9. th meetup cncf

1. Kubernetes Ingress Controller
Adam Hamsik
adam.hamsik@lablabs.io

2. Labyrinth Labs
Rock-solid infrastructure and DevOps
● Building rock-solid and secure foundations for all your digital operations. Our
mission is to let you focus on your business without ever needing to worry
about technical issues again.
● Making you ready for growing traffic, safe against new security vulnerabilities
and data-loss.
2

3. Kubernetes Node
● Kubelet
● Kube-proxy
● Container runtime
● CNI plugin
3

4. Kubernetes Services
Service is a named abstraction of software service (for example, mysql) consisting of
local port (for example 3306) that the proxy listens on, and the selector that
determines which pods will answer requests sent through the proxy.
● Services historically come from Google Borg and were one of 3 apis defined
(ReplicaSet, Pod, Service).
● Simple abstraction used to access Dynamic pods running in Kubernetes
● Layer 4 Loadbalancer Implementation for Kubernetes pods
● ClusterIp, NodePort, Loadbalancer
4

5. Kubernetes Service Architecture
5

6. Kubernetes Service Architecture
6

7. Ingress controller good, bad, ugly
● Lowest common denominator API
○ Many cloud managed loadbalancer used to support limited number of features.
● Currently versioned with networking.k8s.io/v1beta1
○ Will be promoted to stable api version in 1.19 release
○ Introduced in kubernetes 1.1 release
● Initially implemented before CRDs extensions were available.
○ Kubernetes contains API you have to bring your own controller (nginx, traefik, gloo, …)
7

8. Ingress controller example
8

9. Ingress controller good, bad, ugly
● Different controller implementations available with different features
○ Some ingress controllers can access tls key in other namespaces other
can’t
○ Support for more complicated deployments canary, A/B testing,
Blue/Green possible but you have to check your ingress first.
● Basic ingress has very limited feature scope
9

10. Ingress controller good, bad, ugly
● Annotations are not portable and can’t represent more complicated data
structures.
● Because initial api didn’t support many features custom annotations were
used to customize ingress behaviour
● Even simple rule path matching has different implementations and can
behave differently between ingress controllers.
● Ingress Api is not extensible
10

11. Ingress controller future
● In kubernetes v1.18
○ Adding IngressClass object to replace original annotation kubernetes.io/ingress.class
○ Add pathType to control how ingress paths are matched
■ Prefix
■ Exact
■ InplementationSpecific(default)
○ Support for wildcards in hostnames
11

12. Ingress controller example
12

13. Gateway Api
● Inspired by original work done by project contour CRDs
○ IngressRoute later HTTPProxy
● Gateway is an API for a common portable declarative description of
load-balancing infrastructure for Kubernetes.
○ GatewayClass defines a set of gateways with a common configuration and behavior.
○ Gateway requests a point where traffic can be translated to Services within the cluster.
○ Routes describe how traffic coming via the Gateway maps to the Services.
○ TrafficSplits describe how traffic may be split from Routes.
13

14. Gateway Api example
14

15. Demo Time vol. 1
1. Show Nginx ingress controller forwarding traffic to backend application
2. Use Gloo ingress controller to manage access to application service. Use CRDs
to customize ingress behaviour.
15

16. Questions ?
adam.hamsik@lablabs.io
www.lablabs.io
16

17. More information
● https://projectcontour.io
● https://docs.solo.io/gloo/latest
● https://kubernetes.io/docs/tasks/tools/install-minikube/
● https://itnext.io/kubernetes-ingress-past-present-and-future-f614f11ea924
● https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-ku
bernetes-1.18/
● https://docs.google.com/document/d/1BxYbDovMwnEqe8lj8JwHo8YxHAt3oC7
ezhlFsG_tyag/preview
● https://kubernetes-sigs.github.io/service-apis/
17