Author: Yuan Yi, Rufeng
Kubernetes, as today's cloud native industry standard, is embraced by many developers. Serverless Kubernetes is based on Kubernetes and provides serverless capabilities for on-demand use and node-free operation and maintenance. Currently, the Nginx Ingress Controller provided by default in Serverless Kubernetes can no longer meet the demands of on-demand use and free operation and maintenance. The combination of Serverless Kubernetes and ALB provides cloud product gateway capabilities for on-demand use and free operation and maintenance, and provides MSE cloud in microservice scenarios. Native gateway capability support. Here I will introduce how to provide gateway capability enhancement in Serverless Kubernetes.
background
Serverless Kubernetes (ASK)
ASK cluster is a serverless Kubernetes container service launched by Alibaba Cloud. You can directly deploy container applications without purchasing nodes, without node maintenance and capacity planning for the cluster, and you can pay as needed based on the amount of CPU and memory resources configured by the application. ASK clusters provide complete Kubernetes compatibility while lowering the threshold for using Kubernetes, allowing you to focus more on applications rather than managing the underlying infrastructure.
Implementing Serverless on Kubernetes mainly does the following two things:
First: how to focus more on business applications online.
Here we use Knative to focus on business applications, further abstract Kubernetes resources, and provide the ability to use automatic elasticity on demand. Knative is an open source serverless application framework based on Kubernetes, which helps you deploy and manage modern serverless workloads and build an enterprise-level serverless platform.
Knative mainly includes 2 core modules: Serving and Eventing
• Serving provides a Service application model that supports traffic-based grayscale publishing, version management, scaling to 0, and automatic elasticity.
• Eventing provides event-driven capabilities. Supports rich event sources and Broker/Trigger models for event flow and filtering.
Second: How Downwards Makes Users Less Focused on Infrastructure
Through the IaaS resource free operation and maintenance, the attention to the infrastructure is reduced, and the node is free of operation and maintenance. In Serverless Kubernetes, virtual nodes are combined with elastic container instance ECI, allowing users to completely get rid of the operation and maintenance of IaaS.
Pain points of using the default gateway
After talking about what serverless Kubernetes is, let's talk about what problems are currently encountered in using the default gateway in ASK. Currently, Nginx Ingress is used by default in ASK, but users need to face the following problems:
• Own components, maintain and upgrade • Manually configure elastic policies • Manual performance tuning
Obviously, it cannot meet the demands of serverless on-demand use and node-free operation and maintenance. Then let's talk about how to enhance the gateway in Serverless Kubernetes.
Knative and ALB
ALB
Application Load Balancer (ALB) is a load balancing service launched by Alibaba Cloud for application-layer load scenarios such as HTTP, HTTPS, and QUIC. It has super elasticity and large-scale application-layer traffic processing capabilities. ALB has the ability to handle complex business routing, deeply integrates with cloud-native related services, and provides a cloud-native Ingress gateway.
Application-based load balancing ALB has the characteristics of out-of-the-box, super performance, stability and reliability, elastic scaling, pay-as-you-go, etc. It is more suitable for 7-layer application delivery scenarios.
The application-based load balancing ALB is oriented to Layer 7 and supports many protocols such as HTTP/HTTPS/HTTP2/WSS/QUIC/GRPC. A single instance can support up to 1 million QPS, leading the industry in performance.
Product Advantages <br>Compared with traditional load balancing (original SLB), ALB has the following advantages in product positioning, performance, features, operation and maintenance, and cloud native support:
Enhanced elasticity
ALB upgrade from 0 to 1 million QPS, smooth and without feeling, no additional operations, and fully pay-as-you-go.
Performance enhancement <br>How to achieve stronger performance than SLB, mainly due to multi-level load and multi-level scheduling:
• Provide domain name, single instance supports up to 99 VIPs, multi-level traffic scheduling.
• Intelligent scaling among AZs according to traffic growth, without users needing to perceive.
• Traffic is distributed evenly and scattered across all RSs in all AZs to prevent avalanche effects.
Operation and maintenance enhancements • Real-time access log center based on massive big data computing capabilities • Second-level monitoring of high-precision real-time traffic. The sharp increase and the sudden drop, the spikes and spurs are unobstructed.
• Instance configuration management. Manage configuration like git and rollback with one click.
ALB Ingress Controller
Showing the advantages of ALB's own products, how can we use it in combination with Kubernetes? Here we provide cloud provider: ALB Ingress Controller. Create ALB instances and rules directly through Kubernetes Ingress. Implement Kubernetes integration with ALB.
The ALB Ingress Controller obtains changes in Ingress resources through the API Server, dynamically generates AlbConfig, and then sequentially creates ALB instances, monitoring, routing and forwarding rules, and backend server groups. In Kubernetes, Service, Ingress and AlbConfig have the following relationships:
• Service is an abstraction of real backend services, and a Service can represent multiple identical backend services.
• Ingress is a reverse proxy rule that specifies which Service HTTP/HTTPS requests should be forwarded to. For example: according to the different Host and URL paths in the request, forward the request to different Services.
• AlbConfig is the CRD resource provided by the ALB Ingress Controller. Use the AlbConfig CRD to configure the ALB instance and monitor. An AlbConfig corresponds to an ALB instance.
• Rich forwarding features
- Forwarding based on Header and Cookie.
- Domain name URL forwarding: Supports traffic scheduling according to different domain names and URLs, improving the flexibility of the application system.
• High flexibility and large throughput
- Performance-guaranteed instances: The performance-guaranteed instances are launched to achieve performance isolation between different instances and provide performance guarantees under corresponding specifications.
- Ultra-large performance specifications: For high-performance requirements, provide ultra-large-sized load balancing instances to solve performance bottlenecks.
• For cloud-native applications
- Based on native Kubernetes Ingress
- Naturally supports Alibaba Cloud Container Service Kubernetes products
- Compatible with Nginx Ingress semantics
• Safer and more reliable
- ALB comes with DDoS protection and can be integrated with Web Application Firewall with one click.
- Integrated WAF protection capabilities
- It supports full-link HTTPS encryption and efficient and secure encryption protocols such as TLS 1.3.
ALB Ingress Controller Architecture
The ALB Ingress Controller architecture is as follows:
Instance level configuration • Custom CR: ALBConfig
Concurrency control • The same Lb is changed in series, and different Lbs are changed in parallel.
• The same RsPool is changed in series, and different RsPools are changed in parallel.
• Lb and Rs variants are independent of each other
Speed limit control • The Lb change and Rs change processed by the Controller at the same time can be configured separately • The Lb change and Rs change processed by the Controller per second can be configured separately • When the Lb change or Rs change fails, reconcile the time control , the number of retries, and the retry interval can be configured separately.
Knative Traffic Management
So with this bridge, we can easily use ALB as a Knative gateway, here we first introduce Knative's traffic management.
Knative provides powerful traffic management capabilities, including: traffic-based grayscale publishing, traffic-based automatic elasticity, and request event-driven capabilities.
Knative combined with the implementation of ALB
Next, let's take a look at the implementation of Knative combined with ALB. The key design here is to convert Knative Ingress into Kubernetes Ingress, and then create ALB and forwarding rules through ALB Ingress Controller.
The advantages of combining Knative and ALB
So what does the combination of Knative and ALB bring us?
• Fully managed gateway, free of operation and maintenance • Based on traffic elasticity • Header/Cookie/weight grayscale publishing • Automatic certificate discovery
MSE Cloud Native Gateway
Under the virtualized microservice architecture, the business usually adopts a two-tier architecture of traffic gateway + microservice gateway. The traffic gateway is responsible for north-south traffic scheduling and security protection, and the microservice gateway is responsible for east-west traffic scheduling and service governance. In the cloud-native era dominated by Kubernetes, Ingress has become the gateway standard of the Kubernetes ecosystem, giving the gateway a new mission and making it possible to combine the traffic gateway + microservice gateway into one. The MSE cloud native gateway is a next-generation gateway compatible with the Kubernetes Ingress standard, which combines traditional traffic gateways and microservice gateways to reduce resource costs by 50%.
MSE Cloud Native Gateway - Integrates with ASK to support microservice capabilities
The cloud native gateway integrates the container service ASK by default, supports one-click import of Kubernetes services and automatically synchronizes Endpoint; and the self-developed Multi-Ingress Controller component supports multiple ASK clusters to reuse the same gateway instance, and supports the seamless conversion of Nginx Ingress core function annotations . Only a brief introduction is given here. For more MSE cloud native gateway content, you can pay attention to the follow-up special introduction.
scenes to be used
Scenarios currently supported by Serverless Kubernetes include highly elastic Internet scenarios, low-latency scenarios in the video and audio industry, and on-demand usage scenarios for cloud-native application scenarios. Combined with the ALB gateway, new functions can be launched in grayscale, and business traffic simulation can be achieved. Combined with the MSE cloud native gateway, fast service discovery can be achieved at the end of the microservice architecture.
summary
Severless Kubernetes gateway enhancements:
• Knative integrates with ALB to provide more application-aware Serverless.
• Support MSE cloud native gateway to provide micro-service scenario capabilities.
contact us
Welcome to join the following DingTalk group, if you are interested, you can communicate more:
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。