Other Ingress voyager Orangesys Inc.

$Who am I Orangesys Inc. Tachibana Shuji Twitter @gavinzhm https://github.com/orangesys Running

Multi ingress ~2017 ● Traefik ● Nginx ● GLBC

Architecture: Orangesys > Kubernetes(Ver 1.4) ~2017 Apigateway Namespace Cloud Load Balancing Standard Devices HTTPS Browser Client Production Namespace Kube-system Namespace Tiller Replication Controller Grafana Container Engine Replication Controller Influxdb Container Engine Replication Controller Corporate Site App Engine Autoscaling Orangesys Firebase Autoscaling Monitoring Namespace Prometheus RC Influxdb RC Grafana RC Opsbot Namespace Kubebot RC K8s-event RC Stripe Server Api Container Engine Replication Controller PostgresSQL Container Engine Replication Controller MariaDb Container Engine Replication Controller Nginx Container Engine Replication Controller Traefik Container Engine Replication Controller Server Telegraf Ingress Container Engine Replication Controller Kong ApiGateway Container Engine Replication Controller Kubenetes API Replication Controller SSL Cert Bot Replication Controller Orange Api Container Engine Replication Controller

Issue with multi ingress ~2017 ● Wildcard Host not support ● Multi TLS not support ● Cross-namespace not support ● http -> https redirect

Why other ingress voyager ● 複数ingress設定管理煩雑 ● Letsencrypt証明書と相性あまり ● Ingress traefik、nginxのバージョンアップ大変 ● Ingressの監視が手間 ● Configmap Loadタイミング分からない

Ingress voyager(AppCode)

Apigateway Namespace Standard Devices HTTPS Browser Client Production Namespace Kube-system Namespace Tiller Replication Controller Grafana Container Engine Replication Controller TSDB Container Engine Replication Controller Corporate Site App Engine Autoscaling Orangesys Firebase Autoscaling Monitoring Namespace Prometheus RC Grafana RC Opsbot Namespace K8s-event RC PostgresSQL Container Engine Replication Controller MariaDB Container Engine Replication Controller Server Telegraf Kong APIGateway Container Engine Replication Controller Kubenetes API Replication Controller Stripe API Firebase Functions Orange API Container Engine Replication Controller Ingress voyager Container Engine Replication Controller Architecture: Orangesys > Kubernetes(Ver 1.8) 2018 ~

Concepts voyager

Install yaml & helm curl -fsSL https://raw.githubusercontent.com/appscode/voyager/6.0.0-rc.2/hac k/deploy/voyager.sh \ | bash -s -- --provider=gke $ helm repo update $ helm install stable/voyager --name voyager-operator --namespace kube-system

Verify Installation $kubectl get crd -l app=voyager NAME AGE certificates.voyager.appscode.com 99d ingresses.voyager.appscode.com 99d

Ingress voyager tls: - hosts: - '*.g.orangesys.io' secretName: 201712-g-orangesys-io - hosts: - sysapi.orangesys.io ref: kind: Certificate name: sysapi-orangesys-cert rules: - host: '*.g.orangesys.io' http: paths: - backend: serviceName: kong-proxy.auth servicePort: 8000

まとめ ● ドキュメントクオリティーが高い ● issue対応が早い ○ Slack.appscode.com ● haproxy 1.8対応予定 ● wildcard certs using ACME v2対応予定 ※ https://appscode.com