ProHoster > Π‘Π»ΠΎΠ³ > Kev tswj hwm > NGINX Service Mesh muaj

NGINX Service Mesh muaj

NGINX Service Mesh muaj

Peb txaus siab los nthuav tawm ib qho kev saib ua ntej version NGINX Service Mesh (NSM), ib qho kev pabcuam hnyav mesh uas siv NGINX Plus-raws li cov ntaub ntawv dav hlau los tswj cov thawv tsheb hauv Kubernetes ib puag ncig.

NSM yog dawb download ntawm no. Peb cia siab tias koj yuav sim nws rau dev thiab sim ib puag ncig - thiab tos ntsoov rau koj cov lus tawm tswv yim ntawm GitHub.

Kev siv cov txheej txheem microservices yog fraught nrog cov teeb meem raws li qhov loj ntawm kev xa tuaj, nrog rau nws qhov nyuaj. Kev sib txuas lus ntawm cov kev pab cuam yuav nyuaj, debugging teeb meem yuav nyuaj dua, thiab ntau thiab ntau cov kev pab yuav tsum tau kev pab ntau dua los tswj.

NSM daws cov teeb meem no los ntawm kev muab koj nrog:

  • Kev ruaj ntseg, uas tam sim no tseem ceeb dua puas tau. Kev ua txhaum cov ntaub ntawv tuaj yeem ua rau lub tuam txhab ntau lab daus las txhua xyoo hauv kev poob nyiaj thiab lub koob npe nrov. NSM xyuas kom meej tias tag nrho cov kev sib txuas tau encrypted siv mTLS, yog li tsis muaj cov ntaub ntawv rhiab heev uas tuaj yeem nyiag los ntawm cov neeg nyiag khoom hauv lub network. Kev tswj kev nkag mus tso cai rau koj los teeb tsa txoj cai rau kev sib txuas lus nrog lwm cov kev pabcuam.
  • tswj kev khiav tsheb. Thaum xa ib daim ntawv thov tshiab, tej zaum koj yuav xav pib los ntawm kev txwv tsis pub nkag mus rau nws thaum muaj qhov yuam kev. Nrog NSM txoj kev tswj xyuas lub thawv ntim tsheb ntse, koj tuaj yeem teeb tsa txoj cai txwv kev tsheb thauj mus los rau cov kev pabcuam tshiab uas yuav ua rau muaj tsheb thauj mus los ntau dhau sijhawm. Lwm cov yam ntxwv, xws li kev txwv ceev thiab cov hluav taws xob hluav taws xob, muab kev tswj xyuas tag nrho ntawm kev khiav ntawm tag nrho koj cov kev pabcuam.
  • Kev Pom Kev. Kev tswj ntau txhiab qhov kev pabcuam tuaj yeem yog qhov kev debugging thiab pom kev npau suav phem. NSM pab daws qhov teeb meem no nrog lub built-in Grafana dashboard uas qhia tag nrho cov yam ntxwv muaj nyob rau hauv NGINX Plus. Thiab tseem siv Open Tracing tso cai rau koj los saib xyuas kev lag luam kom meej.
  • Hybrid khoom xa tuaj, yog tias koj lub tuam txhab, zoo li feem ntau lwm tus, tsis siv cov txheej txheem khiav ntawm Kubernetes nkaus. NSM xyuas kom meej tias cov ntawv thov qub txeeg qub teg tsis raug tso tseg. Nrog kev pab los ntawm kev siv NGINX Kubernetes Ingress Controller, cov kev pabcuam qub txeeg qub teg yuav tuaj yeem sib txuas lus nrog cov kev pabcuam mesh, thiab rov ua dua.

NSM tseem ua kom daim ntawv thov kev ruaj ntseg nyob rau hauv xoom ntseeg ib puag ncig los ntawm pob tshab siv encryption thiab authentication rau thawv tsheb. Nws tseem muab kev pom kev lag luam thiab kev tshuaj xyuas, pab koj sai thiab raug tso tawm kev xa tawm thiab daws teeb meem. Nws kuj tseem muab kev tswj hwm kev tsheb khiav ceev, tso cai rau DevOps pab pawg siv thiab txhim kho qhov zoo ntawm cov ntawv thov thaum ua kom cov neeg tsim khoom tsim thiab txuas tau yooj yim txuas lawv daim ntawv thov.

NGINX Service Mesh ua haujlwm li cas?

NSM muaj cov ntaub ntawv sib koom ua ke dav hlau rau kab rov tav (kev pabcuam-rau-kev pabcuam) kev khiav tsheb thiab ib qho NGINX Plus Ingress Controller rau kev tsav tsheb ntsug, tswj los ntawm ib lub dav hlau tswj.

Lub dav hlau tswj tau tshwj xeeb tsim thiab ua kom zoo rau NGINX Plus cov ntaub ntawv dav hlau thiab txhais cov cai tswj kev tsheb khiav tawm thoob plaws NGINX Plus sidecars.

Hauv NSM, sidecars proxies raug teeb tsa rau txhua qhov kev pabcuam hauv lub mesh. Lawv cuam tshuam nrog cov kev daws teeb meem qhib hauv qab no:

  • Grafana, Prometheus parameter visualization, built-in NSM vaj huam sib luag pab koj ua haujlwm;
  • Kubernetes Ingress Controllers, rau kev tswj cov khoom nkag thiab tawm hauv lub mesh;
  • SPIRE, CA rau kev tswj hwm, faib thiab hloov kho cov ntawv pov thawj hauv cov mesh;
  • NATS, lub kaw lus tuaj yeem xa cov lus, xws li kev hloov kho tshiab, los ntawm kev tswj lub dav hlau mus rau cov tsheb tavxij;
  • Qhib Tracing, faib debugging (Zipkin thiab Jaeger txaus siab);
  • Prometheus, sau thiab khaws cov yam ntxwv ntawm NGINX Plus sidecars, xws li tus naj npawb ntawm kev thov, kev sib txuas thiab SSL tuav tes.

Functions thiab Cheebtsam

NGINX Plus raws li lub dav hlau cov ntaub ntawv npog cov neeg tsav tsheb sab nrauv (kab rov tav tsheb) thiab Ingress controller ( ntsug), cuam tshuam thiab tswj cov tsheb thauj mus los ntawm cov kev pabcuam.

Nta muaj xws li:

  • Mutual TLS (mTLS) authentication;
  • Load ntsuas;
  • Ua txhaum cai;
  • Ceev txwv;
  • Circuit Court tawg;
  • Blue-ntsuab thiab canary xa mus;
  • Kev tswj kev nkag.

Launching NGINX Service Mesh

Txhawm rau khiav NSM koj xav tau:

  • nkag mus rau Kubernetes ib puag ncig. NGINX Service Mesh tau txais kev txhawb nqa ntawm ntau lub Kubernetes platforms, suav nrog Amazon Elastic Thawv Kev Pabcuam rau Kubernetes (EKS), Azure Kubernetes Service (AKS), Google Kubernetes Cav (GKE), VMware vSphere, thiab Kubernetes cov pab pawg niaj hnub siv rau ntawm hardware servers;
  • Tool kubectl, ntsia ntawm lub tshuab uas NSM yuav raug ntsia;
  • Nkag mus rau NGINX Service Mesh tso pob khoom. Cov pob muaj NSM cov duab uas xav tau rau kev xa mus rau qhov chaw sau npe ntiag tug rau cov thawv muaj nyob hauv Kubernetes pawg. Lub pob kuj muaj nginx-meshctl, xav tau los xa NSM.

Txhawm rau xa NSM nrog kev teeb tsa ua ntej, khiav cov lus txib hauv qab no. Thaum lub sij hawm xa mus, cov lus tau tshwm sim qhia txog kev txhim kho kev ua tiav ntawm cov khoom thiab, thaum kawg, cov lus qhia tias NSM tab tom khiav hauv ib lub npe cais (koj yuav tsum xub ua ntej. download thiab muab tso rau hauv daim ntawv teev npe, kwv yees. tus txhais lus):

$ DOCKER_REGISTRY=your-Docker-registry ; MESH_VER=0.6.0 ; 
 ./nginx-meshctl deploy  
  --nginx-mesh-api-image "${DOCKER_REGISTRY}/nginx-mesh-api:${MESH_VER}" 
  --nginx-mesh-sidecar-image "${DOCKER_REGISTRY}/nginx-mesh-sidecar:${MESH_VER}" 
  --nginx-mesh-init-image "${DOCKER_REGISTRY}/nginx-mesh-init:${MESH_VER}" 
  --nginx-mesh-metrics-image "${DOCKER_REGISTRY}/nginx-mesh-metrics:${MESH_VER}"
Created namespace "nginx-mesh".
Created SpiffeID CRD.
Waiting for Spire pods to be running...done.
Deployed Spire.
Deployed NATS server.
Created traffic policy CRDs.
Deployed Mesh API.
Deployed Metrics API Server.
Deployed Prometheus Server nginx-mesh/prometheus-server.
Deployed Grafana nginx-mesh/grafana.
Deployed tracing server nginx-mesh/zipkin.
All resources created. Testing the connection to the Service Mesh API Server...

Connected to the NGINX Service Mesh API successfully.
NGINX Service Mesh is running.

Rau ntau txoj kev xaiv, suav nrog kev teeb tsa siab, khiav cov lus txib no:

$ nginx-meshctl deploy –h

Txheeb xyuas tias lub dav hlau tswj ua haujlwm raug hauv lub npe nginx-mesh, koj tuaj yeem ua qhov no:

$ kubectl get pods –n nginx-mesh
NAME                                 READY   STATUS    RESTARTS   AGE
grafana-6cc6958cd9-dccj6             1/1     Running   0          2d19h
mesh-api-6b95576c46-8npkb            1/1     Running   0          2d19h
nats-server-6d5c57f894-225qn         1/1     Running   0          2d19h
prometheus-server-65c95b788b-zkt95   1/1     Running   0          2d19h
smi-metrics-5986dfb8d5-q6gfj         1/1     Running   0          2d19h
spire-agent-5cf87                    1/1     Running   0          2d19h
spire-agent-rr2tt                    1/1     Running   0          2d19h
spire-agent-vwjbv                    1/1     Running   0          2d19h
spire-server-0                       2/2     Running   0          2d19h
zipkin-6f7cbf5467-ns6wc              1/1     Running   0          2d19h

Nyob ntawm qhov chaw xa tawm uas tau teeb tsa phau ntawv lossis tsis siv neeg txhaj tshuaj, NGINX cov neeg sab nrauv yuav raug ntxiv rau cov ntawv thov los ntawm lub neej ntawd. Txhawm rau lov tes taw tsis siv neeg ntxiv, nyeem no

Piv txwv li, yog tias peb xa daim ntawv thov pw tsaug zog hauv lub npe ua ntej, thiab tom qab ntawd kos lub Pod - peb yuav pom ob lub thawv khiav, daim ntawv thov pw tsaug zog thiab lub tsheb sib txuas:

$ kubectl apply –f sleep.yaml
$ kubectl get pods –n default
NAME                     READY   STATUS    RESTARTS   AGE
sleep-674f75ff4d-gxjf2   2/2     Running   0          5h23m

Peb kuj tuaj yeem saib xyuas daim ntawv thov pw tsaug zog nyob rau hauv lub vaj huam sib luag NGINX Plus, khiav cov lus txib no kom nkag mus rau lub tsheb los ntawm koj lub tshuab hauv zos:

$ kubectl port-forward sleep-674f75ff4d-gxjf2 8080:8886

Ces peb cia li mus rau hauv no hauv qhov browser. Koj tuaj yeem txuas rau Prometheus los saib xyuas daim ntawv thov pw tsaug zog.

Koj tuaj yeem siv cov peev txheej Kubernetes tus kheej los teeb tsa txoj cai tsheb, xws li kev tswj xyuas kev nkag, txwv tus nqi thiab kev sib tsoo, rau qhov no saib cov ntaub ntawv

xaus

NGINX Service Mesh muaj pub dawb rub tawm ntawm Portal F5. Sim nws hauv koj cov dev thiab sim ib puag ncig thiab sau ntawv rau peb txog cov txiaj ntsig.

Txhawm rau sim NGINX Plus Ingress Controller, qhib lub sijhawm sim dawb rau 30 hnub, los yog Tiv tauj peb los tham txog koj cov ntaub ntawv siv.

Txhais los ntawm Pavel Demkovich, tuam txhab engineer sab qab teb choj. Kev tswj hwm kev tswj hwm rau RUB 15 ib hlis. Thiab raws li ib qho kev faib cais - ib lub chaw cob qhia Slum, xyaum thiab tsis muaj dab tsi tab sis xyaum.

Tau qhov twg los: www.hab.com

Ntxiv ib saib