Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Ingress For Anthosを活用した安全なk8sクラスタ運用/Ingress For...
Search
Hiroki Sakamoto
October 28, 2020
Technology
2
1.1k
Ingress For Anthosを活用した安全なk8sクラスタ運用/Ingress For Anthos In Production
Hiroki Sakamoto
October 28, 2020
Tweet
Share
More Decks by Hiroki Sakamoto
See All by Hiroki Sakamoto
Scaling Time-Series Data to Infinity: A Kubernetes-Powered Solution with Envoy
taisho6339
0
39
年間一億円削減した時系列データベースのアーキテクチャ改善
taisho6339
0
20
k8sで構築する大規模時系列データのスケーラブルな分散処理
taisho6339
0
14
k8sの可用性とScalabilityを担保するための大事な観点 / Best practices for ensuring availability and scalability for k8s
taisho6339
3
2.2k
検索基盤を安全にElasticsearchに置き換えるためにやったこと
taisho6339
6
3.2k
Other Decks in Technology
See All in Technology
OPENLOGI Company Profile
hr01
0
67k
無意味な開発生産性の議論から抜け出すための予兆検知とお金とAI
i35_267
3
12k
プライベートクラウドでの効率的な証明書配布戦略 / Efficient Certificate Distribution Strategy in Private Cloud
lycorptech_jp
PRO
0
110
5min GuardDuty Extended Threat Detection EKS
takakuni
0
190
React開発にStorybookとCopilotを導入して、爆速でUIを編集・確認する方法
yu_kod
1
230
怖くない!はじめてのClaude Code
shinya337
0
380
FOSS4G 2025 KANSAI QGISで点群データをいろいろしてみた
kou_kita
0
390
生成AI時代の開発組織・技術・プロセス 〜 ログラスの挑戦と考察 〜
itohiro73
1
430
ドメイン特化なCLIPモデルとデータセットの紹介
tattaka
2
580
生成AI開発案件におけるClineの業務活用事例とTips
shinya337
0
240
Should Our Project Join the CNCF? (Japanese Recap)
whywaita
PRO
0
330
American airlines ®️ USA Contact Numbers: Complete 2025 Support Guide
airhelpsupport
0
360
Featured
See All Featured
How to train your dragon (web standard)
notwaldorf
94
6.1k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
3.1k
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
Unsuck your backbone
ammeep
671
58k
The Power of CSS Pseudo Elements
geoffreycrofte
77
5.8k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
657
60k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
10
950
Large-scale JavaScript Application Architecture
addyosmani
512
110k
Visualization
eitanlees
146
16k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
44
2.4k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
2.9k
Code Reviewing Like a Champion
maltzj
524
40k
Transcript
Ingress For Anthos In Production @taisho6339
ࣗݾհ ࡔຊେক (Hiroki Sakamoto) Twitter: taisho6339 Github: taisho6339 ΩϟϦΞ Ϡϑʔ
→ ϦΫϧʔτςΫϊϩδʔζ → ϑϦʔϥϯε ݱࡏͷࣄ k8sʹΑΔϚΠΫϩαʔϏεͷͨΊͷج൫ͮ͘Γͱӡ༻ ࠓޙͷํ 2021/01 ~ ࠶ͼਖ਼ࣾһΤϯδχΞʹͳΔ͔ݕ౼த KubernetesΛΰϦΰϦ͍͖͍ͬͯͨ
ࢲͷνʔϜ͕୲͢ΔαʔϏε • WebϝσΟΞαʔϏε • 2000 req ~ 4000 req /
sec • ϚΠΫϩαʔϏεΞʔΩςΫνϟ • GKEͰӡ༻
ΞʔΩςΫνϟ Ingress Gateway Service A Service B Service C LB
CDN
ΞʔΩςΫνϟ Ingress Gateway Service A Service B Service C LB
CDN γϯάϧ ΫϥελͰӡ༻
՝ʹͳ͍ͬͯΔϙΠϯτ ΫϥελͷԘ௮͚Խ
ӡ༻՝ Ԙ௮͚Խͱʁ • ΫϥελΞοϓάϨʔυϦεΫ • IstioͳͲͷίΞίϯϙʔωϯτͷΞο ϓάϨʔυϦεΫ ݁Ռ ͏͔ͭʹ৮ΕͣԘ௮͚Խ
ӡ༻՝ Ԙ௮͚Խͱʁ • ΫϥελΞοϓάϨʔυϦεΫ • IstioͳͲͷίΞίϯϙʔωϯτͷΞο ϓάϨʔυϦεΫ ݁Ռ ͏͔ͭʹ৮ΕͣԘ௮͚Խ
ϚϧνΫϥελԽͷඞཁੑʂ
վળʹ͋ͨΔཁٻ Ͳ͏ͯ͠ϚϧνΫϥελԽ͢Δ͔ʁ • Ϋϥελ͝ͱʹϩʔϦϯάΞοϓσʔτ͍ͨ͠ • ൃੜ͙࣌͢ʹFail Over͠ɺোΫϥελͷϧʔςΟϯάε τοϓ͍ͨ͠
ϚϧνΫϥελͷ࣮ݱํ๏ • AnthosΞʔΩςΫνϟͷϞφλΠθʔ γϣϯΛςʔϚʹ༷ʑͳϓϩμΫτΛఏ ڙʂ • Ingress For Anthosͱ͍͏ϓϩμΫτ͕Ϛ ϧνΫϥελԽΛαϙʔτ
GCP Anthos
Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos • ୯ҰVIPͷLB • IP AnycastͰཧࢄ
Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos
Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos ઃఆ༻ͷCustomResource ΛDeploy͢ΔΫϥελ
Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos Managed Controller ͕LBϦιʔεΛੜ
Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos
Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos URL Map
Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos LB Backend
Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos LBͷϧʔςΟϯάઃఆ ͲͷϧʔϧͰ ͲͷMCSʹྲྀ͔͢
Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos Ϋϥελʹލͬͨ Podͷཧάϧʔϐϯά
Ingress For Anthos Ҿ༻: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-for-anthos MCS͔Βࣗಈతʹੜ NEGͱͯ͠ LBͷόοΫΤϯυʹొ
ߟྀ͢Δ՝ ߟྀϙΠϯτ • Fail Overͷ݅ʁ • HealthCheckͰԿΛ୲อ͢Δ͔ʁ • αʔϏε͝ͱʹFail OverՄೳ͔ʁ
ߟྀ͢Δ՝ FailOverͷ݅ • Health Check͕ࣦഊͨ͠ΒFail Over
ߟྀ͢Δ՝ αʔϏε͝ͱͷFail Over • Istio ͷSingle Control Plane of Multi
Cluster ύλʔϯͳΒՄೳ • Traffic DirectorͳͲΛ͑ڪΒ͘Մೳ • ಛघͳߏΛऔΕՄೳ
ߟྀ͢Δ՝ αʔϏε͝ͱͷFail Over • Istio ͷSingle Control Plane of Multi
Cluster ύλʔϯͳΒՄೳ • Traffic DirectorͳͲΛ͑ڪΒ͘Մೳ • ಛघͳߏΛऔΕՄೳ Too HeavyͳͷͰ Ұ୴அ೦
ݕ౼ͨ͠ಛघΞʔΩςΫνϟ
ߟྀ͢Δ՝ कΓ͍ͨͷ k8sIstioىҼͰ αʔϏεͷμϯλΠϜ͕ͳ͍͜ͱ ࣮ ΫϥελʹͬͯΔαʔϏε͕ શ෦HealthyͳΒ HealthyΛฦ͢ ಠࣗαʔϏεΛར༻ Health
CheckͰԿΛ୲อ͢Δʁ
ߟྀ͢Δ՝ ಠࣗHealth Checker • Ϋϥελߋ৽͚࣌ͩɺશαʔϏεͷHealth CheckϞʔυ • ͦΕҎ֎ͷฏৗ࣌ɺಛʹԿͤͣ200Λฦ٫
ߟྀ͢Δ՝ ಠࣗHealth Checker • Ϋϥελߋ৽͚࣌ͩɺશαʔϏεͷHealth CheckϞʔυ • ͦΕҎ֎ͷฏৗ࣌ɺಛʹԿͤͣ200Λฦ٫ • LBͷϨΠϠͰΫϥελ͚ͩ
νΣοΫ • ΞϓϦέʔγϣϯ ArgoRolloutͳͲͰؤுΔ
ϚϧνΫϥελΞʔΩςΫνϟ Ingress Gateway Service A Service B Service C LB
Ingress Gateway Service A Service B Service C CDN ࠷ऴతͳߏ Health Checker Health Checker
Pros/Cons Pros • DNS ͳͲͷTTLʹࢧ͞Εͳ͍ • ཧࢄͰ࠷దͳϧʔςΟϯά • ಉҰϦʔδϣϯͷϚϧνΫϥελͳΒκʔϯͰۉҰࢄ •
ҙ֎ͱ͍҆
Pros/Cons Cons • ྑ͘ѱ͘κʔϯͰۉҰࢄ ◦ ΧφϦΞͰ͖ͳ͍ ◦ ҰؾʹτϥϑΟοΫ͕ྲྀΕΔ͜ͱ͋Δ ◦ Podͷκʔϯ͝ͱͷࢄঢ়گߟྀ͞Εͳ͍
• Config Cluster͕༨ʹඞཁ • ෳࡶͳϧʔςΟϯά͍ͨ͠߹URL Mapͷ੍ʹҙ
Follow Me!! @taisho6339
Thank you for listening!
taisho6339
hr01
i35_267
lycorptech_jp
takakuni
yu_kod
shinya337
kou_kita
itohiro73
tattaka
whywaita
airhelpsupport
notwaldorf
rmw
wjessup
ammeep
geoffreycrofte
lemiorhan
tammyeverts
addyosmani
eitanlees
bcantrill
eileencodes
maltzj
