Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Ingress For Anthosを活用した安全なk8sクラスタ運用/Ingress For...
Search
Hiroki Sakamoto
October 28, 2020
Technology
2
1.1k
Ingress For Anthosを活用した安全なk8sクラスタ運用/Ingress For Anthos In Production
Hiroki Sakamoto
October 28, 2020
Tweet
Share
More Decks by Hiroki Sakamoto
See All by Hiroki Sakamoto
Scaling Time-Series Data to Infinity: A Kubernetes-Powered Solution with Envoy
taisho6339
0
48
年間一億円削減した時系列データベースのアーキテクチャ改善
taisho6339
0
27
k8sで構築する大規模時系列データのスケーラブルな分散処理
taisho6339
0
16
k8sの可用性とScalabilityを担保するための大事な観点 / Best practices for ensuring availability and scalability for k8s
taisho6339
3
2.3k
検索基盤を安全にElasticsearchに置き換えるためにやったこと
taisho6339
6
3.3k
Other Decks in Technology
See All in Technology
コンテキストエンジニアリングとは? 考え方と応用方法
findy_eventslides
4
890
Goに育てられ開発者向けセキュリティ事業を立ち上げた僕が今向き合う、AI × セキュリティの最前線 / Go Conference 2025
flatt_security
0
350
業務自動化プラットフォーム Google Agentspace に入門してみる #devio2025
maroon1st
0
190
SwiftUIのGeometryReaderとScrollViewを基礎から応用まで学び直す:設計と活用事例
fumiyasac0921
0
140
AIAgentの限界を超え、 現場を動かすWorkflowAgentの設計と実践
miyatakoji
0
130
多野優介
tanoyusuke
1
420
Azure SynapseからAzure Databricksへ 移行してわかった新時代のコスト問題!?
databricksjapan
0
140
about #74462 go/token#FileSet
tomtwinkle
1
290
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
5.4k
LLMアプリケーション開発におけるセキュリティリスクと対策 / LLM Application Security
flatt_security
7
1.8k
DataOpsNight#8_Terragruntを用いたスケーラブルなSnowflakeインフラ管理
roki18d
1
340
ZOZOのAI活用実践〜社内基盤からサービス応用まで〜
zozotech
PRO
0
170
Featured
See All Featured
Imperfection Machines: The Place of Print at Facebook
scottboms
269
13k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.5k
Making the Leap to Tech Lead
cromwellryan
135
9.5k
BBQ
matthewcrist
89
9.8k
Context Engineering - Making Every Token Count
addyosmani
5
180
Building Adaptive Systems
keathley
43
2.8k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
132
19k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Become a Pro
speakerdeck
PRO
29
5.5k
How to train your dragon (web standard)
notwaldorf
96
6.3k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
285
14k
Transcript
Ingress For Anthos In Production @taisho6339
ࣗݾհ ࡔຊେক (Hiroki Sakamoto) Twitter: taisho6339 Github: taisho6339 ΩϟϦΞ Ϡϑʔ
→ ϦΫϧʔτςΫϊϩδʔζ → ϑϦʔϥϯε ݱࡏͷࣄ k8sʹΑΔϚΠΫϩαʔϏεͷͨΊͷج൫ͮ͘Γͱӡ༻ ࠓޙͷํ 2021/01 ~ ࠶ͼਖ਼ࣾһΤϯδχΞʹͳΔ͔ݕ౼த KubernetesΛΰϦΰϦ͍͖͍ͬͯͨ
ࢲͷνʔϜ͕୲͢ΔαʔϏε • WebϝσΟΞαʔϏε • 2000 req ~ 4000 req /
sec • ϚΠΫϩαʔϏεΞʔΩςΫνϟ • GKEͰӡ༻
ΞʔΩςΫνϟ Ingress Gateway Service A Service B Service C LB
CDN
ΞʔΩςΫνϟ Ingress Gateway Service A Service B Service C LB
CDN γϯάϧ ΫϥελͰӡ༻
՝ʹͳ͍ͬͯΔϙΠϯτ ΫϥελͷԘ௮͚Խ
ӡ༻՝ Ԙ௮͚Խͱʁ • ΫϥελΞοϓάϨʔυϦεΫ • IstioͳͲͷίΞίϯϙʔωϯτͷΞο ϓάϨʔυϦεΫ ݁Ռ ͏͔ͭʹ৮ΕͣԘ௮͚Խ
ӡ༻՝ Ԙ௮͚Խͱʁ • ΫϥελΞοϓάϨʔυϦεΫ • IstioͳͲͷίΞίϯϙʔωϯτͷΞο ϓάϨʔυϦεΫ ݁Ռ ͏͔ͭʹ৮ΕͣԘ௮͚Խ
ϚϧνΫϥελԽͷඞཁੑʂ
վળʹ͋ͨΔཁٻ Ͳ͏ͯ͠ϚϧνΫϥελԽ͢Δ͔ʁ • Ϋϥελ͝ͱʹϩʔϦϯάΞοϓσʔτ͍ͨ͠ • ൃੜ͙࣌͢ʹFail Over͠ɺোΫϥελͷϧʔςΟϯάε τοϓ͍ͨ͠
ϚϧνΫϥελͷ࣮ݱํ๏ • AnthosΞʔΩςΫνϟͷϞφλΠθʔ γϣϯΛςʔϚʹ༷ʑͳϓϩμΫτΛఏ ڙʂ • Ingress For Anthosͱ͍͏ϓϩμΫτ͕Ϛ ϧνΫϥελԽΛαϙʔτ
GCP Anthos
Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos • ୯ҰVIPͷLB • IP AnycastͰཧࢄ
Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos
Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos ઃఆ༻ͷCustomResource ΛDeploy͢ΔΫϥελ
Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos Managed Controller ͕LBϦιʔεΛੜ
Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos
Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos URL Map
Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos LB Backend
Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos LBͷϧʔςΟϯάઃఆ ͲͷϧʔϧͰ ͲͷMCSʹྲྀ͔͢
Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos Ϋϥελʹލͬͨ Podͷཧάϧʔϐϯά
Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos MCS͔Βࣗಈతʹੜ NEGͱͯ͠ LBͷόοΫΤϯυʹొ
ߟྀ͢Δ՝ ߟྀϙΠϯτ • Fail Overͷ݅ʁ • HealthCheckͰԿΛ୲อ͢Δ͔ʁ • αʔϏε͝ͱʹFail OverՄೳ͔ʁ
ߟྀ͢Δ՝ FailOverͷ݅ • Health Check͕ࣦഊͨ͠ΒFail Over
ߟྀ͢Δ՝ αʔϏε͝ͱͷFail Over • Istio ͷSingle Control Plane of Multi
Cluster ύλʔϯͳΒՄೳ • Traffic DirectorͳͲΛ͑ڪΒ͘Մೳ • ಛघͳߏΛऔΕՄೳ
ߟྀ͢Δ՝ αʔϏε͝ͱͷFail Over • Istio ͷSingle Control Plane of Multi
Cluster ύλʔϯͳΒՄೳ • Traffic DirectorͳͲΛ͑ڪΒ͘Մೳ • ಛघͳߏΛऔΕՄೳ Too HeavyͳͷͰ Ұ୴அ೦
ݕ౼ͨ͠ಛघΞʔΩςΫνϟ
ߟྀ͢Δ՝ कΓ͍ͨͷ k8sIstioىҼͰ αʔϏεͷμϯλΠϜ͕ͳ͍͜ͱ ࣮ ΫϥελʹͬͯΔαʔϏε͕ શ෦HealthyͳΒ HealthyΛฦ͢ ಠࣗαʔϏεΛར༻ Health
CheckͰԿΛ୲อ͢Δʁ
ߟྀ͢Δ՝ ಠࣗHealth Checker • Ϋϥελߋ৽͚࣌ͩɺશαʔϏεͷHealth CheckϞʔυ • ͦΕҎ֎ͷฏৗ࣌ɺಛʹԿͤͣ200Λฦ٫
ߟྀ͢Δ՝ ಠࣗHealth Checker • Ϋϥελߋ৽͚࣌ͩɺશαʔϏεͷHealth CheckϞʔυ • ͦΕҎ֎ͷฏৗ࣌ɺಛʹԿͤͣ200Λฦ٫ • LBͷϨΠϠͰΫϥελ͚ͩ
νΣοΫ • ΞϓϦέʔγϣϯ ArgoRolloutͳͲͰؤுΔ
ϚϧνΫϥελΞʔΩςΫνϟ Ingress Gateway Service A Service B Service C LB
Ingress Gateway Service A Service B Service C CDN ࠷ऴతͳߏ Health Checker Health Checker
Pros/Cons Pros • DNS ͳͲͷTTLʹࢧ͞Εͳ͍ • ཧࢄͰ࠷దͳϧʔςΟϯά • ಉҰϦʔδϣϯͷϚϧνΫϥελͳΒκʔϯͰۉҰࢄ •
ҙ֎ͱ͍҆
Pros/Cons Cons • ྑ͘ѱ͘κʔϯͰۉҰࢄ ◦ ΧφϦΞͰ͖ͳ͍ ◦ ҰؾʹτϥϑΟοΫ͕ྲྀΕΔ͜ͱ͋Δ ◦ Podͷκʔϯ͝ͱͷࢄঢ়گߟྀ͞Εͳ͍
• Config Cluster͕༨ʹඞཁ • ෳࡶͳϧʔςΟϯά͍ͨ͠߹URL Mapͷ੍ʹҙ
Follow Me!! @taisho6339
Thank you for listening!
taisho6339
findy_eventslides
flatt_security
maroon1st
fumiyasac0921
miyatakoji
tanoyusuke
databricksjapan
tomtwinkle
oracle4engineer
roki18d
zozotech
scottboms
marktimemedia
cromwellryan
matthewcrist
addyosmani
keathley
sugarenia
morganepeng
chriscoyier
speakerdeck
notwaldorf
stephaniewalter
