Authors: Yuan Yi and Ru Feng

As a cloud native industry standard, Kubernetes has been embraced by many developers. Serverless Kubernetes Based on Kubernetes, the server provides the Serverless capability on demand without node o&M. The default Nginx Ingress Controller provided by Serverless Kubernetes can no longer meet the demands of on-demand and o&M. Serverless Kubernetes and ALB combine to provide on-demand, o&M free cloud product gateway capabilities and MSE cloud native gateway capabilities in microservice scenarios. Here’s how to provide gateway enhancements in Serverless Kubernetes.

background

Serverless Kubernetes (ASK)

ASK cluster is a serverless Kubernetes container service launched by Ali Cloud. You can deploy container applications without purchasing nodes, do not need to perform node maintenance and capacity planning for the cluster, and pay on-demand based on the amount of CPU and memory resources configured for the application. The ASK cluster provides complete Kubernetes compatibility while lowering the threshold to use Kubernetes, allowing you to focus more on the application rather than managing the underlying infrastructure.

Implementation of Serverless on Kubernetes mainly do the following two points:

First: how to focus more on business applications online.

Here we focus on business applications through Knative, further abstract Kubernetes resources, and provide the ability to use automatic elasticity on demand. Knative is an open source Serverless application framework based on Kubernetes to help you deploy and manage modern Serverless workloads and build enterprise-class Serverless platforms.

Knative consists of two main core modules: Serving and Eventing

• Serving provides a Service application model with support for traffic-based grayscale publishing, versioning, scaling to 0, and automatic elasticity.

• Eventing provides event-driven capabilities. Supports rich event sources, as well as Broker/Trigger models for event flow and filtering.

Second: how to make users pay less attention to infrastructure

IaaS resources are o&M free, reducing infrastructure concerns and eliminating node o&M. Serverless Kubernetes uses virtual nodes and elastic container instance ECI to completely remove users from IaaS o&M.

Pain points encountered using the default gateway

After talking about what Serverless Kubernetes is, we move on to the current issues with using the default gateway in ASK. Nginx Ingress is currently used by default in ASK, but users need to address the following issues:

• Own components, maintenance and upgrade • Manually configure elastic policies • Manually tune performance

Obviously, it cannot meet the demands of Serverless on demand and node free o&M. So let’s look at how to do gateway enhancement in Serverless Kubernetes.

Knative and propagated

ALB

Application Load Balancer (ALB) is a Load balancing service developed by Aliyun for HTTP, HTTPS, and QUIC Application layer Load balancing scenarios. ALB is highly elastic and capable of processing large-scale Application layer traffic. ALB has the ability to process complex business routing, deep integration with cloud native related services, and provides the cloud native Ingress gateway.

Application load balancer (ALB) features out-of-the-box, super performance, stability, reliability, elastic scaling, and pay-as-you-go, making it more suitable for seven-layer application delivery scenarios.

Applied load balancing propagated to 7 layer, support HTTP/HTTPS/HTTP2 / WSS/QUIC/GRPC many protocols, such as single instance can support up to 1 million QPS, industry performance is far ahead.

Product Advantages Compared with traditional load balancing (SLB), ALB has the following advantages in product positioning, performance, functional features, operation and maintenance, and cloud native support:

elasticity

ALB upgrade from 0 to 1 million QPS, smooth and non-sensory, no additional operations, and fully pay-as-you go.

Performance enhancements

How to achieve better performance than SLB is mainly derived from multi-level load and multi-level scheduling:

• Provides domain names, supports up to 99 VIPs in a single instance, and supports multi-level traffic scheduling.

• Intelligent expansion and expansion between AZs based on traffic growth without user awareness.

• Traffic is evenly and scatteredly scheduled on all RS in all AZs to prevent avalanche effects.

Operations to enhance

• Real-time access log center based on massive big data computing capability

• High precision real-time flow second-level monitoring. Steep drop, sharp spikes in a glance.

• Instance configuration management. Manage configurations like Git and roll back with one click.

ALB Ingress Controller

How can we combine the advantages of ALB with Kubernetes? Here we provide the Cloud provider: ALB Ingress Controller. Create ALB instances and rules directly through Kubernetes Ingress. Realize the integration of Kubernetes and ALB.

The ALB Ingress Controller gets changes to Ingress resources through API Server, dynamically generates AlbConfig, and then creates ALB instances, listeners, routing and forwarding rules, and back-end Server groups in turn. Service, Ingress and AlbConfig in Kubernetes have the following relationships:

• A Service is an abstraction of a real back-end Service. A Service can represent multiple identical back-end services.

• Ingress is a reverse proxy rule that specifies which Service HTTP/HTTPS requests should be forwarded to. For example, forwarding requests to different services depending on the Host and URL paths in the request.

• AlbConfig is a CRD resource provided in the ALB Ingress Controller. AlbConfig CRD is used to configure ALB instances and listeners. One AlbConfig corresponds to one ALB instance.

• Rich forwarding features

  1. Forward based on Header and Cookie.
  2. Domain name URL forwarding: Supports traffic scheduling based on domain names and urls, improving the flexibility of application systems.

• High elasticity and large throughput

  1. Performance guarantee instance: Launch performance guarantee instance to realize performance isolation between different instances and provide performance guarantee under corresponding specifications.
  2. Ultra high performance: Provides ultra high performance load balancing instances to solve performance bottlenecks.

• Cloud-oriented native apps

  1. Based on native Kubernetes Ingress
  2. Natural supports Aliyun container service Kubernetes products
  3. Compatible with Nginx Ingress semantics

• Safer and more reliable

  1. The ALB provides DDoS protection and supports one-click integration with Web application firewalls.
  2. Integrated WAF protection capability
  3. Supports full-link HTTPS encryption and supports efficient and secure encryption protocols such as TLS 1.3.

ALB Ingress Controller architecture

The ALB Ingress Controller architecture is as follows:

Instance level configuration • Customize CR: ALBConfig

Concurrent control • Serial configuration of the same Lb, parallel configuration of different Lb. • Configure the same RsPool in serial mode, and configure different RsPool in parallel mode. •Lb and Rs configurations are independent of each other

• Speed limiting control • Lb and Rs configurations processed simultaneously by Controller are configurable, respectively • Lb and Rs configurations processed per second by Controller are configurable, respectively • When Lb or Rs configurations fail, The rereconcile time control, number of retries, and retry interval can be configured respectively.

Knative traffic management

So with this bridge, we can easily use ALB as the Gateway of Knative. Here we first introduce the flow management of Knative.

Knative provides powerful traffic management capabilities, including grayscale publishing based on traffic, automatic resiliency based on traffic, and request event-driven capabilities.

Implementation of Knative combined with ALB

Next, let’s look at the implementation of Knative combined with ALB. The key design here is to convert the Knative Ingress into Kubernetes Ingress, and then create the ALB and forwarding rules through the ALB Ingress Controller.

Knative combines advantages with ALB

So what does the combination of Knative and ALB give us?

• Gateway full hosting, free o&M • Traffic elasticity • Header/Cookie/ weight grayscale publishing • Automatic certificate discovery

MSE Cloud native gateway

Under the virtual micro-service architecture, the business usually adopts the two-layer architecture of traffic gateway + micro-service gateway. The traffic gateway is responsible for the north-south traffic scheduling and security protection, and the micro-service gateway is responsible for the east-west traffic scheduling and service governance. However, in the cloud native era dominated by containers and Kubernetes, Ingress becomes the gateway standard of Kubernetes ecosystem, giving gateway a new mission and making it possible to combine traffic gateway and micro-service gateway into one. MSE cloud native gateway is the next generation gateway compatible with Kubernetes Ingress standard. It combines traditional traffic gateway and microservice gateway and reduces resource cost by 50%.

MSE Cloud Native Gateway – Integration with ASK to support microservice capabilities

Cloud native gateway integrates container service ASK by default and supports one-click import of Kubernetes service and automatic synchronization of Endpoint. The self-developed multi-ingress Controller component supports multi-Ask cluster reuse of the same gateway instance, and supports seamless transformation of Nginx Ingress core function annotations. This is only a brief introduction. For more information about MSE cloud native Gateway, you can pay attention to the subsequent special introduction.

Usage scenarios

Serverless Kubernetes supports on-demand scenarios such as highly elastic Internet scenarios, low-latency scenarios in the video and audio industry, and cloud-oriented native application scenarios. Combined with ALB gateway, it can realize grayscale release of new functions online and business flow simulation. Combined with MSE cloud native gateway, it can realize fast service discovery at the end of micro-service architecture.

summary

Severless Kubernetes Gateway enhancements: •Knative integrates with ALB to provide more application-aware Serverless. • Supports the MSE cloud native gateway and provides microservice scenarios.

Contact us

Welcome to join the following nail group, interested can communicate more:

Release the latest information of cloud native technology, collect the most complete content of cloud native technology, hold cloud native activities and live broadcast regularly, and release ali products and user best practices. Explore the cloud native technology with you and share the cloud native content you need.

Pay attention to [Alibaba Cloud native] public account, get more cloud native real-time information!