Other ingress voyager

Transcript

1. Other Ingress voyager Orangesys Inc.

2. $Who am I Orangesys Inc. Tachibana Shuji Twitter @gavinzhm https://github.com/orangesys

   Running

3. Multi ingress ~2017 • Traefik • Nginx • GLBC

4. Architecture: Orangesys > Kubernetes(Ver 1.4) ~2017 Apigateway Namespace Cloud Load

   Balancing Standard Devices HTTPS Browser Client Production Namespace Kube-system Namespace Tiller Replication Controller Grafana Container Engine Replication Controller Influxdb Container Engine Replication Controller Corporate Site App Engine Autoscaling Orangesys Firebase Autoscaling Monitoring Namespace Prometheus RC Influxdb RC Grafana RC Opsbot Namespace Kubebot RC K8s-event RC Stripe Server Api Container Engine Replication Controller PostgresSQL Container Engine Replication Controller MariaDb Container Engine Replication Controller Nginx Container Engine Replication Controller Traefik Container Engine Replication Controller Server Telegraf Ingress Container Engine Replication Controller Kong ApiGateway Container Engine Replication Controller Kubenetes API Replication Controller SSL Cert Bot Replication Controller Orange Api Container Engine Replication Controller

5. Issue with multi ingress ~2017 • Wildcard Host not support

   • Multi TLS not support • Cross-namespace not support • http -> https redirect

6. Why other ingress voyager • 複数ingress設定管理煩雑 • Letsencrypt証明書と相性あまり • Ingress

   traefik、nginxのバージョンアップ大変 • Ingressの監視が手間 • Configmap Loadタイミング分からない

7. Ingress voyager(AppCode)

8. Apigateway Namespace Standard Devices HTTPS Browser Client Production Namespace Kube-system

   Namespace Tiller Replication Controller Grafana Container Engine Replication Controller TSDB Container Engine Replication Controller Corporate Site App Engine Autoscaling Orangesys Firebase Autoscaling Monitoring Namespace Prometheus RC Grafana RC Opsbot Namespace K8s-event RC PostgresSQL Container Engine Replication Controller MariaDB Container Engine Replication Controller Server Telegraf Kong APIGateway Container Engine Replication Controller Kubenetes API Replication Controller Stripe API Firebase Functions Orange API Container Engine Replication Controller Ingress voyager Container Engine Replication Controller Architecture: Orangesys > Kubernetes(Ver 1.8) 2018 ~

9. Concepts voyager

10. Install yaml & helm curl -fsSL https://raw.githubusercontent.com/appscode/voyager/6.0.0-rc.2/hac k/deploy/voyager.sh \ |

    bash -s -- --provider=gke $ helm repo update $ helm install stable/voyager --name voyager-operator --namespace kube-system

11. Verify Installation $kubectl get crd -l app=voyager NAME AGE certificates.voyager.appscode.com

    99d ingresses.voyager.appscode.com 99d

12. Ingress voyager tls: - hosts: - '*.g.orangesys.io' secretName: 201712-g-orangesys-io -

    hosts: - sysapi.orangesys.io ref: kind: Certificate name: sysapi-orangesys-cert rules: - host: '*.g.orangesys.io' http: paths: - backend: serviceName: kong-proxy.auth servicePort: 8000

13. まとめ • ドキュメントクオリティーが高い • issue対応が早い ◦ Slack.appscode.com • haproxy 1.8対応予定

    • wildcard certs using ACME v2対応予定 ※ https://appscode.com