Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Ingress For Anthosを活用した安全なk8sクラスタ運用/Ingress For...

Hiroki Sakamoto
October 28, 2020
Technology
2
1k

Ingress For Anthosを活用した安全なk8sクラスタ運用/Ingress For Anthos In Production

Hiroki Sakamoto

October 28, 2020
Tweet

More Decks by Hiroki Sakamoto

See All by Hiroki Sakamoto
Scaling Time-Series Data to Infinity: A Kubernetes-Powered Solution with Envoy
taisho6339
0
10
年間一億円削減した時系列データベースのアーキテクチャ改善
taisho6339
0
8
k8sで構築する大規模時系列データのスケーラブルな分散処理
taisho6339
0
3
k8sの可用性とScalabilityを担保するための大事な観点 / Best practices for ensuring availability and scalability for k8s
taisho6339
3
2k
検索基盤を安全にElasticsearchに置き換えるためにやったこと
taisho6339
6
3.1k

Other Decks in Technology

See All in Technology
Can We Measure Developer Productivity?
ewolff
1
110
組み込みLinuxの時系列
puhitaku
4
1k
dev 補講: プロダクトセキュリティ / Product security overview
wa6sn
0
1.7k
Amazon CloudWatch Network Monitor のススメ
yuki_ink
0
140
私はこうやってマインドマップでテストすることを出す!
mineo_matsuya
0
260
Microsoft Fabric OneLake の実体について
ryomaru0825
0
200
マルチモーダル / AI Agent / LLMOps 3つの技術トレンドで理解するLLMの今後の展望
hirosatogamo
22
5.3k
社内で最大の技術的負債のリファクタリングに取り組んだお話し
kidooonn
1
480
強いチームと開発生産性
onk
PRO
18
6.6k
リンクアンドモチベーション ソフトウェアエンジニア向け紹介資料 / Introduction to Link and Motivation for Software Engineers
lmi
4
300k
Team Dynamicsを目指すウイングアーク1stのQAチーム
sadonosake
1
280
Shopifyアプリ開発における Shopifyの機能活用
sonatard
4
200

Featured

See All Featured
XXLCSS - How to scale CSS and keep your sanity
sugarenia
246
1.3M
Visualization
eitanlees
145
15k
The Cost Of JavaScript in 2023
addyosmani
45
6.7k
Designing the Hi-DPI Web
ddemaree
280
34k
How STYLIGHT went responsive
nonsquared
95
5.2k
What's new in Ruby 2.0
geeforr
343
31k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
505
140k
Designing for Performance
lara
604
68k
BBQ
matthewcrist
85
9.3k
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
Documentation Writing (for coders)
carmenintech
65
4.4k
StorybookのUI Testing Handbookを読んだ
zakiyama
26
5.2k

Transcript

  1. Ingress For Anthos In Production @taisho6339

  2. ࣗݾ঺հ ࡔຊେক (Hiroki Sakamoto) Twitter: taisho6339 Github: taisho6339 ΩϟϦΞ Ϡϑʔ

    → ϦΫϧʔτςΫϊϩδʔζ → ϑϦʔϥϯε ݱࡏͷ࢓ࣄ k8sʹΑΔϚΠΫϩαʔϏεͷͨΊͷج൫ͮ͘Γͱӡ༻ ࠓޙͷํ਑ 2021/01 ~ ࠶ͼਖ਼ࣾһΤϯδχΞʹͳΔ͔ݕ౼த KubernetesΛΰϦΰϦ΍͍͖͍ͬͯͨ

  3. ࢲͷνʔϜ͕୲౰͢ΔαʔϏε • ๭WebϝσΟΞαʔϏε • 2000 req ~ 4000 req /

    sec • ϚΠΫϩαʔϏεΞʔΩςΫνϟ • GKEͰӡ༻

  4. ΞʔΩςΫνϟ Ingress Gateway Service A Service B Service C LB

    CDN

  5. ΞʔΩςΫνϟ Ingress Gateway Service A Service B Service C LB

    CDN γϯάϧ ΫϥελͰӡ༻

  6. ՝୊ʹͳ͍ͬͯΔϙΠϯτ ΫϥελͷԘ௮͚Խ

  7. ӡ༻՝୊ Ԙ௮͚Խͱ͸ʁ ໰୊ • ΫϥελΞοϓάϨʔυϦεΫ • IstioͳͲͷίΞίϯϙʔωϯτͷΞο ϓάϨʔυϦεΫ ݁Ռ ͏͔ͭʹ৮ΕͣԘ௮͚Խ

  8. ӡ༻՝୊ Ԙ௮͚Խͱ͸ʁ ໰୊ • ΫϥελΞοϓάϨʔυϦεΫ • IstioͳͲͷίΞίϯϙʔωϯτͷΞο ϓάϨʔυϦεΫ ݁Ռ ͏͔ͭʹ৮ΕͣԘ௮͚Խ

    ϚϧνΫϥελԽͷඞཁੑʂ

  9. վળʹ͋ͨΔཁٻ Ͳ͏ͯ͠ϚϧνΫϥελԽ͢Δ͔ʁ • Ϋϥελ͝ͱʹϩʔϦϯάΞοϓσʔτ͍ͨ͠ • ໰୊ൃੜ࣌͸͙͢ʹFail Over͠ɺো֐Ϋϥελ΁ͷϧʔςΟϯά͸ε τοϓ͍ͨ͠

  10. ϚϧνΫϥελͷ࣮ݱํ๏ • Anthos͸ΞʔΩςΫνϟͷϞφλΠθʔ γϣϯΛςʔϚʹ༷ʑͳϓϩμΫτΛఏ ڙʂ • Ingress For Anthosͱ͍͏ϓϩμΫτ͕Ϛ ϧνΫϥελԽΛαϙʔτ

    GCP Anthos

  11. Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos • ୯ҰVIPͷLB • IP AnycastͰ஍ཧ෼ࢄ

  12. Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos

  13. Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos ઃఆ༻ͷCustomResource ΛDeploy͢ΔΫϥελ

  14. Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos Managed Controller ͕LBϦιʔεΛੜ੒

  15. Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos

  16. Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos URL Map

  17. Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos LB Backend

  18. Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos LBͷϧʔςΟϯάઃఆ ͲͷϧʔϧͰ ͲͷMCSʹྲྀ͔͢

  19. Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos Ϋϥελʹލͬͨ Podͷ࿦ཧάϧʔϐϯά

  20. Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos MCS͔Βࣗಈతʹੜ੒ NEGͱͯ͠ LBͷόοΫΤϯυʹొ࿥

  21. ߟྀ͢Δ՝୊ ߟྀϙΠϯτ • Fail Overͷ৚݅͸ʁ • HealthCheckͰԿΛ୲อ͢Δ͔ʁ • αʔϏε͝ͱʹFail Over͸Մೳ͔ʁ

  22. ߟྀ͢Δ՝୊ FailOverͷ৚݅ • Health Check͕ࣦഊͨ͠ΒFail Over

  23. ߟྀ͢Δ՝୊ αʔϏε͝ͱͷFail Over • Istio ͷSingle Control Plane of Multi

    Cluster ύλʔϯͳΒՄೳ • Traffic DirectorͳͲΛ࢖͑͹ڪΒ͘Մೳ • ಛघͳߏ੒ΛऔΕ͹Մೳ

  24. ߟྀ͢Δ՝୊ αʔϏε͝ͱͷFail Over • Istio ͷSingle Control Plane of Multi

    Cluster ύλʔϯͳΒՄೳ • Traffic DirectorͳͲΛ࢖͑͹ڪΒ͘Մೳ • ಛघͳߏ੒ΛऔΕ͹Մೳ Too HeavyͳͷͰ Ұ୴அ೦

  25. ݕ౼ͨ͠ಛघΞʔΩςΫνϟ

  26. ߟྀ͢Δ՝୊ कΓ͍ͨ΋ͷ k8s΍IstioىҼͰ αʔϏεͷμ΢ϯλΠϜ͕ͳ͍͜ͱ ࣮૷ Ϋϥελʹ৐ͬͯΔαʔϏε͕ શ෦HealthyͳΒ HealthyΛฦ͢ ಠࣗαʔϏεΛར༻ Health

    CheckͰԿΛ୲อ͢Δʁ

  27. ߟྀ͢Δ՝୊ ಠࣗHealth Checker • Ϋϥελߋ৽͚࣌ͩɺશαʔϏεͷHealth CheckϞʔυ • ͦΕҎ֎ͷฏৗ࣌͸ɺಛʹԿ΋ͤͣ200Λฦ٫

  28. ߟྀ͢Δ՝୊ ಠࣗHealth Checker • Ϋϥελߋ৽͚࣌ͩɺશαʔϏεͷHealth CheckϞʔυ • ͦΕҎ֎ͷฏৗ࣌͸ɺಛʹԿ΋ͤͣ200Λฦ٫ • LBͷϨΠϠͰ͸Ϋϥελ͚ͩ

    νΣοΫ • ΞϓϦέʔγϣϯ૚͸ ArgoRolloutͳͲͰؤுΔ

  29. ϚϧνΫϥελΞʔΩςΫνϟ Ingress Gateway Service A Service B Service C LB

    Ingress Gateway Service A Service B Service C CDN ࠷ऴతͳߏ੒ Health Checker Health Checker

  30. Pros/Cons Pros • DNS ͳͲͷTTLʹࢧ഑͞Εͳ͍ • ஍ཧ෼ࢄͰ࠷దͳϧʔςΟϯά • ಉҰϦʔδϣϯͷϚϧνΫϥελͳΒκʔϯͰۉҰ෼ࢄ •

    ҙ֎ͱ͍҆

  31. Pros/Cons Cons • ྑ͘΋ѱ͘΋κʔϯͰۉҰ෼ࢄ ◦ ΧφϦΞ͸Ͱ͖ͳ͍ ◦ ҰؾʹτϥϑΟοΫ͕ྲྀΕΔ͜ͱ΋͋Δ ◦ Podͷκʔϯ͝ͱͷ෼ࢄঢ়گ͸ߟྀ͞Εͳ͍

    • Config Cluster͕༨෼ʹඞཁ • ෳࡶͳϧʔςΟϯά͍ͨ͠৔߹͸URL Mapͷ੍໿ʹ஫ҙ

  32. Follow Me!! @taisho6339

  33. Thank you for listening!