Download as PDF, PPTX
More Related Content
Similar to Ingress controller present, past and future
Ingress controller present, past and future
- 1. Kubernetes Ingress Controller AdamHamsik adam.hamsik@lablabs.io
- 2. Labyrinth Labs Rock-solid infrastructureand DevOps ● Building rock-solid and secure foundations for all your digital operations. Our mission is to let you focus on your business without ever needing to worry about technical issues again. ● Making you ready for growing traffic, safe against new security vulnerabilities and data-loss. 2
- 3. Kubernetes Node ● Kubelet ●Kube-proxy ● Container runtime ● CNI plugin 3
- 4. Kubernetes Services Service isa named abstraction of software service (for example, mysql) consisting of local port (for example 3306) that the proxy listens on, and the selector that determines which pods will answer requests sent through the proxy. ● Services historically come from Google Borg and were one of 3 apis defined (ReplicaSet, Pod, Service). ● Simple abstraction used to access Dynamic pods running in Kubernetes ● Layer 4 Loadbalancer Implementation for Kubernetes pods ● ClusterIp, NodePort, Loadbalancer 4
- 5.
- 6.
- 7. Ingress controller good,bad, ugly ● Lowest common denominator API ○ Many cloud managed loadbalancer used to support limited number of features. ● Currently versioned with networking.k8s.io/v1beta1 ○ Will be promoted to stable api version in 1.19 release ○ Introduced in kubernetes 1.1 release ● Initially implemented before CRDs extensions were available. ○ Kubernetes contains API you have to bring your own controller (nginx, traefik, gloo, …) 7
- 8.
- 9. Ingress controller good,bad, ugly ● Different controller implementations available with different features ○ Some ingress controllers can access tls key in other namespaces other can’t ○ Support for more complicated deployments canary, A/B testing, Blue/Green possible but you have to check your ingress first. ● Basic ingress has very limited feature scope 9
- 10. Ingress controller good,bad, ugly ● Annotations are not portable and can’t represent more complicated data structures. ● Because initial api didn’t support many features custom annotations were used to customize ingress behaviour ● Even simple rule path matching has different implementations and can behave differently between ingress controllers. ● Ingress Api is not extensible 10
- 11. Ingress controller future ●In kubernetes v1.18 ○ Adding IngressClass object to replace original annotation kubernetes.io/ingress.class ○ Add pathType to control how ingress paths are matched ■ Prefix ■ Exact ■ InplementationSpecific(default) ○ Support for wildcards in hostnames 11
- 12.
- 13. Gateway Api ● Inspiredby original work done by project contour CRDs ○ IngressRoute later HTTPProxy ● Gateway is an API for a common portable declarative description of load-balancing infrastructure for Kubernetes. ○ GatewayClass defines a set of gateways with a common configuration and behavior. ○ Gateway requests a point where traffic can be translated to Services within the cluster. ○ Routes describe how traffic coming via the Gateway maps to the Services. ○ TrafficSplits describe how traffic may be split from Routes. 13
- 14.
- 15. Demo Time vol.1 1. Show Nginx ingress controller forwarding traffic to backend application 2. Use Gloo ingress controller to manage access to application service. Use CRDs to customize ingress behaviour. 15
- 16.
- 17. More information ● https://projectcontour.io ●https://docs.solo.io/gloo/latest ● https://kubernetes.io/docs/tasks/tools/install-minikube/ ● https://itnext.io/kubernetes-ingress-past-present-and-future-f614f11ea924 ● https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-ku bernetes-1.18/ ● https://docs.google.com/document/d/1BxYbDovMwnEqe8lj8JwHo8YxHAt3oC7 ezhlFsG_tyag/preview ● https://kubernetes-sigs.github.io/service-apis/ 17