NGINX’s Reference Architecture for Kubernetes Microservices
At this year’s NGINX Sprint 2.0 virtual conference, NGINX, the arm of F5 behind the popular open source web server/load balancer and reverse proxy of the same name, released the NGINX Modern Apps Reference Architecture (MARA), which it says in a blog post will help companies to “create a complete, fully operational microservices‑based application that you can get up and running in minutes, hosted in a single GitHub Repo.”
“There are a lot of different ways to deploy Kubernetes — networking, security, authentication, even things like the API gateway. For most enterprises that are getting started, it’s a little bit of black magic,” Rob Whiteley, GM of the NGINX Product Group at F5, said in an interview with The New Stack. “It’s just not well understood and you can get yourself into a misconfigured state pretty quickly. So, we started creating a very opinionated way to pull it down where it automatically configures all the NGINX components to the best practice state.”
MARA, they write in a separate blog post, is “‘stealable’ code that developers, DevOps, and Platform Ops teams can play with, modify, and improve on.” It consists of YAML files and Python scripts, with Pulumi set as the default choice for infrastructure-as-code implementation. As a user, you simply run the startup script, and Pulumi runs a series of commands, deploying the Kubernetes environment and the subsequent parts.
“We just started creating this giant checklist of things that you need to do to run Kubernetes in production, which any enterprise that’s been down that path has experienced, and what we realized is, there’s nothing to prevent us from making all of this as a template ID reference architecture that works as real operating code,” said Whiteley.
Whiteley also said that MARA seeks to go beyond some other opinionated Kubernetes deployments, by providing this ability to deploy a fully formed environment with a single command while also remaining platform agnostic. While validated designs offer this same concept of an opinionated distribution, they lack functionality, said Whiteley, while other distributions are set to work with just one environment.
“The problem is those only exist on paper. There’s no working code. You still need to go get all the components and wire them together per that validated design,” he said. “We wanted to go one step further and actually make this working, living, breathing code that you could deploy. It takes the validated design one step further, and actually makes it deployable, not just referenceable.”
At launch, MARA comes pre-configured with a number of choices, using Elastic for log management, Prometheus and Grafana for monitoring and dashboards, and Amazon Web Services‘ Elastic Kubernetes Service (EKS) as a deployment target, Spinnaker for continuous delivery, and cert-manager for TLS, as well as a number of NGINX products at the middle layer.
The plan moving forward, however, is to encourage others to provide integrations for other toolings at all levels of the stack.
“What we realized along the way is can we rely on the community, our fellow vendors to other folks, to then swap out all of these modules. So we made sure from the get-go you could pick up Pulumi and sub in Terraform, you could pick up Ansible and sub in Puppet or Chef. The ins and outs can be abstracted, and then all you really need to do is package those other tools up and make them available as part of the reference architecture. Our hope is that as an industry moving forward, we can build on this,” said Whiteley.
Regarding these future plans, NGINX says it has a number of specific “improvements in the near term,” such as deployment to DigitalOcean, Red Hat OpenShift, Rancher, VMware vSphere, and other Kubernetes environments, native Terraform integration, and support for other CI/CD platforms. It also has a number of plans for F5 and NGINX tools, such as an integration with NGINX Controller to manage and monitor NGINX Plus Ingress Controller, out-of-the-box configuration for NGINX App Protect, integrations with F5 products and services like BIG‑IP, Cloud Services, and Volterra, and an integration with NGINX Service Mesh and Istio‑based Aspen Mesh.
“Soon, the experience for me as an enterprise is I go in and I just, from a picklist, say, ‘I care about these tools in my environment,’ and it will automatically pull, assemble, and pre-integrate all that script,” explained Whiteley. “Then from a single command, I can now deploy.”