#Infrastructure #Networking #Kubernetes
카카오 인프라 제공자 관점에서 Kubernetes 서비스 네트워킹을 지원하는 방법과 변화 과정을 소개합니다.
발표자 : alan.b 카카오에서 로드 밸런싱 서비스를 운영하며 개발하고 있는 알란입니다.
֎ਕ ੋۄীࢲKubernetes ࢲ࠺झ ֎ਕఊ ਗೞӝߑ୍ Alan.bয়Copyright 2022. Kakao Corp. All rights reserved. Redistribution or public display is not permitted without written permission from Kakao.if(kakao)2022
View Slide
ੋۄ / ֎ਕূפয݂- L4-L7 ۽٘ ߖ۠य- DNS- GSLB- CDN- ߂ ѐߊబஎূפয݂ࣄ
ੋۄীࢲ ز ੋۄ۽ ߸ച۽٘ ߖ۠ࢲ ୶࢚ച۾द ӝ߈ L7 ۽٘ ߖ۠ࢲۄ٘ ۽٘ ߖ۠य
ੋۄীࢲ ز ੋۄ۽ ߸ച
ز ۽٘ ߖ۠ࢲ ਃҳࢎ೦ LB ز LBҊоਊࢿ Active / Standby Active / Activeഛࢿ ࣻ ࣻಣۄ Route Health Injection (RHI)with BGPࢸ ੋఠಕझ CLI API
Kubernetes ࢲ࠺झ ֎ਕఊ (1ױ҅)
- OpenStack Neutron LBaaS ઙܐ- OpenStack Octavia ജ- ߮؊ ਗ ҅ദ হױੌ ߮؊ ઙࣘ ޙઁ
۽٘ ߖ۠ࢲ ୶࢚ച
- নೠ ۽٘ ߖ۠ࢲ ഛ ਗ- ೞ٘ਝয ژח ࣗਝয ۽٘ ߖ۠ࢲ ਗ- ۽٘ ߖ۠ࢲ API ѐߊ۽٘ ߖ۠ࢲ ୶࢚ച
Stove- ۽٘ ߖ۠ࢲ API- بݫੋ API- GSLB API- ਢ ࣛ
Kubernetes ࢲ࠺झ ֎ਕఊ (2ױ҅)
গܻா࣌ ѐߊ- Ingress node ҙܻ- ੋૐࢲ јनੋۄ ઁҕ- ۽٘ ߖ۠ࢲ ബਯ ҙܻ- ֎ਕ ۞࠶गIngress ਗ ۽٘ ߖ۠ࢲ ਃ
۾द ӝ߈ L7 ۽٘ ߖ۠ࢲ
- HTTP ژח HTTPS- HTTP ਃ ۄ: host, path, headers ӝ߈- TLS Termination- ੋૐࢲ ҙܻ۾द ӝ߈ L7 ۽٘ ߖ۠ࢲ
ೞ٘ਝয৬ য়ࣗझ ࣗਝয ۾द ࠺Үೞ٘ਝয ۾द য়ࣗझ ࣗਝয ۾दࢿמ ࣻ ࠁా୭न ۽ష ਗ וܿ नࣘनӏ ӝמ ୶о וܿ नࣘӝࣿ ਗ হ࠺ਊ ݆
NGINX৬ Envoy ࠺ҮNGINX Envoyࢿמ ࣻ ࣻӝמ ࠁా (৻ࠗ ݽٕ ઓ) ݆ (ӝࠄ ನೣ)࢚క ߂ ࢿמী ೠ ҙஏ оמࢿ ࠁా (৻ࠗ ݽٕ ઓ) ݆ (ӝࠄ ನೣ)ࢎਊ ҃ ݆ ز ࢸ Lua ݽٕ (ઁೠ) xDS (Discovery Service)۽Ӓې߁ ಞࢿ ࠁా ֫ࢸ ߸҃ द ӝઓ োѾ ೱ হ
Kubernetes ࢲ࠺झ ֎ਕఊ (3ױ҅)
ز ۽٘ ߖ۠ࢲ ച۽ష DSR or Proxy ग1ױ҅: ೞ٘ਝয ۽٘ ߖ۠ࢲ TCP DSR ױੌ ߮؊ ઙࣘ ޙઁ2ױ҅: ۽٘ ߖ۠ࢲ ୶࢚ച TCP DSR Ingress ਗ3ױ҅: ۾द ӝ߈ L7 ۽٘ ߖ۠ࢲ HTTP ژח HTTPS Proxy ۄ٘ ۽٘ ߖ۠य
ۄ٘ ۽٘ ߖ۠य
- ೞ٘ਝয ۽٘ ߖ۠ࢲ ࢎਊ- Stove ۽٘ ߖ۠ࢲ ࢎਊਵ۽ ജ - ۾द ӝ߈ L7 ۽٘ ߖ۠ࢲ ࢎਊ Ingress ਗ - DNS / GSLB / CDN ా ഝਊ ߑউ Ҋۄ٘ ۽٘ ߖ۠य ࢲ࠺झ۽
Q&A
kakao
tosite
tonkotsuboy_com
manfredsteyer
taikikawamura
ivargrimstad
umsys
hiranabe
maepon
jrsaruo
eihigh
yuhta28
swwweet
kevinliebholz
maltzj
aki_iinuma
michaelherold
samanthasiow
jponch
jmmastey
mclloyd
marcduiker
cromwellryan
pedronauck