Nous sommes heureux de présenter un aperçu de NGINX Service Mesh (NSM), un maillage de service léger associé qui utilise un plan de données basé sur NGINX Plus pour gérer le trafic de conteneurs dans les environnements Kubernetes.
NSM . , dev test — GitHub.
, . , , .
NSM , :
- , -. . NSM mTLS — , , . , .
- . . NSM , . , circuit breakers, .
- . . NSM Grafana, , NGINX Plus. Open Tracing .
- , , , , Kubernetes. NSM , . NGINX Kubernetes Ingress Controller mesh , .
NSM , . , . , , DevOps , .
NGINX Service Mesh?
NSM data plane (--) NGINX Plus Ingress Controller , control plane.
Control plane NGINX Plus data plane, , NGINX Plus sidecars.
NSM sidecars proxy mesh. :
- Grafana, Prometheus, NSM ;
- Kubernetes Ingress Controllers, mesh;
- SPIRE, CA , mesh;
- NATS, , , control plane sidecars;
- Open Tracing, ( Zipkin Jaeger);
- Prometheus, NGINX Plus sidecars, , SSL handshakes.
NGINX Plus data plane sidecar proxy ( ) Ingress controller (), .
:
- TLS (mTLS);
- ;
- ;
- ;
- Circuit breaking;
- - ;
- .
NGINX Service Mesh
NSM :
- Kubernetes. NGINX Service Mesh Kubernetes, Amazon Elastic Container Service for Kubernetes (EKS), Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), VMware vSphere Kubernetes, "" ;
-
kubectl, , NSM; - NGINX Service Mesh. NSM, registry , Kubernetes.
nginx-meshctl, NSM.
, NSM , . , , , NSM ( registry, . ):
$ DOCKER_REGISTRY=your-Docker-registry ; MESH_VER=0.6.0 ; \
./nginx-meshctl deploy \
--nginx-mesh-api-image "${DOCKER_REGISTRY}/nginx-mesh-api:${MESH_VER}" \
--nginx-mesh-sidecar-image "${DOCKER_REGISTRY}/nginx-mesh-sidecar:${MESH_VER}" \
--nginx-mesh-init-image "${DOCKER_REGISTRY}/nginx-mesh-init:${MESH_VER}" \
--nginx-mesh-metrics-image "${DOCKER_REGISTRY}/nginx-mesh-metrics:${MESH_VER}"
Created namespace "nginx-mesh".
Created SpiffeID CRD.
Waiting for Spire pods to be running...done.
Deployed Spire.
Deployed NATS server.
Created traffic policy CRDs.
Deployed Mesh API.
Deployed Metrics API Server.
Deployed Prometheus Server nginx-mesh/prometheus-server.
Deployed Grafana nginx-mesh/grafana.
Deployed tracing server nginx-mesh/zipkin.
All resources created. Testing the connection to the Service Mesh API Server...
Connected to the NGINX Service Mesh API successfully.
NGINX Service Mesh is running., , :
$ nginx-meshctl deploy –h, control plane nginx-mesh, :
$ kubectl get pods –n nginx-mesh
NAME READY STATUS RESTARTS AGE
grafana-6cc6958cd9-dccj6 1/1 Running 0 2d19h
mesh-api-6b95576c46-8npkb 1/1 Running 0 2d19h
nats-server-6d5c57f894-225qn 1/1 Running 0 2d19h
prometheus-server-65c95b788b-zkt95 1/1 Running 0 2d19h
smi-metrics-5986dfb8d5-q6gfj 1/1 Running 0 2d19h
spire-agent-5cf87 1/1 Running 0 2d19h
spire-agent-rr2tt 1/1 Running 0 2d19h
spire-agent-vwjbv 1/1 Running 0 2d19h
spire-server-0 2/2 Running 0 2d19h
zipkin-6f7cbf5467-ns6wc 1/1 Running 0 2d19hsleep default, Pod — , sleep sidecar:
$ kubectl apply –f sleep.yaml
$ kubectl get pods –n default
NAME READY STATUS RESTARTS AGE
sleep-674f75ff4d-gxjf2 2/2 Running 0 5h23msleep NGINX Plus, sidecar :
$ kubectl port-forward sleep-674f75ff4d-gxjf2 8080:8886Kubernetes , , circuit breaking,
NGINX Service Mesh F5. dev test .
NGINX Plus Ingress Controller, 30 , .
, Southbridge. 15 000 ₽ . — , , .