Isu tinofara kupa preview version (NSM), yakaunganidzwa lightweight sevhisi mesh inoshandisa NGINX Plus-yakavakirwa data ndege kubata midziyo traffic munzvimbo dzeKubernetes.
NSM ndeyemahara . Tinovimba kuti uchazviedza kuitira dev uye bvunzo mamiriro - uye kutarisira mhinduro yako .
Kuitwa kweiyo microservices methodology yakazara nematambudziko sezvo chiyero chekuendesa chinokura, pamwe nekuoma kwayo. Kukurukurirana pakati pemasevhisi kunowedzera kuoma, kugadzirisa matambudziko kunowedzera kuoma, uye masevhisi mazhinji anoda zvakawanda zvekugadzirisa.
NSM inogadzirisa matambudziko aya nekukupa iwe:
- Chengetedzo, iyo yava kukosha zvikuru kupfuura nakare kose. Kutyora kwedata kunogona kudyira kambani mamirioni emadhora pagore mune yakarasika mari uye mukurumbira. NSM inova nechokwadi chekuti zvese zvinongedzo zvakavharirwa pachishandiswa mTLS, saka hapana data rinonzwisa tsitsi rinogona kubiwa nevanobira network. Access control inokutendera iwe kuseta marongero ekuti masevhisi anotaurirana sei nemamwe masevhisi.
- Traffic Management. Kana uchitumira shanduro itsva yepurogiramu, ungada kutanga nekudzora traffic iri kuuya kwairi kana paine chikanganiso. NeNSM's yakangwara midziyo traffic manejimendi, unogona kuseta mutemo wekurambidza traffic kune matsva masevhisi anozowedzera traffic nekufamba kwenguva. Mamwe maficha, akadai sekumisikidza kumhanya uye maseketi anotyora, anokupa iwe kutonga kwakazara pamusoro pekufamba kwetraffic kwese masevhisi ako.
- Kufungidzira. Kutonga zviuru zvemasevhisi kunogona kuve kukonzeresa uye kuona hope dzinotyisa. NSM inobatsira kubata nemamiriro aya neGrafana dashboard yakavakirwa iyo inoratidza ese maficha aripo muNGINX Plus. Uye zvakare iyo yakavhurwa Open Tracing inokutendera iwe kuti utarise kutengeserana zvakadzama.
- Hybrid deliverys, kana kambani yako, sevamwe vazhinji, isingashandisi zvivakwa zvinomhanya paKubernetes. NSM inova nechokwadi chekuti zvikumbiro zvenhaka hazvina kusiiwa zvisina kutarisirwa. Nerubatsiro rweyakaitwa NGINX Kubernetes Ingress Controller, masevhisi enhaka achakwanisa kutaurirana nemasevhisi mesh, uye zvinopesana.
NSM zvakare inova nechokwadi chekuchengetedza application munzvimbo dzekuvimba ne zero nekuisa pachena encryption uye huchokwadi kune midziyo traffic. Inopawo kutengeserana kuoneka uye kuongorora, kukubatsira iwe nekukurumidza uye nemazvo kuvhura deployments uye kugadzirisa matambudziko. Inopawo granular traffic control, ichibvumira zvikwata zveDevOps kuendesa uye kugadzirisa zvikamu zvezvishandiso uku ichigonesa vanogadzira kuvaka uye nyore kubatanidza maapplication avo akagoverwa.
Iyo NGINX Service Mesh inoshanda sei?
NSM ine ndege yedata yakabatana yetraffic (sevhisi-ku-sevhisi) traffic uye yakamisikidzwa NGINX Plus Ingress Controller yetraffic traffic, inotungamirwa nendege imwe chete inodzora.
Ndege yekudzora yakanyatsogadzirirwa uye yakagadziridzwa NGINX Plus data ndege uye inotsanangura mitemo yekudzora traffic yakagoverwa mhiri NGINX Plus sidecars.
MuNSM, sidecars proxies akaisirwa sevhisi yega yega mune mesh. Ivo vanobatana neinotevera yakavhurika sosi mhinduro:
- Grafana, Prometheus parameter kuona, yakavakirwa-mukati NSM pani inokubatsira nebasa rako;
- Kubernetes Ingress Controllers, yekutarisira inouya uye inobuda traffic mune mesh;
- SPIRE, CA yekutarisira, kugovera nekuvandudza zvitupa mumambure;
- NATS, scalable system yekutumira mameseji, senge nzira dzekuvandudza, kubva kundege yekudzora kuenda kumasidecars;
- Open Tracing, yakagoverwa debugging (Zipkin naJaeger vakatsigira);
- Prometheus, inounganidza uye inochengetedza maitiro kubva kuNGINX Plus sidecars, senge nhamba yezvikumbiro, zvinongedzo uye SSL kubata maoko.
Mabasa uye zvikamu
NGINX Plus se ndege yedata inovhara sidecar proxy (yakatwasuka traffic) uye Ingress controller (yakatwasuka), kubvunzurudza uye kugadzirisa mugaba traffic pakati pemasevhisi.
Zvimiro zvinosanganisira:
- Mutual TLS (mTLS) kuvimbiswa;
- Load balancing;
- Mhosva kushivirira;
- Speed ββββlimit;
- Circuit breaking;
- Bhuruu-girinhi uye canary deployments;
- Access control.
Kutanga NGINX Service Mesh
Kuti uite NSM unoda:
- kuwana kune Kubernetes nharaunda. NGINX Service Mesh inotsigirwa pamapuratifomu akawanda eKubernetes, kusanganisira Amazon Elastic Container Service yeKubernetes (EKS), Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), VMware vSphere, uye nguva dzose Kubernetes masumbu akaiswa pamaseva e hardware;
- Tool
kubectl, yakaiswa pamushini uchaiswa NSM; - Kuwanikwa kune NGINX Service Mesh kuburitsa mapakeji. Iyo pasuru ine NSM mifananidzo inodiwa kurodha kune yakavanzika registry yemidziyo inowanikwa muKubernetes cluster. Pasuru yacho inewo
nginx-meshctl, inodiwa kuendesa NSM.
Kuti uendese NSM ine default marongero, mhanyisa unotevera kuraira. Panguva yekuendesa, mameseji anoratidzwa achiratidza kubudirira kuiswa kwezvikamu uye, pakupedzisira, meseji inoratidza kuti NSM iri kushanda munzvimbo yakaparadzana yezita (unofanirwa kutanga woiisa mu registry, approx. mushanduri):
$ DOCKER_REGISTRY=your-Docker-registry ; MESH_VER=0.6.0 ;
./nginx-meshctl deploy
--nginx-mesh-api-image "${DOCKER_REGISTRY}/nginx-mesh-api:${MESH_VER}"
--nginx-mesh-sidecar-image "${DOCKER_REGISTRY}/nginx-mesh-sidecar:${MESH_VER}"
--nginx-mesh-init-image "${DOCKER_REGISTRY}/nginx-mesh-init:${MESH_VER}"
--nginx-mesh-metrics-image "${DOCKER_REGISTRY}/nginx-mesh-metrics:${MESH_VER}"
Created namespace "nginx-mesh".
Created SpiffeID CRD.
Waiting for Spire pods to be running...done.
Deployed Spire.
Deployed NATS server.
Created traffic policy CRDs.
Deployed Mesh API.
Deployed Metrics API Server.
Deployed Prometheus Server nginx-mesh/prometheus-server.
Deployed Grafana nginx-mesh/grafana.
Deployed tracing server nginx-mesh/zipkin.
All resources created. Testing the connection to the Service Mesh API Server...
Connected to the NGINX Service Mesh API successfully.
NGINX Service Mesh is running.Kuti uwane dzimwe sarudzo, kusanganisira zvigadziriso zvepamberi, mhanyisa uyu murairo:
$ nginx-meshctl deploy βhTarisa kuti ndege yekudzora inoshanda nemazvo munzvimbo yezita nginx-mesh, unogona kuita izvi:
$ kubectl get pods βn nginx-mesh
NAME READY STATUS RESTARTS AGE
grafana-6cc6958cd9-dccj6 1/1 Running 0 2d19h
mesh-api-6b95576c46-8npkb 1/1 Running 0 2d19h
nats-server-6d5c57f894-225qn 1/1 Running 0 2d19h
prometheus-server-65c95b788b-zkt95 1/1 Running 0 2d19h
smi-metrics-5986dfb8d5-q6gfj 1/1 Running 0 2d19h
spire-agent-5cf87 1/1 Running 0 2d19h
spire-agent-rr2tt 1/1 Running 0 2d19h
spire-agent-vwjbv 1/1 Running 0 2d19h
spire-server-0 2/2 Running 0 2d19h
zipkin-6f7cbf5467-ns6wc 1/1 Running 0 2d19hZvichienderana nemagadzirirwo ekutumira anoseta manyorero kana otomatiki jekiseni marongero, NGINX sidecars proxies inozowedzerwa kune maapplication nekukasira. Kudzima otomatiki kuwedzera, verenga
Semuenzaniso, kana isu tikashandisa application hope munzvimbo yemazita Default, uye wozotarisa iyo Pod - tichaona maviri anomhanya midziyo, iyo application hope uye yakabatana sidecar:
$ kubectl apply βf sleep.yaml
$ kubectl get pods βn default
NAME READY STATUS RESTARTS AGE
sleep-674f75ff4d-gxjf2 2/2 Running 0 5h23mIsu tinogona zvakare kutarisa iyo application hope mune NGINX Plus pani, uchimhanyisa uyu murairo kuti uwane sidecar kubva kumushini wako wepanzvimbo:
$ kubectl port-forward sleep-674f75ff4d-gxjf2 8080:8886Tinobva tangopinda mubrowser. Iwe unogona zvakare kubatana nePrometheus kuti utarise application hope.
Iwe unogona kushandisa munhu Kubernetes zviwanikwa kugadzirisa traffic traffic, senge yekuwana kutonga, chiyero chekumisa uye kutyora kwedunhu, pane izvi ona.
mhedziso
NGINX Service Mesh inowanikwa yemahara kurodha pa . Edza iyo mune yako dev uye bvunzo nharaunda uye .
Kuedza NGINX Plus Ingress Controller, shandisa kwemazuva 30, kana kukurukura nyaya dzako dzekushandisa.
Dudziro yakaitwa naPavel Demkovich, injiniya wekambani . Sistimu yekutonga kweRUB 15 pamwedzi. Uye sechikamu chakasiyana - nzvimbo yekudzidzisa , dzidzira uye hapana chimwe kunze kwekuita.
Source: www.habr.com