nginxinc/nginmesh nginxinc/nginmesh

  • This repository has been archived on 01/Oct/2022
  • Stars
    star
    611
  • Rank 73,401 (Top 2 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created about 7 years ago
  • Updated about 6 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
nginxinc/nginmesh
github

nginxinc

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Istio compatible service mesh using NGINX

Important Project Notice

This project is no longer under active development. It will be preserved here for the foreseeable future for reference. Please note that the last version released works with Istio 0.7.

NGINX Architecture with Istio Service Mesh

This repository provides an implementation of a NGINX based service mesh (nginMesh). nginMesh is compatible with Istio. It leverages NGINX as a sidecar proxy.

What is Service Mesh and Istio?

Please check https://istio.io for a detailed explanation of the service mesh.

Production Status

The current version of nginMesh is designed to work with Istio release 0.7.1. It should not be used in production environments.

Demo

Recorded demo of nginMesh depoyment.

Architecture

The diagram below depicts how an NGINX sidecar proxy is implemented. The sidecar uses the open source version of NGINX compiled with modules for tracing and monitoring.

Alt text

The diagram below is an alternative architectural view -

Alt text

To learn more about the sidecar implementation, see this document.

Quick Start

Below are instructions to quickly install and configure nginMesh. Currently, only Kubernetes environment is supported.

Prerequisites

Make sure you have a cluster with Kubernetes 1.9 or newer. Please see Prerequisites for setting up a kubernetes cluster.

Install Istio and nginMesh

nginMesh requires installation of Istio first.

  1. Download and install Istio 0.7.1: 
    curl -L https://git.io/getLatestIstio | ISTIO_VERSION=0.7.1 sh -
  2. Download nginMesh release 0.7.1: 
    curl -L https://github.com/nginxinc/nginmesh/releases/download/v0.7.1/nginmesh-0.7.1.tar.gz | tar zx
  3. Deploy Istio: 
    kubectl create -f istio-0.7.1/install/kubernetes/istio.yaml
  4. Ensure the following Kubernetes services are deployed: istio-pilot, istio-mixer, istio-ingress: 
    kubectl get svc  -n istio-system  

    istio-ingress            LoadBalancer   10.47.252.40    35.237.173.47   80:32171/TCP,443:32198/TCP                   19h
istio-mixer              ClusterIP      10.47.251.225   <none>          9091/TCP,15004/TCP,9093/TCP,9094/TCP,9102/TCP,9125/UDP,42422/TCP    19h
istio-pilot              ClusterIP      10.47.254.118   <none>          15003/TCP,15005/TCP,15007/TCP,15010/TCP,8080/TCP,9093/TCP,443/TCP   19h
istio-sidecar-injector   ClusterIP      10.47.242.139   <none>          443/TCP                                       9h
  5. Ensure the following Kubernetes pods are up and running: istio-pilot-* , istio-mixer-* , istio-ingress-* and istio-initializer-*: 
    kubectl get pods -n istio-system    

    istio-ca-86f55cc46f-nprhw                1/1       Running   0          19h
istio-ingress-5bb556fcbf-c7tgt           1/1       Running   0          19h
istio-mixer-86f5df6997-fvzjx             3/3       Running   0          19h
istio-pilot-67d6ddbdf6-xhztz             2/2       Running   0          19h
istio-sidecar-injector-5b8c78fd6-8dvq6   1/1       Running   0          9h
  6. Enable automatic sidecar injection: 
    nginmesh-0.7.1/install/kubernetes/install-sidecar.sh
  7. Verify that the istio-injection label is not applied to the default namespace: 
    kubectl get namespace -L istio-injection

    NAME           STATUS        AGE       ISTIO-INJECTION
default        Active        1h        
istio-system   Active        1h        
kube-public    Active        1h        
kube-system    Active        1h

Deploy a Sample Application

In this section we deploy the Bookinfo application, which is taken from the Istio samples. Please see Bookinfo for more details.

  1. Label the default namespace with istio-injection=enabled: 
    kubectl label namespace default istio-injection=enabled
  2. Deploy the application: 
    kubectl apply -f  istio-0.7.1/samples/bookinfo/kube/bookinfo.yaml
  3. Confirm that all application services are deployed: productpage, details, reviews, ratings: 
    kubectl get services

    NAME                       CLUSTER-IP   EXTERNAL-IP   PORT(S)              AGE
details                    10.0.0.31    <none>        9080/TCP             6m
kubernetes                 10.0.0.1     <none>        443/TCP              7d
productpage                10.0.0.120   <none>        9080/TCP             6m
ratings                    10.0.0.15    <none>        9080/TCP             6m
reviews                    10.0.0.170   <none>        9080/TCP             6m
  4. Confirm that all application pods are running --details-v1-* , productpage-v1-* , ratings-v1-* , reviews-v1-* , reviews-v2-* and reviews-v3-*: 
    kubectl get pods

    NAME                                        READY     STATUS    RESTARTS   AGE
details-v1-1520924117-48z17                 2/2       Running   0          6m
productpage-v1-560495357-jk1lz              2/2       Running   0          6m
ratings-v1-734492171-rnr5l                  2/2       Running   0          6m
reviews-v1-874083890-f0qf0                  2/2       Running   0          6m
reviews-v2-1343845940-b34q5                 2/2       Running   0          6m
reviews-v3-1813607990-8ch52                 2/2       Running   0          6m
  5. Get the public IP of the Istio Ingress controller. If the cluster is running in an environment that supports external load balancers: 
    kubectl get svc -n istio-system | grep -E 'EXTERNAL-IP|istio-ingress'
  6. Open the Bookinfo application in a browser using the following link: 
    http://<Public-IP-of-the-Ingress-Controller>/productpage

Uninstall the Application

  1. To uninstall application, run: 
    ./istio-0.7.1/samples/bookinfo/kube/cleanup.sh

Uninstall Istio

  1. To uninstall the Istio core components: 
    kubectl delete -f istio-0.7.1/install/kubernetes/istio.yaml
  2. To uninstall the initializer, run: 
    nginmesh-0.7.1/install/kubernetes/delete-sidecar.sh

Limitations

nginMesh has the following limitations:

  • TCP and gRPC traffic is not supported.
  • Quota Check is not supported.
  • Only Kubernetes is supported.

All sidecar-related limitations and supported traffic management rules are described here.

More Repositories

1

kubernetes-ingress

NGINX and NGINX Plus Ingress Controllers for Kubernetes
Go
4,651
star
2

docker-nginx

Official NGINX Dockerfiles
Shell
3,236
star
3

nginx-prometheus-exporter

NGINX Prometheus Exporter for NGINX and NGINX Plus
Go
1,572
star
4

NGINX-Demos

NGINX and NGINX Plus demos
HTML
1,254
star
5

ngx-rust

Rust binding for NGINX
Rust
720
star
6

nginx-ldap-auth

Example of LDAP authentication using ngx_http_auth_request_module
Python
681
star
7

ansible-role-nginx

Ansible role for installing NGINX
Shell
633
star
8

kic-reference-architectures

MARA: Modern Application Reference Architecture
Python
633
star
9

crossplane

Quick and reliable way to convert NGINX configurations into JSON and back.
Python
620
star
10

nginx-s3-gateway

NGINX S3 Caching Gateway
JavaScript
511
star
11

nginx-gateway-fabric

NGINX Gateway Fabric provides an implementation for the Gateway API using NGINX as the data plane.
Go
488
star
12

docker-nginx-unprivileged

Unprivileged NGINX Dockerfiles
Shell
376
star
13

nginx-wiki

ARCHIVED -- Source for the now archived NGINX Wiki section of https://www.nginx.com
HTML
291
star
14

docker-nginx-amplify

Official NGINX and Amplify Dockerfiles
Shell
230
star
15

nginx-amplify-doc

Public documentation for Amplify
Makefile
201
star
16

nginx-openid-connect

Reference implementation of OpenID Connect integration for NGINX Plus
JavaScript
188
star
17

nginx-otel

Perl
157
star
18

ansible-role-nginx-config

Ansible role for configuring NGINX
Jinja
154
star
19

mra-ingenious

A photo-sharing app built by NGINX and implemented using the Fabric Model from the Microservices Reference Architecture.
JavaScript
143
star
20

rtapi

Real time API latency analyzer - Create a PDF report and HDR histogram of your APIs
Go
133
star
21

nginx-service-mesh

A service mesh powered by NGINX Plus to manage container traffic in Kubernetes environments.
Go
93
star
22

ansible-collection-nginx

Ansible collection for NGINX
67
star
23

nginx-ingress-operator

WARNING - DEPRECATION NOTICE: The NGINX Ingress Operator has been updated to be a Helm based operator. This repo has been deprecated and will soon be archived - the new NGINX Ingress Operator repo can be found at https://github.com/nginxinc/nginx-ingress-helm-operator.
Go
66
star
24

nginx-loadbalancer-kubernetes

A Kubernetes Controller to synchronize NGINX+ Resources with Kubernetes Ingress Resources
Go
58
star
25

nginx-asg-sync

NGINX Plus Integration with Cloud Autoscaling
Go
56
star
26

nginx-go-crossplane

A library for working with NGINX configs in Go
Go
55
star
27

bank-of-sirius

Bank of Sirius
Java
53
star
28

helm-charts

NGINX Helm Charts repository
50
star
29

nginx-plus-go-client

A client for NGINX Plus API for Go
Go
49
star
30

nginx-openshift-router

NGINX and NGINX Plus OpenShift Routers
HTML
42
star
31

nginx-ingress-helm-operator

NGINX Ingress Operator for NGINX and NGINX Plus Ingress Controllers. Based on the Helm chart for NGINX Ingress Controller - https://github.com/nginxinc/helm-charts
Mustache
37
star
32

docker-nginx-controller

Docker support for NGINX Controller Agent in Containers
Dockerfile
29
star
33

nginx-ingress-workshops

Nginx Ingress Controller Hands on Workshops, with Lab Exercises and Guides
Shell
29
star
34

microservices-march

Examples from the Microservices March lectures and exercises.
27
star
35

ngx-istio-mixer

NGINX module for Istio mixer
Rust
24
star
36

nginx-saml

Perl
23
star
37

new-relic-agent

A new relic agent for NGINX Plus metrics
Python
23
star
38

ansible-role-nginx-app-protect

Ansible role to install and configure NGINX App Protect (WAF and DoS) for NGINX Plus on your target host
Jinja
21
star
39

router-mesh-architecture

NGINX Router Mesh Network Architecture for Microservices
CSS
19
star
40

aws-ha-elastic-ip

Active-Passive HA Deployment on AWS Using an Elastic IP Address
Shell
17
star
41

nginx-plus-dashboard

HTML
16
star
42

website-resources-conf

content for nginx.com/resources/conf/ -- configuration files shared in blog posts, etc.
16
star
43

fabric-model-architecture

Repository for the NGINX Fabric Model Architecture
CSS
15
star
44

nginx-management-suite-iac

NMS IAC repo
HCL
14
star
45

ngxinfo

Python
13
star
46

Community-Code-of-Conduct

NGINX Open Source Community's Code of Conduct
11
star
47

nginx-amplify-agent

NGINX Amplify Agent
Python
11
star
48

mra-user-manager

User manager
HTML
10
star
49

snarejs

Snare.js
JavaScript
10
star
50

nginx-ns1-gslb

ARCHIVED - NGINX Plus Integration with NS1 GSLB
Go
10
star
51

mra-auth-proxy

Auth proxy for MRA
Jinja
9
star
52

nginx-wrapper

NGINX Event Process Wrapper
Go
9
star
53

template-repository

A template repository for new NGINX projects
9
star
54

ngx-stream-nginmesh-dest

Nginx module to get dest ip and port
C
8
star
55

ansible-role-nginx-unit

Ansible role for NGINX Unit
Jinja
8
star
56

ebook-managing-kubernetes-nginx

Shell
8
star
57

nginx-basics-workshops

HTML
8
star
58

nginx-unsupported-modules

Container builds of unsupported NGINX modules
Shell
7
star
59

nginx-hugo-theme

A hugo theme for NGINX documentation
CSS
7
star
60

ansible-role-nginx-management-suite

Ansible role for the NGINX Management Suite
Jinja
7
star
61

mra-content-service

Go
6
star
62

nginx-for-azure-deploy-action

Github Actions to sync NGINX configs into the NGINX for Azure service.
TypeScript
6
star
63

mra-photouploader

HTML
5
star
64

ansible_collection_nginx_controller

Collection of NGINX Controller Roles for Ansible
5
star
65

mra-photoresizer

HTML
5
star
66

nginx-controller-lab

Shell
4
star
67

mra-pages

JavaScript
4
star
68

nginxaas-for-azure-snippets

Example ARM templates for common NGINX for Azure use cases
Python
4
star
69

.github

4
star
70

nginx-plus-install-tools

NGINX Plus Install tools
Shell
4
star
71

mra-album-manager

Ruby
4
star
72

nginx-azure-workshops

Instructor Lead and Hands-on Lab Exercises and Lab Guides for NGINX as a Service for Microsoft Azure
Shell
4
star
73

homebrew-tap

Ruby
3
star
74

ansible-role-nginx_controller_application

Jinja
3
star
75

ansible_role_nginx_controller_agent

Ansible role for installing the NGINX Controller agent
Jinja
3
star
76

nap-dos-arbitrator-helm-chart

Smarty
3
star
77

nginx-aws-signature

NGINX AWS Signature Library to authenticate AWS services such as S3 and Lambda via NGINX and NGINX Plus.
JavaScript
3
star
78

alpine-fips

Alpine Linux with FIPS OpenSSL module
Dockerfile
3
star
79

ansible-role-nginx_controller_publish_api

Jinja
2
star
80

kic-test-containers

Docker containers used by the KIC team
Go
2
star
81

ansible-role-nginx_controller_user

Jinja
2
star
82

ansible-role-nginx_controller_environment

Managing environments within NGINX Controller
Jinja
2
star
83

ansible-role-nginx_controller_api_definition_import

Jinja
2
star
84

ansible-role-nginx-controller-gateway

Jinja
2
star
85

ansible_role_nginx_controller_install

Ansible role for installing NGINX Controller
Jinja
2
star
86

ansible-role-nginx-controller-certificate

Jinja
2
star
87

ansible-role-nginx-controller-component

Jinja
2
star
88

ansible_role_nginx_controller_generate_token

Jinja
2
star
89

ansible-role-nginx_controller_location

Jinja
2
star
90

ansible-role-nginx-controller-license

Jinja
2
star
91

ansible-role-nginx_controller_integration

Jinja
2
star
92

aws-marketplace-publish

Publish Docker images to AWS Marketplace
TypeScript
2
star
93

ansible-role-nginx_controller_user_role

Jinja
1
star
94

ansible-role-nginx_controller_forwarder

Jinja
1
star