Upgrade to Pro — share decks privately, control downloads, hide ads and more …

cloudnative days tokyo online 2021 - 311

cloudnative days tokyo online 2021 - 311

k.yanagimoto

March 11, 2021
Tweet

More Decks by k.yanagimoto

Other Decks in Technology

Transcript

  1. AKS with Istioで運⽤しているサービスのUpgradeをし
    てみた
    Mar 11th, 2021
    Koichi Yanagimoto
    Ecosystem Services Dept.
    Rakuten, Inc.

    View Slide

  2. 2
    Hello, My name is
    Koichi Yanagimoto
    (@kyanagimoto)
    Rakuten, Inc.
    Software Engineer
    Joined in 2009.
    Organizer of Nikotama.rb
    趣味
    • スノボ(温泉︖)
    • ポイ活
    • キーボード集め
    CloudNative歴
    • 2〜3年くらい︖
    Self Introduction

    View Slide

  3. 3
    Today’s Topic

    View Slide

  4. 4
    How upgraded?
    Component Version
    AKS 1.16.13 -> 1.19.3
    Istio 1.4.1 -> 1.8.2
    Flagger 0.21 -> 1.6.1
    Ruby 2.6 -> 2.7.2
    Rails 6.0.2 -> 6.0.3.4

    View Slide

  5. 5
    AKS upgrade
    Breaking Changes
    • Kubernetes Version
    • Ubuntu Version
    • Ubuntu 16 -> Ubuntu 18
    What happened?
    • Artifactoryに置いてあるContainer imageがpull出来ない問題

    View Slide

  6. 6
    xxxx.local→

    View Slide

  7. 7
    How solved?
    DaemonSetでresolv.confのリンクの付け替えを実施
    • Azureの公式ドキュメント
    • https://docs.microsoft.com/ja-jp/azure/aks/support-policies#user-customization-of-agent-nodes
    • Microsoftへの問い合わせ
    • Githubのissue(対応継続中)
    • https://github.com/Azure/AKS/issues/2052

    View Slide

  8. 8
    Istio upgrade
    -> Istio operator
    • AddOn周りのinstall結構変わった
    • Custom ingressgateway manifestを
    ⾃分で書かなければいけなかった
    (Helmのときも書いてた)
    • そのほかは結構すんなりとupgrade!

    View Slide

  9. 9
    Flagger upgrade
    https://docs.flagger.app/
    canary.yaml
    apiVersion: flagger.app/v1beta1
    kind: Canary
    metadata:
    name: sample
    spec:
    targetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: sample
    progressDeadlineSeconds: 600
    autoscalerRef:
    apiVersion: autoscaling/v2beta1
    kind: HorizontalPodAutoscaler
    name: sample
    service:
    port: 80
    targetPort: 3000
    gateways:
    - istio-ingressgateway
    hosts:
    - "*"
    trafficPolicy:
    loadBalancer:
    simple: LEAST_CONN
    match:
    - uri:
    prefix: /sample
    method:
    exact: "GET"
    kubectl apply してみると、エラーが…

    View Slide

  10. https://github.com/fluxcd/flagger/pull/777

    View Slide

  11. 11
    Flagger upgrade
    https://docs.flagger.app/
    Re-Apply︕
    .
    .
    .
    Canaryが終わらない…w
    Issueでなんか上がってないかな…
    同じ状態のissue発⾒︕
    https://github.com/fluxcd/flagger/issues/780

    View Slide

  12. https://github.com/fluxcd/flagger/pull/781

    View Slide

  13. 13
    Takeaways
    • Cloudベンダー側の設定でどうにもならないもの
    はDaemonSet.
    • IstioはInstall周りからゴロっと変えたけど、そこ
    まで苦労しなかった.
    (Linkerd試してみたい)
    • OSSで問題に直⾯した時は、まずIssues.

    View Slide

  14. 14
    My teammates’ talk
    Vault on Kubernetes~秘匿情報の安全な管理~
    https://event.cloudnativedays.jp/cndo2021/talks/371
    デプロイメント⼿法を選択する ~ Flagger/Argo Rollouts ~
    https://event.cloudnativedays.jp/cndo2021/talks/401
    Dashboard as Codeでダッシュボード管理は改善するか︖
    https://event.cloudnativedays.jp/cndo2021/talks/621
    https://rakuten.wd1.myworkdayjobs.com/ja-JP/RakutenInc/job/Tokyo-Japan/SRE-Application-Engineer--EC-
    Platform----ECID_00008349
    Job Information

    View Slide

  15. View Slide