: native-deploy-b test: "aaa" spec: containers: - name: group-1 image: registry.cn-hangzhou.aliyuncs.com/edas_unified_test/sc-mq-b:headers imagePullSecrets: - name: test登录EDAS控制台,进入应用B的详情页面,选择,可以看到新扩容的Pod实例接收请求数量变化。
新扩容实例在预热时间段内先接受小比例流量,预热结束后与旧实例等比例分摊流量。
