Voyager – Kubernetes Ingress Controller Releases v12.0.0-RC.2 (opens in new tab)

(github.com)

28 pointstamalsaha0015y ago13 comments

13 comments

rdli5y ago

Ingress controllers are quite confusing. Here's the general summary:

- General best practice for Kubernetes clusters is to have a proxy that routes external traffic to internal services

- This is because Kubernetes provides its own internal network space so each of your internal services aren't directly exposed externally (although you can do this if you like)

- Kubernetes has a spec for how this is done, the "ingress" spec

- An ingress controller implements the ingress spec

- The ingress spec is pretty limited in functionality (basic routing, no support for timeouts, as an example)

So if you just need to do basic routing, any ingress controller is going to do the same thing, more or less.

If you want to do more than that (which is very likely), then you'll want to compare the ingress controllers beyond basic ingress. That's where NGINX vs Envoy Proxy vs Traefik etc come into play as your core data plane proxy, and then how much stuff comes on top of it.

Hope that helps.

(Disclosure: I work on Ambassador, one of the Envoy-based ingress controllers)

Edited: formatting

stuff4ben5y ago

I was about to suggest using something like Ambassador in response to your comment and then saw at the end you are the Ambassador guy. Loved Ambassador as it made the hell of using Ingress go away for me at the time. I'm focused on OpenStack nowadays, but wanted to give you all a shout-out!

blandflakes5y ago

Likewise, Ambassador solved a ton of problems with ingress that I just didn't want to think about.

rdli5y ago

Thanks! Always nice to hear :).

BossingAround5y ago

> Envoy-based ingress controllers

Does that have anything in common with the Istio Envoy proxies? You can use them for ingress as well...

rdli5y ago

Istio does have an ingress gateway. Again, if you’re doing basic routing it’s more-or-less the same as any other ingress (that’s what a standard is for). That being said — Istio is focused more on traffic inside the data center (“east-west”) vs getting data into the data center (“north-south”). And these really are distinct problems, e.g., you don’t need to worry about stuff like PROXY protocol, redirect-to-HTTPS, openID Connect, etc inside the data center. But you definitely need to worry about this at the edge.

busterarm5y ago

For anyone trying to wrap their head round the myriad of choices available these days...

https://medium.com/flant-com/comparing-ingress-controllers-f...

llarsson5y ago

This is the first I hear about this project. Is anyone using it and able to say something about how it works for them and, in particular, if it works well for bare metal clusters?

I don't see myself using something like this on a public cloud when I could just use an Ingress Controller offered by the cloud provider unless there are very good reasons for it. Which there might be! Which is what I ask for. :)

dvcrn5y ago

Digitalocean for example doesn’t offer a ingress controller for their clusters so I’m currently using the nginx one. Wonder how this compares

snuxoll5y ago

It spins up a separate HAProxy service for every Ingress resource, which means a separate DO Load Balancer for each.

This simplifies the implementation, but it also means every Ingress object you create costs $10/mo.

I’ll stick with nginx-ingress for now, personally.

lcam845y ago

I tried to install an kubernetes ingress but it turned out to be too difficult and so I used the standard service from my cloud. Do you know any good articles about how this macanism works?

BossingAround5y ago

Not sure what you mean by installing ingress; Kubernetes should now support ingress out of the box using [1], based on OpenShift routes I believe.

[1] https://kubernetes.io/docs/concepts/services-networking/ingr...

rdli5y ago

Maybe https://blog.getambassador.io/kubernetes-ingress-nodeport-lo...

j / k navigate · click thread line to collapse

13 comments

rdli5y ago

Ingress controllers are quite confusing. Here's the general summary:

- General best practice for Kubernetes clusters is to have a proxy that routes external traffic to internal services

- This is because Kubernetes provides its own internal network space so each of your internal services aren't directly exposed externally (although you can do this if you like)

- Kubernetes has a spec for how this is done, the "ingress" spec

- An ingress controller implements the ingress spec

- The ingress spec is pretty limited in functionality (basic routing, no support for timeouts, as an example)

So if you just need to do basic routing, any ingress controller is going to do the same thing, more or less.

Hope that helps.

(Disclosure: I work on Ambassador, one of the Envoy-based ingress controllers)

Edited: formatting

stuff4ben5y ago

blandflakes5y ago

Likewise, Ambassador solved a ton of problems with ingress that I just didn't want to think about.

rdli5y ago

Thanks! Always nice to hear :).

BossingAround5y ago

> Envoy-based ingress controllers

Does that have anything in common with the Istio Envoy proxies? You can use them for ingress as well...

rdli5y ago

busterarm5y ago

For anyone trying to wrap their head round the myriad of choices available these days...

https://medium.com/flant-com/comparing-ingress-controllers-f...

llarsson5y ago

This is the first I hear about this project. Is anyone using it and able to say something about how it works for them and, in particular, if it works well for bare metal clusters?

dvcrn5y ago

Digitalocean for example doesn’t offer a ingress controller for their clusters so I’m currently using the nginx one. Wonder how this compares

snuxoll5y ago

It spins up a separate HAProxy service for every Ingress resource, which means a separate DO Load Balancer for each.

This simplifies the implementation, but it also means every Ingress object you create costs $10/mo.

I’ll stick with nginx-ingress for now, personally.

lcam845y ago

I tried to install an kubernetes ingress but it turned out to be too difficult and so I used the standard service from my cloud. Do you know any good articles about how this macanism works?

BossingAround5y ago

Not sure what you mean by installing ingress; Kubernetes should now support ingress out of the box using [1], based on OpenShift routes I believe.

[1] https://kubernetes.io/docs/concepts/services-networking/ingr...

rdli5y ago

Maybe https://blog.getambassador.io/kubernetes-ingress-nodeport-lo...

j / k navigate · click thread line to collapse