ProHoster > Blog > Tsamaiso > NGINX Service Mesh e fumaneha

NGINX Service Mesh e fumaneha

NGINX Service Mesh e fumaneha

Re thabetse ho hlahisa mofuta oa ponelo-pele NGINX Service Mesh (NSM), mesh ea lits'ebeletso tse bobebe e sebelisang sefofane sa data se thehiloeng ho NGINX Plus ho laola sephethephethe sa lijana libakeng tsa Kubernetes.

NSM ke mahala jarolla mona. Re tšepa hore u tla e leka bakeng sa maemo a ntlafatso le liteko - 'me u lebelletse maikutlo a hau ka thabo ho GitHub.

Ho kengoa ts'ebetsong ha mokhoa oa li-microservices ho tletse mathata ha tekanyo ea phano e ntse e hola, hammoho le ho rarahana ha eona. Puisano lipakeng tsa lits'ebeletso e ba thata le ho feta, mathata a ho lokisa mathata a ba boima le ho feta, 'me litšebeletso tse ngata li hloka lisebelisoa tse ngata ho li laola.

NSM e rarolla mathata ana ka ho o fa:

  • Tshireletso, eo hona joale e leng ea bohlokoa ho feta leha e le neng pele. Ho tloloa ha data ho ka jella k'hamphani limilione tsa lidolara selemo le selemo ho lahleheloa ke chelete le botumo. NSM e netefatsa hore likhokahano tsohle li patiloe ho sebelisoa mTLS, kahoo ha ho na data ea bohlokoa e ka utsuoang ke linokoane marang-rang. Taolo ea phihlello e u lumella ho theha melaoana ea hore na lits'ebeletso li buisana joang le lits'ebeletso tse ling.
  • Tsamaiso ea Sephethephethe. Ha o romella mofuta o mocha oa ts'ebeliso, o kanna oa batla ho qala ka ho thibela therafiki e kenang ho eona haeba ho ka ba le phoso. Ka taolo e bohlale ea sephethephethe sa lijana ea NSM, o ka beha leano la thibelo ea sephethephethe bakeng sa lits'ebeletso tse ncha tse tla eketsa sephethephethe ha nako e ntse e ea. Likarolo tse ling, joalo ka ho fokotsa lebelo le li-circuit breakers, li u fa taolo e felletseng holim'a phallo ea sephethephethe ea lits'ebeletso tsohle tsa hau.
  • Ponahalo. Ho laola lits'ebeletso tse likete e ka ba bothata ba ho rarolla mathata le ho bona ka mahlo. NSM e thusa ho sebetsana le boemo bona ka dashboard ea Grafana e hahiloeng ka hare e bonts'ang likarolo tsohle tse fumanehang ho NGINX Plus. Hape Open Tracing e kentsoeng tšebetsong e u lumella ho lekola litšebelisano ka botlalo.
  • Ho tsamaisoa ha li-hybrid, haeba k'hamphani ea hau, joalo ka tse ling tse ngata, e sa sebelise lisebelisoa tsa motheo tse sebetsang ho Kubernetes ka botlalo. NSM e netefatsa hore likopo tsa lefa ha li tloheloe li sa hlokomeloe. Ka thuso ea NGINX Kubernetes Ingress Controller e kentsoeng tšebetsong, litšebeletso tsa lefa li tla khona ho buisana le litšebeletso tsa mesh, le ka tsela e fapaneng.

NSM e boetse e netefatsa ts'ireletso ea ts'ebeliso maemong a ts'epo ea zero ka ho sebelisa encryption pepeneneng le netefatso ho sephethephethe sa lijana. E boetse e fana ka ponahalo le tlhahlobo ea transaction, e u thusa ka potlako le ka nepo ho qala li-deployments le mathata a ho rarolla mathata. E boetse e fana ka taolo ea sephethephethe sa granular, e lumellang lihlopha tsa DevOps ho tsamaisa le ho ntlafatsa likarolo tsa lits'ebetso ha li ntse li thusa ba ntlafatsang ho aha le ho hokahanya lits'ebetso tsa bona tse phatlalalitsoeng habonolo.

NGINX Service Mesh e sebetsa joang?

NSM e na le sefofane se kopaneng sa data bakeng sa sephethephethe se otlolohileng (ts'ebeletso-ho-ts'ebeletso) le NGINX Plus Ingress Controller e kentsoeng bakeng sa sephethephethe se otlolohileng, se laoloang ke sefofane se le seng sa taolo.

Sefofane sa taolo se entsoe ka ho khetheha le ho ntlafatsoa bakeng sa sefofane sa data sa NGINX Plus 'me se hlalosa melao ea tsamaiso ea sephethephethe e abuoang hohle ka mahlakoreng a mahlakoreng a NGINX Plus.

Ho NSM, li-proxies tsa li-sidecars li kentsoe bakeng sa ts'ebeletso e 'ngoe le e' ngoe e letlooeng. Li sebelisana le litharollo tse latelang tsa mohloli o bulehileng:

  • Grafana, pono ea paramente ea Prometheus, phanele ea NSM e hahelletsoeng e u thusa ka mosebetsi oa hau;
  • Kubernetes Ingress Controllers, bakeng sa ho laola sephethephethe se kenang le se tsoang ka har'a letlooeng;
  • SPIRE, CA bakeng sa ho laola, ho aba le ho nchafatsa litifikeiti ka letlooeng;
  • NATS, sistimi e scalable bakeng sa ho romella melaetsa, joalo ka liapdeite tsa litsela, ho tloha sefofaneng sa taolo ho ea ho li-sidecars;
  • Open Tracing, debugging e ajoang (Zipkin le Jaeger ba tšehelitsoe);
  • Prometheus, e bokella le ho boloka litšobotsi tse tsoang ho li-sidecars tsa NGINX Plus, tse kang palo ea likōpo, li-connections le ho tšoara matsoho ka SSL.

Mesebetsi le likarolo

NGINX Plus e le sefofane sa data se koahelang proxy ea sidecar (sephethephethe se otlolohileng) le Ingress controller (e theohileng), ho thibela le ho laola sephethephethe sa lijana pakeng tsa litšebeletso.

Likarolo li kenyelletsa:

  • netefatso ea Mutual TLS (mTLS);
  • Ho leka-lekanya mojaro;
  • Ho mamella liphoso;
  • Lebelo la lebelo;
  • Ho robeha ha potoloho;
  • Botala bo botala le li-canary deployments;
  • Taolo ea phihlello.

Ho qala NGINX Service Mesh

Ho tsamaisa NSM o hloka:

  • phihlello ea tikoloho ea Kubernetes. NGINX Service Mesh e tšehetsoa ho li-platform tse ngata tsa Kubernetes, ho kenyelletsa le Amazon Elastic Container Service bakeng sa Kubernetes (EKS), Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), VMware vSphere, le lihlopha tse tloaelehileng tsa Kubernetes tse sebelisoang ho li-server tsa hardware;
  • Sesebelisoa kubectl, e kentsoeng mochine oo NSM e tla kenngoa ho oona;
  • Ho fihlella liphutheloana tsa tokollo tsa NGINX Service Mesh. Sephutheloana se na le litšoantšo tsa NSM tse hlokahalang bakeng sa ho li kenya ho ngoliso ea poraefete bakeng sa lijana tse fumanehang sehlopheng sa Kubernetes. Sephutheloana se boetse se na le nginx-meshctl, e hlokahalang ho tsamaisa NSM.

Ho tsamaisa NSM ka li-setting tsa kamehla, tsamaisa taelo e latelang. Nakong ea ho romelloa, ho hlahisoa melaetsa e bontšang ho kenngoa ka katleho ha likarolo, 'me qetellong, molaetsa o bontšang hore NSM e sebetsa sebakeng se arohaneng sa mabitso (o hloka ho qala скачать 'me ue behe ka har'a registry, hoo e ka bang. mofetoleli):

$ DOCKER_REGISTRY=your-Docker-registry ; MESH_VER=0.6.0 ; 
 ./nginx-meshctl deploy  
  --nginx-mesh-api-image "${DOCKER_REGISTRY}/nginx-mesh-api:${MESH_VER}" 
  --nginx-mesh-sidecar-image "${DOCKER_REGISTRY}/nginx-mesh-sidecar:${MESH_VER}" 
  --nginx-mesh-init-image "${DOCKER_REGISTRY}/nginx-mesh-init:${MESH_VER}" 
  --nginx-mesh-metrics-image "${DOCKER_REGISTRY}/nginx-mesh-metrics:${MESH_VER}"
Created namespace "nginx-mesh".
Created SpiffeID CRD.
Waiting for Spire pods to be running...done.
Deployed Spire.
Deployed NATS server.
Created traffic policy CRDs.
Deployed Mesh API.
Deployed Metrics API Server.
Deployed Prometheus Server nginx-mesh/prometheus-server.
Deployed Grafana nginx-mesh/grafana.
Deployed tracing server nginx-mesh/zipkin.
All resources created. Testing the connection to the Service Mesh API Server...

Connected to the NGINX Service Mesh API successfully.
NGINX Service Mesh is running.

Bakeng sa likhetho tse ling, ho kenyelletsa le li-setting tse tsoetseng pele, tsamaisa taelo ena:

$ nginx-meshctl deploy –h

Hlahloba hore na sefofane sa taolo se sebetsa ka nepo sebakeng sa mabitso nginx-mesh, u ka etsa sena:

$ kubectl get pods –n nginx-mesh
NAME                                 READY   STATUS    RESTARTS   AGE
grafana-6cc6958cd9-dccj6             1/1     Running   0          2d19h
mesh-api-6b95576c46-8npkb            1/1     Running   0          2d19h
nats-server-6d5c57f894-225qn         1/1     Running   0          2d19h
prometheus-server-65c95b788b-zkt95   1/1     Running   0          2d19h
smi-metrics-5986dfb8d5-q6gfj         1/1     Running   0          2d19h
spire-agent-5cf87                    1/1     Running   0          2d19h
spire-agent-rr2tt                    1/1     Running   0          2d19h
spire-agent-vwjbv                    1/1     Running   0          2d19h
spire-server-0                       2/2     Running   0          2d19h
zipkin-6f7cbf5467-ns6wc              1/1     Running   0          2d19h

Ho ipapisitsoe le litlhophiso tsa phepelo e behang maano a ente ea matsoho kapa ea othomathike, li-proxies tsa NGINX sidecars li tla eketsoa lits'ebetsong ka mokhoa o ikhethileng. Ho tima ho kenya ka mokhoa o itekanetseng, bala mona

Ka mohlala, haeba re kenya kopo boroko bo sebakeng sa mabitso ya kamehla, 'me joale hlahloba Pod - re tla bona lijana tse peli tse sebetsang, kopo boroko bo le koloi e amanang le eona:

$ kubectl apply –f sleep.yaml
$ kubectl get pods –n default
NAME                     READY   STATUS    RESTARTS   AGE
sleep-674f75ff4d-gxjf2   2/2     Running   0          5h23m

Re ka boela ra hlokomela kopo boroko bo ka phanele ea NGINX Plus, e tsamaisang taelo ena ea ho fihlella koloi e ka thoko ho tsoa mochining oa heno:

$ kubectl port-forward sleep-674f75ff4d-gxjf2 8080:8886

Ebe re kena feela mona sebatli. U ka boela ua hokela ho Prometheus ho beha leihlo ts'ebeliso boroko bo.

U ka sebelisa lisebelisoa tsa motho ka mong tsa Kubernetes ho hlophisa maano a sephethephethe, joalo ka taolo ea phihlello, ho fokotsa sekhahla le ho phatloha ha potoloho. litokomane

fihlela qeto e

NGINX Service Mesh e fumaneha mahala mahala ho portal F5. E leke sebakeng sa hau sa dev le liteko le re ngolle ka liphetho.

Ho leka NGINX Plus Ingress Controller, kenya tshebetsong nako ea teko ea mahala ka matsatsi a 30, kapa Iteanye le rona ho buisana ka linyeoe tsa ts'ebeliso ea hau.

Phetolelo ea Pavel Demkovich, moenjiniere oa k'hamphani Southbridge. Tsamaiso ea tsamaiso bakeng sa RUB 15 ka khoeli. 'Me e le karohano e arohaneng - setsi sa koetliso Slurm, ho itloaetsa ho se letho haese ho itloaetsa.

Source: www.habr.com

Eketsa ka tlhaloso