NGINX Service Mesh ilipo

Ndife okondwa kupereka zowoneratu NGINX Service Mesh (NSM), mesh yopepuka yopepuka yomwe imagwiritsa ntchito ndege ya data ya NGINX Plus kuyang'anira kuchuluka kwa magalimoto m'malo a Kubernetes.

NSM ndi yaulere download pano. Tikukhulupirira kuti mudzayesa malo oyeserera ndi kuyesa - ndikuyembekezera mayankho anu pa GitHub.

Kukhazikitsidwa kwa njira ya microservices kumakhala ndi zovuta pamene kukula kwake kukukula, komanso zovuta zake. Kuyankhulana pakati pa mautumiki kumakhala kovuta kwambiri, zovuta zowonongeka zimakhala zovuta kwambiri, ndipo ntchito zowonjezereka zimafuna zowonjezera zowonjezera.

NSM imathetsa mavutowa pokupatsani:

• Chitetezo, yomwe tsopano ili yofunika kwambiri kuposa kale lonse. Kuphwanya deta kumatha kuwonongera kampani ndalama zokwana madola mamiliyoni ambiri pachaka chifukwa chotaya ndalama komanso mbiri yake. NSM imawonetsetsa kuti maulumikizidwe onse ali encrypted pogwiritsa ntchito mTLS, kotero palibe chidziwitso chachinsinsi chomwe chingabedwe ndi owononga pamaneti. Kuwongolera kolowera kumakupatsani mwayi wokhazikitsa malamulo amomwe masevisi amalankhulirana ndi mautumiki ena.
• Kuwongolera Magalimoto. Mukatumiza mtundu watsopano wa pulogalamu, mungafune kuyamba ndikuletsa kuchuluka kwa magalimoto omwe akubwera ngati pangakhale cholakwika. Ndi kasamalidwe ka ziwiya zanzeru za NSM, mutha kukhazikitsa malamulo oletsa magalimoto pazantchito zatsopano zomwe zingawonjezere kuchuluka kwa magalimoto pakapita nthawi. Zina, monga kuchepetsa liwiro ndi zowononga madera, zimakupatsirani mphamvu zonse pamayendedwe anu onse.
• Kuwonetseratu. Kuwongolera mautumiki masauzande ambiri kumatha kukhala vuto losokoneza komanso lowoneka bwino. NSM imathandiza kuthana ndi vutoli ndi dashboard ya Grafana yomangidwa yomwe imawonetsa zonse zomwe zilipo mu NGINX Plus. Komanso Open Tracing yomwe yakhazikitsidwa imakupatsani mwayi wowunika zomwe zikuchitika mwatsatanetsatane.
• Zopereka zosakanizidwa, ngati kampani yanu, monga ena ambiri, sagwiritsa ntchito zomangamanga zomwe zikuyenda pa Kubernetes. NSM imawonetsetsa kuti zolembera za cholowa sizisiyidwa mwachisawawa. Mothandizidwa ndi NGINX Kubernetes Ingress Controller yomwe yakhazikitsidwa, mautumiki a cholowa adzatha kuyankhulana ndi mauna, ndi mosemphanitsa.

NSM imatsimikiziranso chitetezo cha ntchito m'malo odalira zero pogwiritsa ntchito kubisa komanso kutsimikizika pamagalimoto ambiri. Imaperekanso mawonekedwe ndi kusanthula kwazomwe zikuchitika, kukuthandizani kuti muyambitse mwachangu komanso molondola kuyika ndikuthetsa mavuto. Imaperekanso kuyang'anira kuchuluka kwa magalimoto, kulola magulu a DevOps kuti agwiritse ntchito ndikuwongolera magawo a mapulogalamu pomwe amathandizira opanga kupanga ndikulumikiza mosavuta mapulogalamu awo omwe agawidwa.

Kodi NGINX Service Mesh imagwira ntchito bwanji?

NSM ili ndi ndege ya data yogwirizana yopita kumtunda (utumiki-ku-utumiki) ndi ophatikizidwa NGINX Plus Ingress Controller kwa magalimoto okwera, omwe amayendetsedwa ndi ndege imodzi yokha.

Ndege yoyendetsa ndegeyo imapangidwa makamaka ndikukonzedwanso kwa ndege ya data ya NGINX Plus ndipo imatanthauzira malamulo oyendetsera magalimoto omwe amagawidwa pamagalimoto amtundu wa NGINX Plus.

Mu NSM, ma proxies am'mbali amayikidwa pa ntchito iliyonse mu mauna. Amalumikizana ndi mayankho otseguka awa:

• Grafana, mawonekedwe a parameter a Prometheus, gulu la NSM lomangidwa limakuthandizani ndi ntchito yanu;
• Kubernetes Ingress Controllers, poyang'anira magalimoto omwe akubwera ndi otuluka mu mesh;
• SPIRE, CA kuyang'anira, kugawa ndi kukonzanso ziphaso mu mauna;
• NATS, dongosolo scalable potumiza mauthenga, monga zosintha njira, kuchokera ndege olamulira kuti sidecars;
• Tsegulani Kutsata, kugawidwa kogawa (Zipkin ndi Jaeger amathandizidwa);
• Prometheus, amasonkhanitsa ndi kusunga makhalidwe kuchokera ku NGINX Plus sidecars, monga chiwerengero cha zopempha, kugwirizana ndi SSL kugwirana chanza.

Ntchito ndi zigawo

NGINX Plus ngati ndege ya data imakwirira proxy ya sidecar (traffic yopingasa) ndi Ingress controller (yoyima), kutsekereza ndikuwongolera kuchuluka kwa magalimoto pakati pa mautumiki.

Zina mwazo ndi:

• Mutual TLS (mTLS) kutsimikizika;
• Katundu kusanja;
• Kulekerera kwa zolakwika;
• Liwiro la liwiro;
• Kuwonongeka kwa chizungulire;
• Blue-green ndi canary deployments;
• Kuwongolera kolowera.

Kukhazikitsa NGINX Service Mesh

Kuti mugwiritse ntchito NSM muyenera:

• mwayi wopita ku Kubernetes chilengedwe. NGINX Service Mesh imathandizidwa pamapulatifomu ambiri a Kubernetes, kuphatikiza Amazon Elastic Container Service for Kubernetes (EKS), Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), VMware vSphere, ndi magulu okhazikika a Kubernetes omwe amagwiritsidwa ntchito pa maseva a hardware;
• Chida kubectl, yoikidwa pamakina omwe NSM idzayikidwe;
• Kufikira kwa NGINX Service Mesh kutulutsa phukusi. Phukusili lili ndi zithunzi za NSM zomwe zimafunikira kuti zitsitsidwe ku registry yachinsinsi pazotengera zomwe zikupezeka mgulu la Kubernetes. Phukusili lilinso nginx-meshctl, yofunikira kutumiza NSM.

Kuti mutumize NSM ndi zosintha zosasintha, yesani lamulo ili. Pakutumiza, mauthenga amawonetsedwa akuwonetsa kuyika bwino kwa zigawo, ndipo, pomaliza, uthenga wosonyeza kuti NSM ikugwira ntchito m'malo osiyana (muyenera kuyamba скачать ndikuyiyika mu registry, pafupifupi. womasulira):

$ DOCKER_REGISTRY=your-Docker-registry ; MESH_VER=0.6.0 ; 
 ./nginx-meshctl deploy  
  --nginx-mesh-api-image "${DOCKER_REGISTRY}/nginx-mesh-api:${MESH_VER}" 
  --nginx-mesh-sidecar-image "${DOCKER_REGISTRY}/nginx-mesh-sidecar:${MESH_VER}" 
  --nginx-mesh-init-image "${DOCKER_REGISTRY}/nginx-mesh-init:${MESH_VER}" 
  --nginx-mesh-metrics-image "${DOCKER_REGISTRY}/nginx-mesh-metrics:${MESH_VER}"
Created namespace "nginx-mesh".
Created SpiffeID CRD.
Waiting for Spire pods to be running...done.
Deployed Spire.
Deployed NATS server.
Created traffic policy CRDs.
Deployed Mesh API.
Deployed Metrics API Server.
Deployed Prometheus Server nginx-mesh/prometheus-server.
Deployed Grafana nginx-mesh/grafana.
Deployed tracing server nginx-mesh/zipkin.
All resources created. Testing the connection to the Service Mesh API Server...

Connected to the NGINX Service Mesh API successfully.
NGINX Service Mesh is running.

Kuti mudziwe zambiri, kuphatikizapo zoikamo zapamwamba, yesani lamulo ili:

$ nginx-meshctl deploy –h

Onetsetsani kuti ndege yoyang'anira ikugwira ntchito bwino m'malo a mayina nginx-mesh, mukhoza kuchita izi:

$ kubectl get pods –n nginx-mesh
NAME                                 READY   STATUS    RESTARTS   AGE
grafana-6cc6958cd9-dccj6             1/1     Running   0          2d19h
mesh-api-6b95576c46-8npkb            1/1     Running   0          2d19h
nats-server-6d5c57f894-225qn         1/1     Running   0          2d19h
prometheus-server-65c95b788b-zkt95   1/1     Running   0          2d19h
smi-metrics-5986dfb8d5-q6gfj         1/1     Running   0          2d19h
spire-agent-5cf87                    1/1     Running   0          2d19h
spire-agent-rr2tt                    1/1     Running   0          2d19h
spire-agent-vwjbv                    1/1     Running   0          2d19h
spire-server-0                       2/2     Running   0          2d19h
zipkin-6f7cbf5467-ns6wc              1/1     Running   0          2d19h

Kutengera makonda otumizira omwe amakhazikitsa mfundo zamanja kapena zojambulira zokha, ma proxies a sidecars a NGINX adzawonjezedwa ku mapulogalamu mwachisawawa. Kuti mulepheretse kuwonjezera zokha, werengani apa

Mwachitsanzo, ngati titumiza pulogalamuyi tulo mu namespace chosasintha, ndiyeno onani Pod - tiwona zotengera ziwiri zomwe zikuyenda, kugwiritsa ntchito tulo ndi mbali yogwirizana:

$ kubectl apply –f sleep.yaml
$ kubectl get pods –n default
NAME                     READY   STATUS    RESTARTS   AGE
sleep-674f75ff4d-gxjf2   2/2     Running   0          5h23m

Tikhozanso kuyang'anira ntchito tulo mu gulu la NGINX Plus, mukuyendetsa lamulo ili kuti mupeze sidecar kuchokera pamakina akomweko:

$ kubectl port-forward sleep-674f75ff4d-gxjf2 8080:8886

Ndiye timangolowa apa mu msakatuli. Mutha kulumikizananso ndi Prometheus kuti muwunikire pulogalamuyi tulo.

Mutha kugwiritsa ntchito zida za Kubernetes kuti mukhazikitse ndondomeko zamagalimoto, monga kuwongolera mwayi wofikira, kuchepetsa milingo ndi kuswa dera, chifukwa cha izi. zolemba

Pomaliza

NGINX Service Mesh ikupezeka kuti itsitsidwe kwaulere pa chithunzi F5. Yesani mu dev yanu ndi malo oyesera ndi tilembereni za zotsatira zake.

Kuti muyese NGINX Plus Ingress Controller, yambitsani nthawi yoyeserera yaulere kwa masiku 30, kapena Lumikizanani nafe kukambirana nkhani zanu zogwiritsa ntchito.

Kumasulira kwa Pavel Demkovich, injiniya wa kampani Southbridge. Kuwongolera kwadongosolo kwa RUB 15 pamwezi. Ndipo monga magawano osiyana - malo ophunzitsira Slurm, kuchita ndipo palibe koma kuchita.

Source: www.habr.com