云原生架构设计
云原生架构设计
十二要素应用
| 要素 | 说明 |
|---|---|
| 1. 基准代码 | 一份代码,多次部署 |
| 2. 依赖 | 显式声明依赖 |
| 3. 配置 | 在环境中存储配置 |
| 4. 后端服务 | 把后端服务当作附加资源 |
| 5. 构建、发布、运行 | 严格分离构建和运行 |
| 6. 进程 | 以一个或多个无状态进程运行应用 |
| 7. 端口绑定 | 通过端口绑定提供服务 |
| 8. 并发 | 通过进程模型进行扩展 |
| 9. 易处理 | 快速启动和优雅终止 |
| 10. 开发/生产等价 | 尽可能保持开发、发布、线上环境相同 |
| 11. 日志 | 把日志当作事件流 |
| 12. 管理进程 | 后台管理任务当作一次性进程运行 |
配置管理
# 环境变量配置
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
spec:
template:
spec:
containers:
- name: myapp
envFrom:
- configMapRef:
name: app-config
- secretRef:
name: app-secrets
env:
- name: NODE_ENV
value: production
无状态设计
# 无状态应用
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
spec:
replicas: 3
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: myapp
image: myapp:v1
# 不挂载本地存储
# 使用外部存储(Redis、数据库)
健康检查
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
spec:
template:
spec:
containers:
- name: myapp
livenessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
startupProbe:
httpGet:
path: /healthz
port: 8080
failureThreshold: 30
periodSeconds: 10
优雅终止
# Python示例
import signal
import sys
from flask import Flask
app = Flask(__name__)
def shutdown_handler(signum, frame):
# 完成正在处理的请求
# 关闭数据库连接
# 刷新日志
sys.exit(0)
signal.signal(signal.SIGTERM, shutdown_handler)
signal.signal(signal.SIGINT, shutdown_handler)
@app.route('/healthz')
def healthz():
return 'OK'
服务网格
# Istio服务网格
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: myapp
spec:
hosts:
- myapp
http:
- route:
- destination:
host: myapp
subset: v1
weight: 90
- destination:
host: myapp
subset: v2
weight: 10
retries:
attempts: 3
perTryTimeout: 2s
timeout: 10s
实践:云原生应用模板
# 完整的云原生应用配置
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
labels:
app: myapp
spec:
replicas: 3
selector:
matchLabels:
app: myapp
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: myapp
spec:
serviceAccountName: myapp
securityContext:
runAsNonRoot: true
runAsUser: 1000
containers:
- name: myapp
image: myapp:v1
ports:
- containerPort: 8080
envFrom:
- configMapRef:
name: myapp-config
- secretRef:
name: myapp-secrets
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
livenessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
---
apiVersion: v1
kind: Service
metadata:
name: myapp
spec:
selector:
app: myapp
ports:
- port: 80
targetPort: 8080
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: myapp
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: myapp
minReplicas: 3
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
最佳实践
- 容器化一切
- 无状态设计
- 外部化配置
- 健康检查
- 可观测性
- 自动化部署
总结
云原生架构是构建现代应用的最佳实践。遵循十二要素应用原则,可以构建可扩展、可维护、高可用的云原生应用。