NGINX Service Mesh avanoa

Matou te fiafia e tu'uina atu se fa'aaliga muamua NGINX Service Mesh (NSM), o se fa'apipi'i mama 'au'aunaga mesh e fa'aogaina se va'alele fa'amaumauga NGINX Plus e fa'atautaia ai felauaiga o pusa i totonu o si'osi'omaga Kubernetes.

NSM e leai se totogi download iinei. Matou te faʻamoemoe o le a e faʻataʻitaʻia mo dev ma suʻega siosiomaga - ma tulimatai atu i lau faʻamatalaga i luga ole GitHub.

O le faʻatinoina o metotia microservices e tumu i faʻafitauli aʻo faʻatupulaia le fua o le tuʻuina atu, faʻapea foʻi ma lona lavelave. Feso'ota'iga i le va o 'au'aunaga ua atili lavelave, fa'aletonu fa'afitauli ua atili faigata, ma fa'ateleina auaunaga e mana'omia ai le tele o punaoa e pulea.

E foia e le NSM ia faafitauli e ala i le tuuina atu ia te oe:

• Puipuiga, lea ua sili atu nei ona taua nai lo se isi lava taimi. O le soliga o fa'amaumauga e mafai ona fa'aalu ai se kamupani miliona miliona tala i tausaga ta'itasi i tupe maua ma le ta'uleleia. E faʻamautinoa e le NSM o fesoʻotaʻiga uma o loʻo faʻailogaina e faʻaaoga ai le mTLS, o lea e leai se faʻamatalaga maaleale e mafai ona gaoia e tagata taʻavale i luga o le upega tafailagi. Pulea avanoa e mafai ai ona e setiina faiga faavae mo le auala e fesootai ai au'aunaga ma isi au'aunaga.
• Pulega o Ta'avale. A lafo se fa'afouga fou o se talosaga, atonu e te mana'o e amata i le fa'atapula'aina o felauaiga o lo'o o'o mai i ai pe a tupu se mea sese. Fa'atasi ai ma le fa'atonutonuina o fefa'ataua'iga a le NSM, e mafai ona e setiina se faiga fa'atapula'a o ta'avale mo au'aunaga fou o le a fa'ateleina feoaiga i le aluga o taimi. O isi vaega, e pei o le fa'atapula'aina o le saoasaoa ma le va'ava'a, e tu'uina atu ia te oe le fa'atonuga atoatoa i luga o le felauaiga o au 'au'aunaga uma.
• Faʻaaliga vaaia. O le puleaina o le afe ma afe o au'aunaga e mafai ona avea ma se fa'ata'otoga ma fa'ata'ita'iga. E fesoasoani le NSM e fa'afetauia lea tulaga ma se laupapa fa'apipi'i Grafana e fa'aalia uma vaega o lo'o maua ile NGINX Plus. Ma fa'apea fo'i le fa'atinoina o le Open Tracing e fa'atagaina ai oe e mata'ituina fa'amatalaga fa'amatalaga.
• Tiliva fa'atosina, pe afai o lau kamupani, pei o le tele o isi, e le fa'aogaina mea tetele o lo'o fa'aogaina atoa i Kubernetes. E fa'amautinoa e le NSM e le tu'ua fa'alilolilo tusi talosaga. Faatasi ai ma le fesoasoani a le NGINX Kubernetes Ingress Controller, o le a mafai ona fesoʻotaʻi auaunaga tuʻufaʻatasi ma auaunaga mata, ma le isi itu.

E fa'amautinoaina fo'i e le NSM le saogalemu o talosaga ile si'osi'omaga leai se fa'alagolago e ala ile fa'aogaina manino o fa'ailoga ma fa'amaoniga i felauaiga o pusa. E maua ai fo'i le va'aiga ma le au'ili'iliga o fefa'ataua'iga, fesoasoani ia te oe vave ma sa'o le fa'alauiloaina o fa'agaioiga ma fo'ia fa'afitauli. E tuʻuina atu ai foʻi le faʻatonutonuina o feoaiga, faʻataga DevOps 'au e faʻapipiʻi ma faʻamalieina vaega o talosaga aʻo mafai e le au atinaʻe ona fausia ma faigofie ona faʻafesoʻotaʻi a latou tusi talosaga.

E fa'afefea ona galue le NGINX Service Mesh?

O le NSM e aofia ai se va'alele fa'amaumauga tu'ufa'atasi mo fela'uaiga (au'aunaga-i-au'aunaga) ma se NGINX Plus Ingress Controller fa'apipi'i mo femalagaiga i luga, pulea e se va'alele e tasi.

O le va'alele fa'atonutonu e fa'apitoa ma fa'amanino mo le NGINX Plus fa'amatalaga va'alele ma fa'amatala tulafono fa'atonutonu o feoaiga o lo'o fa'asoa atu i ta'avale NGINX Plus.

I le NSM, o lo'o fa'apipi'i sui o ta'avale mo auaunaga ta'itasi ile mata. Latou te faʻafesoʻotaʻi faʻatasi ma fofo tatala punaoa nei:

• Grafana, Prometheus fa'ata'ita'iga fa'ata'ita'iga, fausia-i totonu NSM panel e fesoasoani ia te oe i lau galuega;
• Kubernetes Ingress Controllers, mo le puleaina o felauaiga ulufale ma fafo i totonu o le mata;
• SPIRE, CA mo le puleaina, tufatufaina ma faʻafouina tusi faamaonia i totonu o le mata;
• NATS, o se faiga e mafai ona fuaina mo le auina atu o feʻau, e pei o faʻafouga auala, mai le vaʻalele faʻatonutonu i taʻavale;
• Tatala Suʻega, faʻasalalau faʻasalalau (Sipikin ma Jaeger lagolagoina);
• Prometheus, aoina ma teuina uiga mai NGINX Plus sidecars, e pei o le numera o talosaga, fesoʻotaʻiga ma faʻataʻitaʻiga SSL.

Galuega ma vaega

NGINX Plus e pei o se vaalele faʻamatalaga e aofia ai le sui o le taʻavale (faʻasalalau faʻasaga) ma le Ingress controller (tutusa), faʻalavelave ma faʻatautaia fefaʻatauaiga i le va o auaunaga.

O mea e aofia ai:

• Mutuale TLS (mTLS) fa'amaoni;
• Paleni uta;
• Fa'apalepale masei;
• Tapulaa o le Saosaoa;
• Ta'atiaga;
• Lanu-lanumeamata ma canary deployments;
• Pulea avanoa.

Tatala NGINX Service Mesh

Mo le fa'atinoina o le NSM e te mana'omia:

• avanoa i le siosiomaga Kubernetes. NGINX Service Mesh o loʻo lagolagoina i luga o le tele o faʻasalalauga Kubernetes, e aofia ai le Amazon Elastic Container Service mo Kubernetes (EKS), Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), VMware vSphere, ma faʻapipiʻi masani Kubernetes faʻapipiʻiina i luga o masini komepiuta;
• Meafaigaluega kubectl, faʻapipiʻi i luga o le masini lea o le a faʻapipiʻi ai le NSM;
• Avanoa ile NGINX Service Mesh faʻamalolo afifi. O le afifi o lo'o iai ata NSM e mana'omia mo le tu'uina atu i se fa'amaumauga tumaoti mo koneteina o lo'o maua i le vaega Kubernetes. O lo'o iai fo'i le afifi nginx-meshctl, mana'omia e fa'apipi'i le NSM.

Ina ia faʻapipiʻi le NSM ma faʻaoga faʻaoga, faʻataʻitaʻi le poloaiga lenei. I le taimi o le faʻapipiʻiina, o loʻo faʻaalia feʻau e faʻaalia ai na faʻapipiʻi lelei vaega, ma mulimuli ane o se feʻau e taʻu mai ai o loʻo taʻavale le NSM i se isi igoa (e te manaʻomia muamua). скачать ma tuu i totonu o le resitala, tusa. faaliliu):

$ DOCKER_REGISTRY=your-Docker-registry ; MESH_VER=0.6.0 ; 
 ./nginx-meshctl deploy  
  --nginx-mesh-api-image "${DOCKER_REGISTRY}/nginx-mesh-api:${MESH_VER}" 
  --nginx-mesh-sidecar-image "${DOCKER_REGISTRY}/nginx-mesh-sidecar:${MESH_VER}" 
  --nginx-mesh-init-image "${DOCKER_REGISTRY}/nginx-mesh-init:${MESH_VER}" 
  --nginx-mesh-metrics-image "${DOCKER_REGISTRY}/nginx-mesh-metrics:${MESH_VER}"
Created namespace "nginx-mesh".
Created SpiffeID CRD.
Waiting for Spire pods to be running...done.
Deployed Spire.
Deployed NATS server.
Created traffic policy CRDs.
Deployed Mesh API.
Deployed Metrics API Server.
Deployed Prometheus Server nginx-mesh/prometheus-server.
Deployed Grafana nginx-mesh/grafana.
Deployed tracing server nginx-mesh/zipkin.
All resources created. Testing the connection to the Service Mesh API Server...

Connected to the NGINX Service Mesh API successfully.
NGINX Service Mesh is running.

Mo nisi filifiliga, e aofia ai tulaga maualuga, faʻatautaia le poloaiga lenei:

$ nginx-meshctl deploy –h

Siaki pe sa'o lelei le va'alele fa'atonutonu i le igoa avanoa nginx-mesh, e mafai ona e faia lenei:

$ kubectl get pods –n nginx-mesh
NAME                                 READY   STATUS    RESTARTS   AGE
grafana-6cc6958cd9-dccj6             1/1     Running   0          2d19h
mesh-api-6b95576c46-8npkb            1/1     Running   0          2d19h
nats-server-6d5c57f894-225qn         1/1     Running   0          2d19h
prometheus-server-65c95b788b-zkt95   1/1     Running   0          2d19h
smi-metrics-5986dfb8d5-q6gfj         1/1     Running   0          2d19h
spire-agent-5cf87                    1/1     Running   0          2d19h
spire-agent-rr2tt                    1/1     Running   0          2d19h
spire-agent-vwjbv                    1/1     Running   0          2d19h
spire-server-0                       2/2     Running   0          2d19h
zipkin-6f7cbf5467-ns6wc              1/1     Running   0          2d19h

Faʻalagolago i faʻatulagaga faʻapipiʻi e setiina ai tulafono faʻapipiʻi tusi lesona poʻo otometi, NGINX sidecars proxies o le a faʻaopoopoina i talosaga e le mafai. Ina ia tape le fa'aopoopo otometi, faitau iinei

Mo se faʻataʻitaʻiga, pe a matou faʻaogaina le talosaga moe i igoa avanoa Leai se totogi, ona siaki lea o le Pod - o le a matou vaʻaia ni koneteina se lua, o le talosaga moe ma le ta'avale fa'atasi:

$ kubectl apply –f sleep.yaml
$ kubectl get pods –n default
NAME                     READY   STATUS    RESTARTS   AGE
sleep-674f75ff4d-gxjf2   2/2     Running   0          5h23m

E mafai foi ona tatou mataituina le talosaga moe i le NGINX Plus panel, faʻatautaia lenei poloaiga e faʻaoga ai le taʻavale mai lau masini i le lotoifale:

$ kubectl port-forward sleep-674f75ff4d-gxjf2 8080:8886

Ona tatou o ai lea i totonu iinei i le browser. E mafai foi ona e faʻafesoʻotaʻi i Prometheus e mataʻituina le talosaga moe.

E mafai ona e fa'aogaina punaoa Kubernetes ta'ito'atasi e fa'atulaga faiga fa'avae fe'avea'i, e pei o le fa'atonutonuina o avanoa, fa'atapula'aina o fua fa'atatau ma le motusia o le ta'amilosaga, mo lenei va'ai. fa'amaumauga

iʻuga

NGINX Service Mesh o loʻo avanoa mo le download fua ile faitotoa F5. Taumafai i lau dev ma suʻega siosiomaga ma tusi mai ia i matou e uiga i taunuuga.

E faʻataʻitaʻi le NGINX Plus Ingress Controller, faʻagaoioia vaitaimi faamasinoga saoloto mo le 30 aso, pe Faafesootai matou e talanoa i au fa'aoga mataupu.

Faaliliuga a Pavel Demkovich, inisinia kamupani Southbridge. Fa'atonuga fa'aoga mo RUB 15 i le masina. Ma o se vaega eseese - o se nofoaga autu o aoaoga Slurm, fa'ata'ita'i ae leai se mea na'o le fa'atino.

puna: www.habr.com