SlideShare ist ein Scribd-Unternehmen logo

Publishing Microservices Applications

Francisco Javier Ramírez Urea
Francisco Javier Ramírez Urea

Ingress solutions for publising microservices based applications on Kubernetes and Swarm

Technologie
1 von 47
● Javier Ramírez Urea − Modern Infrastructures − Dockerized at HoplaSoftware − DCA, DCI, MSCE jramirez@hoplasoftware.com infra-team@hoplasoftware.com frjaraur hopla-training
Publishing Applications “... Not a long time ago, there were tons of Monoliths ...” From Monoliths to Services Mesh 3
Publishing Applications “... Evolution always brings new problems to solve ...” From Monoliths to Services Mesh 4
Publishing Applications From Monoliths to Services Mesh Monolith Application 5
Publishing Applications From Monoliths to Services Mesh Monolith Application Router Mesh 6
Publishing Applications From Monoliths to Services Mesh Monolith Application Router Mesh GATEWAY 7
Publishing Applications From Monoliths to Services Mesh Monolith Application Router Mesh Service Mesh GATEWAY 8
Publishing Applications From Monoliths to Services Mesh Monolith Application Router Mesh Service Mesh GATEWAY GATEWAY 9
Publishing Applications From Monoliths to Services Mesh Monolith Application Router Mesh Service Mesh GATEWAY GATEWAY G ATEW AY GATEWAY GATEW AY GATEWAY 10
Publishing Applications From Monoliths to Services Mesh Monolith Application Router Mesh Service Mesh GATEWAY 11
Publishing Applications From Monoliths to Services Mesh Router Mesh GATEWAY Solutions for publishing applications must managed dynamic service components routing when they change: ● Manage North-South Traffic ● Resilience ● Scaling ● Host Maintenances ● Updatings/Rollbacks ...Etc….. 12
Publishing Applications From Monoliths to Services Mesh Router Mesh GATEWAY Solutions for publishing applications must managed dynamic service components routing when they change: ● Manage North-South Traffic ● Resilience ● Scaling ● Host Maintenances ● Updatings/Rollbacks ...Etc….. 13
Publishing Applications • Kubernetes publishing • Pods are mortal and their number can be scale up/down whenever we need it. • Services are abstraction which defines a logical set of Pods and a policy by which to access them: ■ Endpoints API updated whenever the set of Pods in a Service changes, for Kubernetes-native applications. ■ A Virtual-IP-based bridge to Services which redirects to the backend Pods, for non-native applications. Containers Routing Publishing Mesh 14
Publishing Applications • Cluster IP • Node Port • Load Balancer • External Name • External IPs Kubernetes Service Types 15
Publishing Applications SERVICE KUBE-PROXY POD POD POD Cluster IP 16
Publishing Applications SERVICE KUBE-PROXY POD POD POD Cluster IP Just for Debugging or allowing internal traffic, displaying internal dashboards, etc. 17
Publishing Applications SERVICE POD POD POD LOAD BALANCER VIP Load Balancer 18
Publishing Applications SERVICE POD POD POD LOAD BALANCER VIP Load Balancer The big downside is that each service you expose with a LoadBalancer will get its own IP address, and you have to pay for a LoadBalancer per exposed service, which can get expensive! 19
Publishing Applications SERVICE POD POD POD Service Port Service Port Service Port EXTERNAL LOAD BALANCER NodePort 20
Publishing Applications SERVICE POD POD POD Service Port Service Port Service Port EXTERNAL LOAD BALANCER NodePort There are many downsides to this method: ● You can only have once service per port ● You can only use ports 30000–32767 (configurable, but fixed) ● If your Node/VM IP address change, you need to deal with that 21
Publishing Applications Ingress Controllers SERVICE_APP1 POD_APP1 POD_APP1 POD_APP1 Ingress Port INGRESS CONTROLLER SERVICE_APP2 POD_APP2 POD_APP2 app1.example.com myapps.example.com/app1 app2.example.com myapps.example.com/app2 EXTERNAL LOAD BALANCER 22
Publishing Applications Ingress Resource apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - host: a.example.com http: paths: - path: /testpath backend: serviceName: test servicePort: 80 23
Publishing Applications apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - host: a.example.com http: paths: - path: /testpath backend: serviceName: test servicePort: 80 Ingress Resource 24
Publishing Applications apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - host: a.example.com http: paths: - path: /testpath backend: serviceName: test servicePort: 80 Ingress Resource 25
Publishing Applications apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - host: a.example.com http: paths: - path: /testpath backend: serviceName: test servicePort: 80 Ingress Resource 26
Publishing Applications Smart Routers ● Kubernetes Nginx ● Nginx/Nginx Plus ● Traëfik Kubernetes Ingress Controllers Types Router Controllers ● Cluster External Ingress Elements Interaction: ○ Big IP F5 Ingress ○ Octavia Ingress Controller ○ GLBC (GCE L7 lbctl) ○ Netscaler ● Cluster Internal API Gateways: ○ Kong Framework Specific ● Docker EE Interlock ● Openshift Router 27
Publishing Applications Docker EE Layer 7 routing in UCP supports: • High availability: • Automatic configuration • Scalability • TLS • Context-based routing • Host mode networking • Security • Allows Redirects • Persistent Sessions • Websockets • Canary Deployments with merge Docker EE Interlock 28
Publishing Applications SERVICE_APP1 POD_APP1 POD_APP1 POD_APP1 Ingress Port INTERLOCK SERVICE_APP2 POD_APP2 POD_APP2 app1.example.com myapps.example.com/app1 app2.example.com myapps.example.com/app2 EXTERNAL LOAD BALANCER ucp-interlock ucp-interlock-extension ucp-interlock-proxy ucp-interlock-proxy Docker EE Interlock 29
Publishing Applications Main Features ● Based on Community Nginx with third-party modules ● Supported by Kubernetes community ● Host rules (allow merging) ● HTTP load balancing extensions (Annotations and ConfigMap) ● HTTP/S, TCP/UDP and TCP SSL Passthrough ● Websocket ● Prometheus Integration ● Dynamic reconfiguration with third-party LUA plugin Kubernetes Nginx Ingress Controller 30
Publishing Applications Main Features ● HTTP/S host header and path routing ● Circuit Breakers ● Status Based Health Checks ● Routing with Basic authentication ● Extended configuration via toml ● Routing Priorities Traëfik Ingress Controller 31
Publishing Applications NGINX Ingress Controller 32
Publishing Applications NGINX and NGINX Plus supports the following Ingress features: ● SSL termination ● Path-based rules ● Multiple host names and Mergeable Ingress resources ● Websocket, which allows you to load balance Websocket applications. ● SSL Services, which allows you to load balance HTTPS applications. ● Rewrites, which allows you to rewrite the URI of a request before sending it to the application. ● Customized templates using annotations NGINX Ingress Controller 33
Publishing Applications Nginx Plus Only Available Ingress features: ● Dynamic Reconfiguration without reloading ● Complex Health Checks with pattern matching ● Extended Nginx Plus Dashboard ● Session Persistence. ● Support for JWTs to authenticate requests by validating JSON Web Tokens (JWTs). NGINX Plus Ingress Controller 34
Publishing Applications NGINX Ingress Controller 35
Publishing Applications Kong Ingress Controller 36
Publishing Applications Main features: ● Act as Controller for Kong (almost everything Kong does it is available). ● Kong ingress controller does not use Services to route traffic to the pods. Instead it uses the Endpoints API to bypass kube-proxy to allow Kong features like session affinity and custom load balancing algorithms. It also removes overhead, such as conntrack entries for iptables DNAT. ● Add New KongPlugin Resource ● Routing through API gateway Kong Ingress Controller apiVersion: configuration.konghq.com/v1 kind: KongPlugin metadata: name: add-ratelimiting-to-route namespace: kong config: hour: "100" limit_by: "ip" second: "10" 37
Publishing Applications 38
Publishing Applications apiVersion: extensions/v1beta1 kind: Deployment metadata: name: blue|red-app spec: replicas: 2 selector: matchLabels: app: blue|red template: metadata: labels: app: blue|red spec: containers: - name: blue|red image: codegazers/colors:1.5 env: - name: COLOR value: blue|red ports: - containerPort: 3000 apiVersion: v1 kind: Service metadata: name: blue|red-svc spec: ports: - port: 80 targetPort: 3000 protocol: TCP name: http selector: app: blue|red Colors Deployment https://raw.githubusercontent.com/Codegazers/k8s-vagrant/master/demo/colors.yml 39
Publishing Applications apiVersion: extensions/v1beta1 kind: Ingress metadata: name: colors-ingress spec: rules: - host: blue.example.com http: paths: - backend: serviceName: blue-svc servicePort: 80 - host: red.example.com http: paths: - backend: serviceName: red-svc servicePort: 80 Colors Ingress Resource https://raw.githubusercontent.com/Codegazers/k8s-vagrant/master/demo/colors-ingress.yml 40
Publishing Applications apiVersion: extensions/v1beta1 kind: Ingress metadata: name: colors-ingress annotations: kubernetes.io/ingress.class: "nginx" nginx.com/health-checks: "true" spec: rules: - host: blue.example.com http: paths: - backend: serviceName: blue-svc servicePort: 80 - host: red.example.com http: paths: - backend: serviceName: red-svc servicePort: 80 Ingress Resource with Health Checks https://raw.githubusercontent.com/Codegazers/k8s-vagrant/master/demo/colors-with-health.yml spec: containers: - name: red image: codegazers/colors:1.5 ports: - containerPort: 3000 env: - name: COLOR value: "red" readinessProbe: httpGet: port: 3000 path: /health httpHeaders: - name: AppStatus value: "UP" initialDelaySeconds: 1 periodSeconds: 5 timeoutSeconds: 4 successThreshold: 2 failureThreshold: 3 Deployment Checks 41
Publishing Applications apiVersion: extensions/v1beta1 kind: Ingress metadata: name: colors-ingress annotations: nginx.org/rewrites: "serviceName=red-svc rewrite=/;" spec: rules: - host: blue.example.com http: paths: - path: /red/ backend: serviceName: red-svc servicePort: 80 - backend: serviceName: blue-svc servicePort: 80 - host: red.example.com http: paths: - backend: serviceName: red-svc servicePort: 80 Ingress Controller Rewriting https://raw.githubusercontent.com/Codegazers/k8s-vagrant/master/demo/colors-ingress-rewrite.yml 42
Publishing Applications apiVersion: extensions/v1beta1 kind: Ingress metadata: name: colors-ingress annotations: nginx.com/sticky-cookie-services: "serviceName=red-svc red_svc_id expires=60s path=/;" spec: rules: - host: blue.example.com http: paths: - path: /red/ backend: serviceName: red-svc servicePort: 80 - backend: serviceName: blue-svc servicePort: 80 - host: red.example.com http: paths: - backend: serviceName: red-svc servicePort: 80 Ingress Controller Session Persistence https://raw.githubusercontent.com/Codegazers/k8s-vagrant/master/demo/colors-ingress-sticky.yml 43
Publishing Applications Ingress Controller Rate Limiting https://raw.githubusercontent.com/Codegazers/k8s-vagrant/master/demo/colors-ingress-sticky.yml apiVersion: extensions/v1beta1 kind: Ingress metadata: name: colors-ingress annotations: "rate-limiting.plugin.konghq.com":"add-ratelimiting-to-route" spec: rules: - host: blue.example.com http: paths: - backend: serviceName: blue-svc servicePort: 80 - host: red.example.com http: paths: - backend: serviceName: red-svc servicePort: 80 apiVersion: configuration.konghq.com/v1 kind: KongPlugin metadata: name: add-ratelimiting-to-route config: minute: 20 limit_by: ip second: 5 Kong Plugin Resource 44
Publishing Applications Docker EE2 Interlock https://raw.githubusercontent.com/Codegazers/k8s-vagrant/master/demo/colors-interlock.yml version: "3.3" # A Docker Compose file for configuration of the development environment services: red: image: codegazers/colors:1.5 environment: - COLOR=red deploy: replicas: 3 labels: com.docker.lb.hosts: red.example.com com.docker.lb.network: colors com.docker.lb.port: 3000 networks: - colors blue: image: codegazers/colors:1.5 environment: - COLOR=blue deploy: replicas: 2 labels: com.docker.lb.hosts: blue.example.com com.docker.lb.network: colors com.docker.lb.port: 3000 networks: - colors networks: colors: driver: overlay 45
Publishing Applications Docker EE2 Interlock https://raw.githubusercontent.com/Codegazers/k8s-vagrant/master/demo/colors-interlock.yml version: "3.3" # A Docker Compose file for configuration of the development environment services: red: image: codegazers/colors:1.5 environment: - COLOR=red deploy: replicas: 3 labels: com.docker.lb.hosts: red.example.com com.docker.lb.network: colors com.docker.lb.port: 3000 networks: - colors blue: image: codegazers/colors:1.5 environment: - COLOR=blue deploy: replicas: 2 labels: com.docker.lb.hosts: blue.example.com com.docker.lb.network: colors com.docker.lb.port: 3000 networks: - colors networks: colors: driver: overlay 46
jramirez@hoplasoftware.com infra-team@hoplasoftware.com frjaraur hopla-training

Empfohlen

What's new in OpenStack Liberty
What's new in OpenStack LibertyWhat's new in OpenStack Liberty
What's new in OpenStack Liberty
Michael Solberg
 
How OpenShift SDN helps to automate
How OpenShift SDN helps to automateHow OpenShift SDN helps to automate
How OpenShift SDN helps to automate
Ilkka Tengvall
 
WTF Do We Need a Service Mesh?
WTF Do We Need a Service Mesh? WTF Do We Need a Service Mesh?
WTF Do We Need a Service Mesh?
Anton Weiss
 
OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...
OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...
OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...
eNovance
 
L2 and L3 agent restructure
L2 and L3 agent restructureL2 and L3 agent restructure
L2 and L3 agent restructure
Rossella Sblendido
 
Openstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNsOpenstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNs
Thomas Morin
 
Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API Gateway
Yohann Ciurlik
 
VPNaaS in Neutron
VPNaaS in NeutronVPNaaS in Neutron
VPNaaS in Neutron
Kazunori Takeuchi
 

Empfohlen

What's new in OpenStack Liberty
What's new in OpenStack LibertyWhat's new in OpenStack Liberty
What's new in OpenStack Liberty
Michael Solberg
 
How OpenShift SDN helps to automate
How OpenShift SDN helps to automateHow OpenShift SDN helps to automate
How OpenShift SDN helps to automate
Ilkka Tengvall
 
WTF Do We Need a Service Mesh?
WTF Do We Need a Service Mesh? WTF Do We Need a Service Mesh?
WTF Do We Need a Service Mesh?
Anton Weiss
 
OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...
OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...
OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...
eNovance
 
L2 and L3 agent restructure
L2 and L3 agent restructureL2 and L3 agent restructure
L2 and L3 agent restructure
Rossella Sblendido
 
Openstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNsOpenstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNs
Thomas Morin
 
Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API Gateway
Yohann Ciurlik
 
VPNaaS in Neutron
VPNaaS in NeutronVPNaaS in Neutron
VPNaaS in Neutron
Kazunori Takeuchi
 
The GStreamer-VAAPI report (GStreamer Conference 2017)
The GStreamer-VAAPI report (GStreamer Conference 2017)The GStreamer-VAAPI report (GStreamer Conference 2017)
The GStreamer-VAAPI report (GStreamer Conference 2017)
Igalia
 
OpenShift As A DevOps Platform
OpenShift As A DevOps PlatformOpenShift As A DevOps Platform
OpenShift As A DevOps Platform
Lalatendu Mohanty
 
Simplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with RomanaSimplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with Romana
Juergen Brendel
 
APIdays Singapore 2019 - Blowing Up the Monolith: Adopting a Modern API Strat...
APIdays Singapore 2019 - Blowing Up the Monolith: Adopting a Modern API Strat...APIdays Singapore 2019 - Blowing Up the Monolith: Adopting a Modern API Strat...
APIdays Singapore 2019 - Blowing Up the Monolith: Adopting a Modern API Strat...
apidays
 
Load Balancing Applications on Kubernetes with NGINX
Load Balancing Applications on Kubernetes with NGINXLoad Balancing Applications on Kubernetes with NGINX
Load Balancing Applications on Kubernetes with NGINX
Aine Long
 
LF_OVS_17_OVN at Nutanix
LF_OVS_17_OVN at NutanixLF_OVS_17_OVN at Nutanix
LF_OVS_17_OVN at Nutanix
LF_OpenvSwitch
 
44CON 2014 - Binary Protocol Analysis with CANAPE, James Forshaw
44CON 2014 - Binary Protocol Analysis with CANAPE, James Forshaw44CON 2014 - Binary Protocol Analysis with CANAPE, James Forshaw
44CON 2014 - Binary Protocol Analysis with CANAPE, James Forshaw
44CON
 
Mastering Microservices with Kong (DevoxxUK 2019)
Mastering Microservices with Kong (DevoxxUK 2019)Mastering Microservices with Kong (DevoxxUK 2019)
Mastering Microservices with Kong (DevoxxUK 2019)
Maarten Mulders
 
KubeCon EU 2016 Keynote: Pushing Kubernetes Forward
KubeCon EU 2016 Keynote: Pushing Kubernetes ForwardKubeCon EU 2016 Keynote: Pushing Kubernetes Forward
KubeCon EU 2016 Keynote: Pushing Kubernetes Forward
KubeAcademy
 
FICO Open Shift presentation
FICO Open Shift presentationFICO Open Shift presentation
FICO Open Shift presentation
Nicholas Gerasimatos
 
OpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformOpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platform
Kangaroot
 
Replacing and Augmenting F5 BIG-IP with NGINX Plus
Replacing and Augmenting F5 BIG-IP with NGINX PlusReplacing and Augmenting F5 BIG-IP with NGINX Plus
Replacing and Augmenting F5 BIG-IP with NGINX Plus
NGINX, Inc.
 
Tech Talk by Louis Fourie: SFC: technology, trend and implementation
Tech Talk by Louis Fourie: SFC: technology, trend and implementationTech Talk by Louis Fourie: SFC: technology, trend and implementation
Tech Talk by Louis Fourie: SFC: technology, trend and implementation
nvirters
 
Developing a user-friendly OpenResty application
Developing a user-friendly OpenResty applicationDeveloping a user-friendly OpenResty application
Developing a user-friendly OpenResty application
Thibault Charbonnier
 
Accelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network OverlaysAccelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network Overlays
Cumulus Networks
 
BKK16-407 AOSP Toolchain Evolution and experimental languages on AOSP
BKK16-407 AOSP Toolchain Evolution and experimental languages on AOSPBKK16-407 AOSP Toolchain Evolution and experimental languages on AOSP
BKK16-407 AOSP Toolchain Evolution and experimental languages on AOSP
Linaro
 
The Real World with OpenShift - Red Hat DevOps & Microservices Conference 2017
The Real World with OpenShift - Red Hat DevOps & Microservices Conference 2017 The Real World with OpenShift - Red Hat DevOps & Microservices Conference 2017
The Real World with OpenShift - Red Hat DevOps & Microservices Conference 2017
Xpand IT
 
HKG15-110: ODP Project Update
HKG15-110: ODP Project UpdateHKG15-110: ODP Project Update
HKG15-110: ODP Project Update
Linaro
 
Fabric8 - Being devOps doesn't suck anymore
Fabric8 - Being devOps doesn't suck anymoreFabric8 - Being devOps doesn't suck anymore
Fabric8 - Being devOps doesn't suck anymore
Henryk Konsek
 
Interconnecting Neutron and Network Operators' BGP VPNs
Interconnecting Neutron and Network Operators' BGP VPNsInterconnecting Neutron and Network Operators' BGP VPNs
Interconnecting Neutron and Network Operators' BGP VPNs
Thomas Morin
 
How we scale up our architecture and organization at Dailymotion
How we scale up our architecture and organization at DailymotionHow we scale up our architecture and organization at Dailymotion
How we scale up our architecture and organization at Dailymotion
Stanislas Chollet
 
Openshift serverless Solution
Openshift serverless SolutionOpenshift serverless Solution
Openshift serverless Solution
Ryan ZhangCheng
 

Weitere ähnliche Inhalte

Was ist angesagt?

Replacing and Augmenting F5 BIG-IP with NGINX Plus
Replacing and Augmenting F5 BIG-IP with NGINX PlusReplacing and Augmenting F5 BIG-IP with NGINX Plus
Replacing and Augmenting F5 BIG-IP with NGINX Plus
NGINX, Inc.
 
Tech Talk by Louis Fourie: SFC: technology, trend and implementation
Tech Talk by Louis Fourie: SFC: technology, trend and implementationTech Talk by Louis Fourie: SFC: technology, trend and implementation
Tech Talk by Louis Fourie: SFC: technology, trend and implementation
nvirters
 
HKG15-110: ODP Project Update
HKG15-110: ODP Project UpdateHKG15-110: ODP Project Update
HKG15-110: ODP Project Update
Linaro
 

Was ist angesagt? (20)

The GStreamer-VAAPI report (GStreamer Conference 2017)
The GStreamer-VAAPI report (GStreamer Conference 2017)The GStreamer-VAAPI report (GStreamer Conference 2017)
The GStreamer-VAAPI report (GStreamer Conference 2017)
 
OpenShift As A DevOps Platform
OpenShift As A DevOps PlatformOpenShift As A DevOps Platform
OpenShift As A DevOps Platform
 
Simplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with RomanaSimplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with Romana
 
APIdays Singapore 2019 - Blowing Up the Monolith: Adopting a Modern API Strat...
APIdays Singapore 2019 - Blowing Up the Monolith: Adopting a Modern API Strat...APIdays Singapore 2019 - Blowing Up the Monolith: Adopting a Modern API Strat...
APIdays Singapore 2019 - Blowing Up the Monolith: Adopting a Modern API Strat...
 
Load Balancing Applications on Kubernetes with NGINX
Load Balancing Applications on Kubernetes with NGINXLoad Balancing Applications on Kubernetes with NGINX
Load Balancing Applications on Kubernetes with NGINX
 
LF_OVS_17_OVN at Nutanix
LF_OVS_17_OVN at NutanixLF_OVS_17_OVN at Nutanix
LF_OVS_17_OVN at Nutanix
 
44CON 2014 - Binary Protocol Analysis with CANAPE, James Forshaw
44CON 2014 - Binary Protocol Analysis with CANAPE, James Forshaw44CON 2014 - Binary Protocol Analysis with CANAPE, James Forshaw
44CON 2014 - Binary Protocol Analysis with CANAPE, James Forshaw
 
Mastering Microservices with Kong (DevoxxUK 2019)
Mastering Microservices with Kong (DevoxxUK 2019)Mastering Microservices with Kong (DevoxxUK 2019)
Mastering Microservices with Kong (DevoxxUK 2019)
 
KubeCon EU 2016 Keynote: Pushing Kubernetes Forward
KubeCon EU 2016 Keynote: Pushing Kubernetes ForwardKubeCon EU 2016 Keynote: Pushing Kubernetes Forward
KubeCon EU 2016 Keynote: Pushing Kubernetes Forward
 
FICO Open Shift presentation
FICO Open Shift presentationFICO Open Shift presentation
FICO Open Shift presentation
 
OpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformOpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platform
 
Replacing and Augmenting F5 BIG-IP with NGINX Plus
Replacing and Augmenting F5 BIG-IP with NGINX PlusReplacing and Augmenting F5 BIG-IP with NGINX Plus
Replacing and Augmenting F5 BIG-IP with NGINX Plus
 
Tech Talk by Louis Fourie: SFC: technology, trend and implementation
Tech Talk by Louis Fourie: SFC: technology, trend and implementationTech Talk by Louis Fourie: SFC: technology, trend and implementation
Tech Talk by Louis Fourie: SFC: technology, trend and implementation
 
Developing a user-friendly OpenResty application
Developing a user-friendly OpenResty applicationDeveloping a user-friendly OpenResty application
Developing a user-friendly OpenResty application
 
Accelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network OverlaysAccelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network Overlays
 
BKK16-407 AOSP Toolchain Evolution and experimental languages on AOSP
BKK16-407 AOSP Toolchain Evolution and experimental languages on AOSPBKK16-407 AOSP Toolchain Evolution and experimental languages on AOSP
BKK16-407 AOSP Toolchain Evolution and experimental languages on AOSP
 
The Real World with OpenShift - Red Hat DevOps & Microservices Conference 2017
The Real World with OpenShift - Red Hat DevOps & Microservices Conference 2017 The Real World with OpenShift - Red Hat DevOps & Microservices Conference 2017
The Real World with OpenShift - Red Hat DevOps & Microservices Conference 2017
 
HKG15-110: ODP Project Update
HKG15-110: ODP Project UpdateHKG15-110: ODP Project Update
HKG15-110: ODP Project Update
 
Fabric8 - Being devOps doesn't suck anymore
Fabric8 - Being devOps doesn't suck anymoreFabric8 - Being devOps doesn't suck anymore
Fabric8 - Being devOps doesn't suck anymore
 
Interconnecting Neutron and Network Operators' BGP VPNs
Interconnecting Neutron and Network Operators' BGP VPNsInterconnecting Neutron and Network Operators' BGP VPNs
Interconnecting Neutron and Network Operators' BGP VPNs
 

Ähnlich wie Publishing Microservices Applications

Edge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different PiecesEdge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different Pieces
Cloudify Community
 
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
Juraj Hantak
 
MRA AMA Part 10: Kubernetes and the Microservices Reference Architecture
MRA AMA Part 10: Kubernetes and the Microservices Reference ArchitectureMRA AMA Part 10: Kubernetes and the Microservices Reference Architecture
MRA AMA Part 10: Kubernetes and the Microservices Reference Architecture
NGINX, Inc.
 
Docker in production service discovery with consul - road to opscon 2015
Docker in production service discovery with consul - road to opscon 2015Docker in production service discovery with consul - road to opscon 2015
Docker in production service discovery with consul - road to opscon 2015
Giovanni Toraldo
 

Ähnlich wie Publishing Microservices Applications (20)

How we scale up our architecture and organization at Dailymotion
How we scale up our architecture and organization at DailymotionHow we scale up our architecture and organization at Dailymotion
How we scale up our architecture and organization at Dailymotion
 
Openshift serverless Solution
Openshift serverless SolutionOpenshift serverless Solution
Openshift serverless Solution
 
Agile Integration Workshop
Agile Integration WorkshopAgile Integration Workshop
Agile Integration Workshop
 
Edge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different PiecesEdge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different Pieces
 
Kubernetes Networking - Sreenivas Makam - Google - CC18
Kubernetes Networking - Sreenivas Makam - Google - CC18Kubernetes Networking - Sreenivas Makam - Google - CC18
Kubernetes Networking - Sreenivas Makam - Google - CC18
 
Deep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingDeep dive into Kubernetes Networking
Deep dive into Kubernetes Networking
 
Red Hat and kubernetes: awesome stuff coming your way
Red Hat and kubernetes: awesome stuff coming your wayRed Hat and kubernetes: awesome stuff coming your way
Red Hat and kubernetes: awesome stuff coming your way
 
Building Microservices with Apache Kafka
Building Microservices with Apache KafkaBuilding Microservices with Apache Kafka
Building Microservices with Apache Kafka
 
KONG-APIGateway.pptx
KONG-APIGateway.pptxKONG-APIGateway.pptx
KONG-APIGateway.pptx
 
OpenStack cloud for ConoHa, Z.com and GMO AppsCloud in okinawa opendays 2015 ...
OpenStack cloud for ConoHa, Z.com and GMO AppsCloud in okinawa opendays 2015 ...OpenStack cloud for ConoHa, Z.com and GMO AppsCloud in okinawa opendays 2015 ...
OpenStack cloud for ConoHa, Z.com and GMO AppsCloud in okinawa opendays 2015 ...
 
Comparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetesComparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetes
 
Eugene Bova "Dapr (Distributed Application Runtime) in a Microservices Archit...
Eugene Bova "Dapr (Distributed Application Runtime) in a Microservices Archit...Eugene Bova "Dapr (Distributed Application Runtime) in a Microservices Archit...
Eugene Bova "Dapr (Distributed Application Runtime) in a Microservices Archit...
 
Kubernetes: Dive into the Future of Infrastructure
Kubernetes: Dive into the Future of InfrastructureKubernetes: Dive into the Future of Infrastructure
Kubernetes: Dive into the Future of Infrastructure
 
Xpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case StudyXpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case Study
 
Spring cloud for microservices architecture
Spring cloud for microservices architectureSpring cloud for microservices architecture
Spring cloud for microservices architecture
 
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
 
MRA AMA Part 10: Kubernetes and the Microservices Reference Architecture
MRA AMA Part 10: Kubernetes and the Microservices Reference ArchitectureMRA AMA Part 10: Kubernetes and the Microservices Reference Architecture
MRA AMA Part 10: Kubernetes and the Microservices Reference Architecture
 
What is a Service Mesh and what can it do for your Microservices
What is a Service Mesh and what can it do for your MicroservicesWhat is a Service Mesh and what can it do for your Microservices
What is a Service Mesh and what can it do for your Microservices
 
Montreal Kubernetes Meetup: Developer-first workflows (for microservices) on ...
Montreal Kubernetes Meetup: Developer-first workflows (for microservices) on ...Montreal Kubernetes Meetup: Developer-first workflows (for microservices) on ...
Montreal Kubernetes Meetup: Developer-first workflows (for microservices) on ...
 
Docker in production service discovery with consul - road to opscon 2015
Docker in production service discovery with consul - road to opscon 2015Docker in production service discovery with consul - road to opscon 2015
Docker in production service discovery with consul - road to opscon 2015
 

Kürzlich hochgeladen

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Kürzlich hochgeladen (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 

Publishing Microservices Applications

  • 1.
  • 2. ● Javier Ramírez Urea − Modern Infrastructures − Dockerized at HoplaSoftware − DCA, DCI, MSCE jramirez@hoplasoftware.com infra-team@hoplasoftware.com frjaraur hopla-training
  • 3. Publishing Applications “... Not a long time ago, there were tons of Monoliths ...” From Monoliths to Services Mesh 3
  • 4. Publishing Applications “... Evolution always brings new problems to solve ...” From Monoliths to Services Mesh 4
  • 5. Publishing Applications From Monoliths to Services Mesh Monolith Application 5
  • 6. Publishing Applications From Monoliths to Services Mesh Monolith Application Router Mesh 6
  • 7. Publishing Applications From Monoliths to Services Mesh Monolith Application Router Mesh GATEWAY 7
  • 8. Publishing Applications From Monoliths to Services Mesh Monolith Application Router Mesh Service Mesh GATEWAY 8
  • 9. Publishing Applications From Monoliths to Services Mesh Monolith Application Router Mesh Service Mesh GATEWAY GATEWAY 9
  • 10. Publishing Applications From Monoliths to Services Mesh Monolith Application Router Mesh Service Mesh GATEWAY GATEWAY G ATEW AY GATEWAY GATEW AY GATEWAY 10
  • 11. Publishing Applications From Monoliths to Services Mesh Monolith Application Router Mesh Service Mesh GATEWAY 11
  • 12. Publishing Applications From Monoliths to Services Mesh Router Mesh GATEWAY Solutions for publishing applications must managed dynamic service components routing when they change: ● Manage North-South Traffic ● Resilience ● Scaling ● Host Maintenances ● Updatings/Rollbacks ...Etc….. 12
  • 13. Publishing Applications From Monoliths to Services Mesh Router Mesh GATEWAY Solutions for publishing applications must managed dynamic service components routing when they change: ● Manage North-South Traffic ● Resilience ● Scaling ● Host Maintenances ● Updatings/Rollbacks ...Etc….. 13
  • 14. Publishing Applications • Kubernetes publishing • Pods are mortal and their number can be scale up/down whenever we need it. • Services are abstraction which defines a logical set of Pods and a policy by which to access them: ■ Endpoints API updated whenever the set of Pods in a Service changes, for Kubernetes-native applications. ■ A Virtual-IP-based bridge to Services which redirects to the backend Pods, for non-native applications. Containers Routing Publishing Mesh 14
  • 15. Publishing Applications • Cluster IP • Node Port • Load Balancer • External Name • External IPs Kubernetes Service Types 15
  • 17. Publishing Applications SERVICE KUBE-PROXY POD POD POD Cluster IP Just for Debugging or allowing internal traffic, displaying internal dashboards, etc. 17
  • 18. Publishing Applications SERVICE POD POD POD LOAD BALANCER VIP Load Balancer 18
  • 19. Publishing Applications SERVICE POD POD POD LOAD BALANCER VIP Load Balancer The big downside is that each service you expose with a LoadBalancer will get its own IP address, and you have to pay for a LoadBalancer per exposed service, which can get expensive! 19
  • 20. Publishing Applications SERVICE POD POD POD Service Port Service Port Service Port EXTERNAL LOAD BALANCER NodePort 20
  • 21. Publishing Applications SERVICE POD POD POD Service Port Service Port Service Port EXTERNAL LOAD BALANCER NodePort There are many downsides to this method: ● You can only have once service per port ● You can only use ports 30000–32767 (configurable, but fixed) ● If your Node/VM IP address change, you need to deal with that 21
  • 22. Publishing Applications Ingress Controllers SERVICE_APP1 POD_APP1 POD_APP1 POD_APP1 Ingress Port INGRESS CONTROLLER SERVICE_APP2 POD_APP2 POD_APP2 app1.example.com myapps.example.com/app1 app2.example.com myapps.example.com/app2 EXTERNAL LOAD BALANCER 22
  • 23. Publishing Applications Ingress Resource apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - host: a.example.com http: paths: - path: /testpath backend: serviceName: test servicePort: 80 23
  • 24. Publishing Applications apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - host: a.example.com http: paths: - path: /testpath backend: serviceName: test servicePort: 80 Ingress Resource 24
  • 25. Publishing Applications apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - host: a.example.com http: paths: - path: /testpath backend: serviceName: test servicePort: 80 Ingress Resource 25
  • 26. Publishing Applications apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - host: a.example.com http: paths: - path: /testpath backend: serviceName: test servicePort: 80 Ingress Resource 26
  • 27. Publishing Applications Smart Routers ● Kubernetes Nginx ● Nginx/Nginx Plus ● Traëfik Kubernetes Ingress Controllers Types Router Controllers ● Cluster External Ingress Elements Interaction: ○ Big IP F5 Ingress ○ Octavia Ingress Controller ○ GLBC (GCE L7 lbctl) ○ Netscaler ● Cluster Internal API Gateways: ○ Kong Framework Specific ● Docker EE Interlock ● Openshift Router 27
  • 28. Publishing Applications Docker EE Layer 7 routing in UCP supports: • High availability: • Automatic configuration • Scalability • TLS • Context-based routing • Host mode networking • Security • Allows Redirects • Persistent Sessions • Websockets • Canary Deployments with merge Docker EE Interlock 28
  • 29. Publishing Applications SERVICE_APP1 POD_APP1 POD_APP1 POD_APP1 Ingress Port INTERLOCK SERVICE_APP2 POD_APP2 POD_APP2 app1.example.com myapps.example.com/app1 app2.example.com myapps.example.com/app2 EXTERNAL LOAD BALANCER ucp-interlock ucp-interlock-extension ucp-interlock-proxy ucp-interlock-proxy Docker EE Interlock 29
  • 30. Publishing Applications Main Features ● Based on Community Nginx with third-party modules ● Supported by Kubernetes community ● Host rules (allow merging) ● HTTP load balancing extensions (Annotations and ConfigMap) ● HTTP/S, TCP/UDP and TCP SSL Passthrough ● Websocket ● Prometheus Integration ● Dynamic reconfiguration with third-party LUA plugin Kubernetes Nginx Ingress Controller 30
  • 31. Publishing Applications Main Features ● HTTP/S host header and path routing ● Circuit Breakers ● Status Based Health Checks ● Routing with Basic authentication ● Extended configuration via toml ● Routing Priorities Traëfik Ingress Controller 31
  • 33. Publishing Applications NGINX and NGINX Plus supports the following Ingress features: ● SSL termination ● Path-based rules ● Multiple host names and Mergeable Ingress resources ● Websocket, which allows you to load balance Websocket applications. ● SSL Services, which allows you to load balance HTTPS applications. ● Rewrites, which allows you to rewrite the URI of a request before sending it to the application. ● Customized templates using annotations NGINX Ingress Controller 33
  • 34. Publishing Applications Nginx Plus Only Available Ingress features: ● Dynamic Reconfiguration without reloading ● Complex Health Checks with pattern matching ● Extended Nginx Plus Dashboard ● Session Persistence. ● Support for JWTs to authenticate requests by validating JSON Web Tokens (JWTs). NGINX Plus Ingress Controller 34
  • 37. Publishing Applications Main features: ● Act as Controller for Kong (almost everything Kong does it is available). ● Kong ingress controller does not use Services to route traffic to the pods. Instead it uses the Endpoints API to bypass kube-proxy to allow Kong features like session affinity and custom load balancing algorithms. It also removes overhead, such as conntrack entries for iptables DNAT. ● Add New KongPlugin Resource ● Routing through API gateway Kong Ingress Controller apiVersion: configuration.konghq.com/v1 kind: KongPlugin metadata: name: add-ratelimiting-to-route namespace: kong config: hour: "100" limit_by: "ip" second: "10" 37
  • 39. Publishing Applications apiVersion: extensions/v1beta1 kind: Deployment metadata: name: blue|red-app spec: replicas: 2 selector: matchLabels: app: blue|red template: metadata: labels: app: blue|red spec: containers: - name: blue|red image: codegazers/colors:1.5 env: - name: COLOR value: blue|red ports: - containerPort: 3000 apiVersion: v1 kind: Service metadata: name: blue|red-svc spec: ports: - port: 80 targetPort: 3000 protocol: TCP name: http selector: app: blue|red Colors Deployment https://raw.githubusercontent.com/Codegazers/k8s-vagrant/master/demo/colors.yml 39
  • 40. Publishing Applications apiVersion: extensions/v1beta1 kind: Ingress metadata: name: colors-ingress spec: rules: - host: blue.example.com http: paths: - backend: serviceName: blue-svc servicePort: 80 - host: red.example.com http: paths: - backend: serviceName: red-svc servicePort: 80 Colors Ingress Resource https://raw.githubusercontent.com/Codegazers/k8s-vagrant/master/demo/colors-ingress.yml 40
  • 41. Publishing Applications apiVersion: extensions/v1beta1 kind: Ingress metadata: name: colors-ingress annotations: kubernetes.io/ingress.class: "nginx" nginx.com/health-checks: "true" spec: rules: - host: blue.example.com http: paths: - backend: serviceName: blue-svc servicePort: 80 - host: red.example.com http: paths: - backend: serviceName: red-svc servicePort: 80 Ingress Resource with Health Checks https://raw.githubusercontent.com/Codegazers/k8s-vagrant/master/demo/colors-with-health.yml spec: containers: - name: red image: codegazers/colors:1.5 ports: - containerPort: 3000 env: - name: COLOR value: "red" readinessProbe: httpGet: port: 3000 path: /health httpHeaders: - name: AppStatus value: "UP" initialDelaySeconds: 1 periodSeconds: 5 timeoutSeconds: 4 successThreshold: 2 failureThreshold: 3 Deployment Checks 41
  • 42. Publishing Applications apiVersion: extensions/v1beta1 kind: Ingress metadata: name: colors-ingress annotations: nginx.org/rewrites: "serviceName=red-svc rewrite=/;" spec: rules: - host: blue.example.com http: paths: - path: /red/ backend: serviceName: red-svc servicePort: 80 - backend: serviceName: blue-svc servicePort: 80 - host: red.example.com http: paths: - backend: serviceName: red-svc servicePort: 80 Ingress Controller Rewriting https://raw.githubusercontent.com/Codegazers/k8s-vagrant/master/demo/colors-ingress-rewrite.yml 42
  • 43. Publishing Applications apiVersion: extensions/v1beta1 kind: Ingress metadata: name: colors-ingress annotations: nginx.com/sticky-cookie-services: "serviceName=red-svc red_svc_id expires=60s path=/;" spec: rules: - host: blue.example.com http: paths: - path: /red/ backend: serviceName: red-svc servicePort: 80 - backend: serviceName: blue-svc servicePort: 80 - host: red.example.com http: paths: - backend: serviceName: red-svc servicePort: 80 Ingress Controller Session Persistence https://raw.githubusercontent.com/Codegazers/k8s-vagrant/master/demo/colors-ingress-sticky.yml 43
  • 44. Publishing Applications Ingress Controller Rate Limiting https://raw.githubusercontent.com/Codegazers/k8s-vagrant/master/demo/colors-ingress-sticky.yml apiVersion: extensions/v1beta1 kind: Ingress metadata: name: colors-ingress annotations: "rate-limiting.plugin.konghq.com":"add-ratelimiting-to-route" spec: rules: - host: blue.example.com http: paths: - backend: serviceName: blue-svc servicePort: 80 - host: red.example.com http: paths: - backend: serviceName: red-svc servicePort: 80 apiVersion: configuration.konghq.com/v1 kind: KongPlugin metadata: name: add-ratelimiting-to-route config: minute: 20 limit_by: ip second: 5 Kong Plugin Resource 44
  • 45. Publishing Applications Docker EE2 Interlock https://raw.githubusercontent.com/Codegazers/k8s-vagrant/master/demo/colors-interlock.yml version: "3.3" # A Docker Compose file for configuration of the development environment services: red: image: codegazers/colors:1.5 environment: - COLOR=red deploy: replicas: 3 labels: com.docker.lb.hosts: red.example.com com.docker.lb.network: colors com.docker.lb.port: 3000 networks: - colors blue: image: codegazers/colors:1.5 environment: - COLOR=blue deploy: replicas: 2 labels: com.docker.lb.hosts: blue.example.com com.docker.lb.network: colors com.docker.lb.port: 3000 networks: - colors networks: colors: driver: overlay 45
  • 46. Publishing Applications Docker EE2 Interlock https://raw.githubusercontent.com/Codegazers/k8s-vagrant/master/demo/colors-interlock.yml version: "3.3" # A Docker Compose file for configuration of the development environment services: red: image: codegazers/colors:1.5 environment: - COLOR=red deploy: replicas: 3 labels: com.docker.lb.hosts: red.example.com com.docker.lb.network: colors com.docker.lb.port: 3000 networks: - colors blue: image: codegazers/colors:1.5 environment: - COLOR=blue deploy: replicas: 2 labels: com.docker.lb.hosts: blue.example.com com.docker.lb.network: colors com.docker.lb.port: 3000 networks: - colors networks: colors: driver: overlay 46