NGNIX for service mesh

Page content

NGINX Releases Microservices Platform, OpenShift Ingress Controller, and Service Mesh Preview

NGNIX also join for service mesh bandwagon?

NGNIX Application Platform

  • NGINX Plus, the commercial variant of the popular open source NGINX web server.
  • NGINX Web Application Firewall (WAF)
  • NGINX Unit, a new open source application server that can run PHP, Python and Go
  • NGINX Controller, a centralised control plane for monitoring and management of NGINX Plus

Additional release

  • a Kubernetes Ingress Controller solution for load balancing on the Red Hat OpenShift Container Platform
  • an implementation of NGINX as a service proxy for the Istio service mesh control plane.

NGINX has also released nginmesh, an open source preview version of NGINX as a service proxy for Layer 7 load balancing and proxying within the Istio service mesh platform. It aims to provide key capabilities and integration with Istio when deployed as a sidecar container, and will facilitate communication between services in a “standard, reliable, and secure manner”. Additionally, NGINX will collaborate as part of the Istio community by joining the Istio networking special interest group.

The concept of a “service mesh” has risen in popularity recently, as it allows developers to implement loosely coupled microservices-based applications with an underlying mesh (or communication bus) to manage traffic flows between services, enforce access policies, and aggregate telemetry data. Istio is an open source service mesh project led by Google, IBM, Lyft and others, and aims to provide a control plane to the service proxies’ data plane. Currently Istio is tightly integrated into Kubernetes, but there are plans to also support platforms such as virtual machines, PaaS like Cloud Foundry, and potentially FaaS “serverless” offerings.

By default Istio uses the Envoy service proxy, which was created by Matt Klein and the team at Lyft, and has been in production use at Lyft for a number of years. NGINX appears to not be the only company to realise the potential benefits of providing (and owning) the service proxy component within a microservices mesh, as Buoyant are also in the process of modifying their JVM-based service proxy, Linkerd (which was spawned from the Twitter Finagle stack), for integration with Istio.

istio는 기본적으로 envoy를 사용(c++로 구현) Linkerd는 JVM 기반 nginmesh(golang)으로 구현

The NGINX nginmesh Istio service proxy module - written in Golang rather than C as used for the NGINX web server itself - integrates with an open source NGINX running as a sidecar (shown in Figure 2), and claims to offers “a small footprint, high-performance proxy with advanced load balancing algorithms, caching, SSL termination, scriptability with Lua and nginScript, and various security features with granular access control.”

nginx_sidecar

Reference