NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller slides. This event was held at Cutters Crabhouse in Seattle, WA on March 14th.
2. 3/14 Agenda
11:00 AM - Doors Open
11:00 AM - 11:30 AM - Registration and Networking begin
11:30 AM - Opening Remarks by Andrew Edie
11:35 AM - 12:15 PM - Session: Kubernetes and the NGINX Plus
Ingress Controller by Kevin Jones
12:15 PM - 1:00 PM - Live demo session. Lunch is served.
1:00 PM - 1:30 PM - Interactive Q&A
1:30 PM - 2:00 PM - Raffle: Winner receives a Google Home. This
time will be used for any additional questions you may have for the
NGINX team.
3. • Andrew Edie– PNW Account Manager
aedie@nginx.com
• Kevin Jones – Technical Solutions Architect
Technical Questions: kevin.jones@nginx.com
• Coy Ibanez - Named Account Manager
coy.ibanez@nginx.com
• Ian Knight – Head of Americas Sales
Executive Sponsor: ian.knight@nginx.com
• Katherine Bagood – Event Marketing Specialist
katherine@nginx.com
Sr. Level Executive Sponsor: gus@nginx.com
NGINX Support
9. 9
“... when I started NGINX,
I focused on a very specific
problem – how to handle more
customers per a single server.”
- Igor Sysoev, NGINX creator and founder
13. 62%
of the Top 10,000 most visited websites
Source: : W3Techs Web Technology Survey136
14. 54%
of the Top 100,000 most visited websites
Source: : W3Techs Web Technology Survey137
15. 40%
of all instances on Amazon Web Services
Source: : Sumologic: The State of Modern Applications in AWS Report138
16. About NGINX, Inc.
• Founded in 2011, NGINX Plus first released in
2013
• VC-backed by enterprise software industry
leaders
• Offices in SF, London, Cork, Singapore and
Moscow
• 1,400+ commercial customers
• 200+ employees
16
19. NGINX Unit
The new dynamic web and application
server from NGINX. Open source,
support for multiple languages, and a
dynamic REST API-driven
configuration.
* Currently in public beta
NGINX Plus
The only all-in-one load balancer, web
server, and content cache. Simplify
your architecture while reducing costs.
Our Products
19
NGINX Controller
Centralized monitoring and
management for NGINX Plus. Deploy
virtual load balancers with a single,
beautiful interface. Automate with a
GraphQL API.
* Currently in private beta
NGINX WAF
Open source web application firewall
(WAF). Stop SQL injection, LFI, RFI,
and other Layer 7 attacks. Powered by
ModSecurity.
20. Monolith
● The way we’ve been
doing things
● Single codebase
● Long deployment process
○ Testing dependencies
○ Rolling restarts of servers
○ Traffic rerouting
22. Proxy Model
● Load Balances requests
to services
● Analogous to connectivity
for a horizontally scaled
monolith
● Services are left to
communicate with each
other
● Acts as an entry point for
monolith migration
● Lays the foundation for
building a service mesh
23. Router Mesh
● Standalone NGINX Plus
instance which acts as a
traffic manager
● Provides service
discovery via DNS SRV
records
● Load balances to
instances of services
● NGINX Plus provides
active health checks
allowing for circuit
breaker functionality
24. Fabric Model
● NGINX Plus exists as a
sidecar within the same
container as the service
● NGINX Plus and the app
communicate only on
localhost
● Instances of NGINX Plus
communicate directly
with each other
● Incorporates all the
features of the Router
Mesh and adds
persistent SSL
connections
25. Persistent SSL Connections
● An SSL handshake requires as
few as seven steps or as many
as 10
● NGINX Plus uses a keepalive
mechanism to persist
connections between instances
● The number of handshakes is
greatly reduced, thereby
decreasing overall latency
while maintaining encrypted
transmission
1 SYN >
2 < SYN/ACK
3 ACK >
4 ClientHello >
5 < ServerHello
< Certificate
< ServerKeyExchange
< ServerHelloDone
6 ClientKeyExchange >
ChangeCipherSpec >
ClientFinished >
7 < ChangeCipherSpec
< ServerFinished
33. 33
• Simple and easy to setup
• Limited to layer 4 load balancing
• If you need advanced load balancing
consider using an Ingress controller so you
can bring your own!
Built-in load balancing
40. 40
Ingress
• Pluggable load balancer implementation:
• NGINX/NGINX Plus
• GCE HTTP load balancer
• HAProxy
• … and others
- A load balancer is integrated via an Ingress controller that you
must deploy
42. NGINX and NGINX Plus
42
NGINX
• Load balancing w/ SSL/TLS
termination
• WebSocket and HTTP/2 support
• Layer 7 Routing / Modification
NGINX Plus
• Session persistence
• JWT authentication
• 24/7 support, no additional cost
• Advanced Monitoring… and more!
43. 43
NGINX Ingress Controller
• Runs in a container
• Well designed, fast and efficient golang script under the hood
• Community driven codebase
• Available for NGINX and NGINX Plus
https://github.com/nginxinc/kubernetes-ingress
46. 46
Data store + template
• Register services with a data
store (aka etcd or consul)
• Template the NGINX
configuration and manage
NGINX service via CLI (confd
or consul template)
datastore
Services (containers)
NGINX Open Source
47. 47
We love APIs!
• Services availability is
managed by kubernetes and
available via API
• Orchestration script can be in
any language
• NGINX Plus upstreams
managed dynamically without
configuration reload
Services (containers)
NGINX Plus API
Kubernetes API
Orchestration (script)
48. 48
Service Discovery ;D
• Built in DNS resolver
• Control over TTL
• Easily Integrates with existing
DNS based service discovery
tools
53. 53
My demo today…
• URL based routing
• Hostname based routing
• SSL termination at LB
• Support for scaling of replicas at LB via dynamic reconfiguration
• Available on github within the Ingress Controller repository
../examples/complete-example/
62. 62
NGINX Plus Cert/Key
$ pwd
/Users/kjones/Projects/kubernetes/kubernetes-ingress/nginx-controller
$ ls -l nginx-repo.*
-rw-r--r--@ 1 kjones staff 1334 Jan 23 11:47 nginx-repo.crt
-rw-r--r--@ 1 kjones staff 1704 Jan 23 11:47 nginx-repo.key
-rw-r--r-- 1 kjones staff 2549 Jan 23 11:47 nginx-repo.pfx
63. 63
Build the NGINX Plus Ingress Controller
$ sudo make DOCKERFILE=DockerfileForPlus
PREFIX=gcr.io/nginx-ingress-demo/nginx-plus-ingress
TAG=latest PUSH_TO_GCR=1
Before we dive into NGINX, and how we work with Kubernetes, it’s important to address and highlight an industry trend that is occurring not only in technology, but to industries across the board.
Based on conversations we are having, all industries are undergoing a digital transformation, and this digital transformation is making all customer facing applications mission critical.
In order to satisfy the ever-increasing needs of the digital customer, companies must treat every customer facing application as mission critical, every customer facing application is now revenue generating and a key part of the business.
With more and more consumers turning to their devices to purchase goods and services, applications must perform flawlessly to ensure customer satisfaction.
To do so, companies not only need to acknowledge this trend, but also adapt.
Speed to market is the difference between winning and losing, so companies must move faster and smarter than ever to deliver extraordinary Digital Experiences.
We’re going to be providing tools that help you reduce the complexity of managing your applications.
We’re going to bring you tools that help you move those legacy apps forward into your modern application architecture so that they’re not left behind.
One way NGINX Plus is helping some of our largest customers is our NGINX Kubernetes Ingress controller that provides enterprise grade delivery services for Kubernetes applications. Now I will turn it over to Kevin who will take you deeper into how we are doing that.
Our vision for the product is to provide flawless application delivery for the modern web.
Our vision for the product is to provide flawless application delivery for the modern web.
We power more than half of the top 10,000, and are the leader for application delivery among the highest trafficked sites and applications in the world.
We’re also now the number one web server for the top 100,000, and climbing fast in every category.
Source: http://w3techs.com/technologies/cross/web_server/ranking
We power more than half of the top 10,000, and are the leader for application delivery among the highest trafficked sites and applications in the world.
We’re also now the number one web server for the top 100,000, and climbing fast in every category.
Our adoption within cloud and containers is equally as powerful.
NGINX is more than just a product, we offer an entire Application platform to help you make this digital transformation
We offer an entire suite of technologies to help you develop and deliver digital experiences that span from legacy, monolithic apps to modern, microservices apps. (Point out key areas on the slide)
And lastly, what we would like to do now is talk about your specific environment and your unique challenges, in order to see how NGINX can help you make this transition as well.
OSS:
Load balancing w/ SSL/TLS termination
WebSocket and HTTP/2 support
URI rewriting before request is forwarded to application
Plus:
Session persistence *
JWT authentication *
24/7 support, no additional cost *
I wish I could tell you it’s over and we can all relax.
But sorry, it only gets worse from here!