ç¹å®ã®ã¢ããªã±ãŒã·ã§ã³çšã« Kubernetes ã¯ã©ã¹ã¿ãŒãèµ·åãããšãã¯ãã¢ããªã±ãŒã·ã§ã³èªäœãããžãã¹ãéçºè
ããã®ãªãœãŒã¹ã«å¯ŸããŠã©ã®ãããªåœ±é¿ãäžããããç解ããå¿
èŠããããŸãã ãã®æ
å ±ã䜿çšããŠãã¢ãŒããã¯ãã£ã®æ±ºå®ãç¹ã«ãçŸåšãã§ã«å€æ°ã® Ingress ã³ã³ãããŒã©ãŒãååšããç¹å®ã® Ingress ã³ã³ãããŒã©ãŒã®éžæãéå§ã§ããŸãã å€ãã®èšäºãããã¥ã¡ã³ããªã©ãåç
§ããããšãªããå©çšå¯èœãªãªãã·ã§ã³ã®åºæ¬çãªèãæ¹ãç解ããããã«ãäž»èŠãª (å®çšŒå察å¿ã®) Ingress ã³ã³ãããŒã©ãŒãå«ããã®æŠèŠãçšæããŸããã
ç§ãã¡ã¯ããããååãã¢ãŒããã¯ã㣠ãœãªã¥ãŒã·ã§ã³ãéžæããéã«åœ¹ç«ã€ããšãé¡ã£ãŠããŸããå°ãªããšãããã詳现ãªæ
å ±ãååŸããå®è·µçãªå®éšãè¡ãããã®åºçºç¹ãšãªãã§ãããã 以åãç§ãã¡ã¯ãããäžã®ä»ã®åæ§ã®è³æã調æ»ããŸããããå¥åŠãªããšã«ãå€ããå°ãªããå®å
šã§ãæãéèŠãªããšã§ããæ§é åãããã¬ãã¥ãŒã¯èŠã€ãããŸããã§ããã ãªã®ã§ããã®ã®ã£ãããåããŠãããŸãããïŒ
åºæº
ååãšããŠãæ¯èŒãè¡ã£ãŠæçšãªçµæãåŸãã«ã¯ã察象åéãç解ããã ãã§ãªããç 究ã®ãã¯ãã«ãèšå®ããåºæºã®å ·äœçãªãªã¹ããçšæããå¿ èŠããããŸãã Ingress / Kubernetes ã®äœ¿çšã§èãããããã¹ãŠã®ã±ãŒã¹ãåæããã€ããã¯ãããŸããããã³ã³ãããŒã©ãŒã®æãäžè¬çãªèŠä»¶ã匷調ããããšããŸããããããã®å Žåãããã¹ãŠã®è©³çŽ°ãšè©³çŽ°ãåå¥ã«æ€èšããå¿ èŠãããããšãèŠæããŠãã ããã
ãã ããããŸãã«ãããç¥ãããŠããããããã¹ãŠã®ãœãªã¥ãŒã·ã§ã³ã«å®è£ ãããŠããã«ããããããèæ ®ãããŠããªãç¹æ§ããå§ããŸãã
- ãµãŒãã¹ã®åçæ€åº (ãµãŒãã¹æ€åº)ã
- SSL çµç«¯ã
- Webãœã±ãããæäœããŸãã
次ã«æ¯èŒãã€ã³ãã«ã€ããŠèª¬æããŸãã
ãµããŒããããŠãããããã³ã«
åºæ¬çãªéžæåºæºã® XNUMX ã€ã ãœãããŠã§ã¢ãæšæºã® HTTP ã§ã¯åäœããªãå Žåããè€æ°ã®ãããã³ã«ãåæã«åäœãããå¿ èŠãããå ŽåããããŸãã ã±ãŒã¹ãæšæºçã§ãªãå Žåã¯ãåŸã§ã¯ã©ã¹ã¿ãŒãåæ§æããå¿ èŠããªãããã«ããã®èŠçŽ ãå¿ ãèæ ®ããŠãã ããã ãã¹ãŠã®ã³ã³ãããŒã©ãŒã§ããµããŒãããããããã³ã«ã®ãªã¹ãã¯ç°ãªããŸãã
æ žãšãªããœãããŠã§ã¢
ã³ã³ãããŒã©ãŒã®ããŒã¹ãšãªãã¢ããªã±ãŒã·ã§ã³ã«ã¯ããã€ãã®ããªãšãŒã·ã§ã³ããããŸãã 人æ°ã®ãããã®ã¯ãnginxãtraefikãhaproxyãenvoy ã§ãã äžè¬çãªã±ãŒã¹ã§ã¯ããã©ãã£ãã¯ã®éåä¿¡æ¹æ³ã«ã¯ããŸã圱é¿ããªããããããŸãããããå éšãã«ãããã®ã®æœåšçãªãã¥ã¢ã³ã¹ãæ©èœãç¥ãããšã¯åžžã«åœ¹ç«ã¡ãŸãã
ãã©ãã£ãã¯ã«ãŒãã£ã³ã°
ç¹å®ã®ãµãŒãã¹ãžã®ãã©ãã£ãã¯ã®æ¹åã決å®ã§ããã®ã¯äœã§ãã? éåžžããããã¯ãã¹ããšãã¹ã§ãããè¿œå ã®å¯èœæ§ããããŸãã
ã¯ã©ã¹ã¿ãŒå ã®åå空é
åå空é (åå空é) - Kubernetes ã§ãªãœãŒã¹ãè«ççã«åå²ããæ©èœ (ããšãã°ãã¹ããŒãžäžãæ¬çªç°å¢ãªã©)ã ååå空éã«åå¥ã«ã€ã³ã¹ããŒã«ããå¿ èŠããã Ingress ã³ã³ãããŒã©ãŒããããŸã (ãã©ãã£ãã¯ãèªå°ã§ããŸã) ã®ã¿ ãã®ã¹ããŒã¹ã®ãããã«)ã ãããŠãã¯ã©ã¹ã¿ãŒå šäœã«å¯ŸããŠã°ããŒãã«ã«åäœãããã® (ããã³ãã®æããã«å€§éšå) ãããããããã®ãã©ãã£ãã¯ã¯ãåå空éã«é¢ä¿ãªããã¯ã©ã¹ã¿ãŒã®ä»»æã®ãããã«éä¿¡ãããŸãã
äžæµåããµã³ãã«
ãã©ãã£ãã¯ã¯ã©ã®ããã«ããŠã¢ããªã±ãŒã·ã§ã³ããµãŒãã¹ã®æ£åžžãªã€ã³ã¹ã¿ã³ã¹ã«éä¿¡ãããã®ã§ãããã? ã¢ã¯ãã£ãããã³ããã·ããã§ãã¯ãåè©Šè¡ããµãŒããããã¬ãŒã«ãŒã®ãªãã·ã§ã³ããããŸã (詳现ã«ã€ããŠã¯ãããšãã°ã次ãåç
§ããŠãã ããã
ãã©ã³ã¹ã¢ã«ãŽãªãºã
å€ãã®ãªãã·ã§ã³ããããŸã: åŸæ¥ã®ãã®ãã
èªèšŒ
ã³ã³ãããŒã©ã¯ã©ã®ãããªèªèšŒã¹ããŒã ããµããŒãããŠããŸãã? Basicãdigestãoauthãexternal-auth - ãããã®ãªãã·ã§ã³ã¯ããç¥ãããŠãããšæããŸãã ããã¯ãIngress ãéããŠã¢ã¯ã»ã¹ãããéçºè (ããã³/ãŸãã¯åãªããã©ã€ããŒã) ã«ãŒããå€æ°ããå Žåã«éèŠãªåºæºã§ãã
ãã©ãã£ãã¯ã®åæ£
ã³ã³ãããŒã©ã¯ãã«ããªã¢ ããŒã«ã¢ãŠã (ã«ããªã¢)ãA/B ãã¹ãããã©ãã£ã㯠ãã©ãŒãªã³ã° (ãã©ãŒãªã³ã°/ã·ã£ããŠã€ã³ã°) ãªã©ã®äžè¬çã«äœ¿çšããããã©ãã£ãã¯åæ£ã¡ã«ããºã ããµããŒãããŠããŸãã? ããã¯ãçç£çãªãã¹ãããªãã©ã€ã³ã§ã®è£œåãã°ã®ãããã° (ãŸãã¯æ倱ãæå°éã«æãã)ããã©ãã£ãã¯åæãªã©ã®ããã«ãæ£ç¢ºãã€æ£ç¢ºãªãã©ãã£ãã¯ç®¡çãå¿ èŠãšããã¢ããªã±ãŒã·ã§ã³ã«ãšã£ãŠãéåžžã«åä»ãªåé¡ã§ãã
ææãµãã¹ã¯ãªãã·ã§ã³
é«åºŠãªæ©èœãæè¡ãµããŒããå©çšã§ããã³ã³ãããŒã©ãŒã®ææãªãã·ã§ã³ã¯ãããŸãã?
ã°ã©ãã£ã«ã«ãŠãŒã¶ãŒã€ã³ã¿ãŒãã§ãŒã¹ïŒWeb UIïŒ
ã³ã³ãããŒã©ãŒæ§æã管çããããã® GUI ã¯ãããŸãã? äž»ã«ãæ軜ããããIngress ã®èšå®ã«äœããã®å€æŽãå ããå¿ èŠããã人åãã§ããããçã®ããã³ãã¬ãŒãã䜿çšããã®ã¯äžäŸ¿ã§ãã éçºè ããã©ãã£ãã¯ããªã³ã¶ãã©ã€ã§å®éšãããå Žåã«äŸ¿å©ã§ãã
JWTã®æ€èšŒ
ãšã³ãã¢ããªã±ãŒã·ã§ã³ã«å¯ŸãããŠãŒã¶ãŒã®èªå¯ãšæ€èšŒã®ããã® JSON Web ããŒã¯ã³ã®çµã¿èŸŒã¿æ€èšŒã®ååšã
æ§æã®ã«ã¹ã¿ãã€ãºã®å¯èœæ§
ãã³ãã¬ãŒãã®æ¡åŒµæ§ãšã¯ãç¬èªã®ãã£ã¬ã¯ãã£ãããã©ã°ãªã©ãæšæºæ§æãã³ãã¬ãŒãã«è¿œå ã§ããã¡ã«ããºã ãåããŠãããšããæå³ã§ãã
åºæ¬ç㪠DDOS ä¿è·ã¡ã«ããºã
ã·ã³ãã«ãªã¬ãŒãå¶éã¢ã«ãŽãªãºã ããŸãã¯ã¢ãã¬ã¹ããã¯ã€ããªã¹ããåœãªã©ã«åºã¥ãããè€éãªãã©ãã£ã㯠ãã£ã«ã¿ãªã³ã° ãªãã·ã§ã³ã
ãªã¯ãšã¹ããã¬ãŒã¹
Ingress ããç¹å®ã®ãµãŒãã¹/ããããžã®ãªã¯ãšã¹ãããããŠçæ³çã«ã¯ãµãŒãã¹/ãããéã®ãªã¯ãšã¹ããç£èŠã远跡ããããã°ããæ©èœã
WAF
ãµããŒã
ã³ã³ãããŒã©ãŒ
ã³ã³ãããŒã©ãŒã®ãªã¹ãã¯ã以äžã«åºã¥ããŠäœæãããŸããã
Kubernetes ããã® Ingress
ãŠã§ããµã€ãïŒ
ã©ã€ã»ã³ã¹: Apache 2.0
ãã㯠Kubernetes ã®å ¬åŒã³ã³ãããŒã©ãŒã§ãããã³ãã¥ããã£ã«ãã£ãŠéçºãããŠããŸãã ååããæãããªããã«ããã㯠nginx ã«åºã¥ããŠãããè¿œå æ©èœã®å®è£ ã«äœ¿çšãããå¥ã® Lua ãã©ã°ã€ã³ã®ã»ããã«ãã£ãŠè£å®ãããŠããŸãã nginx èªäœã®äººæ°ãšãã³ã³ãããŒã©ãŒãšããŠäœ¿çšããå Žåã®å€æŽãæå°éã§ããããããã®ãªãã·ã§ã³ã¯å¹³åçãªãšââã³ãžã㢠(Web çµéšã®ãã) ã«ãšã£ãŠæãç°¡åã§ç°¡åã«æ§æã§ããå¯èœæ§ããããŸãã
NGINX Inc.ã«ããIngress
ãŠã§ããµã€ãïŒ
ã©ã€ã»ã³ã¹: Apache 2.0
nginx éçºè
ã®å
¬åŒè£œåã ã«åºã¥ããææçããããŸã
ç¡æçã¯ãå
¬åŒã³ã³ãããŒã©ãŒãšæ¯èŒããå Žåãå«ããŠã倧å¹
ã«ã³ã¹ããåæžãããŠããŸã (åã Lua ã¢ãžã¥ãŒã«ããªããã)ã åæã«ãææã®ãã®ã«ã¯ããªã¢ã«ã¿ã€ã ã¡ããªã¯ã¹ãJWTæ€èšŒãã¢ã¯ãã£ããã«ã¹ãã§ãã¯ãªã©ãããªãå¹
åºãè¿œå æ©èœããããŸãã NGINX Ingress ã«å¯ŸããéèŠãªå©ç¹ã¯ãTCP / UDP ãã©ãã£ãã¯ãå®å
šã«ãµããŒãããŠããããšã§ã (ã³ãã¥ãã㣠ããŒãžã§ã³ã§ã!)ã ãã€ãã¹ -
ã³ã³ã°ã€ã³ã°ã¬ã¹
ãŠã§ããµã€ãïŒ
ã©ã€ã»ã³ã¹: Apache 2.0
ã³ã³ã°ç€Ÿãéçºãã補åã åçšçãšç¡æçã® XNUMX ã€ã®ããŒãžã§ã³ããããŸãã nginx ãããŒã¹ã«ããŠãããå€æ°ã® Lua ã¢ãžã¥ãŒã«ã§æ¡åŒµãããŠããŸãã
åœåã¯ãAPI ãªã¯ãšã¹ãã®åŠçãšã«ãŒãã£ã³ã°ã«çŠç¹ãåœãŠãŠããŸããã API ã²ãŒããŠã§ã€ãšããŠæ©èœããŸãããçŸæç¹ã§ã¯æ¬æ Œç㪠Ingress ã³ã³ãããŒã©ãŒã«ãªã£ãŠããŸãã äž»ãªå©ç¹: ã€ã³ã¹ããŒã«ãšèšå®ãç°¡åãªå€ãã®è¿œå ã¢ãžã¥ãŒã« (ãµãŒãããŒãã£éçºè ã«ããã¢ãžã¥ãŒã«ãå«ã) ãããããããå©çšããŠå¹ åºãè¿œå æ©èœãå®è£ ãããŸãã ãã ããçµã¿èŸŒã¿é¢æ°ã¯ãã§ã«å€ãã®å¯èœæ§ãæäŸããŠããŸãã ãžã§ãã®èšå®ã¯ CRD ãªãœãŒã¹ã䜿çšããŠè¡ãããŸãã
補åã®éèŠãªæ©èœ - (åå空éããŸãããã®ã§ã¯ãªã) åã茪éå ã§äœæ¥ããããšã¯ç©è°ãéžããããã¯ã§ãããã人ã«ãšã£ãŠã¯ãããæ¬ ç¹ã®ããã«èŠããŸã (茪éããšã«ãšã³ãã£ãã£ãçæããå¿ èŠããããŸã) ãããã人ã«ãšã£ãŠã¯ãããæ©èœã§ã ( bПããé«ãã¬ãã«ã®åé¢XNUMX ã€ã®ã³ã³ãããŒã©ãŒãå£ããŠããå Žåãåé¡ã¯åè·¯ã®ã¿ã«éå®ãããŸã)ã
ãã¬ãã£ã¯
ãŠã§ããµã€ãïŒ
ã©ã€ã»ã³ã¹: MIT
å ã ã¯ããã€ã¯ããµãŒãã¹ãšãã®åçç°å¢ã®ãªã¯ãšã¹ã ã«ãŒãã£ã³ã°ãåŠçããããã«äœæããããããã·ã ãããã£ãŠãåèµ·åããŸã£ããè¡ããã«æ§æãæŽæ°ãããå€æ°ã®ãã©ã³ã¹æ¹æ³ã®ãµããŒããWeb ã€ã³ã¿ãŒãã§ã€ã¹ãã¡ããªã¯ã¹è»¢éãããŸããŸãªãããã³ã«ã®ãµããŒããREST APIãã«ããªã¢ ãªãªãŒã¹ãªã©ãå€ãã®äŸ¿å©ãªæ©èœãå«ãŸããŠããŸãã ãã XNUMX ã€ã®åªããæ©èœã¯ãããã«äœ¿çšã§ãã Let's Encrypt 蚌ææžã®ãµããŒãã§ãã æ¬ ç¹ã¯ãé«å¯çšæ§ (HA) ãæ§æããããã«ãã³ã³ãããŒã©ãŒãç¬èªã® KV ã¹ãã¬ãŒãžãã€ã³ã¹ããŒã«ããŠæ¥ç¶ããå¿ èŠãããããšã§ãã
ããããã·
ãŠã§ããµã€ãïŒ
ã©ã€ã»ã³ã¹: Apache 2.0
HAProxy ã¯ããããã·ããã³ãã©ãã£ã㯠ãã©ã³ãµãŒãšããŠé·ãéç¥ãããŠããŸããã Kubernetes ã¯ã©ã¹ã¿ãŒã®äžéšãšããŠãããœãããæ§ææŽæ° (ãã©ãã£ãã¯ã®æ倱ãªã)ãDNS ã«åºã¥ããµãŒãã¹æ€åºãAPI ã䜿çšããåçæ§æãæäŸããŸãã CM ã眮ãæããããšã«ãã£ãŠæ§æãã³ãã¬ãŒããå®å šã«ã«ã¹ã¿ãã€ãºã§ããããšãããã³ãã®äžã§ Sprig ã©ã€ãã©ãªé¢æ°ã䜿çšã§ããããšã¯é åçã§ãã äžè¬ã«ããã®ãœãªã¥ãŒã·ã§ã³ã®äž»ãªéç¹ã¯ãé«éæ§ããã®æé©åãããã³æ¶è²»ããããªãœãŒã¹ã®å¹çåã«ãããŸãã ãã®ã³ã³ãããŒã©ãŒã®å©ç¹ã¯ãèšé²çãªæ°ã®ããŸããŸãªãã©ã³ã¹æ¹æ³ããµããŒãããŠããããšã§ãã
ãã€ãžã£ãŒ
ãŠã§ããµã€ãïŒ
ã©ã€ã»ã³ã¹: Apache 2.0
HAproxy ã³ã³ãããŒã©ãŒãããŒã¹ã«ããŠãããå€æ°ã®ãããã€ããŒã®å¹ åºãæ©èœããµããŒããããŠãããŒãµã« ãœãªã¥ãŒã·ã§ã³ãšããŠäœçœ®ä»ããããŠããŸãã L7 ãš L4 ã®ãã©ãã£ãã¯ããã©ã³ã¹ãããæ©äŒãæäŸãããå šäœãšã㊠TCP L4 ãã©ãã£ãã¯ã®ãã©ã³ã¹ããšãããšãããœãªã¥ãŒã·ã§ã³ã®éèŠãªæ©èœã® XNUMX ã€ãšèšããŸãã
茪é
ãŠã§ããµã€ãïŒ
ã©ã€ã»ã³ã¹: Apache 2.0
ãã®ãœãªã¥ãŒã·ã§ã³ã¯ Envoy ã«åºã¥ããŠããã ãã§ã¯ãªããã«ãã£ãŠéçºãããŸããã äžç·ã« ãã®äººæ°ã®ãããããã·ã®äœæè ãšã éèŠãªæ©èœã¯ãIngressRoute CRD ãªãœãŒã¹ã䜿çšã㊠Ingress ãªãœãŒã¹ã®å¶åŸ¡ãåé¢ã§ããããšã§ãã åãã¯ã©ã¹ã¿ãŒã䜿çšããå€ãã®éçºããŒã ãããçµç¹ã«ãšã£ãŠãããã¯ãé£æ¥ããã«ãŒãã§ãã©ãã£ãã¯ãåŠçããéã®ã»ãã¥ãªãã£ãæ倧åããIngress ãªãœãŒã¹ãå€æŽããéã®ãšã©ãŒããããŒã ãä¿è·ããã®ã«åœ¹ç«ã¡ãŸãã
ãŸããäžé£ã®æ¡åŒµããããã©ã³ã·ã³ã°æ¹æ³ (ãªã¯ãšã¹ãã®ãã©ãŒãªã³ã°ãèªåç¹°ãè¿ãããªã¯ãšã¹ãã®ã¬ãŒãå¶éãªã©)ããã©ãã£ã㯠ãããŒãšé害ã®è©³çŽ°ãªç£èŠãæäŸããŸãã ãããã誰ãã«ãšã£ãŠã¯ãã¹ãã£ãããŒã»ãã·ã§ã³ã®ãµããŒãããªãããšãé倧ãªæ¬ ç¹ã«ãªãã§ãããïŒãã ããäœæ¥ã¯
Istio Ingress
ãŠã§ããµã€ãïŒ
ã©ã€ã»ã³ã¹: Apache 2.0
å€éšããã®åä¿¡ãã©ãã£ãã¯ã管çãã Ingress ã³ã³ãããŒã©ãŒã§ããã ãã§ãªããã¯ã©ã¹ã¿ãŒå
ã®ãã¹ãŠã®ãã©ãã£ãã¯ãå¶åŸ¡ããå
æ¬çãªãµãŒãã¹ ã¡ãã·ã¥ ãœãªã¥ãŒã·ã§ã³ã å
éšã§ã¯ãEnvoy ã¯åãµãŒãã¹ã®ãµã€ãã«ãŒ ãããã·ãšããŠäœ¿çšãããŸãã æ¬è³ªçã«ãããã¯ãäœã§ãã§ããã倧ããªã³ã³ãã€ã³ã§ããããã®äž»ãªèãæ¹ã¯æ倧éã®ç®¡çæ§ãæ¡åŒµæ§ãã»ãã¥ãªãã£ãéææ§ã§ãã ããã䜿çšãããšããã©ãã£ã㯠ã«ãŒãã£ã³ã°ããµãŒãã¹éã®ã¢ã¯ã»ã¹èªèšŒããã©ã³ã·ã³ã°ãã¢ãã¿ãªã³ã°ãã«ããªã¢ ãªãªãŒã¹ãªã©ã埮調æŽã§ããŸãã Istio ã«ã€ããŠè©³ããã¯ãäžé£ã®èšäºãã芧ãã ããã
倧䜿
ãŠã§ããµã€ãïŒ
ã©ã€ã»ã³ã¹: Apache 2.0
Envoy ã«åºã¥ãå¥ã®ãœãªã¥ãŒã·ã§ã³ã ç¡æçãšåçšçããããŸãã ããã¯ãKubernetes ã«å®å šã«ãã€ãã£ãããšããŠäœçœ®ä»ããããŠãããããã«å¿ããå©ç¹ (K8s ã¯ã©ã¹ã¿ãŒã®ã¡ãœããããã³ãšã³ãã£ãã£ãšã®ç·å¯ãªçµ±å) ããããããŸãã
æ¯èŒè¡š
ãã®èšäºã®é倧æã¯ã次ã®å·šå€§ãªè¡šã§ãã
ã¯ãªãã¯ãããšè©³çŽ°ã衚瀺ã§ãã次ã®åœ¢åŒã§ãå©çšã§ããŸãã
ãŸãšãã
ãã®èšäºã®ç®çã¯ãç¹å®ã®ã±ãŒã¹ã§ã©ã®ãããªéžæããã¹ããã«ã€ããŠãããå®å šãªç解ãæäŸããããšã§ã (ãã ãã決ããŠç¶²çŸ çãªãã®ã§ã¯ãããŸãã)ã ãã€ãã®ããšã§ãããåã³ã³ãããŒã©ãŒã«ã¯ããããé·æãšçæããããŸãâŠ
Kubernetes ã®å€å žç㪠Ingress ã¯ãå¯çšæ§ãšå®çžŸããããæ©èœãååã«è±å¯ã§ãããšããç¹ã§åªããŠããŸããäžè¬çã«ã¯ããèŠãç®ã«ã¯ååãã§ããã¯ãã§ãã ãã ããå®å®æ§ãæ©èœãéçºã®ã¬ãã«ã«å¯ŸããèŠä»¶ãé«ãŸãå Žåã¯ãNGINX Plus ãšææãµãã¹ã¯ãªãã·ã§ã³ãåãã Ingress ã«æ³šæãæãå¿ èŠããããŸãã Kong ã«ã¯æãè±å¯ãªãã©ã°ã€ã³ ã»ãã (ããã³ãããã«å¿ããŠãã©ã°ã€ã³ãæäŸããæ©äŒ) ããããææããŒãžã§ã³ã§ã¯ããã«å€ãã®ãã©ã°ã€ã³ãæäŸãããŸãã API ã²ãŒããŠã§ã€ãCRD ãªãœãŒã¹ã«åºã¥ãåçæ§æãããã³åºæ¬ç㪠Kubernetes ãµãŒãã¹ãšããŠæ©èœããæ©äŒãè±å¯ã«ãããŸãã
ãã©ã³ã¹ãšèªèšŒæ¹æ³ã®èŠä»¶ãå¢å ããŠãããããTraefik ãš HAProxy ãæ€èšããŠãã ããã ãããã¯ãªãŒãã³ãœãŒã¹ ãããžã§ã¯ãã§ãããé·å¹Žã«ããã£ãŠå®çžŸããããéåžžã«å®å®ããŠããã掻çºã«éçºãããŠããŸãã Contour ã¯ãªãªãŒã¹ãããŠããæ°å¹Žçµã¡ãŸããããŸã èŠãç®ãè¥ãããŠãEnvoy ã«åºæ¬çãªæ©èœããè¿œå ãããŠããŸããã ã¢ããªã±ãŒã·ã§ã³ã®åã« WAF ã®ååš/åã蟌ã¿ã«é¢ããèŠä»¶ãããå Žåã¯ãKubernetes ãŸã㯠HAProxy ããã®åã Ingress ã«æ³šæãæãå¿ èŠããããŸãã
ãããŠãæ©èœã®ç¹ã§æãè±å¯ãªã®ã¯ãEnvoyãç¹ã« Istio äžã«æ§ç¯ããã補åã§ãã ãäœã§ãã§ãããå æ¬çãªãœãªã¥ãŒã·ã§ã³ã®ããã«èŠããŸãããæ§æ/èµ·å/管çã®æ·å± ãä»ã®ãœãªã¥ãŒã·ã§ã³ã«æ¯ã¹ãŠéåžžã«é«ãããšãæå³ããŸãã
ç§ãã¡ã¯ãããŒãºã® 80 ïœ 90% ãã«ããŒããæšæºã³ã³ãããŒã©ãŒãšããŠãKubernetes ã® Ingress ãéžæããçŸåšã䜿çšããŠããŸãã éåžžã«ä¿¡é Œæ§ãé«ããæ§æãšæ¡åŒµãç°¡åã§ãã äžè¬ã«ãç¹å®ã®èŠä»¶ããªããã°ãã»ãšãã©ã®ã¯ã©ã¹ã¿ãŒ/ã¢ããªã±ãŒã·ã§ã³ã«é©åããŸãã åãæ±çšçã§æ¯èŒçã·ã³ãã«ãªè£œåã§ã¯ãTraefik ãš HAProxy ãæšå¥šã§ããŸãã
PS
ç§ãã¡ã®ããã°ããèªã¿ãã ãã:
- ãIstio ã§ãã€ã¯ããµãŒãã¹ã«æ»ãã:
ããŒã 1 (äž»ãªæ©èœã®çŽ¹ä») ,ããŒã 2 (ã«ãŒãã£ã³ã°ããã©ãã£ãã¯å¶åŸ¡) ,ããŒã 3 (èªèšŒãšèªå¯) ; - «
Kubernetes ã®ãã³ããšãã¯ããã¯: NGINX Ingress ã®ã«ã¹ã¿ã ãšã©ãŒ ããŒãž "; - «
Kubernetes ã®ãã³ããšãã¯ããã¯: éçºãµã€ããžã®ã¢ã¯ã»ã¹ 'ã
åºæïŒ habr.com