4. Kubernetes : Services
https
Expose Pods
node
ClusterIp: no external access
NodePort: open port on all nodes
app=app1
service
service
app=app2
app=app1
Pod
app=app1
Pod
Pod
app=app2
Pod
app=app2
type: LoadBalancer
5. Kubernetes : Ingress
https
Expose Services
node
LoadBalancer: Expose to the world
NodePort: open port on all nodes
app=app1
service
service
app=app2
app=app1
Pod
app=app1
Pod
Pod
app=app2
Pod
app=app2
type: ClusterIp
Ingress
6. Kubernetes : Ingress
Ingress Controller
Component that allows to control a reverse-proxy (nginx / traefik …)
Ingress resource:
Rule that defines routing to a service in a cluster
7. Contour
by Craig McLuckie & Joe Beda
API objects
Manage Network
traffic translate
watch
Contour
(Ingress, Service et Endpoint)
(json)
How it works ?
11. Ingress
‟Achilles’ heel of a multi-team cluster”
Not progressed beyond the beta stage v1.1🤨
Ingress / services in same namespace☹
Explosion of annotations🤯
No safeguards to avoid accidental changes☠
Deployment strategy
canaryblue/green
👾
12. Contour
IngressRoute to the rescue
Demo is better !
Custom resource definition (k8s > 1.10)
Cross-namespaces
Enables delegation of routing configuration
Safeguard
💡
🚀
)
*
13. Other good features
Demo :)
Websocket
Permit Insecure route (acme-challenge)
Prefix Rewrite Support
Blue/Green CanaryDeployment strategy🔀
🔓
🧦
/
14. Lost in routes ?
Directed acyclic graph
(Dag)
Envoy admin interface (No UI)
Kubectl -n heptio-contour port-forward [CONTOUR_POD] 6060