NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller slides. This event was held at Cutters Crabhouse in Seattle, WA on March 14th.

1. WelcomeNGINX Lunch and Learn

2. 3/14 Agenda
11:00 AM - Doors Open
11:00 AM - 11:30 AM - Registration and Networking begin
11:30 AM - Opening Remarks by Andrew Edie
11:35 AM - 12:15 PM - Session: Kubernetes and the NGINX Plus
Ingress Controller by Kevin Jones
12:15 PM - 1:00 PM - Live demo session. Lunch is served.
1:00 PM - 1:30 PM - Interactive Q&A
1:30 PM - 2:00 PM - Raffle: Winner receives a Google Home. This
time will be used for any additional questions you may have for the
NGINX team.

3. • Andrew Edie– PNW Account Manager
aedie@nginx.com
• Kevin Jones – Technical Solutions Architect
Technical Questions: kevin.jones@nginx.com
• Coy Ibanez - Named Account Manager
coy.ibanez@nginx.com
• Ian Knight – Head of Americas Sales
Executive Sponsor: ian.knight@nginx.com
• Katherine Bagood – Event Marketing Specialist
katherine@nginx.com
Sr. Level Executive Sponsor: gus@nginx.com
NGINX Support

4. Industry Trend
Digital Transformation

5. TODAY EVERY CUSTOMER FACING
APPLICATION IS MISSION CRITICAL

6. In today’s world, you need to move faster and
smarter than ever
to deliver extraordinary Digital Experiences

7. So, what is NGINX doing about it?

9. 9
“... when I started NGINX,
I focused on a very specific
problem – how to handle more
customers per a single server.”
- Igor Sysoev, NGINX creator and founder

10. 10
High Performance Webserver and Reverse Proxy
Web Server

11. 11
Flawless Application Delivery for the Modern Web
Load
Balancer
Content
Cache
Web
Server
Monitoring &
Management
Security
Controls

12. 458 million
Total sites running on NGINX
Source: Netcraft January 2018 Web Server Survey6

13. 62%
of the Top 10,000 most visited websites
Source: : W3Techs Web Technology Survey136

14. 54%
of the Top 100,000 most visited websites
Source: : W3Techs Web Technology Survey137

15. 40%
of all instances on Amazon Web Services
Source: : Sumologic: The State of Modern Applications in AWS Report138

16. About NGINX, Inc.
• Founded in 2011, NGINX Plus first released in
2013
• VC-backed by enterprise software industry
leaders
• Offices in SF, London, Cork, Singapore and
Moscow
• 1,400+ commercial customers
• 200+ employees
16

17. 22

18. NGINX
Application
Platform
18
A suite of
technologies to
develop and deliver
digital experiences
that span from
legacy, monolithic
apps to modern,
microservices apps.

19. NGINX Unit
The new dynamic web and application
server from NGINX. Open source,
support for multiple languages, and a
dynamic REST API-driven
configuration.
* Currently in public beta
NGINX Plus
The only all-in-one load balancer, web
server, and content cache. Simplify
your architecture while reducing costs.
Our Products
19
NGINX Controller
Centralized monitoring and
management for NGINX Plus. Deploy
virtual load balancers with a single,
beautiful interface. Automate with a
GraphQL API.
* Currently in private beta
NGINX WAF
Open source web application firewall
(WAF). Stop SQL injection, LFI, RFI,
and other Layer 7 attacks. Powered by
ModSecurity.

20. Monolith
● The way we’ve been
doing things
● Single codebase
● Long deployment process
○ Testing dependencies
○ Rolling restarts of servers
○ Traffic rerouting

21. NGINX for Microservices
21
NGINX helps ensure microservices are:
• Connected
• Served
• Authenticated
• Secured
• Cached
• Load Balanced
• Scaled

22. Proxy Model
● Load Balances requests
to services
● Analogous to connectivity
for a horizontally scaled
monolith
● Services are left to
communicate with each
other
● Acts as an entry point for
monolith migration
● Lays the foundation for
building a service mesh

23. Router Mesh
● Standalone NGINX Plus
instance which acts as a
traffic manager
● Provides service
discovery via DNS SRV
records
● Load balances to
instances of services
● NGINX Plus provides
active health checks
allowing for circuit
breaker functionality

24. Fabric Model
● NGINX Plus exists as a
sidecar within the same
container as the service
● NGINX Plus and the app
communicate only on
localhost
● Instances of NGINX Plus
communicate directly
with each other
● Incorporates all the
features of the Router
Mesh and adds
persistent SSL
connections

25. Persistent SSL Connections
● An SSL handshake requires as
few as seven steps or as many
as 10
● NGINX Plus uses a keepalive
mechanism to persist
connections between instances
● The number of handshakes is
greatly reduced, thereby
decreasing overall latency
while maintaining encrypted
transmission
1 SYN >
2 < SYN/ACK
3 ACK >
4 ClientHello >
5 < ServerHello
< Certificate
< ServerKeyExchange
< ServerHelloDone
6 ClientKeyExchange >
ChangeCipherSpec >
ClientFinished >
7 < ChangeCipherSpec
< ServerFinished

26. The Migration Path

27. Benefits of Kubernetes

28. 28
Kubernetes is an open-source system for
automating deployment, scaling, and
management of containerized applications

29. Kubernetes makes ops easy…
• Run anywhere
• Rolling updates
• Fault Tolerance
• Horizontal Scaling
• Load Balancing
• YAML… and more!
29

30. Built in Load Balancing

31. 3
1
kube-proxykube-proxy
hello
kube-proxy
hello
NodePort NodePort NodePort
hello
Built-in load balancing - NodePort

32. 3
2
kube-proxykube-proxy
hello
kube-proxy
hello
NodePort NodePort NodePort
hello
LB
LoadBalancer

33. 33
• Simple and easy to setup
• Limited to layer 4 load balancing
• If you need advanced load balancing
consider using an Ingress controller so you
can bring your own!
Built-in load balancing

34. Why use an Ingress?

35. 35
Ingress
• Kubernetes resource
• Benefits
• Externally reachable URLs
• Advanced L7 Load Balancing
• SSL/TLS
• SNI (hostname based routing)

36. 36
Ingress Example – Basic

37. 37
Ingress Example – URL based routing

38. 38
Ingress Example – Host based routing

39. 39
Ingress Example – SSL offloading

40. 40
Ingress
• Pluggable load balancer implementation:
• NGINX/NGINX Plus
• GCE HTTP load balancer
• HAProxy
• … and others
- A load balancer is integrated via an Ingress controller that you
must deploy

41. Deploying NGINX and NGINX Plus as
an Ingress Controller

42. NGINX and NGINX Plus
42
NGINX
• Load balancing w/ SSL/TLS
termination
• WebSocket and HTTP/2 support
• Layer 7 Routing / Modification
NGINX Plus
• Session persistence
• JWT authentication
• 24/7 support, no additional cost
• Advanced Monitoring… and more!

43. 43
NGINX Ingress Controller
• Runs in a container
• Well designed, fast and efficient golang script under the hood
• Community driven codebase
• Available for NGINX and NGINX Plus
https://github.com/nginxinc/kubernetes-ingress

44. 44
NGINX Ingress Controller

45. Configuring NGINX or NGINX Plus
without Ingress

46. 46
Data store + template
• Register services with a data
store (aka etcd or consul)
• Template the NGINX
configuration and manage
NGINX service via CLI (confd
or consul template)
datastore
Services (containers)
NGINX Open Source

47. 47
We love APIs!
• Services availability is
managed by kubernetes and
available via API
• Orchestration script can be in
any language
• NGINX Plus upstreams
managed dynamically without
configuration reload
Services (containers)
NGINX Plus API
Kubernetes API
Orchestration (script)

48. 48
Service Discovery ;D
• Built in DNS resolver
• Control over TTL
• Easily Integrates with existing
DNS based service discovery
tools

49. Coming Soon!

50. 50

51. Break Time!

52. Welcome back…

53. 53
My demo today…
• URL based routing
• Hostname based routing
• SSL termination at LB
• Support for scaling of replicas at LB via dynamic reconfiguration
• Available on github within the Ingress Controller repository
../examples/complete-example/

54. 54
Café Simulation
• Café themed application
• Two services (URL routing)
◦ /Tea
◦ /Coffee

55. 55
Create a GCP Project

56. 56
Enable the API’s…

57. 57
Install the Google Cloud SDK

58. 58
Run gcloud init

59. 59
Create the Kubernetes cluster
$ gcloud container clusters create backend
--num-nodes 5
--machine-type g1-small

60. 60
Allow HTTP / HTTPS Traffic

61. 61
Further Firewall Configuration

62. 62
NGINX Plus Cert/Key
$ pwd
/Users/kjones/Projects/kubernetes/kubernetes-ingress/nginx-controller
$ ls -l nginx-repo.*
-rw-r--r--@ 1 kjones staff 1334 Jan 23 11:47 nginx-repo.crt
-rw-r--r--@ 1 kjones staff 1704 Jan 23 11:47 nginx-repo.key
-rw-r--r-- 1 kjones staff 2549 Jan 23 11:47 nginx-repo.pfx

63. 63
Build the NGINX Plus Ingress Controller
$ sudo make DOCKERFILE=DockerfileForPlus
PREFIX=gcr.io/nginx-ingress-demo/nginx-plus-ingress
TAG=latest PUSH_TO_GCR=1

64. 64
Update your NGINX Plus RC YAML
$ cat nginx-plus-ingress-rc.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: nginx-plus-ingress-rc
labels:
app: nginx-plus-ingress
spec:
replicas: 1
selector:
app: nginx-plus-ingress
template:
metadata:
labels:
app: nginx-plus-ingress
spec:
containers:
- image: gcr.io/nginx-ingress-demo/nginx-plus-ingress:latest
imagePullPolicy: Always
name: nginx-plus-ingress
ports:
- containerPort: 80
hostPort: 80
- containerPort: 443
hostPort: 443
- containerPort: 8080
hostPort: 8080
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# NGINX configuration with configmaps
args:
- -nginx-plus
#- -v=3
#- -nginx-configmaps=$(POD_NAMESPACE)/nginx-config
- -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret

65. 65
Become a Cluster Admin
$ kubectl create clusterrolebinding cluster-admin-binding
--clusterrole=cluster-admin
--user=$(gcloud config get-value core/account)

66. Demo

67. If you like NGINX,
you’ll love NGINX Plus!
nginx.com/developer-license
use code: kjla2018

68. Kevin Jones
@webopsx
Thank You!
Learn more at nginx.com