On-demand Link: https://www.nginx.com/resources/webinars/microservices-ingenious-journey-service-mesh-demo-app/
In this webinar, we discuss how Ingenious is (mostly) the same, but also the differences in its code, features, and runtime behavior, as it’s implemented in various architectural models. You then get a chance to ask us, well, anything about microservices, the MRA, and service mesh architectures.
Join this webinar to learn"
- The reasons for choosing one architecture over others for your app
icon
- How apps can maximize architecture-independence, giving you maximum flexibility in development and deployment
icon
- How the features, performance, stability, and reliability of the Ingenious demo app benefit from various microservices architectures
icon
How to secure the Ingenious app, and your own apps, across different architectures
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
1. NGINX MRA AMA #9:
Ingenious: The Journey to Service Mesh
Using a Microservices Demo App
1
2. MORE INFORMATION AT
NGINX.COM
Who Are We?
Charles Pretzer
Technical Architect
Formerly:
- Software architecture consultant
- Engineering lead at Zinio, StyleHive,
others
Floyd Smith
Director, Content Marketing
Formerly:
- Apple, Alta Vista, Google, and more
- Author of multiple books on technology
including web, marketing, usability
3. MORE INFORMATION AT
NGINX.COM
Agenda
1. Introducing NGINX
2. Microservices and Service Mesh Definitions
3. Ingenious: Why We Built It
4. Fabric Model and the NGINX Microservices Network
Architectures
5. A Peek Under the Hood
6. Demo
7. Building a Service Mesh
8. Q & A
3 3
5. MORE INFORMATION AT
NGINX.COM
About NGINX, Inc.
• NGINX OSS released 2003
• NGINX Plus first released in 2013
• NGINX, Inc. is VC-backed by leading investors in enterprise
software
• Offices in SF, Sunnyvale, Singapore, Cork, Cambridge, & Moscow
• 1,200+ commercial customers
• 180+ employees
6. >50%of the top 100,000
busiest websites
6Source: W3Techs Web Technology Survey
7. Internet
Web Server
Serve content from disk
Application Gateway
FastCGI, uWSGI,
Passenger…
Reverse Proxy
Caching, load balancing…
HTTP traffic
Where NGINX Plus Fits
9. MORE INFORMATION AT
NGINX.COM
NGINX Products and Roadmap
• Start with Gus Robertson keynote at nginx.conf 2017
• See Owen Garrett’s Roadmap presentation….
• …and Chris and Rachael’s Controller demo
• Also, Chris Richardson series, Intro to Microservices…
• …and Chris Stetson series, NGINX MRA
• …and much more; contact Sales for free evaluation
12. ● Services in a microservice architecture (MSA) are often processes that communicate
with each other over a network in order to fulfill a goal using technology-agnostic
protocols such as HTTP. However, services might also use other kinds of
inter-process communication mechanisms such as shared memory. Services might
also run within the same process as, for example, OSGI bundles.
● Services in a microservice architecture should be independently deployable.
● The services are easy to replace.
● Services are organized around capabilities, e.g., user interface front-end,
recommendation, logistics, billing, etc.
● Services can be implemented using different programming languages, databases,
hardware and software environment, depending on what fits best.
● Services are small in size, messaging enabled, bounded by contexts, autonomously
developed, independently deployable, decentralized and built and released with
automated processes.
What is a Microservice?
?
source: https://en.wikipedia.org/wiki/Microservices
13. ● A group of microservice components working together
in order to provide full application functionality.
What is a Microservice Architecture?
A
B
D
C
E
15. Data Plane
● Authentication and Authorization
● Health Checking
● Routing
○ Uses security policies set by the Control
Plane
● Load Balancing
● Service Discovery
● Observability
16. Control Plane
● Configures and coordinates the
individual sidecars in the data plane
● Set security policy
● Scheduler
○ Service Discovery of scheduled services
18. ● Seven distinct services written in
different languages comprising a
single application
● Release 1 uses the Fabric Model
○ Uses persistent SSL connections to
enforce TLS between services
● Quick Start:
○ https://github.com/nginxinc/mra-inge
nious
Ingenious
19. Orchestration Specific Implementations
● Kubernetes
○ Deployed using YAML files
○ https://k8s.mra.nginxps.com
● Mesosphere DC/OS
○ Deployed using JSON files
○ https://mra.nginxps.com
● Both sets of files will be released in open source repositories
21. Proxy Model
● Load Balances requests
to services
● Secures North/South
traffic and provides SSL
Termination
● Services are left to
communicate with each
other
● Lays the foundation for
building a service mesh
22. Router Mesh
● Standalone NGINX Plus
instance which acts as a
traffic manager
● Provides service
discovery via DNS SRV
records
● Load balances to
instances of services
● NGINX Plus provides
active health checks
allowing for circuit
breaker functionality
23. Fabric Model
● NGINX Plus exists as a
sidecar within the same
container as the service
● NGINX Plus and the app
communicate only on
localhost
● Instances of NGINX Plus
communicate directly with
each other
● Incorporates all the
features of the Router
Mesh and adds persistent
SSL connections
25. Containerize the monolith
Similar to scaling horizontally
Watch out for singletons!
This may not work for every application.
Ingress
Controller
26. Decompose the Monolith
Create services from features
Similar to scaling horizontally
Watch out for singletons!
This may not work for every application.
Ingress
Controller
User Data
Orders
Pod
Pod
Pod
Pod
Pod Pod
Photo
Uploader
Photo
Resizer
Content
Service
27. Implement the Ingress Proxy
Create services from features
Similar to scaling horizontally
Watch out for singletons!
This may not work for every
application.
Ingress
Controller
Pod
Auth
Proxy
Pod
Photo
Uploader
Pod
Photo
Resizer
Pod
Content
Service
Pod
Album
Manager
Pod
User
Manager
Pod
Pages
28. Implement the Router Mesh
Add the Router Mesh Service and
configure the locations and upstreams
for the service.
Re-configure the services to use the
Router Mesh service
Ingress
Controller
Pod
Auth
Proxy
Pod
Photo
Uploader
Pod
Photo
Resizer
Pod
Content
Service
Pod
Album
Manager
Pod
User
Manager
Pod
Pages
Pod
Router
Mesh
29. Implement the Service Proxy
Add the NGINX Plus container to each
pod and use a ConfigMap to define the
upstreams and locations.
Re-configure the services to use the
Router Mesh service
Pod
Auth
Proxy
Ingress
Controller
Pod
Photo
Uploader
Pod
Photo
Resizer
Pod
Content
Service
Pod
Album
Manager
Pod
User
Manager
Pod
Pages
31. Istio
● Supports mTLS between
sidecars
● Istio Auth uses Kubernetes
service accounts to identify
who runs the service:
Image credit: istio.io
32. Istio
● RBAC implementation as
ServiceRole resource
● ServiceRoleBinding
○ roleRef refers to a ServiceRole object in the
same namespace.
○ A list of subjects that are assigned the role.
Image credit: istio.io
33. Linkerd/Conduit
● Products from buoyant.io, the
company that coined the term
service mesh
○ linkerd
■ First service mesh product
released by buoyant
■ Provides control and data planes
○ conduit
■ Released in December and
focuses on performance in
Kubernetes
36. nginmesh
- Sidecar implementation for Istio using
NGINX as the sidecar proxy
- Provides load balancing and service
discovery in the data plane of a service
mesh
- https://github.com/nginxinc/nginmesh
- Current support only for Kubernetes
