Kuberntes Ingress with Kong
Kubernetes ecosystem is seeing adoption across the industry and is on the path to becoming the de-facto orchestration platform on modern cloud service delivery. Kubernetes not only provides primitives for deploying run microservices in the cloud but goes one step further and helps you define interactions and lifecycle for your APIs. The Ingress API in Kubernetes allows you to expose your microservice to the outside world and define routing policies for your north-south traffic (or traffic coming into your virtual data center). We invite Harry Bagdi, Sr. Cloud to discuss in-depth about the design and why of Ingress resource, the benefits of using Ingress to manage your API lifecycle using CI/CD pipelines, and how you can accomplish Ingress using a popular open-source solution, Kong. Kong’s Ingress Controller implements authentication, load-balancing, traffic throttling, transformations, caching, metrics, and logging across Kubernetes clusters.
Kuberntes Ingress with Kong
- 1. Kubernetes Ingress With Kong Harry Bagdi Irvine CA
- 2. Agenda Ingress with Kong ■ Ingress ■ Kong ■ Ingress & Kong ■ Demo 2
- 3. Harry Engineer @ Kong Inc Maintainer of Kong Ingress Controller Open-source enthusiast Chuck Taylor All-Stars fan; current obsession: RED 3 hbagdi
- 4. Kubernetes 4
- 9. 9 Edge/DMZ - Operations - Security & audits - $ effective One port of entry - Load balancing - Throttling - Canary - Service mesh Traffic management - TCP and TLS termination - Certificate management - Service mesh Connection management
- 10. 10 networking.v1beta1 Ingress Spec - Vendor-neutral spec defining external access to services inside k8s - L7 metadata based - TLS termination - GA progress: https://github.com/kubernetes/enhancements/pull/1113
- 11. Ingress Spec extensions.v1beta1 -> networking.v1beta1 -> networking.v1 11 apiVersion: extensions/v1beta1 kind: Ingress metadata: name: finance-apis spec: rules: - host: example.com http: paths: - path: /bills backend: serviceName: bills servicePort: 80 - path: /orders backend: serviceName: orders servicePort: 443
- 12. Kong 12
- 13. Kong - Popular cloud-native API Gateway - Open sourced in 2015; Apache-2.0 - Kong 1.0 announced last year in September - Platform agnostic i.e. k8s friendly but not k8s only 13
- 14. King in the North 14 Client JSON Over HTTP Database Kong Authentication Logging Metrics Caching Load-balance Circuit-break Rate-limiting Transformations Serverless Custom logic gRPC
- 15. Robust Tech stack 15 NGINX OpenResty Kong Internet’s WorkHorse Lua & LuaJIT extension (powers ingress-nginx) Cloud-native,dynamic & API-driven
- 17. Kong Ingress Controller 17 API-server Service B KongController Service C Service A
- 18. 18 configuration.konghq.com/v1 Custom Resources - Additional functions that can be executed - Configurable for each Ingress or Service KongPlugins - Route by HTTP Method - Route by header - Round robin, weight based, least conn - Sticky session, hash based - Active & passive health-checks (TCP/HTTP) KongIngress - Per user/service customization - Authentication - Traffic transformation and shaping KongConsumer & KongCredential
- 19. Demo 19
- 20. 20 Features - Round robin, weight based, least conn - Sticky session, hash based - Active & passive health-checks (TCP/HTTP) Load balancing - Route by HTTP Method - Route by header Routing - Prometheus - Jaeger/Zipkin/OpenTracing - Response caching Plugins - cert-manager: automated TLS certs - external-dns: automate DNS records Integrations
- 21. Roadmap - L4 TCP/TLS routing - gRPC routing - Ingress v2 API - Upstream TLS - configuration.konghq.com/v2alpha1 API group 21
- 22. Thank You 22 Questions? Install Kong Ingress Controller: kubectl apply -f https://bit.ly/kong-ingress-dbless Github: https://github.com/kong/kong https://github.com/kong/kubernetes-ingress-controller
- 23. Building the Next Era of Software APIs, Microservices and Mesh for the Hybrid World October 2-3, 2019 Hilton Union Square, San Francisco, California Coupon Code: FriendOfHarry 75% off the ticket price https://konghq.com/kong-summit/