云原生应用中的网络流量管理
相关主题
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
prod-namespace
Cats
Dogs
kind: NetworkPolicy apiVersion: extensions/v1beta1 metadata:
这些技术能够构建容错性好、易于管理和便于 观察的松耦合系统。结合可靠的自动化手段,云原 生技术使工程师能够轻松地对系统作出频繁和可预 测的重大变更。
应用层网络流量管理
• 分发 • 限流 • 熔断 • 重试 • 加密
微服务带来的网络管理复杂性
Source: Netflix tech blog
AWS网络相关服务
云原生 应生 中的生 络流量管理
• 概述 • 集群外网络流量管理 • 集群内网络流量管理 • Demo • Q&A
云原生
云原生应用
云原生技术有利于各组织在公有云、私有云和 混合云等新型动态环境中,构建和运行可弹性扩展 的应用。云原生的代表技术包括容器、服务网格、 微服务、不可变基础设施和声明式API。
Download distribution
Edge location
Streaming distribution
AWS Cloud Map
Hosted zone
Direct Connect gateway
Route table
53
Route 53 Resolver
应用外部网络流量管理
DNS DNS
Instance 1
Secondary IPs: 10.0.0.1
10.0.0.2
ENI
CNI
VPC Subnet – 10.0.0.0/24
https://github.com/aws/amazon-vpc-cni-k8s
Java Pod Veth IP: 10.0.0.22
Instance 2
Kubernetes Network Policy
AWS Resources
HTTP Listener
Rule: /cheeses TargetGroup: Green (IP Mode)
Node
Kubernetes Cluster
NodePort Node
Kubernetes API Server
ALB Ingress Controller
https://github.com/kubernetes-sigs/aws-alb-ingress-controller
Application load balancer
Client VPN
Classic load balancer
Peering
Network access control list
VPC Sharing
Network load balancer
Router
Endpoints
AWS Global Accelerator
Ingress可以提供负载平衡,SSL终 止和基于名称的虚拟主机。
Kubernetes Ingress
https://kubedex.com/ingress/
ALB Ingress Controller
HTTPS Listener
Rule: /charcuterie TargetGroup: Blue (Instance Mode)
Pod
Kubernetes Cluster
• Static IP/elastic IP addresses • Scalability • Zonal isolation • Source/remote address
preservation • Long-lived TCP connections • Reduced bandwidth usage • SSL termination
Edge location
Amazon Route 53
Amazon CloudFront AWS Global Accelerator
Backbone
Edge location
Backbone
us-west-2 Elastic Load Balancing Amazon API Gateway
ap-southeast-1 Elastic Load Balancing Amazon API Gateway
VPC VPC
Kubernetes Ingress
Ingress
foo.mydomain.com
mydomain.com/bar
other
Service1
Pod
Pod
Pod
Service2
Pod
Pod
Pod
Kubernetes Cluster
Service3
Pod
Pod
Pod
用于管理从外部访问集群内服务的 的一个API对象,通常是HTTP。
Kubernetes CNI - AWS VPC CNI 插件
ec2.associateaddress()
CNI
Nginx Pod Veth IP: 10.0.0.1
ENI
Secondary IPs: 10.0.0.20 10.0.0.22
Nginx Pod Veth IP: 10.0.0.20
Java Pod Veth IP: 10.0.0.2
AWS Virtual Private Network
Customer gateway
Elastic network adapter
百度文库
Elastic network interface
Flow logs
Internet gateway
NAT gateway
AWS Transit Gateway
Site-to-Site VPN
NodePort Node
NLB + ingress-nginx
Network Load Balancer
ingress-nginx
foo.mydomain.com
mydomain.com/bar
other
Service1
Pod
Pod
Pod
Service2
Pod
Pod
Pod
Service3
Pod
Pod
Kubernetes Service
Elastic Load Balancing
Service
Pod
Pod
Pod
• ClusterIP virtual IP, accessible from all nodes • LoadBalancer automatically creates a public ELB • NodePort bind service to the same port on every host
Cats
Dogs
kind: NetworkPolicy apiVersion: extensions/v1beta1 metadata:
这些技术能够构建容错性好、易于管理和便于 观察的松耦合系统。结合可靠的自动化手段,云原 生技术使工程师能够轻松地对系统作出频繁和可预 测的重大变更。
应用层网络流量管理
• 分发 • 限流 • 熔断 • 重试 • 加密
微服务带来的网络管理复杂性
Source: Netflix tech blog
AWS网络相关服务
云原生 应生 中的生 络流量管理
• 概述 • 集群外网络流量管理 • 集群内网络流量管理 • Demo • Q&A
云原生
云原生应用
云原生技术有利于各组织在公有云、私有云和 混合云等新型动态环境中,构建和运行可弹性扩展 的应用。云原生的代表技术包括容器、服务网格、 微服务、不可变基础设施和声明式API。
Download distribution
Edge location
Streaming distribution
AWS Cloud Map
Hosted zone
Direct Connect gateway
Route table
53
Route 53 Resolver
应用外部网络流量管理
DNS DNS
Instance 1
Secondary IPs: 10.0.0.1
10.0.0.2
ENI
CNI
VPC Subnet – 10.0.0.0/24
https://github.com/aws/amazon-vpc-cni-k8s
Java Pod Veth IP: 10.0.0.22
Instance 2
Kubernetes Network Policy
AWS Resources
HTTP Listener
Rule: /cheeses TargetGroup: Green (IP Mode)
Node
Kubernetes Cluster
NodePort Node
Kubernetes API Server
ALB Ingress Controller
https://github.com/kubernetes-sigs/aws-alb-ingress-controller
Application load balancer
Client VPN
Classic load balancer
Peering
Network access control list
VPC Sharing
Network load balancer
Router
Endpoints
AWS Global Accelerator
Ingress可以提供负载平衡,SSL终 止和基于名称的虚拟主机。
Kubernetes Ingress
https://kubedex.com/ingress/
ALB Ingress Controller
HTTPS Listener
Rule: /charcuterie TargetGroup: Blue (Instance Mode)
Pod
Kubernetes Cluster
• Static IP/elastic IP addresses • Scalability • Zonal isolation • Source/remote address
preservation • Long-lived TCP connections • Reduced bandwidth usage • SSL termination
Edge location
Amazon Route 53
Amazon CloudFront AWS Global Accelerator
Backbone
Edge location
Backbone
us-west-2 Elastic Load Balancing Amazon API Gateway
ap-southeast-1 Elastic Load Balancing Amazon API Gateway
VPC VPC
Kubernetes Ingress
Ingress
foo.mydomain.com
mydomain.com/bar
other
Service1
Pod
Pod
Pod
Service2
Pod
Pod
Pod
Kubernetes Cluster
Service3
Pod
Pod
Pod
用于管理从外部访问集群内服务的 的一个API对象,通常是HTTP。
Kubernetes CNI - AWS VPC CNI 插件
ec2.associateaddress()
CNI
Nginx Pod Veth IP: 10.0.0.1
ENI
Secondary IPs: 10.0.0.20 10.0.0.22
Nginx Pod Veth IP: 10.0.0.20
Java Pod Veth IP: 10.0.0.2
AWS Virtual Private Network
Customer gateway
Elastic network adapter
百度文库
Elastic network interface
Flow logs
Internet gateway
NAT gateway
AWS Transit Gateway
Site-to-Site VPN
NodePort Node
NLB + ingress-nginx
Network Load Balancer
ingress-nginx
foo.mydomain.com
mydomain.com/bar
other
Service1
Pod
Pod
Pod
Service2
Pod
Pod
Pod
Service3
Pod
Pod
Kubernetes Service
Elastic Load Balancing
Service
Pod
Pod
Pod
• ClusterIP virtual IP, accessible from all nodes • LoadBalancer automatically creates a public ELB • NodePort bind service to the same port on every host