Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Other ingress voyager

Other ingress voyager

Other ingress voyager

0b17c95bc7d94b582aa0f6e44442f381?s=128

Gavin Zhou

March 08, 2018
Tweet

Transcript

  1. Other Ingress voyager Orangesys Inc.

  2. $Who am I Orangesys Inc. Tachibana Shuji Twitter @gavinzhm https://github.com/orangesys

    Running
  3. Multi ingress ~2017 • Traefik • Nginx • GLBC

  4. Architecture: Orangesys > Kubernetes(Ver 1.4) ~2017 Apigateway Namespace Cloud Load

    Balancing Standard Devices HTTPS Browser Client Production Namespace Kube-system Namespace Tiller Replication Controller Grafana Container Engine Replication Controller Influxdb Container Engine Replication Controller Corporate Site App Engine Autoscaling Orangesys Firebase Autoscaling Monitoring Namespace Prometheus RC Influxdb RC Grafana RC Opsbot Namespace Kubebot RC K8s-event RC Stripe Server Api Container Engine Replication Controller PostgresSQL Container Engine Replication Controller MariaDb Container Engine Replication Controller Nginx Container Engine Replication Controller Traefik Container Engine Replication Controller Server Telegraf Ingress Container Engine Replication Controller Kong ApiGateway Container Engine Replication Controller Kubenetes API Replication Controller SSL Cert Bot Replication Controller Orange Api Container Engine Replication Controller
  5. Issue with multi ingress ~2017 • Wildcard Host not support

    • Multi TLS not support • Cross-namespace not support • http -> https redirect
  6. Why other ingress voyager • 複数ingress設定管理煩雑 • Letsencrypt証明書と相性あまり • Ingress

    traefik、nginxのバージョンアップ大変 • Ingressの監視が手間 • Configmap Loadタイミング分からない
  7. Ingress voyager(AppCode)

  8. Apigateway Namespace Standard Devices HTTPS Browser Client Production Namespace Kube-system

    Namespace Tiller Replication Controller Grafana Container Engine Replication Controller TSDB Container Engine Replication Controller Corporate Site App Engine Autoscaling Orangesys Firebase Autoscaling Monitoring Namespace Prometheus RC Grafana RC Opsbot Namespace K8s-event RC PostgresSQL Container Engine Replication Controller MariaDB Container Engine Replication Controller Server Telegraf Kong APIGateway Container Engine Replication Controller Kubenetes API Replication Controller Stripe API Firebase Functions Orange API Container Engine Replication Controller Ingress voyager Container Engine Replication Controller Architecture: Orangesys > Kubernetes(Ver 1.8) 2018 ~
  9. Concepts voyager

  10. Install yaml & helm curl -fsSL https://raw.githubusercontent.com/appscode/voyager/6.0.0-rc.2/hac k/deploy/voyager.sh \ |

    bash -s -- --provider=gke $ helm repo update $ helm install stable/voyager --name voyager-operator --namespace kube-system
  11. Verify Installation $kubectl get crd -l app=voyager NAME AGE certificates.voyager.appscode.com

    99d ingresses.voyager.appscode.com 99d
  12. Ingress voyager tls: - hosts: - '*.g.orangesys.io' secretName: 201712-g-orangesys-io -

    hosts: - sysapi.orangesys.io ref: kind: Certificate name: sysapi-orangesys-cert rules: - host: '*.g.orangesys.io' http: paths: - backend: serviceName: kong-proxy.auth servicePort: 8000
  13. まとめ • ドキュメントクオリティーが高い • issue対応が早い ◦ Slack.appscode.com • haproxy 1.8対応予定

    • wildcard certs using ACME v2対応予定 ※ https://appscode.com