We are pleased to present a preview of NGINX Service Mesh (NSM), a related lightweight service mesh that uses an NGINX Plus-based data plane to manage container traffic in Kubernetes environments.
NSM . , dev test — GitHub.
, . , , .
NSM , :
- , -. . NSM mTLS — , , . , .
- . . NSM , . , circuit breakers, .
- . . NSM Grafana, , NGINX Plus. Open Tracing .
- , , , , Kubernetes. NSM , . NGINX Kubernetes Ingress Controller mesh , .
NSM , . , . , , DevOps , .
NGINX Service Mesh?
NSM data plane (--) NGINX Plus Ingress Controller , control plane.
Control plane NGINX Plus data plane, , NGINX Plus sidecars.
NSM sidecars proxy mesh. :
- Grafana, Prometheus, NSM ;
- Kubernetes Ingress Controllers, mesh;
- SPIRE, CA , mesh;
- NATS, , , control plane sidecars;
- Open Tracing, ( Zipkin Jaeger);
- Prometheus, NGINX Plus sidecars, , SSL handshakes.
NGINX Plus data plane sidecar proxy ( ) Ingress controller (), .
:
- TLS (mTLS);
- ;
- ;
- ;
- Circuit breaking;
- - ;
- .
NGINX Service Mesh
NSM :
- Kubernetes. NGINX Service Mesh Kubernetes, Amazon Elastic Container Service for Kubernetes (EKS), Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), VMware vSphere Kubernetes, "" ;
-
kubectl, , NSM; - NGINX Service Mesh. NSM, registry , Kubernetes.
nginx-meshctl, NSM.
, NSM , . , , , NSM ( registry, . ):
$ DOCKER_REGISTRY=your-Docker-registry ; MESH_VER=0.6.0 ; \
./nginx-meshctl deploy \
--nginx-mesh-api-image "${DOCKER_REGISTRY}/nginx-mesh-api:${MESH_VER}" \
--nginx-mesh-sidecar-image "${DOCKER_REGISTRY}/nginx-mesh-sidecar:${MESH_VER}" \
--nginx-mesh-init-image "${DOCKER_REGISTRY}/nginx-mesh-init:${MESH_VER}" \
--nginx-mesh-metrics-image "${DOCKER_REGISTRY}/nginx-mesh-metrics:${MESH_VER}"
Created namespace "nginx-mesh".
Created SpiffeID CRD.
Waiting for Spire pods to be running...done.
Deployed Spire.
Deployed NATS server.
Created traffic policy CRDs.
Deployed Mesh API.
Deployed Metrics API Server.
Deployed Prometheus Server nginx-mesh/prometheus-server.
Deployed Grafana nginx-mesh/grafana.
Deployed tracing server nginx-mesh/zipkin.
All resources created. Testing the connection to the Service Mesh API Server...
Connected to the NGINX Service Mesh API successfully.
NGINX Service Mesh is running., , :
$ nginx-meshctl deploy –h, control plane nginx-mesh, :
$ kubectl get pods –n nginx-mesh
NAME READY STATUS RESTARTS AGE
grafana-6cc6958cd9-dccj6 1/1 Running 0 2d19h
mesh-api-6b95576c46-8npkb 1/1 Running 0 2d19h
nats-server-6d5c57f894-225qn 1/1 Running 0 2d19h
prometheus-server-65c95b788b-zkt95 1/1 Running 0 2d19h
smi-metrics-5986dfb8d5-q6gfj 1/1 Running 0 2d19h
spire-agent-5cf87 1/1 Running 0 2d19h
spire-agent-rr2tt 1/1 Running 0 2d19h
spire-agent-vwjbv 1/1 Running 0 2d19h
spire-server-0 2/2 Running 0 2d19h
zipkin-6f7cbf5467-ns6wc 1/1 Running 0 2d19hsleep default, Pod — , sleep sidecar:
$ kubectl apply –f sleep.yaml
$ kubectl get pods –n default
NAME READY STATUS RESTARTS AGE
sleep-674f75ff4d-gxjf2 2/2 Running 0 5h23msleep NGINX Plus, sidecar :
$ kubectl port-forward sleep-674f75ff4d-gxjf2 8080:8886Kubernetes , , circuit breaking,
NGINX Service Mesh F5. dev test .
NGINX Plus Ingress Controller, 30 , .
, Southbridge. 15 000 ₽ . — , , .