2018 04-06 kubernetes ingress in production

Editor's Notes

• #2: Welcome to DecompileD! Today, my talk is about - Kubernetes Ingress in production. To have some context I will show you some Zalando numbers.
• #3: There are about 2000 employees working for Zalando Tech. We have 7 tech hubs in Europe. My customers are all developer teams and we need to scale!
• #4: Let's have a brief look into zalando’s technology stack to have more technical context
• #5: We started as PHP magento shop. We rewrote it with Java and Postgres and deployed it into Linux containers. With a management shift we went to the AWS cloud and now evolve into a state of the art kubernetes infrastructure. We use Docker as deploy artifacts and Kubernetes to orchestrate them.
• #6: What is meant by large scale?
• #8: Let’s have a very brief look into Kubernetes objects relevant to the talk
• #9: A Deployment creates a set of Pods. <wait>
• #10: A Kubernetes service selects a set of PODs and acts as TCP loadbalancer to them <wait>
• #11: An ingress is an external access point to services <wait>
• #12: Because we have about 300 teams that want to deploy, we need automations that build loadbalancer infrastructure. We do this based on the Ingress definition. Let’s see what we want to build and how we do it.
• #13: There are 2 loadbalancer components involved: The application loadbalancer ALB, and skipper. You see the blue boxes.<wait> Request processing is going from top to bottom: First TLS is terminated on the ALB Skipper is target of all ALBs. Skipper runs on every worker node and does http routing. Skipper selects MyApp PODs via Kubernetes service MyApp boxes are your application PODs.
• #14: Technically, skipper bypasses Kubernetes service to reach PODs directly. Like this we can do proper loadbalancing and do retries on failing connections. <wait>
• #15: An ingress object is glueing the blue loadbalancer together with the green backends. You see two marked definitions: host is the host header for the frontend http routing And backend is used to find the application
• #16: If we created this ingress object, Skipper creates an HTTP route based on the provided configuration.<wait> From cluster nodes we can call a skipper endpoint with the specified Host header to reach our application. <wait>
• #17: Kube-ingress-aws-controller creates an ALB with attached certificates pointing to skipper. With this inplace, you can create an HTTPS request to an ALB.<wait> The ALB target shown is a route53 ALIAS record.<wait> With the correct host header set, a request will reach your application.<wait>
• #18: External DNS creates a public DNS record to the ALB.<wait> Now, we have everything we need to serve public traffic from the internet.<wait> Everything is automated and a deployer has only to provide an ingress definition.
• #19: To understand highlevel deployment patterns, I will give you a brief introduction to skipper.<wait> Skipper is a flexible cloud native http proxy router. It is made for frequently changing configurations.<wait> Additionally, skipper has 2 building blocks seen by users: Predicates and Filters
• #20: Skipper has a routing table proven to scale beyond 200.000 routes.<wait> A routing table consists of a number of routes.<wait> An http request will be mapped by Predicates to a specific Route.<wait> Each route has a set of filters.<wait>
• #21: HTTP requests and responses can be changed by Filters. <wait> For example we can change the path of the request from /api to / <wait>, which we might add in the response again.<wait> We can also set a Cookie in the response. <wait>
• #22: Predicates and Filters can both be set by Ingress annotations: <wait> skipper-predicate and skipper-filter <wait> You now have an understanding of required details for the next sections.
• #23: Besides the Kubernetes rolling update strategy, skipper supports <wait> Shadow traffic <wait> and blue-green deployments.<wait> Let’s see why..
• #24: A common development cycle looks like this.<wait> We develop and test and if these are successful.<wait> We deploy and go production.<wait> We do this all the day. <wait> If not we drink coffee and attend meetings.<wait>
• #25: In real world we see failures after new deployments, <wait> because the newer version might be slower than before.
• #26: One solution is to target your new application with current life traffic.<wait> Shadow traffic allows you to test with live traffic without notice of your users.<wait> Skipper can copy the request to a new target and drop the response from the new one.<wait> This we call shadow traffic<wait>
• #27: You can use the tee() filter to copy the full request to another URL target. This gives you flexibility however your new service is structured.
• #28: Another solution is to use blue-green deployments. Skipper can split traffic to different Kubernetes services. Like this you can rollout a version v2 and slowly ramp up traffic. How do you do it?
• #29: Again using ingress! You see the backend-weights annotation set to 90 and 10 for the 2 service backends for hostname “my-app.example.org”. Skipper will split the traffic as you defined in ingress. Here 90% of the traffic will target my-app-v1 and 10% v2.
• #30: As user interface you can use a kube control plugin to do traffic switching from v1 to v2. The last argument is the percentage of traffic you want to direct to the new service. The old one will get the rest of the traffic.
• #31: How do you downgrade a feature or test that a new feature is a success? Feature toggle and A/B tests can do that and skipper can help you to implement these.
• #32: A feature toggle can be easily downgraded on failure by your caller. If v equals alpha does not reply in time, call next time without this query. The caller can decide, if the feature is enabled or not.
• #33: To implement a feature toggle, you create an additional ingress. If a request matches the query “v equals alpha” and the host header, skipper will proxy to alpha service.
• #34: To check if implementation A is better than B, you can use A/B tests. <wait> A request without cookie matching our target has 10% chance to get a Cookie with “flavor equals A”. The rest will get “flavor equals B”
• #35: We see the traffic predicate matches the route by 10% chance. And skipper sets a Cookie with flavor A in the response. <wait>
• #36: Rest will get a cookie with flavor B <wait>
• #37: A request with cookie “flavor equals A” will be forwarded to service A. The same applies for B. Clients will stick to the chosen backend from part 1.
• #38: In case of a Cookie with flavor A, we call the backend a-app-svc <wait>
• #39: In case of of Cookie with flavor B, we call the backend b-app-svc <wait>
• #40: To run applications in production, you need to have visibility
• #41: How do you get all logs from one request across all backends? This what X-FlowID is for. Skipper sets an X-FlowID header, if not passed in the request. Applications only have to log this header in their handlers.
• #42: To find a log trace you can grep for the FlowID in this case: capital A
• #43: To answer the question if your backend application is slow, or returns errors, you want to have metrics from your loadbalancer
• #44: Skipper measures and exposes roundtrip metrics, errors, counters and histograms. We export metrics as json or Prometheus format.
• #45: To find which part of a service is slow, you should setup opentracing. This enables you to get waterfall charts to boil down which service in the chain is slow
• #46: Skipper can add automatically tracing headers to all incoming requests and reports to agents. This allows you to see skipper in traces shown before.
• #47: For resiliency, we have ratelimits and automatic retries. Additionally we also have circuitbreaker and you can also add throttling or packetloss, but I will not show this today.
• #48: Ratelimits can be used to protect your backends. You see incoming 1k requests per second and only 300 will be forwarded, rest will get a HTTP code 429
• #49: To allow 100 requests per second to the defined backend, we setup cluster Ratelimits as skipper Filter
• #50: Client side ratelimits can be used to protect your login page. For example allow 10 requests per hour rest will get a HTTP code 429
• #51: The shown cluster ratelimit filter with a third parameter allows 10 requests per hour per X-Forwarded-For header to the defined backend
• #52: Skipper can do retries. For example the first request goes to a POD which is ..
• #53: .. failing, so skipper will get a connect refused from the backend. Skipper will do ..
• #54: .. a retry to the other available POD. This is safe to do, because we only retry on errors if we did not send data.
• #55: That was it for today. We would like to hear from you in github issues or our skipper google group! We are also available in K8s Slack #sig-aws and #external-dns or ping me at twitter.
• #56: Questions? <<prev slide to Show the links>>