Inu wa dun lati ṣafihan ẹya awotẹlẹ (NSM), apapo iṣẹ iwuwo fẹẹrẹ kan ti o nlo ọkọ ofurufu data orisun NGINX Plus lati ṣakoso ijabọ eiyan ni awọn agbegbe Kubernetes.
NSM jẹ ọfẹ . A nireti pe iwọ yoo gbiyanju rẹ fun dev ati awọn agbegbe idanwo - ati ki o nireti esi rẹ .
Imuse ti awọn ilana microservices jẹ pẹlu awọn iṣoro bi iwọn ti ifijiṣẹ n dagba, bakanna bi idiju rẹ. Ibaraẹnisọrọ laarin awọn iṣẹ di idiju diẹ sii, awọn iṣoro n ṣatunṣe aṣiṣe di isoro siwaju sii, ati siwaju ati siwaju sii awọn iṣẹ nilo awọn orisun diẹ sii lati ṣakoso.
NSM yanju awọn iṣoro wọnyi nipa fifun ọ ni:
- Aabo, eyi ti o ṣe pataki ni bayi ju lailai. Irufin data le na ile-iṣẹ awọn miliọnu dọla lododun ni owo-wiwọle ti sọnu ati orukọ rere. NSM ṣe idaniloju pe gbogbo awọn asopọ ti wa ni ti paroko nipa lilo mTLS, nitorinaa ko si data ifura ti o le ji nipasẹ awọn olosa lori nẹtiwọọki naa. Iṣakoso wiwọle gba ọ laaye lati ṣeto awọn eto imulo fun bi awọn iṣẹ ṣe ibasọrọ pẹlu awọn iṣẹ miiran.
- Traffic Management. Nigbati o ba nfi ẹya tuntun ti ohun elo kan ranṣẹ, o le fẹ lati bẹrẹ nipa didi awọn ijabọ ti nwọle si rẹ ni ọran aṣiṣe. Pẹlu iṣakoso ijabọ eiyan oye ti NSM, o le ṣeto eto imulo ihamọ ijabọ fun awọn iṣẹ tuntun ti yoo mu ijabọ pọ si ni akoko pupọ. Awọn ẹya miiran, gẹgẹbi idinku iyara ati awọn fifọ iyika, fun ọ ni iṣakoso ni kikun lori ṣiṣan ijabọ ti gbogbo awọn iṣẹ rẹ.
- Wiwo. Ṣiṣakoso awọn ẹgbẹẹgbẹrun awọn iṣẹ le jẹ ṣiṣatunṣe ati alaburuku iworan. NSM ṣe iranlọwọ lati koju ipo yii pẹlu dasibodu Grafana ti a ṣe sinu ti o ṣafihan gbogbo awọn ẹya ti o wa ni NGINX Plus. Ati pe Ṣiṣayẹwo Ṣii ti a ṣe imuse gba ọ laaye lati ṣe atẹle awọn iṣowo ni awọn alaye.
- Awọn ifijiṣẹ arabara, ti ile-iṣẹ rẹ, bii ọpọlọpọ awọn miiran, ko lo awọn amayederun ti nṣiṣẹ ni kikun lori Kubernetes. NSM ṣe idaniloju pe awọn ohun elo ti o le jẹ ko fi silẹ laini abojuto. Pẹlu iranlọwọ ti NGINX Kubernetes Ingress Controller ti a ṣe imuse, awọn iṣẹ ti o lelẹ yoo ni anfani lati ṣe ibaraẹnisọrọ pẹlu awọn iṣẹ mesh, ati ni idakeji.
NSM tun ṣe idaniloju aabo ohun elo ni awọn agbegbe igbẹkẹle odo nipa lilo fifi ẹnọ kọ nkan ati ijẹrisi si ijabọ eiyan. O tun pese hihan idunadura ati itupalẹ, ṣe iranlọwọ fun ọ ni iyara ati ni deede ifilọlẹ awọn imuṣiṣẹ ati awọn iṣoro laasigbotitusita. O tun pese iṣakoso ijabọ granular, ngbanilaaye awọn ẹgbẹ DevOps lati ran ati mu awọn apakan ti awọn ohun elo ṣiṣẹ lakoko ti o ngbanilaaye awọn olupilẹṣẹ lati kọ ati ni irọrun sopọ awọn ohun elo pinpin wọn.
Bawo ni Mesh Iṣẹ NGINX ṣiṣẹ?
NSM ni ọkọ ofurufu data iṣọkan kan fun ijabọ petele (iṣẹ-si-iṣẹ) ijabọ ati NGINX Plus Ingress Adarí fun ijabọ inaro, iṣakoso nipasẹ ọkọ ofurufu iṣakoso kan.
Ofurufu iṣakoso jẹ apẹrẹ pataki ati iṣapeye fun ọkọ ofurufu data NGINX Plus ati ṣalaye awọn ofin iṣakoso ijabọ ti o pin kaakiri awọn ọkọ ayọkẹlẹ NGINX Plus.
Ni NSM, awọn aṣoju ẹgbẹ ẹgbẹ ti fi sori ẹrọ fun iṣẹ kọọkan ni apapo. Wọn ni wiwo pẹlu awọn solusan orisun ṣiṣi wọnyi:
- Grafana, iwoye paramita Prometheus, nronu NSM ti a ṣe sinu ṣe iranlọwọ fun ọ pẹlu iṣẹ rẹ;
- Kubernetes Ingress Controllers, fun iṣakoso ti nwọle ati ti njade ijabọ ni apapo;
- SPIRE, CA fun iṣakoso, pinpin ati mimu awọn iwe-ẹri ni apapo;
- NATS, eto ti iwọn fun fifiranṣẹ awọn ifiranṣẹ, gẹgẹbi awọn imudojuiwọn ipa ọna, lati ọkọ ofurufu iṣakoso si awọn ọkọ ayọkẹlẹ;
- Ṣiṣayẹwo Ṣiṣayẹwo, ṣiṣatunṣe pinpin (Zipkin ati Jaeger ṣe atilẹyin);
- Prometheus, n ṣajọ ati tọju awọn abuda lati awọn ọkọ ayọkẹlẹ ẹgbẹ NGINX Plus, gẹgẹbi nọmba awọn ibeere, awọn asopọ ati awọn ọwọ ọwọ SSL.
Awọn iṣẹ ati irinše
NGINX Plus gẹgẹbi ọkọ ofurufu data kan bo aṣoju ẹgbẹ ẹgbẹ (ijabọ petele) ati olutona Ingress (inaro), idilọwọ ati iṣakoso ijabọ apoti laarin awọn iṣẹ.
Awọn ẹya pẹlu:
- Ijeri TLS (mTLS) ti ara ẹni;
- Iṣatunṣe fifuye;
- Ifarada aṣiṣe;
- Iwọn iyara;
- Circuit fifọ;
- Bulu-alawọ ewe ati awọn imuṣiṣẹ canary;
- Iṣakoso wiwọle.
Ṣiṣẹda Asopọmọra Iṣẹ NGINX
Lati ṣiṣẹ NSM o nilo:
- wiwọle si Kubernetes ayika. Mesh Iṣẹ NGINX ni atilẹyin lori ọpọlọpọ awọn iru ẹrọ Kubernetes, pẹlu Amazon Elastic Container Service fun Kubernetes (EKS), Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), VMware vSphere, ati awọn iṣupọ Kubernetes deede ti a fi ranṣẹ lori awọn olupin hardware;
- Irinṣẹ
kubectl, fi sori ẹrọ lori ẹrọ ti NSM yoo fi sori ẹrọ; - Wiwọle si awọn akojọpọ idasilẹ Mesh Iṣẹ NGINX. Apo naa ni awọn aworan NSM ti o nilo fun gbigbe si iforukọsilẹ ikọkọ fun awọn apoti ti o wa ninu iṣupọ Kubernetes. Awọn package tun ni ninu
nginx-meshctl, nilo lati ran awọn NSM.
Lati ran NSM ṣiṣẹ pẹlu awọn eto aiyipada, ṣiṣe aṣẹ atẹle. Lakoko imuṣiṣẹ, awọn ifiranṣẹ han ti o nfihan pe a ti fi awọn paati sori ẹrọ ni aṣeyọri, ati nikẹhin ifiranṣẹ kan ti o nfihan pe NSM nṣiṣẹ ni aaye orukọ lọtọ (o nilo ọkan akọkọ). ki o si gbe e sinu iwe iforukọsilẹ, isunmọ. onitumọ):
$ DOCKER_REGISTRY=your-Docker-registry ; MESH_VER=0.6.0 ;
./nginx-meshctl deploy
--nginx-mesh-api-image "${DOCKER_REGISTRY}/nginx-mesh-api:${MESH_VER}"
--nginx-mesh-sidecar-image "${DOCKER_REGISTRY}/nginx-mesh-sidecar:${MESH_VER}"
--nginx-mesh-init-image "${DOCKER_REGISTRY}/nginx-mesh-init:${MESH_VER}"
--nginx-mesh-metrics-image "${DOCKER_REGISTRY}/nginx-mesh-metrics:${MESH_VER}"
Created namespace "nginx-mesh".
Created SpiffeID CRD.
Waiting for Spire pods to be running...done.
Deployed Spire.
Deployed NATS server.
Created traffic policy CRDs.
Deployed Mesh API.
Deployed Metrics API Server.
Deployed Prometheus Server nginx-mesh/prometheus-server.
Deployed Grafana nginx-mesh/grafana.
Deployed tracing server nginx-mesh/zipkin.
All resources created. Testing the connection to the Service Mesh API Server...
Connected to the NGINX Service Mesh API successfully.
NGINX Service Mesh is running.Fun awọn aṣayan diẹ sii, pẹlu awọn eto ilọsiwaju, ṣiṣe aṣẹ yii:
$ nginx-meshctl deploy –hṢayẹwo pe ọkọ ofurufu iṣakoso ṣiṣẹ ni deede ni aaye orukọ nginx-mesh, o le ṣe eyi:
$ kubectl get pods –n nginx-mesh
NAME READY STATUS RESTARTS AGE
grafana-6cc6958cd9-dccj6 1/1 Running 0 2d19h
mesh-api-6b95576c46-8npkb 1/1 Running 0 2d19h
nats-server-6d5c57f894-225qn 1/1 Running 0 2d19h
prometheus-server-65c95b788b-zkt95 1/1 Running 0 2d19h
smi-metrics-5986dfb8d5-q6gfj 1/1 Running 0 2d19h
spire-agent-5cf87 1/1 Running 0 2d19h
spire-agent-rr2tt 1/1 Running 0 2d19h
spire-agent-vwjbv 1/1 Running 0 2d19h
spire-server-0 2/2 Running 0 2d19h
zipkin-6f7cbf5467-ns6wc 1/1 Running 0 2d19hTi o da lori awọn eto imuṣiṣẹ ti o ṣeto afọwọṣe tabi awọn ilana abẹrẹ adaṣe, awọn proxies sidecars NGINX yoo ṣafikun si awọn ohun elo nipasẹ aiyipada. Lati mu fifi kun laifọwọyi, ka
Fun apẹẹrẹ, ti a ba lo ohun elo naa orun ni aaye orukọ aiyipada, ati lẹhinna ṣayẹwo Pod - a yoo rii awọn apoti ti nṣiṣẹ meji, ohun elo naa orun ati ọkọ ayọkẹlẹ ti o ni nkan ṣe:
$ kubectl apply –f sleep.yaml
$ kubectl get pods –n default
NAME READY STATUS RESTARTS AGE
sleep-674f75ff4d-gxjf2 2/2 Running 0 5h23mA tun le ṣe atẹle ohun elo naa orun ninu NGINX Plus nronu, nṣiṣẹ aṣẹ yii lati wọle si ọkọ ayọkẹlẹ ẹgbẹ lati ẹrọ agbegbe rẹ:
$ kubectl port-forward sleep-674f75ff4d-gxjf2 8080:8886Lẹhinna a kan wọle ninu ẹrọ aṣawakiri. O tun le sopọ si Prometheus lati ṣe atẹle ohun elo naa orun.
O le lo awọn orisun Kubernetes kọọkan lati tunto awọn ilana ijabọ, gẹgẹbi iṣakoso iwọle, opin oṣuwọn ati fifọ Circuit, fun eyi wo
ipari
Mesh Iṣẹ NGINX wa fun igbasilẹ ọfẹ ni . Gbiyanju ni dev rẹ ati awọn agbegbe idanwo ati .
Lati gbiyanju NGINX Plus Ingress Adarí, mu ṣiṣẹ fun 30 ọjọ, tabi lati jiroro lori awọn ọran lilo rẹ.
Itumọ nipasẹ Pavel Demkovich, ẹlẹrọ ile-iṣẹ . Isakoso eto fun RUB 15 fun oṣu kan. Ati bi ipin lọtọ - ile-iṣẹ ikẹkọ , iwa ati nkankan sugbon iwa.
orisun: www.habr.com