Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Multiple Ingress on GKE

0b17c95bc7d94b582aa0f6e44442f381?s=47 Gavin Zhou
April 21, 2017
Technology
0
1.5k

Multiple Ingress on GKE

Multiple Ingress traefik & nginx on GKE

0b17c95bc7d94b582aa0f6e44442f381?s=128

Gavin Zhou

April 21, 2017
Tweet

More Decks by Gavin Zhou

See All by Gavin Zhou
0b17c95bc7d94b582aa0f6e44442f381?s=48 gavinzhou
3
940
0b17c95bc7d94b582aa0f6e44442f381?s=48 gavinzhou
0
130
0b17c95bc7d94b582aa0f6e44442f381?s=48 gavinzhou
0
370
0b17c95bc7d94b582aa0f6e44442f381?s=48 gavinzhou
0
720

Other Decks in Technology

See All in Technology
D79df863ac26fcad4777f67a669bdacd?s=48 feedtailor
1
110
Cfd6a7b025c390205d1dd8765230bca1?s=48 kiwi26
0
130
Cfe33d3ab95f1c4902ee70b54af9e2a5?s=48 tokyoyoshida
0
220
B4edef9fde5f33ef95409f564d21e542?s=48 trickart
3
440
6ddc65998177a0f05be629dc31321a8f?s=48 kken78
0
360
E123f0d70182268563d4e63e23d8c55c?s=48 drumath2237
0
200
A41b463f033e1304539253f8a663c950?s=48 moriyuya
2
340
Ea6f48942c1e74ed0c78250321b124f9?s=48 dhamuharker
0
570
928ee4c919a0d47835d3dffda7bec566?s=48 yutongsong
0
130
842515eaf8fbb2dfcc75197e7797dc15?s=48 sat
2
450
A2cac4b3dcb2bc0b87917ddc034ef708?s=48 sansandsoc
9
5.7k
097c045028b149ca7fd4ca42ff859cd9?s=48 ko_fujita1
0
280

Featured

See All Featured
Aebc2d07a50011e2a30d38435fde564a?s=48 jrom
120
7.4k
1b8ad785acdd1ce1c99914b1c2a4e10e?s=48 sugarenia
235
950k
44b54d2ffcb7857004071cc6795dde11?s=48 cassininazir
350
20k
3d4519fd34b76fb265fc0237f3792bd4?s=48 danielanewman
208
20k
C620790ae5bf5b50c245b2e0ef95f338?s=48 deanohume
294
28k
0bce06bd06ee7a2c4f5500f25dcf7f18?s=48 paulrobertlloyd
74
1.6k
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
PRO
414
58k
Dad095ea7038f89f760419ce475d5d14?s=48 michaelherold
227
8.9k
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
18
2.1k
D83926c323d4f9289f947b4b4e76b939?s=48 jensimmons
209
11k
9952dfcd5d338f8a8e7175c8a8f65fb5?s=48 wjessup
342
16k
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
PRO
324
54k

Transcript

  1. Multiple Ingress on GKE Orangesys Inc.

  2. $Who am I Orangesys Inc. Tachibana Shuji Twitter @gavinzhm https://github.com/orangesys

    Running

  3. Orangesys Inc. SaaS監視システム @orangesysio https://orangesys.io

  4. None
  5. None

  6. Orangesys • Kubernetes on GKE • OpsDev -> NoOps Architecture

  7. Architecture: Orangesys > Kubernetes Apigateway Namespace Cloud Load Balancing Standard

    Devices HTTPS Browser Client Production Namespace Kube-system Namespace Tiller Replication Controller Grafana Container Engine Replication Controller Influxdb Container Engine Replication Controller Corporate Site App Engine Autoscaling Orangesys Firebase Autoscaling Monitoring Namespace Prometheus RC Influxdb RC Grafana RC Opsbot Namespace Kubebot RC K8s-event RC Stripe Server Api Container Engine Replication Controller PostgresSQL Container Engine Replication Controller MariaDb Container Engine Replication Controller Nginx Container Engine Replication Controller Traefik Container Engine Replication Controller Server Telegraf Ingress Container Engine Replication Controller Kong ApiGateway Container Engine Replication Controller Kubenetes API Replication Controller SSL Cert Bot Replication Controller Orange Api Container Engine Replication Controller

  8. Technology Stack

  9. Agenda • Traefik ingress • Nginx ingress

  10. Why other ingress?! • Wildcard Host not support • Multi

    TLS not support • Cross-namespace not support • http -> https redirect • GCPLB、20$/m

  11. Traefik ingress 設定簡単、監視 Dashboardがある

  12. Nginx ingress • Basic Auth support • Rewrite support •

    Redirect support

  13. Topic • TLS secret 名前は tls.crt/tls.key • Ingress http通信禁止できる、redirectできない ◦ ingress.kubernetes.io/ssl-redirect:

    "false" • Kubernetes Certificate Managerを利用すると、letsencrypt証明証設定が簡単 • Helm https://github.com/orangesys