NI
Uploaded byNGINX, Inc.
PPTX, PDF200 views

Production-Grade Kubernetes With NGINX Ingress Controller

This document discusses the challenges of managing traffic in Kubernetes and presents the NGINX Ingress Controller as a solution for advanced networking needs. It highlights the importance of security and scalability in Kubernetes environments while comparing various ingress controller options. The content also emphasizes the necessity for more sophisticated data protection measures against rising cybersecurity threats.

Embed presentation

Downloaded 22 times
Production-Grade Kubernetes with NGINX Ingress Controller Amir Rawdat Technical Marketing Engineer, NGINX
| ©2020 F5 3 Agenda • Common challenges with managing traffic inside Kubernetes • Taking control of Kubernetes edge networking with NGINX • Choosing the NGINX ingress controller that fits your needs • Staying relevant in Kubernetes when security is top priority • Scaling Ingress Controller provisioning to multiple teams • Q&A
| ©2020 F5 4 Kubernetes becoming platform for developing, testing and running applications Applications are becoming ephemeral by nature This brings limitations to Layer 4 Kubernetes Networking NGINX provides L5-7 networking policies as an alternative to IP addresses Cybersecurity is an ever- growing, ever-complicating field Traditional firewalls and anti virus security is irrelevant or obsolete. Data breaches on the rise and will continue to rise throughout 2021. What we see in the market KUBERNETES-CENTRIC PERSPECTIVE SOURCE: INFORMATION EXAMPLE Adoption of managed and commercial Kubernetes platforms We see rapid adoption of OpenShift and Rancher in the private cloud space EKS and GKE adoption in public cloud
| ©2020 F5 5 MY FAVORITE ARTICLE TITLES But K8s Adoption Brings Complexity “Let’s Use Kubernetes!”N ow You Have 8 Problems” ”Will Complexity Kill Kubernetes?” “Has Kubernetes Already Become To Unnecessarily Complex for Enterprise IT?” ”Why Kubernetes Networking Is Hard – And What You Can Do About It”
| ©2020 F5 6 WHAT’S MISSING IN K8S AND WHAT DO YOU REALLY WANT AND NEED FROM NGINX? Networking: K8s, L4-L7 • K8s, and CNI, provides L4 servicing – IP endpoints • Many, complex options • https://kubernetes.io/docs/concepts/cluster-administration/networking/ • L7 Traffic Management is missing • Service-level access control • SSL/mTLS enforcement • Canary releases, A/B Testing, and blue-green deployments • Circuit breaking • WAF protection • Enter: KIC – Taking control of Kubernetes networking
| ©2020 F5 7 What is the NGINX Ingress Controller ?
| ©2020 F5 8 Special load balancer for Kubernetes environments: • Bridging Kubernetes apps with external services • Configured with the Kubernetes API • Load balancing rules are updated when apps scale up/down CONFIDENTIAL TOPOLOGY What is the NGINX Ingress Controller ?
| ©2020 F5 9 Problems with Ingress Resources • Kubernetes Ingress resources are limited to basic SSL/TLS and HTTP load balancing • Configuration can be further customized with Annotations, ConfigMaps, and templates • Global scoped and not fine grained • Very error prone • Not Secure
| ©2020 F5 10 NGINX Ingress Resources • Native Type-Safe Configuration • Provides advanced app delivery features with native Kubernetes workflow. • Increased modularity and reusability • Finer grained multi-tenancy with NGINX cross-namespacing
| ©2020 F5 11 Confidential – Do Not Distribute
| ©2020 F5 12 Confidential – Do Not Distribute
| ©2020 F5 13 Which NGINX Ingress Controller Should I use ?
| ©2020 F5 14 The top ingress providers for 2020 are NGINX (62%), Envoy (37%), and HAProxy (27%) Top Ingress providers for 2020 CNCF
| ©2020 F5 15 Features Community Ingress Controller NGINX OSS Ingress Controller NGINX Plus Ingress Controller Authors K8s F5 F5 Feature stability Inconsistent Consistent Consistent Performance (reloads) Great Good Excellent Support Community Community F5 Multi-tenant focus Weak Excellent Excellent NGINX Ingress Controller Options https://www.nginx.com/blog/performance-testing-nginx-ingress-controllers-dynamic-kubernetes-cloud- environment/
| ©2020 F5 16 Traffic Policies
| ©2020 F5 17  Zero trust security at the edge – Mutual TLS authentication  JWT/OIDC authentication (SSO)  Rate limiting – Make your apps resilient to traffic overload DEVOPS Traffic Policies
| ©2020 F5 18 Protecting your Kubernetes Apps from Vulnerabilities and Attacks
| ©2020 F5 19 Blocking Threats with NGINX App Protect SECURE PERIMETER FOR YOUR APPLICATIONS IN KUBERNETES
| ©2020 F5 20  Consolidating the NGINX Ingress Controller with a battle tested WAF  Configuration is fully managed by the Kubernetes API  Leverage Kubernetes RBAC to securely delegate WAF configurations to a dedicated DevSecOps team  Block unrecognized threats with user defined signatures WAF Blocking Threats with NGINX App Protect
| ©2020 F5 21  Get Started with the NGINX Ingress Controller -- https://github.com/nginxinc/kubernetes-ingress  Get a free trial of NGINX Plus Ingress Controller -- https://www.nginx.com/free-trial- request-nginx-ingress-controller/  Download the Complete NGINX Cookbook -- https://go.f5.net/cookbook Get Started Today !!
Q&A Contact Us: Amir Rawdat: a.rawdat@f5.com NGINX: sales@nginx.com

More Related Content

PDF
Kubernetes 101
byWinton Winton
 
PDF
Getting Started with Kubernetes
byVMware Tanzu
 
PDF
OpenStack Architecture
byMirantis
 
PDF
Kubernetes 101
byCrevise Technologies
 
PDF
Overview of kubernetes network functions
byHungWei Chiu
 
PDF
Kubernetes Architecture and Introduction
byStefan Schimanski
 
PDF
GitOps with Amazon EKS Anywhere by Dan Budris
byWeaveworks
 
PDF
Kubernetes Story - Day 1: Build and Manage Containers with Podman
byMihai Criveti
 
Kubernetes 101
byWinton Winton
 
Getting Started with Kubernetes
byVMware Tanzu
 
OpenStack Architecture
byMirantis
 
Kubernetes 101
byCrevise Technologies
 
Overview of kubernetes network functions
byHungWei Chiu
 
Kubernetes Architecture and Introduction
byStefan Schimanski
 
GitOps with Amazon EKS Anywhere by Dan Budris
byWeaveworks
 
Kubernetes Story - Day 1: Build and Manage Containers with Podman
byMihai Criveti
 

What's hot

PDF
Room 1 - 4 - Phạm Tường Chiến & Trần Văn Thắng - Deliver managed Kubernetes C...
byVietnam Open Infrastructure User Group
 
PPTX
Cloud Native PostgreSQL
byEDB
 
PDF
Kubernetes security
byThomas Fricke
 
PDF
OpenShift 4, the smarter Kubernetes platform
byKangaroot
 
PPTX
Docker Networking Overview
bySreenivas Makam
 
PPTX
Issues of OpenStack multi-region mode
byJoe Huang
 
PPTX
Kubernetes Basics
byRishabh Kumar
 
PDF
[OpenStack Days Korea 2016] Track2 - 아리스타 OpenStack 연동 및 CloudVision 솔루션 소개
byOpenStack Korea Community
 
PDF
Unrevealed Story Behind Viettel Network Cloud Hotpot | Đặng Văn Đại, Hà Mạnh ...
byVietnam Open Infrastructure User Group
 
PDF
High%20Level%20-%20OpenShift%204%20Technical%20Deep%20Dive%20-%202024%20-%20I...
byPutraChandra7
 
PPTX
Kubernetes Security
byKarthik Gaekwad
 
PPTX
Docker introduction (1)
byGourav Varma
 
PDF
Red Hat multi-cluster management & what's new in OpenShift
byKangaroot
 
PDF
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
byEdureka!
 
PPTX
Docker Container Security
bySuraj Khetani
 
PDF
Master Continuous Delivery with CloudBees Jenkins Platform
bydcjuengst
 
PDF
Kubernetes Interview Questions And Answers | Kubernetes Tutorial | Kubernetes...
byEdureka!
 
PPTX
Hyper-Converged Infrastructure: Concepts
byNick Scuola
 
PPTX
Kubernetes for Beginners: An Introductory Guide
byBytemark
 
PDF
Deploy Prometheus - Grafana and EFK stack on Kubic k8s Clusters
bySyah Dwi Prihatmoko
 
Room 1 - 4 - Phạm Tường Chiến & Trần Văn Thắng - Deliver managed Kubernetes C...
byVietnam Open Infrastructure User Group
 
Cloud Native PostgreSQL
byEDB
 
Kubernetes security
byThomas Fricke
 
OpenShift 4, the smarter Kubernetes platform
byKangaroot
 
Docker Networking Overview
bySreenivas Makam
 
Issues of OpenStack multi-region mode
byJoe Huang
 
Kubernetes Basics
byRishabh Kumar
 
[OpenStack Days Korea 2016] Track2 - 아리스타 OpenStack 연동 및 CloudVision 솔루션 소개
byOpenStack Korea Community
 
Unrevealed Story Behind Viettel Network Cloud Hotpot | Đặng Văn Đại, Hà Mạnh ...
byVietnam Open Infrastructure User Group
 
High%20Level%20-%20OpenShift%204%20Technical%20Deep%20Dive%20-%202024%20-%20I...
byPutraChandra7
 
Kubernetes Security
byKarthik Gaekwad
 
Docker introduction (1)
byGourav Varma
 
Red Hat multi-cluster management & what's new in OpenShift
byKangaroot
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
byEdureka!
 
Docker Container Security
bySuraj Khetani
 
Master Continuous Delivery with CloudBees Jenkins Platform
bydcjuengst
 
Kubernetes Interview Questions And Answers | Kubernetes Tutorial | Kubernetes...
byEdureka!
 
Hyper-Converged Infrastructure: Concepts
byNick Scuola
 
Kubernetes for Beginners: An Introductory Guide
byBytemark
 
Deploy Prometheus - Grafana and EFK stack on Kubic k8s Clusters
bySyah Dwi Prihatmoko
 

Similar to Production-Grade Kubernetes With NGINX Ingress Controller

PPTX
Control Kubernetes Ingress and Egress Together with NGINX
byNGINX, Inc.
 
PDF
Control Kubernetes Ingress and Egress Together with NGINX
byNGINX, Inc.
 
PDF
Relevez les défis Kubernetes avec NGINX
byNGINX, Inc.
 
PDF
Get the Most Out of Kubernetes with NGINX
byNGINX, Inc.
 
PDF
Securing Your Apps & APIs in the Cloud
byOlivia LaMar
 
PDF
Kubernetes Networking
byNGINX, Inc.
 
PPTX
NGINX Kubernetes Ingress Controller: Getting Started – EMEA
byAine Long
 
PDF
Deploying NGINX in Cloud Native Kubernetes
byKangaroot
 
PDF
Using NGINX and NGINX Plus as a Kubernetes Ingress
byKevin Jones
 
PDF
Load Balancing Applications on Kubernetes with NGINX
byAine Long
 
PDF
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...
byNGINX, Inc.
 
PDF
Mastering kubernetes ingress nginx
bySidhartha Mani
 
PPTX
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
byOlivia LaMar
 
PDF
NGINX Ingress Controller for Kubernetes
byNGINX, Inc.
 
PPTX
API Workloads on Kubernetes | Show Code Part 4
byNGINX, Inc.
 
PPTX
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
byKatherine Bagood
 
PDF
Application Security with NGINX
byNGINX, Inc.
 
PPTX
Modernizing Applications by Replacing F5 with the NGINX Application Delivery ...
byNGINX, Inc.
 
PPTX
Security and Observability of Application Traffic in Kubernetes
byAkshay Mathur
 
PDF
Ingress controller present, past and future
byJuraj Hantak
 
Control Kubernetes Ingress and Egress Together with NGINX
byNGINX, Inc.
 
Control Kubernetes Ingress and Egress Together with NGINX
byNGINX, Inc.
 
Relevez les défis Kubernetes avec NGINX
byNGINX, Inc.
 
Get the Most Out of Kubernetes with NGINX
byNGINX, Inc.
 
Securing Your Apps & APIs in the Cloud
byOlivia LaMar
 
Kubernetes Networking
byNGINX, Inc.
 
NGINX Kubernetes Ingress Controller: Getting Started – EMEA
byAine Long
 
Deploying NGINX in Cloud Native Kubernetes
byKangaroot
 
Using NGINX and NGINX Plus as a Kubernetes Ingress
byKevin Jones
 
Load Balancing Applications on Kubernetes with NGINX
byAine Long
 
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...
byNGINX, Inc.
 
Mastering kubernetes ingress nginx
bySidhartha Mani
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
byOlivia LaMar
 
NGINX Ingress Controller for Kubernetes
byNGINX, Inc.
 
API Workloads on Kubernetes | Show Code Part 4
byNGINX, Inc.
 
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
byKatherine Bagood
 
Application Security with NGINX
byNGINX, Inc.
 
Modernizing Applications by Replacing F5 with the NGINX Application Delivery ...
byNGINX, Inc.
 
Security and Observability of Application Traffic in Kubernetes
byAkshay Mathur
 
Ingress controller present, past and future
byJuraj Hantak
 

More from NGINX, Inc.

PDF
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
byNGINX, Inc.
 
PDF
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
byNGINX, Inc.
 
PDF
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
byNGINX, Inc.
 
PPTX
Get Hands-On with NGINX and QUIC+HTTP/3
byNGINX, Inc.
 
PPTX
Managing Kubernetes Cost and Performance with NGINX & Kubecost
byNGINX, Inc.
 
PDF
Manage Microservices Chaos and Complexity with Observability
byNGINX, Inc.
 
PDF
Accelerate Microservices Deployments with Automation
byNGINX, Inc.
 
PDF
Unit 2: Microservices Secrets Management 101
byNGINX, Inc.
 
PDF
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
byNGINX, Inc.
 
PDF
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
byNGINX, Inc.
 
PDF
Easily View, Manage, and Scale Your App Security with F5 NGINX
byNGINX, Inc.
 
PDF
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
byNGINX, Inc.
 
PDF
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
byNGINX, Inc.
 
PPTX
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
byNGINX, Inc.
 
PPTX
Protecting Apps from Hacks in Kubernetes with NGINX
byNGINX, Inc.
 
PPTX
NGINX Kubernetes API
byNGINX, Inc.
 
PPTX
Successfully Implement Your API Strategy with NGINX
byNGINX, Inc.
 
PPTX
Installing and Configuring NGINX Open Source
byNGINX, Inc.
 
PPTX
Shift Left for More Secure Apps with F5 NGINX
byNGINX, Inc.
 
PPTX
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
byNGINX, Inc.
 
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
byNGINX, Inc.
 
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
byNGINX, Inc.
 
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
byNGINX, Inc.
 
Get Hands-On with NGINX and QUIC+HTTP/3
byNGINX, Inc.
 
Managing Kubernetes Cost and Performance with NGINX & Kubecost
byNGINX, Inc.
 
Manage Microservices Chaos and Complexity with Observability
byNGINX, Inc.
 
Accelerate Microservices Deployments with Automation
byNGINX, Inc.
 
Unit 2: Microservices Secrets Management 101
byNGINX, Inc.
 
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
byNGINX, Inc.
 
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
byNGINX, Inc.
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
byNGINX, Inc.
 
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
byNGINX, Inc.
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
byNGINX, Inc.
 
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
byNGINX, Inc.
 
Protecting Apps from Hacks in Kubernetes with NGINX
byNGINX, Inc.
 
NGINX Kubernetes API
byNGINX, Inc.
 
Successfully Implement Your API Strategy with NGINX
byNGINX, Inc.
 
Installing and Configuring NGINX Open Source
byNGINX, Inc.
 
Shift Left for More Secure Apps with F5 NGINX
byNGINX, Inc.
 
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
byNGINX, Inc.
 

Recently uploaded

PPTX
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
PDF
Real-Time AI at Scale Masterclass: Feature Store at Scale
byScyllaDB
 
PDF
How to build hackthon projects from ZERO!
byishantyadav1111
 
PDF
Chapter 4 Network Security in computer security
byGetnet Tigabie Askale -(GM)
 
PDF
Getting Started with Apache Spark: Big Data Made Simple [Free Meetup]
byHaim Michael
 
PDF
TrustArc Webinar - From Zero to Privacy Hero: Launching Your Program Right an...
byTrustArc
 
PDF
"When every team does things "right", but together it turns into chaos", Yozh...
byFwdays
 
PDF
OpenCharacter AI Reviews: Features, Plans, and Best Alternative
byOpenCharacter AI
 
PDF
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
PDF
Parental Control App for Phones_ The Complete 2026 Guide for Safer, Smarter P...
byRyan Cooper
 
PDF
AI and Zero Trust: What it takes to do it right
byMark Simos
 
PDF
Adapt.com Seed Fundraising Deck | The AI Computer for Business
byashley459565
 
PDF
Website Redesign Vs Website Refresh, What’s Right for You in 2026?
byAnuj Kumar Singh
 
PDF
Designing a Blog Using Wordpress
bymarkzubi50
 
PDF
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
PDF
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
PDF
"Painless Major Upgrade: A Strategy for Updating Large Codebases", Andrii Yat...
byFwdays
 
PDF
Build Next-Gen Spatial & Sensor Workflows: Secure, Scalable Processing in Sno...
bySafe Software
 
PPTX
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
PDF
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
Real-Time AI at Scale Masterclass: Feature Store at Scale
byScyllaDB
 
How to build hackthon projects from ZERO!
byishantyadav1111
 
Chapter 4 Network Security in computer security
byGetnet Tigabie Askale -(GM)
 
Getting Started with Apache Spark: Big Data Made Simple [Free Meetup]
byHaim Michael
 
TrustArc Webinar - From Zero to Privacy Hero: Launching Your Program Right an...
byTrustArc
 
"When every team does things "right", but together it turns into chaos", Yozh...
byFwdays
 
OpenCharacter AI Reviews: Features, Plans, and Best Alternative
byOpenCharacter AI
 
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
Parental Control App for Phones_ The Complete 2026 Guide for Safer, Smarter P...
byRyan Cooper
 
AI and Zero Trust: What it takes to do it right
byMark Simos
 
Adapt.com Seed Fundraising Deck | The AI Computer for Business
byashley459565
 
Website Redesign Vs Website Refresh, What’s Right for You in 2026?
byAnuj Kumar Singh
 
Designing a Blog Using Wordpress
bymarkzubi50
 
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
"Painless Major Upgrade: A Strategy for Updating Large Codebases", Andrii Yat...
byFwdays
 
Build Next-Gen Spatial & Sensor Workflows: Secure, Scalable Processing in Sno...
bySafe Software
 
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 

Production-Grade Kubernetes With NGINX Ingress Controller

  • 1.
    Production-Grade Kubernetes with NGINX Ingress Controller AmirRawdat Technical Marketing Engineer, NGINX
  • 3.
    | ©2020 F5 3 Agenda •Common challenges with managing traffic inside Kubernetes • Taking control of Kubernetes edge networking with NGINX • Choosing the NGINX ingress controller that fits your needs • Staying relevant in Kubernetes when security is top priority • Scaling Ingress Controller provisioning to multiple teams • Q&A
  • 4.
    | ©2020 F5 4 Kubernetesbecoming platform for developing, testing and running applications Applications are becoming ephemeral by nature This brings limitations to Layer 4 Kubernetes Networking NGINX provides L5-7 networking policies as an alternative to IP addresses Cybersecurity is an ever- growing, ever-complicating field Traditional firewalls and anti virus security is irrelevant or obsolete. Data breaches on the rise and will continue to rise throughout 2021. What we see in the market KUBERNETES-CENTRIC PERSPECTIVE SOURCE: INFORMATION EXAMPLE Adoption of managed and commercial Kubernetes platforms We see rapid adoption of OpenShift and Rancher in the private cloud space EKS and GKE adoption in public cloud
  • 5.
    | ©2020 F5 5 MYFAVORITE ARTICLE TITLES But K8s Adoption Brings Complexity “Let’s Use Kubernetes!”N ow You Have 8 Problems” ”Will Complexity Kill Kubernetes?” “Has Kubernetes Already Become To Unnecessarily Complex for Enterprise IT?” ”Why Kubernetes Networking Is Hard – And What You Can Do About It”
  • 6.
    | ©2020 F5 6 WHAT’SMISSING IN K8S AND WHAT DO YOU REALLY WANT AND NEED FROM NGINX? Networking: K8s, L4-L7 • K8s, and CNI, provides L4 servicing – IP endpoints • Many, complex options • https://kubernetes.io/docs/concepts/cluster-administration/networking/ • L7 Traffic Management is missing • Service-level access control • SSL/mTLS enforcement • Canary releases, A/B Testing, and blue-green deployments • Circuit breaking • WAF protection • Enter: KIC – Taking control of Kubernetes networking
  • 7.
    | ©2020 F5 7 Whatis the NGINX Ingress Controller ?
  • 8.
    | ©2020 F5 8 Specialload balancer for Kubernetes environments: • Bridging Kubernetes apps with external services • Configured with the Kubernetes API • Load balancing rules are updated when apps scale up/down CONFIDENTIAL TOPOLOGY What is the NGINX Ingress Controller ?
  • 9.
    | ©2020 F5 9 Problemswith Ingress Resources • Kubernetes Ingress resources are limited to basic SSL/TLS and HTTP load balancing • Configuration can be further customized with Annotations, ConfigMaps, and templates • Global scoped and not fine grained • Very error prone • Not Secure
  • 10.
    | ©2020 F5 10 NGINXIngress Resources • Native Type-Safe Configuration • Provides advanced app delivery features with native Kubernetes workflow. • Increased modularity and reusability • Finer grained multi-tenancy with NGINX cross-namespacing
  • 11.
    | ©2020 F5 11Confidential – Do Not Distribute
  • 12.
    | ©2020 F5 12Confidential – Do Not Distribute
  • 13.
    | ©2020 F5 13 WhichNGINX Ingress Controller Should I use ?
  • 14.
    | ©2020 F5 14 Thetop ingress providers for 2020 are NGINX (62%), Envoy (37%), and HAProxy (27%) Top Ingress providers for 2020 CNCF
  • 15.
    | ©2020 F5 15 FeaturesCommunity Ingress Controller NGINX OSS Ingress Controller NGINX Plus Ingress Controller Authors K8s F5 F5 Feature stability Inconsistent Consistent Consistent Performance (reloads) Great Good Excellent Support Community Community F5 Multi-tenant focus Weak Excellent Excellent NGINX Ingress Controller Options https://www.nginx.com/blog/performance-testing-nginx-ingress-controllers-dynamic-kubernetes-cloud- environment/
  • 16.
  • 17.
    | ©2020 F5 17 Zero trust security at the edge – Mutual TLS authentication  JWT/OIDC authentication (SSO)  Rate limiting – Make your apps resilient to traffic overload DEVOPS Traffic Policies
  • 18.
    | ©2020 F5 18 Protectingyour Kubernetes Apps from Vulnerabilities and Attacks
  • 19.
    | ©2020 F5 19 BlockingThreats with NGINX App Protect SECURE PERIMETER FOR YOUR APPLICATIONS IN KUBERNETES
  • 20.
    | ©2020 F5 20 Consolidating the NGINX Ingress Controller with a battle tested WAF  Configuration is fully managed by the Kubernetes API  Leverage Kubernetes RBAC to securely delegate WAF configurations to a dedicated DevSecOps team  Block unrecognized threats with user defined signatures WAF Blocking Threats with NGINX App Protect
  • 21.
    | ©2020 F5 21 Get Started with the NGINX Ingress Controller -- https://github.com/nginxinc/kubernetes-ingress  Get a free trial of NGINX Plus Ingress Controller -- https://www.nginx.com/free-trial- request-nginx-ingress-controller/  Download the Complete NGINX Cookbook -- https://go.f5.net/cookbook Get Started Today !!
  • 22.
    Q&A Contact Us: Amir Rawdat:a.rawdat@f5.com NGINX: sales@nginx.com

Editor's Notes

  • #2 A couple house keeping items: 1. All attendees for todays session will receive a $25 gift card from our marketing teams within 24-48 hours) 2. We're going to play a little trivia in a moment and we ask that you please type your responses in the chat window – the first person to answer correctly will win some NGINX Swag 3. I will be moderating the chat window so if you have questions as Amir is going through his discussion points, please enter them and we will be sure to answer those. If we don't get to them during the session today, we will certainly get the answers for you following todays call 4. I wanted to point out, that we are also doing more hands-on lab sessions around various NGINX solutions (KIC being one of them) so, please send me your email in a DM if you'd like to get registered for this or receive further information. These labs are usually 3-4 hours and Amir can share a little more detail on what they entail. Amir...
  • #5 Cybersecurity is an ever-growing, ever-complicating field Authentication is enforced independent of IP addresses Both the client and server before connections are accepted.   Broader shift away from perimeter focused, firewall-based security to where security is everywhere and is based on identity (such as identity of applications sharing or requesting information) 
  • #8 While we can’t solve all of the complexity that comes with K8s, we can offer up a simpler and more secure way to manage all service-to-service traffic.
  • #13 Delegate security, and traffic control to each team. Configure the ingress networking for applications pods inside their respective namespace.
  • #14 While we can’t solve all of the complexity that comes with K8s, we can offer up a simpler and more secure way to manage all service-to-service traffic.
  • #16 Multi-tenant focus:
  • #17 While we can’t solve all of the complexity that comes with K8s, we can offer up a simpler and more secure way to manage all service-to-service traffic.
  • #19 While we can’t solve all of the complexity that comes with K8s, we can offer up a simpler and more secure way to manage all service-to-service traffic.