This article introduces some discovery of the Java memory usage in Kubernetes and how to set up a reasonable memory request/limit based on the Java heap requirement and the memory usage of the application.
This article introduces how to set up alerts for monitoring Kubernetes Pod restarts and more importantly, when the Pods are OOMKilled we can be notified.
This article explains how to use traffic control to simulate network chaos in Bare metal & Kubernetes, the network chaos can test the resilience of your service under a specified network condition such as packet loss, latency increase, etc.
You might have encountered some 5xx errors during http service rollout on Kubernetes and wonder how to make it more reliable without these errors, this article will first explain where this errors come from and how to fix them and implement zero downtime.
I’ve joined my first Hackathon and worked on a project about using Spinnaker as CI/CD tool within company. The biggest challenge is to install Spinnaker on CentOS 7 with docker-compose.
Envoy has become more and more popular, the basic functionality is quite similar to Nginx, working as a high performace Web server, proxy. But Enovy imported a lot of features that was related to SOA or Microservice like Service Discovery, Circuit Breaker, Rate limiting and so on.
A lot of developers know the roles envoy plays, and the basic functionality it will implement, but don’t know how it organize the architecture and how we understand its configuration well. For me, it’s not easy to understand envoy’s architecture and its configuration since it has a lot of terminology, but if the developer knew how the user traffic goes, he could understand the design of envoy.
Istio has been adopted as a common implementation of service mesh, since more and more companies want to bring Istio into production, the version control of Istio seems a significant problem to solve.
Version control is necessary as Istio components can be treated as the equivalent RPC services like our business services, we need to have an understanding of which version we are using now and what does the next version bring. And some Istio components can cooperate with the others, if we need to upgrade one component we need to upgrade the other components too.
Although the Istio community provides the Istio upgrade method, we don’t actually want to upgrade such a whole thing in one move, it influences so much that we don’t want to risk.
Web服务开启数据压缩,有利于节省带宽。服务器根据客户端请求头所带的Accept-Encoding判断是否需要对返回数据进行压缩,通常支持的压缩格式是gzip。
开发人员可以选择在Web framework中开发一些middleware来实现Gzip,也可以选择使用Nginx gzip,将所有gzip放在nginx中完成。
放在nginx中实现的优势是nginx中gzip性能优秀,能很大程度地减少gzip带来的消耗,像Golang中系统自带库中实现的gzip性能上相比nginx就差很多,并且需要使用对象池进行优化,避免每次创建gzip对象带来的性能损耗,在CPU和内存上占用较大。
如果使用Nginx实现的gzip,那么部署的时候可以有几种方案。
集中式nginx集群
nginx集中部署,通过配置反向代理服务各种应用,优势是部署方便,集中管理。劣势是更新路由也是牵一发动全身,并且需要及时拓容。
每个实例搭配nginx
原本对外暴露的应用现在通过nginx代理,1:1的方式部署,不用担心拓容的问题。需要解决的就是如何保证它们打包部署。
这里讨论Kubernetes中部署Web服务的情况,遇到刚才的方案二,可以在Kubernetes中找到非常匹配的部署方法。
Kubernetes中最小部署单位称为Pod,Pod中可以部署1个以上的功能紧密联系的容器,并且它们共享网络、磁盘,也就是它们能通过localhost:port访问到彼此,那以上的情况nginx作为gzip功能可以说和后端应用是紧密结合,所以可以以sidecar的形式部署。
如果你的应用监听在8080端口,nginx监听在8090,可以如下配置
1 | user nginx; |
1 | server { |
Update your browser to view this website correctly.&npsb;Update my browser now