Slide 1
Slide 1 text
【第2回開催!】
Kong Community, Japan
ミートアップ
Slide 2
Slide 2 text
THE CLOUD CONNECTIVITY COMPANY
2
© Kong Inc.
THE CLOUD
CONNECTIVITY COMPANY
Kong Ingress Controllerで実現
multiple rate limiting
Wenhan Shi
Solutions Engineer
[email protected]
Slide 3
Slide 3 text
THE CLOUD CONNECTIVITY COMPANY
3
© Kong Inc. 3
Who am I
施 文翰(シ ブンカン) Wenhan Shi
• 日立製作所 - Linux kernel module development/Support
• Red Hat K.K. - GlusterFS/OpenShift Support
• Canonical Japan K.K. - Ubuntu/OpenStack/Kubernetes Support
• Rancher Lab/SUSE - Rancher Support
• Kong Inc. - Solutions Engineer
@shi_wenhan
[email protected]
Slide 4
Slide 4 text
THE CLOUD CONNECTIVITY COMPANY
4
© Kong Inc. 4
Agenda ● Kong Ingress Controller(KIC)
● KIC + Rate Limiting
● KIC + multiple Rate Limiting
Slide 5
Slide 5 text
THE CLOUD CONNECTIVITY COMPANY
5
© Kong Inc. 5
Kong Ingress Controller(KIC)
Slide 6
Slide 6 text
THE CLOUD CONNECTIVITY COMPANY
6
© Kong Inc. 6
Kubernetes Ingress Controllerとは
Slide 7
Slide 7 text
THE CLOUD CONNECTIVITY COMPANY
7
© Kong Inc. 7
Kubernetes Ingress Controllerとは
■ Kubernetesクラスタで利用できるもう一つの
Ingress Controllers
■ KubernetesのAPI serverをNativelyサポート
○ YAMLでKongのリソースを設定
Slide 8
Slide 8 text
THE CLOUD CONNECTIVITY COMPANY
8
© Kong Inc. 8
Kubernetes Ingress Controllerとは
■ Kubernetesクラスタで利用できるもう一つの
Ingress Controllers
■ KubernetesのAPI serverをNativelyサポート
○ YAMLでKongのリソースを設定
Slide 9
Slide 9 text
THE CLOUD CONNECTIVITY COMPANY
9
© Kong Inc. 9
KICをインストール
• Yamlファイル
• Helm
kubectl create -f \
https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/v2.8.0/deploy/single/all-in-one-dbless.yaml
helm upgrade -i my-kong kong/kong -n kong \
--set ingressController.installCRDs=false --wait
Slide 10
Slide 10 text
THE CLOUD CONNECTIVITY COMPANY
10
© Kong Inc. 10
KICをインストール
• PodとSvcが作成
❯ kubectl get pod -n kong
NAME READY STATUS RESTARTS AGE
my-kong-kong-6db76664df-6vjlg 2/2 Running 0 4m58s
❯ kubectl get svc -n kong
NAME TYPE CLUSTER-IP EXTERNAL-IP
PORT(S) AGE
my-kong-kong-proxy LoadBalancer 10.100.140.184 xx-xx.ap-southeast-1.elb.amazonaws.com
80:30966/TCP,443:31707/TCP 5m3s
my-kong-kong-validation-webhook ClusterIP 10.100.149.74
443/TCP 5m3s
❯ http proxy.kic.aws.kongtest.net
HTTP/1.1 404 Not Found
…
{
"message": "no Route matched with those values"
}
Slide 11
Slide 11 text
THE CLOUD CONNECTIVITY COMPANY
11
© Kong Inc. 11
Route(Ingress)の作成
• Ingressを作成してsvcを公開
❯ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
echo ClusterIP 10.100.83.81 8080/TCP,80/TCP 23d
❯ kubectl apply -f - << EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kong-demo-ingress
spec:
ingressClassName: kong
rules:
- http:
paths:
- path: /demo
pathType: Exact
backend:
service:
name: echo
port:
number: 80
EOF
Slide 12
Slide 12 text
THE CLOUD CONNECTIVITY COMPANY
12
© Kong Inc. 12
Route(Ingress)の作成
• Ingressを作成してsvcを公開
❯ http proxy.kic.aws.kongtest.net/demo
HTTP/1.1 200 OK
…
Hostname: echo-744d654d7b-mdb99
Pod Information:
node name: ip-192-168-8-117.ap-southeast-1.compute.internal
pod name: echo-744d654d7b-mdb99
pod namespace: default
pod IP: 192.168.7.142
…
Slide 13
Slide 13 text
THE CLOUD CONNECTIVITY COMPANY
13
© Kong Inc. 13
Route(Ingress)の設定
• もう少しRouteの設定をしたいなら、KongIngressを作成し、Ingress RuleとBindする
kubectl apply -f - <
Slide 14
Slide 14 text
THE CLOUD CONNECTIVITY COMPANY
14
© Kong Inc. 14
Route(Ingress)の作成
• Ingressを作成してsvcを公開
❯ http proxy.kic.aws.kongtest.net/demo
HTTP/1.1 404 Not Found
…
{
"message": "no Route matched with those values"
}
❯ http proxy.kic.aws.kongtest.net/demo foo:bar
HTTP/1.1 200 OK
…
Hostname: echo-744d654d7b-mdb99
Pod Information:
node name: ip-192-168-8-117.ap-southeast-1.compute.internal
pod name: echo-744d654d7b-mdb99
pod namespace: default
pod IP: 192.168.7.142
…
Slide 15
Slide 15 text
THE CLOUD CONNECTIVITY COMPANY
15
© Kong Inc. 15
KIC + Rate Limiting
Slide 16
Slide 16 text
THE CLOUD CONNECTIVITY COMPANY
16
© Kong Inc. 16
KICでPluginの実装
1. CRDを使ってPluginリソースを作成
2. Ingress リソースのannotationに設定
kong-demo-ingress
echo
Slide 17
Slide 17 text
THE CLOUD CONNECTIVITY COMPANY
17
© Kong Inc. 17
Pluginの作成
• Kongのプラグインは以下のCRDで実装
• KongPlugin: Namespaceレベル
• KongClusterPlugin: Clusterレベル
kubectl apply -f - <
Slide 18
Slide 18 text
THE CLOUD CONNECTIVITY COMPANY
18
© Kong Inc. 18
PluginをIngressに適用
• Ingressのannotationsに利用するプラグインを宣言
• rate limitingの適用状況を確認
❯ kubectl annotate ingress kong-demo-ingress konghq.com/plugins=rate-limiting
ingress.networking.k8s.io/kong-demo-ingress annotated
annotations:
konghq.com/plugins: rate-limiting
❯ http --header proxy.kic.aws.kongtest.net/demo
❯ http --header proxy.kic.aws.kongtest.net/demo
❯ http --header proxy.kic.aws.kongtest.net/demo
❯ http --header proxy.kic.aws.kongtest.net/demo
❯ http --header proxy.kic.aws.kongtest.net/demo
❯ http --header proxy.kic.aws.kongtest.net/demo
HTTP/1.1 429 Too Many Requests
…
RateLimit-Limit: 5
RateLimit-Remaining: 0
RateLimit-Reset: 28
Slide 19
Slide 19 text
THE CLOUD CONNECTIVITY COMPANY
19
© Kong Inc. 19
KIC + multiple Rate Limiting
Slide 20
Slide 20 text
THE CLOUD CONNECTIVITY COMPANY
20
© Kong Inc. 20
Multiple rate limiting?
1. 各クライアントからは同じパスから、同一の
APIをアクセス
2. リクエストにあるヘッダーを見て別々の
Rate Limitingを適用
Slide 21
Slide 21 text
THE CLOUD CONNECTIVITY COMPANY
21
© Kong Inc. 21
Multiple rate limiting?
1. 各クライアントからは同じパスから、同一の
APIをアクセス
2. リクエストにあるヘッダーを見て別々の
Rate Limitingを適用
Slide 22
Slide 22 text
THE CLOUD CONNECTIVITY COMPANY
22
© Kong Inc. 22
Multiple rate limiting?
Demo
Slide 23
Slide 23 text
THE CLOUD CONNECTIVITY COMPANY
23
© Kong Inc. 23
Thank you