ProHoster > Pūnaewele > Nā Administration > Loaʻa ka NGINX Service Mesh

Loaʻa ka NGINX Service Mesh

Loaʻa ka NGINX Service Mesh

Ua hauʻoli mākou i ka hōʻike ʻana i kahi mana ʻike NGINX Service Mesh (NSM), he puʻupuʻu lawelawe māmā e hoʻohana ana i kahi mokulele ʻikepili i hoʻokumu ʻia ma NGINX Plus no ka hoʻokele ʻana i nā pahu pahu ma nā kaiapuni Kubernetes.

NSM manuahi ʻike maʻaneʻi. Manaʻo mākou e hoʻāʻo ʻoe iā ia no ka dev a me nā kaiapuni hoʻāʻo - a e kakali i kāu manaʻo ma GitHub.

Hoʻopili ʻia ka hoʻokō ʻana i nā ʻano microservices me nā pilikia i ka ulu ʻana o ka nui o ka lawe ʻana, a me kona paʻakikī. ʻOi aku ka paʻakikī o ka kamaʻilio ʻana ma waena o nā lawelawe, ʻoi aku ka paʻakikī o ka hoʻopiʻi ʻana i nā pilikia, a ʻoi aku ka nui o nā lawelawe e koi aku i nā kumuwaiwai e hoʻokele.

Hoʻoponopono ʻo NSM i kēia mau pilikia ma ka hāʻawi ʻana iā ʻoe me:

  • Ka maluhia, ka mea nui i kēia manawa ma mua o ka wā ma mua. Hiki i ka uhaki ʻikepili ke kūʻai i kahi hui miliona miliona i kēlā me kēia makahiki i ka nalowale o ka loaʻa kālā a me ka inoa. Mālama ʻo NSM i ka hoʻopili ʻia ʻana o nā pilina a pau me ka mTLS, no laila ʻaʻohe ʻikepili koʻikoʻi e hiki ke ʻaihue ʻia e nā hackers ma luna o ka pūnaewele. Hiki iā ʻoe ke hoʻonohonoho i nā kulekele no ke kamaʻilio ʻana o nā lawelawe me nā lawelawe ʻē aʻe.
  • hooponopono kaapuni. I ka hoʻouna ʻana i kahi mana hou o kahi noi, makemake paha ʻoe e hoʻomaka ma ka hoʻopaʻa ʻana i ke kaʻa komo ʻana iā ia inā he hewa. Me ka hoʻokele kaʻa ipu naʻauao o NSM, hiki iā ʻoe ke hoʻonohonoho i kahi kulekele kaohi ʻana no nā lawelawe hou e hoʻonui ai i ke kaʻa i ka manawa. ʻO nā hiʻohiʻona ʻē aʻe, e like me ka palena wikiwiki a me nā mea haʻihaʻi kaapuni, hāʻawi iā ʻoe i ka mana piha ma luna o ka holo kaʻa o kāu mau lawelawe āpau.
  • Hōʻikeʻike. ʻO ka mālama ʻana i nā tausani o nā lawelawe hiki ke lilo i mea hoʻopiʻi a me ka ʻike maka. Kōkua ʻo NSM i kēia kūlana me kahi dashboard Grafana i kūkulu ʻia e hōʻike ana i nā hiʻohiʻona āpau i loaʻa ma NGINX Plus. A ʻo ka Open Tracing i hoʻokō ʻia e ʻae iā ʻoe e nānā i nā hana kikoʻī.
  • Hāʻawi ʻia ʻo Hybrid, inā ʻaʻole hoʻohana kāu hui, e like me ka hapa nui o nā ʻoihana e holo holoʻokoʻa ana ma Kubernetes. Mālama ʻo NSM i ka waiho ʻole ʻia o nā noi hoʻoilina. Me ke kōkua o ka NGINX Kubernetes Ingress Controller, hiki i nā lawelawe hoʻoilina ke kamaʻilio me nā lawelawe mesh, a me ka hope.

Hoʻopaʻa pū ʻo NSM i ka palekana o ka noi ma nā wahi hilinaʻi ʻole ma o ka hoʻopili pono ʻana i ka hoʻopili ʻana a me ka hōʻoia ʻana i ka pahu pahu. Hāʻawi pū ia i ka ʻike a me ka nānā ʻana i ke kālepa, e kōkua iā ʻoe e hoʻomaka wikiwiki a pololei i nā deployments a hoʻoponopono i nā pilikia. Hāʻawi pū ia i ka mana kaʻahele granular, e ʻae ana i nā hui DevOps e kau a hoʻopaʻa i nā ʻāpana o nā noi ʻoiai e hiki ai i nā mea hoʻomohala ke kūkulu a hoʻopili maʻalahi i kā lākou mau noi i hāʻawi ʻia.

Pehea e hana ai ka NGINX Service Mesh?

Loaʻa i ka NSM kahi mokulele ʻikepili i hui pū ʻia no ka holo ākea (lawelawe-a-lawelawe) a me kahi NGINX Plus Ingress Controller i hoʻopili ʻia no ke kaʻa kū pololei, mālama ʻia e kahi mokulele hoʻokahi.

Hoʻonohonoho pono ʻia ka mokulele hoʻokele a hoʻopaʻa ʻia no ka mokulele data NGINX Plus a wehewehe i nā lula hoʻokele kaʻa i māhele ʻia ma nā kaʻa ʻaoʻao NGINX Plus.

Ma NSM, ua hoʻokomo ʻia nā proxies sidecars no kēlā me kēia lawelawe i ka mesh. Hoʻopili lākou me nā hāʻina open source penei:

  • ʻO Grafana, Prometheus parameter visualization, kūkulu ʻia ʻo NSM panel kōkua iā ʻoe i kāu hana;
  • Nā Kubernetes Ingress Controllers, no ka hoʻokele ʻana i nā kaʻa komo mai a puka i waho i ka mesh;
  • SPIRE, CA no ka mālama ʻana, ka hāʻawi ʻana a me ka hoʻomaikaʻi ʻana i nā palapala hōʻoia ma ka mesh;
  • NATS, he ʻōnaehana scalable no ka hoʻouna ʻana i nā memo, e like me nā mea hou ala, mai ka mokulele hoʻokele a i nā kaʻa ʻaoʻao;
  • Open Tracing, hoʻokaʻawale debugging (Zipkin a me Jaeger kākoʻo);
  • ʻO Prometheus, hōʻiliʻili a mālama i nā ʻano mai NGINX Plus sidecars, e like me ka helu o nā noi, nā pilina a me nā lima lima SSL.

Nā hana a me nā ʻāpana

ʻO NGINX Plus ma ke ʻano he mokulele ʻikepili e uhi ana i ka sidecar proxy (horizontal traffic) a me Ingress controller (vertical), intercepting a hoʻokele i ka pahu pahu ma waena o nā lawelawe.

Aia nā hiʻohiʻona:

  • ʻO ka hōʻoia ʻana o Mutual TLS (mTLS);
  • Kaulike haawe;
  • Hoʻomanawanui hewa;
  • palena wikiwiki;
  • Kaapuni kaapuni;
  • ʻO ka polū-'ōmaʻomaʻo a me ka hoʻolālā canary;
  • Ka mana komo.

Ke hoʻolaha nei i ka NGINX Service Mesh

No ka holo ʻana i ka NSM pono ʻoe:

  • komo i ka puni Kubernetes. Kākoʻo ʻia ʻo NGINX Service Mesh ma nā paepae Kubernetes he nui, me ka Amazon Elastic Container Service for Kubernetes (EKS), Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), VMware vSphere, a me nā pūʻulu Kubernetes maʻamau i kau ʻia ma nā kikowaena lako;
  • Nā mea hana kubectl, hoʻokomo ʻia ma ka mīkini kahi e hoʻokomo ʻia ai ʻo NSM;
  • Loaʻa i nā pūʻolo hoʻokuʻu ʻo NGINX Service Mesh. Loaʻa i ka pūʻolo nā kiʻi NSM pono no ka hoʻouka ʻana i kahi papa inoa pilikino no nā ipu i loaʻa i ka pūʻulu Kubernetes. Aia i loko o ka pūʻolo nginx-meshctl, pono e kau i ka NSM.

No ke kau ʻana iā NSM me nā hoʻonohonoho paʻamau, e holo i kēia kauoha. I ka wā o ka hoʻolālā ʻana, hōʻike ʻia nā memo e hōʻike ana i ka hoʻokomo pono ʻana o nā ʻāpana a, i ka hopena, he memo e hōʻike ana e holo ana ʻo NSM i kahi inoa inoa ʻokoʻa (pono ʻoe e hana mua. скачать a waiho i loko o ka papa inoa, kokoke. mea unuhi):

$ DOCKER_REGISTRY=your-Docker-registry ; MESH_VER=0.6.0 ; 
 ./nginx-meshctl deploy  
  --nginx-mesh-api-image "${DOCKER_REGISTRY}/nginx-mesh-api:${MESH_VER}" 
  --nginx-mesh-sidecar-image "${DOCKER_REGISTRY}/nginx-mesh-sidecar:${MESH_VER}" 
  --nginx-mesh-init-image "${DOCKER_REGISTRY}/nginx-mesh-init:${MESH_VER}" 
  --nginx-mesh-metrics-image "${DOCKER_REGISTRY}/nginx-mesh-metrics:${MESH_VER}"
Created namespace "nginx-mesh".
Created SpiffeID CRD.
Waiting for Spire pods to be running...done.
Deployed Spire.
Deployed NATS server.
Created traffic policy CRDs.
Deployed Mesh API.
Deployed Metrics API Server.
Deployed Prometheus Server nginx-mesh/prometheus-server.
Deployed Grafana nginx-mesh/grafana.
Deployed tracing server nginx-mesh/zipkin.
All resources created. Testing the connection to the Service Mesh API Server...

Connected to the NGINX Service Mesh API successfully.
NGINX Service Mesh is running.

No nā koho hou aku, me nā hoʻonohonoho holomua, e holo i kēia kauoha:

$ nginx-meshctl deploy –h

E hōʻoia i ka hana pono ʻana o ka mokulele hoʻomalu ma ka inoa inoa nginx-mesh, hiki iā ʻoe ke makemake i kēia:

$ kubectl get pods –n nginx-mesh
NAME                                 READY   STATUS    RESTARTS   AGE
grafana-6cc6958cd9-dccj6             1/1     Running   0          2d19h
mesh-api-6b95576c46-8npkb            1/1     Running   0          2d19h
nats-server-6d5c57f894-225qn         1/1     Running   0          2d19h
prometheus-server-65c95b788b-zkt95   1/1     Running   0          2d19h
smi-metrics-5986dfb8d5-q6gfj         1/1     Running   0          2d19h
spire-agent-5cf87                    1/1     Running   0          2d19h
spire-agent-rr2tt                    1/1     Running   0          2d19h
spire-agent-vwjbv                    1/1     Running   0          2d19h
spire-server-0                       2/2     Running   0          2d19h
zipkin-6f7cbf5467-ns6wc              1/1     Running   0          2d19h

Ma muli o nā hoʻonohonoho hoʻonohonoho e hoʻonohonoho i nā kulekele injection manual a i ʻole, e hoʻohui ʻia nā proxies sidecars NGINX i nā noi ma ka maʻamau. No ka ho'opau 'ana i ka ho'ohui 'akomi, heluhelu maanei

No ka laʻana, inā mākou e kau i ka noi hiamoe ma ka papa inoa ka paʻamau, a laila e nānā i ka Pod - e ʻike mākou i ʻelua pahu holo, ka noi hiamoe a me ke kaʻa ʻaoʻao pili:

$ kubectl apply –f sleep.yaml
$ kubectl get pods –n default
NAME                     READY   STATUS    RESTARTS   AGE
sleep-674f75ff4d-gxjf2   2/2     Running   0          5h23m

Hiki iā mākou ke nānā i ka noi hiamoe i ka papa NGINX Plus, e holo ana i kēia kauoha e komo i ka sidecar mai kāu mīkini kūloko:

$ kubectl port-forward sleep-674f75ff4d-gxjf2 8080:8886

A laila komo mākou i loko maanei i ka polokalamu kele pūnaewele. Hiki iā ʻoe ke hoʻopili iā Prometheus e nānā i ka noi hiamoe.

Hiki iā ʻoe ke hoʻohana i nā kumuwaiwai Kubernetes pākahi no ka hoʻonohonoho ʻana i nā kulekele kaʻahele, e like me ke kaohi ʻana, ka palena palena a me ka uhaki kaapuni, no kēia ʻike. palapala

hopena

Loaʻa ka NGINX Service Mesh no ka hoʻoiho manuahi ma puka puka F5. E ho'āʻo ma kāu dev a hoʻāʻo kaiapuni a e kākau iā mākou e pili ana i nā hopena.

E ho'āʻo iā NGINX Plus Ingress Controller, hoʻā manawa hoʻokolokolo kūʻokoʻa no 30 lā, a i ʻole Kāhea iā mā ˚ ou e kūkākūkā i kāu mau hihia hoʻohana.

Unuhi ʻia e Pavel Demkovich, ʻenekinia hui Kahikina. ʻO ka hoʻokele pūnaewele no RUB 15 i kēlā me kēia mahina. A ma keʻano he mahele kaʻawale - kahi kikowaena hoʻonaʻauao Slurm, hoʻomaʻamaʻa a ʻaʻohe mea akā hoʻomaʻamaʻa.

Source: www.habr.com

Pākuʻi i ka manaʻo hoʻopuka