Multiple Ingress on GKE

Transcript

1. Multiple Ingress on GKE Orangesys Inc.

2. $Who am I Orangesys Inc. Tachibana Shuji Twitter @gavinzhm https://github.com/orangesys

   Running

3. Orangesys Inc. SaaS監視システム @orangesysio https://orangesys.io

4. None
5. None

6. Orangesys • Kubernetes on GKE • OpsDev -> NoOps Architecture

7. Architecture: Orangesys > Kubernetes Apigateway Namespace Cloud Load Balancing Standard

   Devices HTTPS Browser Client Production Namespace Kube-system Namespace Tiller Replication Controller Grafana Container Engine Replication Controller Influxdb Container Engine Replication Controller Corporate Site App Engine Autoscaling Orangesys Firebase Autoscaling Monitoring Namespace Prometheus RC Influxdb RC Grafana RC Opsbot Namespace Kubebot RC K8s-event RC Stripe Server Api Container Engine Replication Controller PostgresSQL Container Engine Replication Controller MariaDb Container Engine Replication Controller Nginx Container Engine Replication Controller Traefik Container Engine Replication Controller Server Telegraf Ingress Container Engine Replication Controller Kong ApiGateway Container Engine Replication Controller Kubenetes API Replication Controller SSL Cert Bot Replication Controller Orange Api Container Engine Replication Controller

8. Technology Stack

9. Agenda • Traefik ingress • Nginx ingress

10. Why other ingress?! • Wildcard Host not support • Multi

    TLS not support • Cross-namespace not support • http -> https redirect • GCPLB、20＄/m

11. Traefik ingress 設定簡単、監視 Dashboardがある

12. Nginx ingress • Basic Auth support • Rewrite support •

    Redirect support

13. Topic • TLS secret 名前は　tls.crt/tls.key • Ingress http通信禁止できる、redirectできない ◦ ingress.kubernetes.io/ssl-redirect:

    "false" • Kubernetes Certificate Managerを利用すると、letsencrypt証明証設定が簡単 • Helm https://github.com/orangesys