Mun yi farin cikin gabatar da sigar samfoti (NSM), gungun sabis na nauyi mai nauyi wanda ke amfani da jirgin sama na tushen NGINX Plus don sarrafa zirga-zirgar kwantena a cikin wuraren Kubernetes.
NSM kyauta ne . Muna fatan za ku gwada shi don dev da mahallin gwaji - kuma ku sa ido kan ra'ayoyin ku .
Aiwatar da hanyoyin microservices yana cike da wahalhalu yayin da sikelin isarwa ke girma, da kuma rikitarwa. Sadarwa tsakanin sabis yana zama mai rikitarwa, matsalolin gyara matsala suna zama da wahala, kuma ƙarin ayyuka suna buƙatar ƙarin albarkatu don sarrafawa.
NSM tana magance waɗannan matsalolin ta hanyar samar muku da:
- Tsaro, wanda yanzu ya fi kowane lokaci muhimmanci. Keɓancewar bayanai na iya jawo wa kamfani asarar miliyoyin daloli a shekara a cikin asarar kudaden shiga da kuma suna. NSM tana tabbatar da cewa an rufaffen duk haɗin kai ta amfani da mTLS, don haka babu wasu mahimman bayanai waɗanda masu kutse za su iya sacewa ta hanyar hanyar sadarwa. Ikon shiga yana ba ku damar saita manufofi don yadda sabis ke sadarwa tare da wasu ayyuka.
- sarrafa zirga-zirga. Lokacin aikawa da sabon sigar aikace-aikacen, ƙila za ku so farawa ta hanyar taƙaita zirga-zirga masu shigowa zuwa gare shi idan akwai kuskure. Tare da sarrafa zirga-zirgar kwantena na hankali na NSM, zaku iya saita manufar hana zirga-zirga don sabbin ayyuka waɗanda zasu haɓaka zirga-zirga akan lokaci. Sauran fasalulluka, kamar ƙayyadaddun saurin gudu da masu watsewar da'ira, suna ba ku cikakken iko akan zirga-zirgar duk ayyukan ku.
- Nunawa. Sarrafa dubban ayyuka na iya zama ɓarna da hangen nesa. NSM yana taimakawa wajen magance wannan yanayin tare da ginanniyar dashboard na Grafana wanda ke nuna duk fasalulluka da ke cikin NGINX Plus. Haka kuma Buɗe Binciken da aka aiwatar yana ba ku damar saka idanu kan ma'amaloli daki-daki.
- Haɗin kai, idan kamfanin ku, kamar yawancin sauran, baya amfani da kayan aikin da ke gudana gaba ɗaya akan Kubernetes. NSM tana tabbatar da cewa ba a bar aikace-aikacen gado ba tare da kula da su ba. Tare da taimakon NGINX Kubernetes Ingress Controller da aka aiwatar, ayyukan gado za su sami damar sadarwa tare da ayyukan raga, kuma akasin haka.
NSM kuma yana tabbatar da amincin aikace-aikacen a cikin mahallin amintaccen sifili ta hanyar yin amfani da ɓoyayyen ɓoyewa da tantancewa ga zirga-zirgar kwantena. Hakanan yana ba da hangen nesa na ma'amala da bincike, yana taimaka muku cikin sauri da daidai ƙaddamar da turawa da warware matsalolin. Hakanan yana ba da ikon sarrafa zirga-zirgar granular, yana ba ƙungiyoyin DevOps damar turawa da haɓaka sassan aikace-aikacen yayin ba da damar masu haɓakawa don haɓakawa da haɗa aikace-aikacen da aka rarraba cikin sauƙi.
Ta yaya NGINX Sabis Mesh ke aiki?
NSM ta ƙunshi haɗaɗɗiyar jirgin sama don zirga-zirgar a kwance (sabis-zuwa-sabis) da kuma NGINX Plus Ingress Controller don zirga-zirgar zirga-zirgar tsaye, wanda jirgin sama guda ɗaya ke sarrafa shi.
An ƙirƙira jirgin sama na musamman kuma an inganta shi don jirgin bayanan NGINX Plus kuma yana bayyana ka'idodin sarrafa zirga-zirgar da aka rarraba a cikin motocin gefe na NGINX Plus.
A cikin NSM, ana shigar da proxies na gefe don kowane sabis a cikin raga. Suna yin mu'amala tare da buɗaɗɗen mafita masu zuwa:
- Grafana, Prometheus siga na gani, ginannen kwamitin NSM yana taimaka muku da aikinku;
- Kubernetes Ingress Controllers, don sarrafa zirga-zirga masu shigowa da masu fita a cikin raga;
- SPIRE, CA don sarrafawa, rarrabawa da sabunta takaddun shaida a cikin raga;
- NATS, tsarin sikeli don aika saƙonni, kamar sabunta hanyoyin, daga jirgin sama mai sarrafawa zuwa motocin gefe;
- Buɗe Binciko, ɓarna rarraba (Zipkin da Jaeger suna goyan bayan);
- Prometheus, tattarawa da adana halaye daga motocin gefe na NGINX Plus, kamar adadin buƙatun, haɗin kai da musafaha SSL.
Ayyuka da abubuwan da aka gyara
NGINX Plus a matsayin jirgin bayanai yana rufe wakili na gefen mota (hanyoyi a kwance) da mai sarrafa Ingress (a tsaye), tsangwama da sarrafa zirga-zirgar kwantena tsakanin sabis.
Siffofin sun haɗa da:
- Tabbacin TLS (mTLS) na Mutual;
- Daidaita kaya;
- Haƙuri da kuskure;
- Iyakar sauri;
- Watsewar zagaye;
- Blue-kore da kayan aikin canary;
- Ikon shiga.
Ƙaddamar da NGINX Sabis Mesh
Don gudanar da NSM kuna buƙatar:
- samun damar zuwa yanayin Kubernetes. NGINX Sabis na Sabis yana goyan bayan dandamali na Kubernetes da yawa, ciki har da Amazon Elastic Container Service for Kubernetes (EKS), Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), VMware vSphere, da kuma Kubernetes gungu na yau da kullum da aka tura akan sabar kayan aiki;
- Kayan aiki
kubectl, shigar a kan injin da za a shigar da NSM; - Samun dama ga fakitin Sabis na Sabis na NGINX. Kunshin ya ƙunshi hotunan NSM da ake buƙata don lodawa zuwa wurin yin rajista na sirri don kwantena da ke cikin gungu na Kubernetes. Kunshin kuma ya ƙunshi
nginx-meshctl, ana buƙatar tura NSM.
Don tura NSM tare da saitunan tsoho, gudanar da umarni mai zuwa. Yayin turawa, ana nuna saƙon da ke nuna nasarar shigar da abubuwan haɗin gwiwa kuma, a ƙarshe, saƙon da ke nuna cewa NSM yana gudana a cikin wani sunan daban (yana buƙatar farko. kuma sanya shi a cikin Registry. kusan mai fassara):
$ DOCKER_REGISTRY=your-Docker-registry ; MESH_VER=0.6.0 ;
./nginx-meshctl deploy
--nginx-mesh-api-image "${DOCKER_REGISTRY}/nginx-mesh-api:${MESH_VER}"
--nginx-mesh-sidecar-image "${DOCKER_REGISTRY}/nginx-mesh-sidecar:${MESH_VER}"
--nginx-mesh-init-image "${DOCKER_REGISTRY}/nginx-mesh-init:${MESH_VER}"
--nginx-mesh-metrics-image "${DOCKER_REGISTRY}/nginx-mesh-metrics:${MESH_VER}"
Created namespace "nginx-mesh".
Created SpiffeID CRD.
Waiting for Spire pods to be running...done.
Deployed Spire.
Deployed NATS server.
Created traffic policy CRDs.
Deployed Mesh API.
Deployed Metrics API Server.
Deployed Prometheus Server nginx-mesh/prometheus-server.
Deployed Grafana nginx-mesh/grafana.
Deployed tracing server nginx-mesh/zipkin.
All resources created. Testing the connection to the Service Mesh API Server...
Connected to the NGINX Service Mesh API successfully.
NGINX Service Mesh is running.Don ƙarin zaɓuɓɓuka, gami da saitunan ci gaba, gudanar da wannan umarni:
$ nginx-meshctl deploy –hBincika cewa jirgin sama mai sarrafawa yana aiki daidai a cikin filin suna nginx-mesh, zaku iya yin wannan:
$ kubectl get pods –n nginx-mesh
NAME READY STATUS RESTARTS AGE
grafana-6cc6958cd9-dccj6 1/1 Running 0 2d19h
mesh-api-6b95576c46-8npkb 1/1 Running 0 2d19h
nats-server-6d5c57f894-225qn 1/1 Running 0 2d19h
prometheus-server-65c95b788b-zkt95 1/1 Running 0 2d19h
smi-metrics-5986dfb8d5-q6gfj 1/1 Running 0 2d19h
spire-agent-5cf87 1/1 Running 0 2d19h
spire-agent-rr2tt 1/1 Running 0 2d19h
spire-agent-vwjbv 1/1 Running 0 2d19h
spire-server-0 2/2 Running 0 2d19h
zipkin-6f7cbf5467-ns6wc 1/1 Running 0 2d19hYa danganta da saitunan turawa waɗanda suka saita manufofin allura na hannu ko ta atomatik, za a ƙara proxies na NGINX zuwa aikace-aikace ta tsohuwa. Don musaki ƙara ta atomatik, karanta
Misali, idan muka tura aikace-aikacen barci cikin suna tsoho, sa'an nan kuma duba Pod - za mu ga kwantena guda biyu masu gudana, aikace-aikacen barci da kuma abin da ke da alaƙa:
$ kubectl apply –f sleep.yaml
$ kubectl get pods –n default
NAME READY STATUS RESTARTS AGE
sleep-674f75ff4d-gxjf2 2/2 Running 0 5h23mHakanan zamu iya saka idanu akan aikace-aikacen barci a cikin NGINX Plus panel, gudanar da wannan umarni don samun damar mota ta gefe daga injin ku:
$ kubectl port-forward sleep-674f75ff4d-gxjf2 8080:8886Sai mu shiga kawai a cikin browser. Hakanan zaka iya haɗawa zuwa Prometheus don saka idanu akan aikace-aikacen barci.
Kuna iya amfani da albarkatun Kubernetes guda ɗaya don daidaita manufofin zirga-zirga, kamar ikon samun dama, iyakance ƙima da warwarewar da'ira, don wannan duba.
ƙarshe
NGINX Sabis Mesh yana samuwa don saukewa kyauta a . Gwada shi a cikin dev ɗinku da mahallin gwaji da .
Don gwada NGINX Plus Ingress Controller, kunna kwana 30, ko don tattauna batutuwan amfani da ku.
Fassarar Pavel Demkovich, injiniyan kamfani . Gudanar da tsarin don RUB 15 kowane wata. Kuma a matsayin rabuwa daban - cibiyar horo , Aiki kuma ba komai bane illa aiki.
source: www.habr.com