I-NGINX Service Mesh iyatholakala

Siyajabula ukwethula inguqulo yokubuka kuqala I-NGINX Service Mesh (NSM), inqwaba yesevisi ye-lightweight mesh esebenzisa indiza yedatha esekwe ku-NGINX Plus ukuze ilawule ithrafikhi yesiqukathi ezindaweni zase-Kubernetes.

I-NSM imahhala landa lapha. Sithemba ukuthi uzoyizamela i-dev nezindawo zokuhlola - futhi ulindele impendulo yakho ku-GitHub.

Ukuqaliswa kokusebenza kwe-microservices methodology kugcwele ubunzima njengoba izinga lokulethwa likhula, kanye nobunkimbinkimbi bakho. Ukuxhumana phakathi kwezinsizakalo kuba nzima kakhulu, izinkinga zokulungisa iphutha ziba nzima kakhulu, futhi izinsizakalo eziningi zidinga izinsiza ezengeziwe zokuphatha.

I-NSM ixazulula lezi zinkinga ngokukunikeza:

• Ukuphepha, manje ebaluleke kakhulu kunangaphambili. Ukwephulwa kwedatha kungadla inkampani izigidi zamadola ngonyaka ngenzuzo elahlekile nesithunzi. I-NSM iqinisekisa ukuthi konke ukuxhumeka kubethelwe kusetshenziswa i-mTLS, ngakho-ke ayikho idatha ebucayi engantshontshwa izigebengu ze-inthanethi kunethiwekhi. Ukulawula ukufinyelela kukuvumela ukuthi usethe izinqubomgomo zokuthi izinsiza zixhumana kanjani namanye amasevisi.
• Ukuphathwa Kwethrafikhi. Uma uthumela inguqulo entsha yohlelo lokusebenza, ungase ufune ukuqala ngokukhawulela ithrafikhi engenayo kuyo uma kwenzeka kuba nephutha. Ngokuphathwa kwethrafikhi yeziqukathi ezihlakaniphile ze-NSM, ungasetha inqubomgomo yokuvinjelwa kwethrafikhi yezinsizakalo ezintsha ezizokhuphula ithrafikhi ngokuhamba kwesikhathi. Ezinye izici, ezifana nokunciphisa isivinini nama-circuit breaker, zikunikeza ukulawula okuphelele kokugeleza kwethrafikhi yazo zonke izinsiza zakho.
• Ukubonakala. Ukuphatha izinkulungwane zezinsizakalo kungaba yiphupho elibi lokulungisa iphutha nokubona ngeso lengqondo. I-NSM isiza ukubhekana nalesi simo ngedeshibhodi ye-Grafana eyakhelwe ngaphakathi ebonisa zonke izici ezitholakala ku-NGINX Plus. Futhi i-Open Tracing efakiwe ikuvumela ukuthi uqaphe ukuthengiselana ngokuningiliziwe.
• Ukudiliva okuhlanganisiwe, uma inkampani yakho, njengezinye eziningi, ingasebenzisi ingqalasizinda esebenza ngokuphelele ku-Kubernetes. I-NSM iqinisekisa ukuthi izicelo zefa azishiywa zinganakiwe. Ngosizo lwe-NGINX Kubernetes Ingress Controller esetshenzisiwe, izinsizakalo zefa zizokwazi ukuxhumana nezinsizakalo ze-mesh, futhi ngokuphambene nalokho.

I-NSM iphinde iqinisekise ukuphepha kohlelo lokusebenza ezindaweni zokwethembana ezingenalutho ngokusebenzisa ngokusobala ukubethela kanye nokuqinisekisa kuthrafikhi yesiqukathi. Iphinde inikeze ukubonakala kokwenziwe nokuhlaziya, ikusiza ukuthi uqalise ngokushesha nangokunembile ukuthunyelwa kanye nezinkinga zokuxazulula inkinga. Iphinde inikeze ngokulawulwa kwethrafikhi eyimbudumbudu, okuvumela amaqembu e-DevOps ukuthi akhiphe futhi alungiselele izingxenye zezinhlelo zokusebenza kuyilapho ivumela onjiniyela ukuthi bakhe futhi baxhume kalula izinhlelo zabo zokusebenza ezisabalalisiwe.

Isebenza kanjani i-NGINX Service Mesh?

I-NSM iqukethe indiza yedatha ehlanganisiwe yethrafikhi evundlile (isevisi-kuya-kusevisi) kanye nesilawuli sokungena esishumekiwe se-NGINX Plus sethrafikhi eqondile, ephethwe indiza eyodwa yokulawula.

Indiza yokulawula iklanywe ngokukhethekile futhi yenzelwe indiza yedatha ye-NGINX Plus futhi ichaza imithetho yokulawulwa kwethrafikhi esatshalaliswa kuzo zonke izimoto eziseceleni ze-NGINX Plus.

Ku-NSM, ama-proxies e-sidecars afakelwa isevisi ngayinye kuma-mesh. Zisebenzisana nezixazululo ezilandelayo zomthombo ovulekile:

• I-Grafana, ukubonwa kwepharamitha ye-Prometheus, iphaneli ye-NSM eyakhelwe ngaphakathi ikusiza ngomsebenzi wakho;
• I-Kubernetes Ingress Controllers, yokuphatha ithrafikhi engenayo nephumayo ku-mesh;
• I-SPIRE, CA yokuphatha, ukusabalalisa kanye nokubuyekeza izitifiketi ku-mesh;
• I-NATS, isistimu enwebekayo yokuthumela imilayezo, njengezibuyekezo zomzila, ukusuka endizeni yokulawula ukuya ezinqoleni eziseceleni;
• I-Open Tracing, i-debugging esabalalisiwe (i-Zipkin ne-Jaeger isekelwe);
• I-Prometheus, iqoqa futhi igcine izici ezivela kuma-sidecars e-NGINX Plus, njengenombolo yezicelo, ukuxhumeka nokuxhawula izandla kwe-SSL.

Imisebenzi kanye nezingxenye

I-NGINX Plus njengendiza yedatha ihlanganisa ummeleli we-sidecar (ithrafikhi evundlile) kanye nesilawuli se-Ingress (esimile), ibamba futhi ilawule ithrafikhi yesiqukathi phakathi kwamasevisi.

Izici zifaka:

• Ukuqinisekiswa kwe-Mutual TLS (mTLS);
• Ukulinganisa komthwalo;
• Ukubekezelelana kwamaphutha;
• Umkhawulo wesivinini;
• Ukuphulwa kwe-circuit;
• Ukuthunyelwa kwe-Blue-green kanye ne-canary;
• Ukulawula ukufinyelela.

Kwethulwa i-NGINX Service Mesh

Ukuze usebenzise i-NSM udinga:

• ukufinyelela imvelo Kubernetes. I-NGINX Service Mesh isekelwa kumapulatifomu amaningi e-Kubernetes, kuhlanganise ne-Amazon Elastic Container Service ye-Kubernetes (EKS), i-Azure Kubernetes Service (AKS), i-Google Kubernetes Engine (GKE), i-VMware vSphere, kanye namaqoqo avamile e-Kubernetes asetshenziswe kumaseva we-hardware;
• Insimbi kubectl, efakwe emshinini okuzofakwa kuwo i-NSM;
• Ukufinyelela kumaphakheji okukhishwa kwe-NGINX Service Mesh. Iphakheji iqukethe izithombe ze-NSM ezidingekayo ukuze zilayishwe kurejista yangasese yeziqukathi ezitholakala kuqoqo le-Kubernetes. Iphakheji futhi iqukethe nginx-meshctl, edingekayo ukuze kusetshenziswe i-NSM.

Ukuze usebenzise i-NSM ngezilungiselelo ezizenzakalelayo, sebenzisa umyalo olandelayo. Ngesikhathi sokuthunyelwa, imilayezo iyavezwa ekhombisa ukufakwa ngempumelelo kwezingxenye futhi, ekugcineni, umyalezo obonisa ukuthi i-NSM isebenza endaweni yamagama ehlukile (udinga kuqala скачать futhi uyibeke endaweni yokubhalisa, cishe. umhumushi):

$ DOCKER_REGISTRY=your-Docker-registry ; MESH_VER=0.6.0 ; 
 ./nginx-meshctl deploy  
  --nginx-mesh-api-image "${DOCKER_REGISTRY}/nginx-mesh-api:${MESH_VER}" 
  --nginx-mesh-sidecar-image "${DOCKER_REGISTRY}/nginx-mesh-sidecar:${MESH_VER}" 
  --nginx-mesh-init-image "${DOCKER_REGISTRY}/nginx-mesh-init:${MESH_VER}" 
  --nginx-mesh-metrics-image "${DOCKER_REGISTRY}/nginx-mesh-metrics:${MESH_VER}"
Created namespace "nginx-mesh".
Created SpiffeID CRD.
Waiting for Spire pods to be running...done.
Deployed Spire.
Deployed NATS server.
Created traffic policy CRDs.
Deployed Mesh API.
Deployed Metrics API Server.
Deployed Prometheus Server nginx-mesh/prometheus-server.
Deployed Grafana nginx-mesh/grafana.
Deployed tracing server nginx-mesh/zipkin.
All resources created. Testing the connection to the Service Mesh API Server...

Connected to the NGINX Service Mesh API successfully.
NGINX Service Mesh is running.

Ukuze uthole ezinye izinketho, okuhlanganisa nezilungiselelo ezithuthukisiwe, sebenzisa lo myalo:

$ nginx-meshctl deploy –h

Hlola ukuthi indiza yokulawula isebenza kahle yini endaweni yamagama nginx-mesh, ungakwenza lokhu:

$ kubectl get pods –n nginx-mesh
NAME                                 READY   STATUS    RESTARTS   AGE
grafana-6cc6958cd9-dccj6             1/1     Running   0          2d19h
mesh-api-6b95576c46-8npkb            1/1     Running   0          2d19h
nats-server-6d5c57f894-225qn         1/1     Running   0          2d19h
prometheus-server-65c95b788b-zkt95   1/1     Running   0          2d19h
smi-metrics-5986dfb8d5-q6gfj         1/1     Running   0          2d19h
spire-agent-5cf87                    1/1     Running   0          2d19h
spire-agent-rr2tt                    1/1     Running   0          2d19h
spire-agent-vwjbv                    1/1     Running   0          2d19h
spire-server-0                       2/2     Running   0          2d19h
zipkin-6f7cbf5467-ns6wc              1/1     Running   0          2d19h

Ngokuya ngezilungiselelo zokusebenzisa ezisetha izinqubomgomo zokujova okwenziwa ngesandla noma ezizenzakalelayo, ama-proxies ezimoto eziseceleni ze-NGINX azokwengezwa kuzinhlelo zokusebenza ngokuzenzakalelayo. Ukuze ukhubaze ukungeza okuzenzakalelayo, funda lapha

Isibonelo, uma sifaka isicelo ubuthongo endaweni yamagama ezenzakalelayo, bese uhlola i-Pod - sizobona iziqukathi ezimbili ezisebenzayo, uhlelo lokusebenza ubuthongo kanye ne-sidecar ehlobene:

$ kubectl apply –f sleep.yaml
$ kubectl get pods –n default
NAME                     READY   STATUS    RESTARTS   AGE
sleep-674f75ff4d-gxjf2   2/2     Running   0          5h23m

Singakwazi futhi ukuqapha isicelo ubuthongo kuphaneli ye-NGINX Plus, usebenzisa lo myalo ukuze ufinyelele inqola eseceleni emshinini wangakini:

$ kubectl port-forward sleep-674f75ff4d-gxjf2 8080:8886

Bese singena nje lapha esipheqululini. Ungakwazi futhi ukuxhuma ku-Prometheus ukuqapha uhlelo lokusebenza ubuthongo.

Ungasebenzisa izinsiza ngazinye ze-Kubernetes ukuze ulungiselele izinqubomgomo zethrafikhi, njengokulawula ukufinyelela, ukukhawulela izinga kanye nokuphulwa kwesekethe, kulokhu bona imibhalo

isiphetho

I-NGINX Service Mesh iyatholakala ukuze ilandwe mahhala ku ingosi ye-F5. Izame endaweni yakho ye-dev neyokuhlola futhi sibhalele ngemiphumela.

Ukuze uzame i-NGINX Plus Ingress Controller, yenza kusebenze isikhathi sesilingo samahhala izinsuku ezingama-30, noma Xhumana nathi ukuxoxa ngezindaba zakho zokusebenzisa.

Ukuhunyushwa nguPavel Demkovich, unjiniyela wenkampani I-Southbridge. Ukuphathwa kwesistimu ngama-RUB ayi-15 ngenyanga. Futhi njengengxenye ehlukile - isikhungo sokuqeqesha Slurm, ukuzijwayeza futhi akukho lutho ngaphandle kokuzijwayeza.

Source: www.habr.com