At Zalando we have 265 AWS accounts and 31 Kubernetes clusters running in AWS. We have to make sure that feature teams do not have to do more work than needed to deploy their application and publish endpoints.
Creating a Kubernetes ingress object is enough to provision an AWS Application Load Balancer (ALB) including automated SSL certificate lookup and TLS termination, HTTP routing based on our ingress implementation and a public resolvable DNS entry. This talk will explain the stack and deep dive into how this works for us.
2. 2
ZALANDO
15 markets
6 fulfillment centers
20 million active customers
3.6 billion € net sales 2016
165 million visits per month
12,000 employees in Europe
23. 23
GETTING STARTED
Other questions we asked ourselves..
• Single AZ vs. Multi AZ? ⇒ Multi AZ
• Federation? ⇒ No, not ready yet
• Overlay network? ⇒ Flannel, “rock solid”
• Authnz? ⇒ OAuth, webhook
25. 25
Ingress
• System view
• Developer point of view
• Enhancing Kubernetes with
weighted traffic switching
26. 26
System View
Goal: use Kubernetes API as primary interface
• External DNS → Route53
• Kubernetes Ingress Controller for AWS → ALB+TLS
• Skipper - http router → your dockerized app
⇒ we wrote new components
to achieve our goal
27. 27
System View - traffic flow
https://github.com/zalando/skipper
ALB
Node Skipper Node Skipper
MyApp MyApp MyApp
Service Service
K8s network
EC2 network
TLS
HTTP
29. 29
Kubernetes - service - configuration
https://github.com/zalando/skipper https://github.com/zalando-incubator/kube-ingress-aws-controller / https://github.com/kubernetes-incubator/external-dns
Select PODs by label
Target of Ingress definition
Port of the my-app
30. 30
Kubernetes - POD - configuration
https://github.com/zalando/skipper https://github.com/zalando-incubator/kube-ingress-aws-controller / https://github.com/kubernetes-incubator/external-dns
Target port
Selected by service