ProHoster > Блог > Nchịkwa > Mesh ọrụ NGINX dị

Mesh ọrụ NGINX dị

Mesh ọrụ NGINX dị

Obi dị anyị ụtọ iweta ụdị nlele mbụ Mesh ọrụ NGINX (NSM), ngwungwu ọrụ dị fechaa nke na-eji ụgbọ elu data dabere na NGINX iji jikwaa okporo ụzọ akpa na gburugburu Kubernetes.

NSM bụ n'efu budata ebe a. Anyị na-atụ anya na ị ga-anwale ya maka dev ma nwalee gburugburu - wee na-atụ anya nzaghachi gị na GitHub.

Mmejuputa usoro microservices nwere ihe isi ike ka ọnụ ọgụgụ nke nnyefe na-eto, yana mgbagwoju anya ya. Nkwurịta okwu n'etiti ọrụ na-aghọwanye mgbagwoju anya, nsogbu nkwụsị na-esiwanye ike, yana ọtụtụ ọrụ na-achọkwu ihe onwunwe iji jikwaa.

NSM na-edozi nsogbu ndị a site n'inye gị:

  • Nche, nke dị mkpa ugbu a karịa mgbe ọ bụla. Mmebi data nwere ike na-efu otu ụlọ ọrụ nde dollar kwa afọ na ego ha nwetara na aha furu efu. NSM na-agba mbọ na ezoro ezo njikọ niile site na iji mTLS, yabụ enweghị data nwere mmetụta nke ndị na-agba ọsọ nwere ike izu na netwọkụ. Njikwa nnweta na-enye gị ohere ịtọ atumatu maka otu ọrụ na ndị ọrụ ndị ọzọ si akpakọrịta.
  • njikwa okporo ụzọ. Mgbe ị na-ebupu ụdị ngwa ọhụrụ, ị nwere ike ịmalite site na igbochi okporo ụzọ na-abata na ya ma ọ bụrụ na enwere njehie. Site na njikwa okporo ụzọ nwere ọgụgụ isi nke NSM, ị nwere ike ịtọ amụma mmachi okporo ụzọ maka ọrụ ọhụrụ nke ga-abawanye okporo ụzọ ka oge na-aga. Atụmatụ ndị ọzọ, dị ka ịmachi ọsọ na ihe mgbaji sekit, na-enye gị njikwa zuru oke na usoro ọrụ gị niile.
  • Anya. Ijikwa ọtụtụ puku ọrụ nwere ike ịbụ ihe nbibi na ịhụ anya. NSM na-enyere aka ịnagide ọnọdụ a site na iji dashboard Grafana arụnyere arụnyere na-egosiputa atụmatụ niile dị na NGINX Plus. Na Open Tracing emejuputa atumatu na-enye gị ohere inyocha azụmahịa n'ụzọ zuru ezu.
  • Mbufe ngwakọ, ma ọ bụrụ na ụlọ ọrụ gị, dị ka ọtụtụ ndị ọzọ, anaghị eji akụrụngwa na-agba ọsọ kpamkpam na Kubernetes. NSM na-agba mbọ hụ na ahapụghị ngwa ihe nketa na-elekọtaghị ya. Site n'enyemaka nke NGINX Kubernetes Ingress Controller emejuputa atumatu, ọrụ nketa ga-enwe ike ikwurịta okwu na ọrụ ntupu, yana ọzọ.

NSM na-echekwa nchekwa ngwa na gburugburu ntụkwasị obi efu site na itinye n'ụzọ doro anya itinye nzuzo na nyocha na okporo ụzọ akpa. Ọ na-enyekwa visibiliti azụmahịa na nyocha, na-enyere gị aka ngwa ngwa na n'ụzọ ziri ezi malite deployments na nsogbu nsogbu. Ọ na-enyekwa njikwa okporo ụzọ granular, na-enye ndị otu DevOps ohere ibuga na bulite akụkụ nke ngwa ebe ndị mmepe na-enyere aka iwulite na jikọọ ngwa ha ekesara ngwa ngwa.

Kedu ka NGINX Service Mesh si arụ ọrụ?

NSM nwere ụgbọ elu data ejikọtara ọnụ maka okporo ụzọ kwụ ọtọ (ọrụ na-arụ ọrụ) yana njikwa NGINX Plus agbakwunyere maka okporo ụzọ kwụ ọtọ, nke otu ụgbọ elu njikwa na-ejikwa.

Emebere ụgbọ elu njikwa ahụ kpọmkwem ma kwalite ya maka ụgbọ elu data NGINX Plus ma kọwaa iwu njikwa okporo ụzọ na-ekesa n'ofe akụkụ NGINX Plus.

Na NSM, a na-etinye proxies sidecars maka ọrụ ọ bụla na ntupu. Ha na-eji ngwọta isi mmalite ndị a na-emepe emepe:

  • Grafana, Prometheus parameter visualization, arụnyere NSM panel na-enyere gị aka n'ọrụ gị;
  • Kubernetes Ingress Controllers, maka ijikwa okporo ụzọ na-abata na nke na-apụ apụ na ntupu;
  • SPIRE, CA maka ijikwa, nkesa na imelite asambodo na ntupu;
  • NATS, sistemụ nwere ike izipu ozi, dị ka mmelite ụzọ, site na ụgbọ elu njikwa gaa n'akụkụ akụkụ;
  • Mepee nchọgharị, nbipu kesara (Zipkin na Jaeger kwadoro);
  • Prometheus, na-anakọta ma chekwaa njirimara sitere na NGINX Plus sidecars, dị ka ọnụọgụ arịrịọ, njikọ na aka aka SSL.

Ọrụ na components

NGINX Plus dị ka ụgbọ elu data na-ekpuchi proxy sidecar (oghere okporo ụzọ) yana onye njikwa Ingress (nke kwụ ọtọ), na-egbochi na ijikwa okporo ụzọ akpa n'etiti ọrụ.

Atụmatụ gụnyere:

  • Nyocha TLS (mTLS);
  • Ndozi ibu;
  • Nkwenye mmejọ;
  • Oke ọsọ;
  • Mgbaji sekit;
  • Blue-acha akwụkwọ ndụ akwụkwọ ndụ na nke canary;
  • Njikwa nnweta.

Na-amalite Mesh Ọrụ NGINX

Iji mee NSM ị chọrọ:

  • ịnweta gburugburu Kubernetes. A na-akwado Mesh Service Mesh na ọtụtụ nyiwe Kubernetes, gụnyere Amazon Elastic Container Service maka Kubernetes (EKS), Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), VMware vSphere, na ụyọkọ Kubernetes mgbe niile na-ebuga na sava ngwaike;
  • Ngwá ọrụ kubectl, arụnyere na igwe nke a ga-etinye NSM;
  • Ịnweta ngwugwu ntọhapụ ọrụ NGINX. Ngwungwu ahụ nwere onyonyo NSM achọrọ maka ibugo na ndekọ nkeonwe maka arịa dị na ụyọkọ Kubernetes. Ngwungwu nwekwara nginx-meshctl, achọrọ ibuga NSM.

Iji bukwaa NSM na ntọala ndabara, mee iwu a. N'oge mbugharị, a na-egosipụta ozi na-egosi nrụnye akụrụngwa na-aga nke ọma yana, n'ikpeazụ, ozi na-egosi na NSM na-agba ọsọ na aha aha dị iche (ịkwesịrị ibu ụzọ скачать ma tinye ya na ndekọ, ihe ruru. onye ntụgharị okwu):

$ DOCKER_REGISTRY=your-Docker-registry ; MESH_VER=0.6.0 ; 
 ./nginx-meshctl deploy  
  --nginx-mesh-api-image "${DOCKER_REGISTRY}/nginx-mesh-api:${MESH_VER}" 
  --nginx-mesh-sidecar-image "${DOCKER_REGISTRY}/nginx-mesh-sidecar:${MESH_VER}" 
  --nginx-mesh-init-image "${DOCKER_REGISTRY}/nginx-mesh-init:${MESH_VER}" 
  --nginx-mesh-metrics-image "${DOCKER_REGISTRY}/nginx-mesh-metrics:${MESH_VER}"
Created namespace "nginx-mesh".
Created SpiffeID CRD.
Waiting for Spire pods to be running...done.
Deployed Spire.
Deployed NATS server.
Created traffic policy CRDs.
Deployed Mesh API.
Deployed Metrics API Server.
Deployed Prometheus Server nginx-mesh/prometheus-server.
Deployed Grafana nginx-mesh/grafana.
Deployed tracing server nginx-mesh/zipkin.
All resources created. Testing the connection to the Service Mesh API Server...

Connected to the NGINX Service Mesh API successfully.
NGINX Service Mesh is running.

Maka nhọrọ ndị ọzọ, gụnyere ntọala dị elu, mee iwu a:

$ nginx-meshctl deploy –h

Lelee na ụgbọ elu njikwa na-arụ ọrụ nke ọma na oghere aha nginx-mesh, ị nwere ike ime nke a:

$ kubectl get pods –n nginx-mesh
NAME                                 READY   STATUS    RESTARTS   AGE
grafana-6cc6958cd9-dccj6             1/1     Running   0          2d19h
mesh-api-6b95576c46-8npkb            1/1     Running   0          2d19h
nats-server-6d5c57f894-225qn         1/1     Running   0          2d19h
prometheus-server-65c95b788b-zkt95   1/1     Running   0          2d19h
smi-metrics-5986dfb8d5-q6gfj         1/1     Running   0          2d19h
spire-agent-5cf87                    1/1     Running   0          2d19h
spire-agent-rr2tt                    1/1     Running   0          2d19h
spire-agent-vwjbv                    1/1     Running   0          2d19h
spire-server-0                       2/2     Running   0          2d19h
zipkin-6f7cbf5467-ns6wc              1/1     Running   0          2d19h

Dabere na ntọala mbugharị nke na-esetịpụ ụkpụrụ ntuziaka ma ọ bụ nke akpaaka, a ga-agbakwunye proxies sidecars NGINX na ngwa na ndabara. Iji gbanyụọ mgbakwunye akpaka, gụọ ebe a

Dịka ọmụmaatụ, ọ bụrụ na anyị etinye ngwa ahụ ụra na oghere aha ndabara, wee lelee Pod - anyị ga-ahụ akpa abụọ na-agba ọsọ, ngwa ahụ ụra na sidecar nke jikọtara ya:

$ kubectl apply –f sleep.yaml
$ kubectl get pods –n default
NAME                     READY   STATUS    RESTARTS   AGE
sleep-674f75ff4d-gxjf2   2/2     Running   0          5h23m

Anyị nwekwara ike nyochaa ngwa ụra na NGINX Plus panel, na-agba iwu a iji nweta sidecar site na igwe mpaghara gị:

$ kubectl port-forward sleep-674f75ff4d-gxjf2 8080:8886

Mgbe ahụ, anyị na-abanye nnọọ ebe a na ihe nchọgharị. Ị nwekwara ike jikọọ na Prometheus iji nyochaa ngwa ahụ ụra.

Ị nwere ike iji akụrụngwa Kubernetes n'otu n'otu hazie amụma okporo ụzọ, dị ka njikwa ohere, mmachi ọnụego na imebi sekit, maka nke a. akwụkwọ

nkwubi

Mesh ọrụ NGINX dị maka nbudata efu na Portal F5. Nwalee ya na dev gị wee nwalee gburugburu yana degara anyị akwụkwọ maka nsonaazụ ya.

Iji nwaa NGINX Plus Ingress Controller, rụọ ọrụ oge ikpe efu maka ụbọchị 30, ma ọ bụ Kpọtụrụ anyị iji kparịta okwu ikpe gị.

Ntụgharị Pavel Demkovich, injinia ụlọ ọrụ Southbridge. Nlekọta sistemụ maka RUB 15 kwa ọnwa. Na dị ka nkewa dị iche iche - ebe ọzụzụ Ụjọ, omume na ihe ọ bụla ma omume.

isi: www.habr.com

Tinye a comment