Multiple Ingress on GKE Orangesys Inc.

$Who am I Orangesys Inc. Tachibana Shuji Twitter @gavinzhm https://github.com/orangesys Running

Orangesys Inc. SaaS監視システム @orangesysio https://orangesys.io

No content

No content

Orangesys ● Kubernetes on GKE ● OpsDev -> NoOps Architecture

Architecture: Orangesys > Kubernetes Apigateway Namespace Cloud Load Balancing Standard Devices HTTPS Browser Client Production Namespace Kube-system Namespace Tiller Replication Controller Grafana Container Engine Replication Controller Influxdb Container Engine Replication Controller Corporate Site App Engine Autoscaling Orangesys Firebase Autoscaling Monitoring Namespace Prometheus RC Influxdb RC Grafana RC Opsbot Namespace Kubebot RC K8s-event RC Stripe Server Api Container Engine Replication Controller PostgresSQL Container Engine Replication Controller MariaDb Container Engine Replication Controller Nginx Container Engine Replication Controller Traefik Container Engine Replication Controller Server Telegraf Ingress Container Engine Replication Controller Kong ApiGateway Container Engine Replication Controller Kubenetes API Replication Controller SSL Cert Bot Replication Controller Orange Api Container Engine Replication Controller

Technology Stack

Agenda ● Traefik ingress ● Nginx ingress

Why other ingress?! ● Wildcard Host not support ● Multi TLS not support ● Cross-namespace not support ● http -> https redirect ● GCPLB、20＄/m

Traefik ingress 設定簡単、監視 Dashboardがある

Nginx ingress ● Basic Auth support ● Rewrite support ● Redirect support

Topic ● TLS secret 名前は　tls.crt/tls.key ● Ingress http通信禁止できる、redirectできない ○ ingress.kubernetes.io/ssl-redirect: "false" ● Kubernetes Certificate Managerを利用すると、letsencrypt証明証設定が簡単 ● Helm https://github.com/orangesys