NGINX: From North/South to East/West

Similar documents
How to Re-Architect without Breaking Stuff (too much) Owen Garrett March 2018

Note: Currently (December 3, 2017), the new managed Kubernetes service on Azure (AKS) does not yet support Windows agents.

Services and Networking

ENHANCE APPLICATION SCALABILITY AND AVAILABILITY WITH NGINX PLUS AND THE DIAMANTI BARE-METAL KUBERNETES PLATFORM

A Comparision of Service Mesh Options

MSB to Support for Carrier Grade ONAP Microservice Architecture. Huabing Zhao, PTL of MSB Project, ZTE

Delivering Microservices Securely and at Scale with NGINX in Red Hat OpenShift. November, 2017

Kubernetes Ingress Virtual Service Configuration

Enabling Multi-Cloud with Istio Stretching an Istio service mesh between Public & Private Clouds. John Joyce Robert Li

Kubernetes Ingress Virtual Service Configuration

NSX Data Center Load Balancing and VPN Services

Managing your microservices with Kubernetes and Istio. Craig Box

Efficiently exposing apps on Kubernetes at scale. Rasheed Amir, Stakater

10 Kube Commandments

OPENSHIFT 3.7 and beyond

Building a Kubernetes on Bare-Metal Cluster to Serve Wikipedia. Alexandros Kosiaris Giuseppe Lavagetto

Ingress Kubernetes Tutorial

Service Mesh and Microservices Networking

Container-Native Applications

Deployment Strategies on Kubernetes. By Etienne Tremel Software engineer at Container February 13th, 2017

Dynamic App Services in Containerized Environments

Continuous delivery while migrating to Kubernetes

Wolfram Richter Red Hat. OpenShift Container Netzwerk aus Sicht der Workload

Kubernetes on Openstack

What s New in K8s 1.3

Security oriented OpenShift within regulated environments

Kubernetes Integration Guide

Zero to Microservices in 5 minutes using Docker Containers. Mathew Lodge Weaveworks

Cloud I - Introduction

K8s(Kubernetes) and SDN for Multi-access Edge Computing deployment

Cloud Native Security. OpenShift Commons Briefing

Kuber-what?! Learn about Kubernetes

Using Custom Resources to Provide Cloud Native API Management Frank B Greco Jr, Cloud Native Engineer, Northwestern Mutual

RED HAT QUAY. As part of OCP Architecture Workshop. Technical Deck

Learn. Connect. Explore.

Kubernetes 101. Doug Davis, STSM September, 2017

Red Hat OpenShift Roadmap Q4 CY16 and H1 CY17 Releases. Lutz Lange Solution

ASP.NET Core & Docker

Microservice Bus Tutorial. Huabing Zhao, PTL of MSB Project, ZTE

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Service Mesh with Istio on Kubernetes. Dmitry Burlea Software FlixCharter

OpenShift 3 Technical Architecture. Clayton Coleman, Dan McPherson Lead Engineers

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

EASILY DEPLOY AND SCALE KUBERNETES WITH RANCHER

TEN LAYERS OF CONTAINER SECURITY

S Implementing DevOps and Hybrid Cloud

You Have Stateful Apps - What if Kubernetes Would Also Run Your Storage?

Wrapp. Powered by AWS EC2 Container Service. Jude D Souza Solutions Wrapp Phone:

Kubernetes: Integration vs Native Solution

Cisco Container Platform

Building an on premise Kubernetes cluster DANNY TURNER

Kubernetes. Introduction

VMware Integrated OpenStack with Kubernetes Getting Started Guide. VMware Integrated OpenStack 4.1

Authorized Source IP for OpenShift Project

Service Mesh and Related Microservice Technologies in ONAP

Kubernetes deep dive

DevOps CICD PopUp. Software Defined Application Delivery Fabric. Frey Khademi. Systems Engineering DACH. Avi Networks

Istio. A modern service mesh. Louis Ryan Principal

Project Calico v3.2. Overview. Architecture and Key Components. Project Calico provides network security for containers and virtual machine workloads.

What s New in K8s 1.3

Kuberiter White Paper. Kubernetes. Cloud Provider Comparison Chart. Lawrence Manickam Kuberiter Inc

API, DEVOPS & MICROSERVICES

RAFT library for Java

K8s(Kubernetes) and SDN for Multi-access Edge Computing deployment

Kontejneri u Azureu uz pomoć Kubernetesa što i kako? Tomislav Tipurić Partner Technology Strategist Microsoft

IBM Cloud Developer Tools (IDT) and App Service Console Overview

TEN LAYERS OF CONTAINER SECURITY. Kirsten Newcomer Security Strategist

Defining Security for an AWS EKS deployment

SERVERLESS APL. For now this is just research in Cloud technologies in SimCorp A/S.

& the architecture along the way!

Implementing Container Application Platforms with Cisco ACI

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

The Elements of Kubernetes. Aaron Schlesinger Microsoft Azure Containers Lead, SIG-Service-Catalog

Containers, Serverless and Functions in a nutshell. Eugene Fedorenko

Kubernetes 1.8 and Beyond

How to Leverage Containers to Bolster Security and Performance While Moving to Google Cloud

OpenShift Commons Briefing. Kubernetes Service Catalog 0.1.0

Security Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Container Orchestration on Amazon Web Services. Arun

AGILE RELIABILITY WITH RED HAT IN THE CLOUDS YOUR SOFTWARE LIFECYCLE SPEEDUP RECIPE. Lutz Lange - Senior Solution Architect Red Hat

Kubernetes Basics. Christoph Stoettner Meetup Docker Mannheim #kubernetes101

Mesosphere and Percona Server for MongoDB. Jeff Sandstrom, Product Manager (Percona) Ravi Yadav, Tech. Partnerships Lead (Mesosphere)

INTRODUCING CONTAINER-NATIVE VIRTUALIZATION

Life of a Packet. KubeCon Europe Michael Rubin TL/TLM in GKE/Kubernetes github.com/matchstick. logo. Google Cloud Platform

Singapore. Service Proxy, Container Networking & K8s. Acknowledgement: Pierre Pfister, Jerome John DiGiglio, Ray

AWS Integration Guide

Securing Containers on the High Seas. Jack OWASP Belgium September 2018

OPENSHIFT CONTAINER PLATFORM TECHNICAL OVERVIEW. Presenter Presenter s title Date

SCALE AND SECURE MOBILE / IOT MQTT TRAFFIC

Clover Overview: Gambia release. April 16, 2018

KUBERNETES IN A GROWN ENVIRONMENT AND INTEGRATION INTO CONTINUOUS DELIVERY

RECap: RunEscape Capsule for On-demand Managed Service Delivery in the Cloud

How to use or not use the AWS API Gateway for Microservices

Backup strategies for Stateful Containers in OpenShift Using Gluster based Container-Native Storage

OpenShift Dedicated 3 Release Notes

Openshift: Key to modern DevOps

Microservices Implementations not only with Java. Eberhard Wolff Fellow

Virtual Infrastructure: VMs and Containers

TEN LAYERS OF CONTAINER SECURITY

Four times Microservices: REST, Kubernetes, UI Integration, Async. Eberhard Fellow

Transcription:

NGINX: From North/South to East/West Reducing Complexity with API and Microservices Traffic Management and NGINX Plus Speakers: Alan Murphy, Regional Solution Architect, APAC September, 2018

About NGINX, Inc. Founded in 2011, NGINX Plus first released in 2013 Powers over 400,000 web sites VC-backed by enterprise software industry leaders Offices in SF, London, Cork, Singapore, Sydney, Moscow, and Tokyo 1,500+ commercial customers 250+ employees

Microservices are hot, but people adopting them at scale quickly realize they need a lot of new infrastructure to support their efforts. Gartner

What is Kubernetes?

NGINX: Traffic Awareness, Management, & Delivery

Why NGINX? NGINX enables Microservices Dataplane solutions in use right now 3m NGINX instances are in production microservices* 1Bn pulls of NGINX official DockerHub Image NGINX Plus Dockerfile for high availability container traffic management 1m NGINX pulls of NGINX Kubernetes Ingress controller 250 customers use NGINX in production microservices* NGINX Plus: Application services natively in containers NGINX Controller: Complete monitoring and management containerized platform

NGINX embraces a multitude of use cases Reverse Proxy Load Balancer WAF Cache API Gateway Ingress Controller Sidecar Proxy Web Server App Server

Microservice NGINX Deployment Scenarios Kubernetes Ingress Controller NGINX load balancing K8s clusters Helm charts Support for managed K8s (AKS, EKS, IBM CP, etc) OpenShift Ingress Controller Internal router Service catalog Ansible and AnsiblePlaybookBundles (APB) IBM Cloud Private (ICP) Managed K8s Ingress Helm Istio Pilot/Mixer NGINX Plus module (nginmesh) Sidecar MORE INFORMATION AT NGINX.COM

North-South Traffic with Ingress Controller

NGINX Plus - Kubernetes Ingress Controller https://github.com/nginxinc/kubernetes-ingress Create Kubernetes applications with NGINX Plus in front: Advanced Load balancing w/ SSL/TLS termination WebSocket and HTTP/2 support URI rewriting before request is forwarded to application Dynamic reconfiguration Session persistence JWT authentication Prometheus support 24x7 support MORE INFORMATION AT NGINX.COM

Easy, Integrated Configuration 1. apiversion: extensions/v1beta1 2. kind: Ingress 3. metadata: 4. name: cafe-ingress 5. spec: 6. tls: 7. - hosts: 8. - cafe.example.com 9. secretname: cafe-secret 10. rules: 11. - host: cafe.example.com 12. http: 13. paths: 14. - path: /tea 15. backend: 16. servicename: tea-svc 17. serviceport: 80 18. - path: /coffee 19. backend: 20. servicename: coffee-svc 21. serviceport: 80

OpenShift Traffic Management Ingress + Routes Internal Router

East-West Traffic: API GWs and Service-to-Service Traffic The Next Frontier

API traffic is the cornerstone to microservices application communication and platform orchestration

NGINX Plus: API Gateway API Services with NGINX Plus: API Routing URL Mapping Overload Protection Authentication API Keys JWT/JWK SSL/MASSL Everywhere Analyze and Audit Request Tracing Optimize Upstream API Clustering

All Microservices Rely on East-West Traffic

Dynamic E-W Routing: Service Discovery Required when: New Services are added Instances of existing services are added Proxies are configured using triggers: Ansible Roles Consul templates DNS A and SRV records AWS Autoscaling Groups Kubernetes (kube-dns) Ingress and Serviceto-Service

NGINX Sidecar: Secure and Fast Service-to- Service Traffic Secure SSL/TLS between services No direct path routing without going through NGINX Service registry source of truth JWT for per-app auth and claims control Optimized SSL keepalive, save setup cost Rate shaping between services Many-to-many core to reverse proxy architecture

A networking layer that makes the communications between distributed services fast, reliable, and secure. Service Mesh Control Plane Ensures network communications are reliable even with frequent service changes Services can be unaware of mesh, separating data and control plane control Platform Orchestration (K8s, Istio, etc) Service Mesh Data Plane

Thank You Learn more at nginx.com alan.murphy@nginx.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback