NGINX: From North/South to East/West Reducing Complexity with API and Microservices Traffic Management and NGINX Plus Speakers: Alan Murphy, Regional Solution Architect, APAC September, 2018
About NGINX, Inc. Founded in 2011, NGINX Plus first released in 2013 Powers over 400,000 web sites VC-backed by enterprise software industry leaders Offices in SF, London, Cork, Singapore, Sydney, Moscow, and Tokyo 1,500+ commercial customers 250+ employees
Microservices are hot, but people adopting them at scale quickly realize they need a lot of new infrastructure to support their efforts. Gartner
What is Kubernetes?
NGINX: Traffic Awareness, Management, & Delivery
Why NGINX? NGINX enables Microservices Dataplane solutions in use right now 3m NGINX instances are in production microservices* 1Bn pulls of NGINX official DockerHub Image NGINX Plus Dockerfile for high availability container traffic management 1m NGINX pulls of NGINX Kubernetes Ingress controller 250 customers use NGINX in production microservices* NGINX Plus: Application services natively in containers NGINX Controller: Complete monitoring and management containerized platform
NGINX embraces a multitude of use cases Reverse Proxy Load Balancer WAF Cache API Gateway Ingress Controller Sidecar Proxy Web Server App Server
Microservice NGINX Deployment Scenarios Kubernetes Ingress Controller NGINX load balancing K8s clusters Helm charts Support for managed K8s (AKS, EKS, IBM CP, etc) OpenShift Ingress Controller Internal router Service catalog Ansible and AnsiblePlaybookBundles (APB) IBM Cloud Private (ICP) Managed K8s Ingress Helm Istio Pilot/Mixer NGINX Plus module (nginmesh) Sidecar MORE INFORMATION AT NGINX.COM
North-South Traffic with Ingress Controller
NGINX Plus - Kubernetes Ingress Controller https://github.com/nginxinc/kubernetes-ingress Create Kubernetes applications with NGINX Plus in front: Advanced Load balancing w/ SSL/TLS termination WebSocket and HTTP/2 support URI rewriting before request is forwarded to application Dynamic reconfiguration Session persistence JWT authentication Prometheus support 24x7 support MORE INFORMATION AT NGINX.COM
Easy, Integrated Configuration 1. apiversion: extensions/v1beta1 2. kind: Ingress 3. metadata: 4. name: cafe-ingress 5. spec: 6. tls: 7. - hosts: 8. - cafe.example.com 9. secretname: cafe-secret 10. rules: 11. - host: cafe.example.com 12. http: 13. paths: 14. - path: /tea 15. backend: 16. servicename: tea-svc 17. serviceport: 80 18. - path: /coffee 19. backend: 20. servicename: coffee-svc 21. serviceport: 80
OpenShift Traffic Management Ingress + Routes Internal Router
East-West Traffic: API GWs and Service-to-Service Traffic The Next Frontier
API traffic is the cornerstone to microservices application communication and platform orchestration
NGINX Plus: API Gateway API Services with NGINX Plus: API Routing URL Mapping Overload Protection Authentication API Keys JWT/JWK SSL/MASSL Everywhere Analyze and Audit Request Tracing Optimize Upstream API Clustering
All Microservices Rely on East-West Traffic
Dynamic E-W Routing: Service Discovery Required when: New Services are added Instances of existing services are added Proxies are configured using triggers: Ansible Roles Consul templates DNS A and SRV records AWS Autoscaling Groups Kubernetes (kube-dns) Ingress and Serviceto-Service
NGINX Sidecar: Secure and Fast Service-to- Service Traffic Secure SSL/TLS between services No direct path routing without going through NGINX Service registry source of truth JWT for per-app auth and claims control Optimized SSL keepalive, save setup cost Rate shaping between services Many-to-many core to reverse proxy architecture
A networking layer that makes the communications between distributed services fast, reliable, and secure. Service Mesh Control Plane Ensures network communications are reliable even with frequent service changes Services can be unaware of mesh, separating data and control plane control Platform Orchestration (K8s, Istio, etc) Service Mesh Data Plane
Thank You Learn more at nginx.com alan.murphy@nginx.com