Kuma

Kuma ৮ͬͯΈͨ Takafumi Ikeda Solution Engineer, Kong

@ikeike443 Takafumi Ikeda Solutions Engineer

Kuma ͱ͸

• ϢχόʔαϧίϯτϩʔϧϓϨʔϯ • ܰྔͳσʔλϓϨʔϯ: Envoyϕʔε, L4/L7 • DPΠϯδΣΫγϣϯ: ίʔυมߋͳ͠Ͱk8s, VMʹDP஫ೖ
• ๛෋ͳػೳ: mTLS, Traffic Segmentation, Traffic Routing, Traffic Metrics, Traffic Logs, Health- checking, etc • ϚϧνϓϥοτϑΥʔϜ: k8s, VM, ϕΞϝλϧ • ήʔτ΢ΣΠ࿈ܞ: KongΛ࢝Ίͱ͢ΔAPI Gateway/IngressʹରԠ

Kuma.io/install

./conf/kuma-cp.conf ./bin/kuma-dp ./bin/kuma-cp ./bin/kumactl Kuma Files ./bin/kuma-tcp-echo ./kuma-prometheus-sd ./bin/envoy ./README

Kuma.io In Kubernetes In Universal

CPΠϯετʔϧ͓ΑͼDPΠϯδΣΫγϣϯ

backend-api elasticsearch redis frontend-app αϯϓϧΞϓϦέʔγϣϯ

Mutual TLSͷઃఆ

Kuma.io backend-api elasticsearch redis frontend-app mTLS mTLS mTLS

INSERT AN IMAGE FOR ALL THE AREA mTLS 18 $
cat <<EOF | kubectl apply -f - apiVersion: kuma.io/v1alpha1 kind: Mesh metadata: name: default spec: mtls: ca: builtin: {} enabled: true EOF

Traffic Permissionsͷઃఆ

INSERT AN IMAGE FOR ALL THE AREA Traffic-permission 20 $
cat <<EOF | kubectl apply -f - apiVersion: kuma.io/v1alpha1 kind: TrafficPermission mesh: default metadata: namespace: kuma-demo name: frontend-to-backend spec: sources: - match: service: frontend.kuma-demo.svc:80 destinations: - match: service: backend.kuma-demo.svc:3001 EOF

Kong Integration

Kuma.io API Server kuma-system kuma-demo kuma-injector Search Back-end Reviews-Redis Envoy
Sidecar Proxy Envoy Sidecar Proxy Envoy Sidecar Proxy labels: kuma.io/sidecar-injection: enabled Ingress/GW Envoy Sidecar Proxy Front-end Envoy Sidecar Proxy Kong Integration (Gateway Mode)

Traffic Routing/Canary - New in 0.3.2

Kuma.io backend-api v0 frontend-app backend-api v1 backend-api v2 Weight: 80
Weight: 0 Weight: 20

·ͱΊ • Kuma͸Πϯετʔϧ͕؆୯Ͱѻ͍΍͍͢ • k8sωΠςΟϒαϙʔτʹՃ͑ͯVM, ϕΞϝλϧ΋ಉ͡Α͏ʹαʔϏεϝογϡΛద༻Ͱ͖Δ • ͔ͳΓए͍ϓϩδΣΫτ͕ͩɺ։ൃ΋ΞΫςΟϒʹߦΘΕ͍ͯͯ੒௕͕ظ଴Ͱ͖Δ • ϓϩμΫγϣϯࣄྫ͸·ͩ΄ͱΜͲͳ͍ɺ͜Ε͔ΒͷϓϩδΣΫτ

Slack: https://chat.kuma.io μ΢ϯϩʔυ: kuma.io/install ΫΠοΫσϞ: https://github.com/Kong/kuma-demo ϦϯΫू

Kuma

Kuma

Takafumi Ikeda

More Decks by Takafumi Ikeda

Other Decks in Technology

Featured

Transcript

Kuma ৮ͬͯΈͨ Takafumi Ikeda Solution Engineer, Kong

@ikeike443 Takafumi Ikeda Solutions Engineer

Kuma ͱ͸

• ϢχόʔαϧίϯτϩʔϧϓϨʔϯ • ܰྔͳσʔλϓϨʔϯ: Envoyϕʔε, L4/L7 • DPΠϯδΣΫγϣϯ: ίʔυมߋͳ͠Ͱk8s, VMʹDP஫ೖ

Kuma.io/install

./conf/kuma-cp.conf ./bin/kuma-dp ./bin/kuma-cp ./bin/kumactl Kuma Files ./bin/kuma-tcp-echo ./kuma-prometheus-sd ./bin/envoy ./README

Kuma.io In Kubernetes In Universal

CPΠϯετʔϧ͓ΑͼDPΠϯδΣΫγϣϯ

backend-api elasticsearch redis frontend-app αϯϓϧΞϓϦέʔγϣϯ

Mutual TLSͷઃఆ

Kuma.io backend-api elasticsearch redis frontend-app mTLS mTLS mTLS

INSERT AN IMAGE FOR ALL THE AREA mTLS 18 $

Traffic Permissionsͷઃఆ

INSERT AN IMAGE FOR ALL THE AREA Traffic-permission 20 $

Kong Integration

Kuma.io API Server kuma-system kuma-demo kuma-injector Search Back-end Reviews-Redis Envoy

Traffic Routing/Canary - New in 0.3.2

Kuma.io backend-api v0 frontend-app backend-api v1 backend-api v2 Weight: 80

·ͱΊ • Kuma͸Πϯετʔϧ͕؆୯Ͱѻ͍΍͍͢ • k8sωΠςΟϒαϙʔτʹՃ͑ͯVM, ϕΞϝλϧ΋ಉ͡Α͏ʹαʔϏεϝογϡΛద༻Ͱ͖Δ • ͔ͳΓए͍ϓϩδΣΫτ͕ͩɺ։ൃ΋ΞΫςΟϒʹߦΘΕ͍ͯͯ੒௕͕ظ଴Ͱ͖Δ • ϓϩμΫγϣϯࣄྫ͸·ͩ΄ͱΜͲͳ͍ɺ͜Ε͔ΒͷϓϩδΣΫτ

Slack: https://chat.kuma.io μ΢ϯϩʔυ: kuma.io/install ΫΠοΫσϞ: https://github.com/Kong/kuma-demo ϦϯΫू