什么是性能分析？ (What is Profiling?)

Profiling is the act of analyzing the performance of applications in order to improve poorly performing sections of code.One of the most popular ways to visualize a profile and quickly identifying performance issues is by generating a Flame Graph.

概要分析是分析应用程序性能以改善代码段性能的行为。可视化配置文件并快速识别性能问题的最流行方法之一是生成“火焰图”。

The y-axis is stack depth, and the x-axis spans the sample population. Each rectangle is a function, where the width shows how often it was present in the profile. The ordering from left to right is unimportant (the stacks are sorted alphabetically).

y轴是堆栈深度，x轴跨越样本总体。 每个矩形都是一个函数，其中的宽度表示它在配置文件中出现的频率。 从左到右的顺序并不重要(堆栈按字母顺序排序)。

问题：在Kubernetes上进行概要分析 (The Problem: Profiling on Kubernetes)

Profiling is a non-trivial task. Most profilers have two main problems:

概要分析是一项艰巨的任务。 大多数探查器有两个主要问题：

• Require application modifications. Usually, either by adding flags to the execution command or by importing some profiling library into your code.需要修改应用程序。 通常，可以通过将标志添加到执行命令或将一些性能分析库导入代码中来实现。
• Profiling in production is typically avoided due to the significant performance hit during the profiling process.由于在性能分析过程中会严重影响性能，因此通常避免在产品中进行性能分析。

Choosing the right profiler may solve those problems, but it requires research and usually depends on the programming language and the operating system.

选择正确的探查器可能会解决这些问题，但是这需要进行研究，并且通常取决于编程语言和操作系统。

Profiling is even harder when performed on applications running inside a Kubernetes cluster. A new container image, which includes the profiling modifications, needs to be deployed instead of the currently running container. In addition, some performance issues may disappear when an application restarts, which makes debugging difficult.

在Kubernetes集群中运行的应用程序上执行分析时，甚至更加困难。 需要部署一个包含配置文件修改的新容器映像，而不是当前正在运行的容器。 此外，当应用程序重新启动时，某些性能问题可能会消失，这使调试变得困难。

解决方案：kubectl火焰 (The Solution: kubectl flame)

Kubectl flame is a kubectl plugin that makes profiling applications running in Kubernetes a smooth experience without requiring any application modifications or downtime. Also, kubectl flame aims to be production-friendly by minimizing the performance hit.

Kubectl Flame是一个kubectl插件，可以使在Kubernetes中运行的分析应用程序获得流畅的体验，而无需进行任何应用程序修改或停机。 另外，kubectl flame的目标是通过最大程度地降低性能损失来实现生产友好。

The plugin currently supports JVM based languages (additional languages support is coming soon!).

该插件当前支持基于JVM的语言(即将支持其他语言！)。

用法 (Usage)

分析Kubernetes Pod (Profiling Kubernetes Pod)

To profile pod mypod for 1 minute and save the flame graph as /tmp/flamegraph.svg run:

要配置pod mypod 1分钟，并将火焰图保存为/tmp/flamegraph.svg，请运行：

kubectl flame mypod -t 1m -f /tmp/flamegraph.svg

分析基于阿尔卑斯的容器 (Profiling Alpine based container)

Profiling alpine based containers require using — alpine flag:

对基于高山的容器进行概要分析需要使用-高山标志：

kubectl flame mypod -t 1m -f /tmp/flamegraph.svg --alpine

分析侧面车集装箱 (Profiling sidecar container)

Pods that contain more than one container require specifying the target container as an argument:

包含多个容器的Pod需要指定目标容器作为参数：

kubectl flame mypod -t 1m -f /tmp/flamegraph.svg mycontainer

这个怎么运作 (How it works)

Kubectl flame uses the most performant profiler for every supported language. A vital requirement of a supported profiler is being able to profile without any changes to the target process. The profiling flow is started by launching a profiler container on the same node as the target container. Most profilers will need to share some resources with the target container:PID namespace sharing is enabled by setting hostPID to true.Filesystem sharing is enabled by mounting /var/lib/docker and querying overlayFS.The current JVM support is based on async-profiler.

Kubectl Flame对每种受支持的语言使用性能最高的探查器。 受支持的探查器的一项至关重要的要求是能够探查而不对目标过程进行任何更改。 通过在与目标容器相同的节点上启动探查器容器来启动分析流程。 大多数探查器将需要与目标容器共享一些资源：通过将hostPID设置为true来启用PID名称空间共享。通过挂载/ var / lib / docker并查询overlayFS来启用文件系统共享。当前的JVM支持基于async-profiler 。

未来发展 (Future Development)

The following features are already in progress and should be available in the next versions of kubectl flame:

以下功能已经在开发中，并且在下一版本的kubectl flame中应该可用：

• Golang support via eBPF profiling通过eBPF分析支持Golang
• Auto-detection of target container programming language自动检测目标容器编程语言
• Python supportPython支持

• Support Kubernetes clusters not based on Docker as a container runtime (Kind)

  支持不基于Docker的Kubernetes集群作为容器运行时( Kind )

摘要 (Summary)

Performance-related issues are among the hardest bugs to solve. Next time you face performance problems in your production system, consider using kubectl flame to identify the root cause quickly.

与性能相关的问题是最难解决的错误。 下次在生产系统中遇到性能问题时，请考虑使用kubectl flame快速确定根本原因。

The kubectl flame source code is available on this Github repository.Feel free to reach out or submit pull requests if you have any suggestions.

这个Github仓库提供了kubectl flame源代码。如有任何建议，请随时与我们联系或提交拉取请求。