Shulou(Shulou.com)05/31 Report--

This article mainly introduces "what is NGINX service grid". In daily operation, I believe many people have doubts about what NGINX service grid is. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful for you to answer the doubts about "what is NGINX service grid?" Next, please follow the editor to study!

NSM addresses the above challenges by centralizing the configuration of users:

Security-Security is now more important than ever, and data leaks can cost organizations millions of dollars in revenue and reputation each year. NSM ensures that all communications are encrypted by mTLS, so there is no sensitive data on the network that can be stolen by hackers. Access control allows you to define policies to control which services can communicate with each other.

Traffic management-when deploying a new version of the application, users may want to limit the traffic received by the new version of the application in case there may be a bug. With NSM smart container traffic management, users can specify policies to limit traffic to new services and gradually increase traffic over time. Functions such as current limiting and circuit breakers give users complete control over the flow through the service.

Visualization-managing thousands of services can be a nightmare for debugging and visibility. NSM helps users relieve this nightmare by displaying a full set of metrics available in NGINX Plus through the built-in Grafana dashboard. In addition, the integration of Open Tracing enables fine-grained transaction tracking.

Hybrid deployment-if the user's enterprise is like most enterprises, the entire infrastructure does not run entirely in Kubernetes. NSM ensures that applications running outside of Kubernetes are not left out. Through NGINX Kubernetes Ingress Controller integration, they must be able to communicate with grid services and vice versa.

NSM secures applications in a zero-trust environment by seamlessly applying encryption and authentication to container traffic. It has observability and insight into incoming and outgoing traffic to help users deploy and solve problems quickly and accurately. It also provides fine-grained flow control that allows DevOps teams to deploy and optimize application components, while allowing Dev teams to build and easily connect their distributed applications.

What is a NGINX service grid?

NSM has a unified data plane for east-west (service-to-service) traffic and a locally integrated NGINX Plus ingress controller for north-south traffic, which is managed by a separate control plane.

The control plane is designed and optimized for the NGINX Plus data plane and defines the traffic management rules assigned to the NGINX Plus sidecar container.

NGINX service grid architecture

Deployed with each service in the grid through the NSM,sidecar container agent, they integrate with the following open source solutions:

Grafana-Visualization of Prometheus metrics; built-in NSM dashboard can help you get started

Kubernetes Ingress controllers-manages the ingress and egress traffic of the grid

SPIRE-Certification Authority for managing, distributing, and rotating certificates for the grid

NATS-A scalable messaging plane for passing messages, such as routing updates, from the control plane to the sidecar container

Open Tracing-distributed tracking (both Zipkin and Jaeger are supported)

Prometheus-collect and store metrics such as number of requests, connections, and SSL handshakes from the NGINX Plus sidecar container.

Features and components

NGINX Plus acts as a data plane that spans sidecar proxies (East-West traffic) and ingress controllers (north-south traffic) while intercepting and managing traffic between service containers. Features include:

TLS (mTLS) authentication

Load balancing

High availability

Speed limit

Fuse

Blue-green and canary deployment

access control

Getting started with NGINX Services Grid

To start using NSM, you first need to:

There is an accessible Kubernetes environment. NGINX Service Mesh can support multiple Kubernetes platforms, including Amazon Kubernetes Elastic Container Service (EKS), Azure Kubernetes Services (AKS), Google Kubernetes engine (GKE), VMware vSphere and independent bare metal clusters. Install the kubectl command line program on the machine where you want to install NSM. Download the NGINX Service Mesh distribution package. This package includes NSM images, which need to be uploaded to a private container repository accessible to the Kubernetes cluster. The package also includes nginx-meshctl binaries for deploying NSM.

To deploy NSM using the default settings, run the following command. During the deployment process, the trace confirms the successful deployment of the grid component and finally confirms that NSM is running in its own namespace:

$DOCKER_REGISTRY=your-Docker-registry; MESH_VER=0.6.0 \. / nginx-meshctl deploy\-- nginx-mesh-api-image "${DOCKER_REGISTRY} / nginx-mesh-api:$ {MESH_VER}"\-- nginx-mesh-sidecar-image "${DOCKER_REGISTRY} / nginx-mesh-sidecar:$ {MESH_VER}"\-- nginx-mesh-init-image "${DOCKER_REGISTRY} / nginx-mesh-init:$ {MESH_VER}"\-- nginx-mesh-metrics-image "${DOCKER_ REGISTRY} / nginx-mesh-metrics:$ {MESH_VER} "Creatednamespace" nginx-mesh ".CreatedSpiffeID CRD.WaitingforSpire pods to be running...done.DeployedSpire.Deployed NATS server.Created traffic policy CRDs.DeployedMesh API.DeployedMetrics API Server.DeployedPrometheusServer nginx-mesh/prometheus-server.DeployedGrafana nginx-mesh/grafana.Deployed tracing server nginx-mesh/zipkin.All resources created.Testing the connection to the ServiceMesh API Server...Connected to the NGINX ServiceMesh API successfully.NGINX ServiceMeshis running.

For other command options, including non-default settings, run:

$nginx-meshctl deploy-h

To verify that the NSM control plane is working properly in the nginx-mesh namespace, run:

$kubectl get pods-n nginx-meshNAME READY STATUS RESTARTS AGEgrafana-6cc6958cd9-dccj6 1/1Running02d19hmesh-api-6b95576c46-8npkb1/1Running02d19hnats-server-6d5c57f894-225qn1/1Running02d19hprometheus-server-65c95b788b-zkt95 1/1Running02d19hsmi-metrics-5986dfb8d5-q6gfj 1/1Running02d19hspire-agent-5cf871/1Running02d19hspire-agent-rr2tt 1/1Running02d19hspire-agent-vwjbv 1 / 1Running02d19hspire-server-02/2Running02d19hzipkin-6f7cbf5467-ns6wc 1/1Running02d19h

By default, NGINX sidecar agents are injected into deployed applications, depending on the deployment options set for manual or automatic injection policies. To learn how to disable automatic injection, please refer to our documentation. For example, if we deploy the sleep application in the default namespace and then check the Pod, we will see that two containers are running-- the sleep application and the associated NGINX Plus sidecar container:

$kubectl apply-f sleep.yaml $kubectl get pods-n defaultNAME READY STATUS RESTARTS AGEsleep-674f75ff4d-gxjf2 2/2Running05h23m

You can also use the local NGINX Plus dashboard to monitor the sleep application by running the following command to expose sidecar locally:

$kubectl port-forward sleep-674f75ff4d-gxjf2 8080 purl 8886

Then navigate to http://localhost:8080/dashboard.html in the browser and you can also connect to the Prometheus server to monitor the sleep application.

You can use custom resources in Kubernetes to configure traffic policies, such as access control, rate limiting, and circuit breakers.

At this point, the study on "what is the NGINX service grid" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.