NGINX Service Mesh ekhoyo

Siyavuya ukwenza inguqulelo yepreview NGINX Service Mesh (NSM), i-bundled lightweight service mesh esebenzisa i-NGINX Plus-based data plane ukulawula i-container traffic kwiindawo ze-Kubernetes.

I-NSM isimahla khuphela apha. Siyathemba ukuba uyakuyizama idev kunye neemeko zovavanyo- kwaye sijonge phambili kwingxelo yakho kwiGitHub.

Ukuphunyezwa kwendlela yokusebenza ye-microservices igcwele ubunzima njengoko isikali sonikezelo sikhula, kunye nobunzima bayo. Unxibelelwano phakathi kweenkonzo luba nzima ngakumbi, iingxaki zokulungiswa kweempazamo ziba nzima, kwaye iinkonzo ezininzi zifuna izixhobo ezininzi zokulawula.

I-NSM isombulula ezi ngxaki ngokukunika:

• Khu seleko, ngoku ebaluleke ngakumbi kunangaphambili. Ukophulwa kwedatha kunokubiza inkampani izigidi zeedola ngonyaka kwingeniso elahlekileyo kunye nodumo. I-NSM iqinisekisa ukuba lonke uqhagamshelwano luguqulelwe ngokuntsonkothileyo kusetyenziswa i-mTLS, ngoko ke akukho datha inovakalelo enokubiwa ngabaduni kwinethiwekhi. Ulawulo lofikelelo lukuvumela ukuba usete imigaqo-nkqubo yendlela iinkonzo ezinxibelelana ngayo nezinye iinkonzo.
• Ulawulo lwezoThutho. Xa uthumela uguqulelo olutsha lwesicelo, unokufuna ukuqala ngokunqanda itrafikhi engenayo kuyo xa kukho impazamo. Ngolawulo lwetrafikhi olukrelekrele lwe-NSM, unokuseta umgaqo-nkqubo wothintelo lwendlela kwiinkonzo ezintsha eziya kwandisa i-traffic ngokuhamba kwexesha. Ezinye izinto, ezinjengokunciphisa isantya kunye nezaphuli zesekethe, zikunika ulawulo olupheleleyo lokuhamba kwetrafikhi kuzo zonke iinkonzo zakho.
• Ukubonakala. Ukulawula amawaka eenkonzo kunokuba yingxaki yokulungisa iimpazamo kunye nokubonwayo. I-NSM inceda ukujongana nale meko ngedeshibhodi yeGrafana eyakhelwe ngaphakathi ebonisa zonke iimpawu ezikhoyo kwi-NGINX Plus. Kwaye kwakhona i-Open Tracing ephunyeziweyo ikuvumela ukuba ubeke iliso kwintengiselwano ngokweenkcukacha.
• Ukuhanjiswa kweHybrid, ukuba inkampani yakho, njengabanye abaninzi, ayisebenzisi isiseko esisebenza ngokupheleleyo kwi-Kubernetes. I-NSM iqinisekisa ukuba izicelo zelifa azishiywa zingajongwanga. Ngoncedo lwe-NGINX Kubernetes Ingress Controller ephunyeziweyo, iinkonzo zelifa ziya kukwazi ukunxibelelana neenkonzo ze-mesh, kwaye ngokuphambene noko.

I-NSM ikwaqinisekisa ukhuseleko lwesicelo kwiindawo ezisingqongileyo zokuthembana ngokufaka elubala uguqulelo oluntsonkothileyo kunye nokuqinisekisa kwitrafikhi yesikhongozeli. Ikwabonelela ngokubonakala kwentengiselwano kunye nohlalutyo, kukunceda ngokukhawuleza nangokuchanekileyo uqalise ukuthunyelwa kunye neengxaki zokusombulula ingxaki. Ikwabonelela ngolawulo lwetrafikhi yegranular, ivumela amaqela e-DevOps ukuba asebenzise kwaye aphucule iinxalenye zezicelo ngelixa uvumela abaphuhlisi ukuba bakhe kwaye baqhagamshele ngokulula izicelo zabo ezisasazwayo.

Isebenza njani i-NGINX Service Mesh?

I-NSM iqulethe indiza yedatha edibeneyo ye-horizontal (inkonzo-kwinkonzo) ye-traffic kunye ne-NGINX Plus Ingress Controller edibeneyo ye-traffic traffic, elawulwa yindiza yokulawula enye.

Inqwelomoya yokulawula yenzelwe ngokukodwa kwaye ilungiselelwe i-NGINX Plus indiza yedatha kwaye ichaza imithetho yokulawula i-traffic ehanjiswa kwii-sidecars ze-NGINX Plus.

Kwi-NSM, ii-sidecars proxies zifakwe kwinkonzo nganye kumnatha. Bajongana nezisombululo zomthombo ovulekileyo zilandelayo:

• Grafana, Prometheus parameter visualization, eyakhelwe-ngaphakathi NSM panel ikunceda ngomsebenzi wakho;
• I-Kubernetes Ingress Controllers, yokulawula i-traffic engenayo nephumayo kwi-mesh;
• I-SPIRE, i-CA yokulawula, ukuhambisa kunye nokuhlaziya izatifikethi kwi-mesh;
• I-NATS, inkqubo ehlanjululweyo yokuthumela imiyalezo, njengohlaziyo lwendlela, ukusuka kwinqwelomoya yokulawula ukuya kwiinqwelo ezisecaleni;
• Vula ukuKhangela, ukusasazwa kwe-debugging (uZipkin kunye noJaeger baxhaswa);
• I-Prometheus, iqokelela kwaye igcina iimpawu ezivela kwii-sidecars ze-NGINX Plus, ezifana nenani lezicelo, ukudibanisa kunye ne-SSL handshakes.

Imisebenzi kunye namacandelo

I-NGINX Plus njengendiza yedatha igubungela i-proxy ye-sidecar (i-traffic ethe tyaba) kunye nomlawuli we-Ingress (othe nkqo), ukuthintela kunye nokulawula i-container traffic phakathi kweenkonzo.

Iimpawu ziquka:

• Uqinisekiso lwe-Tual TLS (mTLS);
• Ukulinganisa umthwalo;
• Ukunyamezela iimpazamo;
• Umda wesantya;
• Ukwaphulwa kwesekethe;
• Ukuthunyelwa kweBlue-green kunye ne-canary;
• Ulawulo lokufikelela.

Ukwazisa i-NGINX Service Mesh

Ukwenza i-NSM kufuneka:

• ukufikelela kokusingqongileyo Kubernetes. I-NGINX Service Mesh ixhaswa kwiiplatifti ezininzi ze-Kubernetes, kuquka i-Amazon Elastic Container Service ye-Kubernetes (EKS), i-Azure Kubernetes Service (AKS), i-Google Kubernetes Engine (GKE), i-VMware vSphere, kunye namaqela aqhelekileyo e-Kubernetes asetyenziswe kwiiseva ze-hardware;
• Isixhobo kubectl, efakwe kumatshini apho i-NSM iza kufakwa khona;
• Ukufikelela kwiiphakheji ze-NGINX zeNkonzo yeMesh. Iphakheji iqulethe imifanekiso ye-NSM efunekayo ukulayishwa kwirejista yangasese kwizikhongozeli ezifumanekayo kwiqela le-Kubernetes. Iphakheji ikwaqulathe nginx-meshctl, efunekayo ukuze kusetyenziswe i-NSM.

Ukubeka i-NSM ngoseto olungagqibekanga, sebenzisa lo myalelo ulandelayo. Ngexesha lokuthunyelwa, imiyalezo iyaboniswa ebonisa ukufakela okuyimpumelelo kwamacandelo kwaye, ekugqibeleni, umyalezo obonisa ukuba i-NSM isebenza kwindawo yamagama eyahlukileyo (kufuneka uqale скачать kwaye uyibeke kwirejista, malunga. umguquleli):

$ DOCKER_REGISTRY=your-Docker-registry ; MESH_VER=0.6.0 ; 
 ./nginx-meshctl deploy  
  --nginx-mesh-api-image "${DOCKER_REGISTRY}/nginx-mesh-api:${MESH_VER}" 
  --nginx-mesh-sidecar-image "${DOCKER_REGISTRY}/nginx-mesh-sidecar:${MESH_VER}" 
  --nginx-mesh-init-image "${DOCKER_REGISTRY}/nginx-mesh-init:${MESH_VER}" 
  --nginx-mesh-metrics-image "${DOCKER_REGISTRY}/nginx-mesh-metrics:${MESH_VER}"
Created namespace "nginx-mesh".
Created SpiffeID CRD.
Waiting for Spire pods to be running...done.
Deployed Spire.
Deployed NATS server.
Created traffic policy CRDs.
Deployed Mesh API.
Deployed Metrics API Server.
Deployed Prometheus Server nginx-mesh/prometheus-server.
Deployed Grafana nginx-mesh/grafana.
Deployed tracing server nginx-mesh/zipkin.
All resources created. Testing the connection to the Service Mesh API Server...

Connected to the NGINX Service Mesh API successfully.
NGINX Service Mesh is running.

Ukufumana ezinye iinketho, kuquka useto oluphambili, sebenzisa lo myalelo:

$ nginx-meshctl deploy –h

Khangela ukuba inqwelomoya yolawulo isebenza ngokuchanekileyo kwindawo yamagama nginx-umnatha, ungenza oku:

$ kubectl get pods –n nginx-mesh
NAME                                 READY   STATUS    RESTARTS   AGE
grafana-6cc6958cd9-dccj6             1/1     Running   0          2d19h
mesh-api-6b95576c46-8npkb            1/1     Running   0          2d19h
nats-server-6d5c57f894-225qn         1/1     Running   0          2d19h
prometheus-server-65c95b788b-zkt95   1/1     Running   0          2d19h
smi-metrics-5986dfb8d5-q6gfj         1/1     Running   0          2d19h
spire-agent-5cf87                    1/1     Running   0          2d19h
spire-agent-rr2tt                    1/1     Running   0          2d19h
spire-agent-vwjbv                    1/1     Running   0          2d19h
spire-server-0                       2/2     Running   0          2d19h
zipkin-6f7cbf5467-ns6wc              1/1     Running   0          2d19h

Ngokuxhomekeke kwimimiselo yokuthunyelwa ebeka imigaqo-nkqubo ye-manual okanye ye-injection ngokuzenzekelayo, i-NGINX sidecars proxies iya kongezwa kwizicelo ngokungagqibekanga. Ukuvala ukongeza okuzenzekelayo, funda apha

Umzekelo, ukuba sihambisa isicelo ukulala kwindawo yamagama Engagqibekanga, kwaye emva koko khangela iPod - siya kubona izikhongozeli ezimbini ezisebenzayo, isicelo ukulala kunye nemoto esecaleni ehambelana nayo:

$ kubectl apply –f sleep.yaml
$ kubectl get pods –n default
NAME                     READY   STATUS    RESTARTS   AGE
sleep-674f75ff4d-gxjf2   2/2     Running   0          5h23m

Sinako kwakhona ukubeka iliso isicelo ukulala kwiphaneli ye-NGINX Plus, usebenzisa lo myalelo wokufikelela kwi-sidecar kumatshini wakho wasekhaya:

$ kubectl port-forward sleep-674f75ff4d-gxjf2 8080:8886

Emva koko singena nje apha kwisikhangeli. Unako kwakhona ukuqhagamshela Prometheus ukubeka esweni isicelo ukulala.

Ungasebenzisa izixhobo ezizimeleyo zeKubernetes ukuqwalasela imigaqo-nkqubo yendlela, njengolawulo lofikelelo, ukucutha izinga kunye nokwaphulwa kwesekethe, oku bona uxwebhu

isiphelo

I-NGINX Service Mesh iyafumaneka ngokukhuphela mahala portal F5. Yizame kwindawo yakho ye-dev kunye novavanyo kunye sibhalele ngeziphumo.

Ukuzama i-NGINX Plus Ingress Controller, yenza kusebenze free trial period iintsuku ezingama-30, okanye Qhagamshelana nathi ukuxoxa ngamatyala akho okusetyenziswa.

Inguqulelo kaPavel Demkovich, injineli yenkampani I-Southbridge. Ulawulo lwenkqubo ye-RUB 15 ngenyanga. Kwaye njengecandelo elahlukileyo - iziko loqeqesho I-slurm, ukuqhelisela kwaye akukho nto ngaphandle kokuqhelisela.

umthombo: www.habr.com