2. 2
A few introductions (OK, just one)
Andrew Lee
Technical Instructor at Mirantis
Andrew started his early career in a QA position for Open Networking Lab,
where he gained hands-on experience in cloud technologies and SDN
solutions. He joined the training team at Mirantis in October of 2015 and
currently manages content development and delivery of Kubernetes and Istio
courses. He is an avid believer in open source technologies and enjoys
teaching engineers how to effectively utilize them.
3. 3
A little housekeeping
● Please submit questions in the
Questions panel.
● We’ll provide a link where you can
download the slides at the end of
the webinar.
4. 4
● What is Ingress?
● Kubernetes Ingress & Ingress Controller
● Istio Ingress Gateway
● [Demo]
Overview
6. 6
● Kubernetes way to expose your app
○ NodePort type Service
○ LoadBalancer type Service
○ Ingress / Ingress Controller
Entrypoint for your Application
6
8. 8
● 1 NodePort per service
● Pain for end users
○ Not a standard port range
○ Different ports for different
applications
NodePort Limitations
8
http://52.14.21.152:30126
11. 11
● Path / host based routing
○ mysite.com/blog -> svc A
○ mysite.com/shop -> svc B
● Multiple services behind
single cloud Load
Balancer
Kubernetes Ingress Advantages
11
12. 12
● Requires three components
○ Ingress
■ Kubernetes Resource
■ Define rules here
○ Ingress Controller
■ Kubernetes Pod
■ Acts as reverse proxy
■ Nginx is recommended
■ Cloud providers have their own implementations with LB
■ “Acts” on the ingress definitions provided
○ Default Backend
■ Kubernetes Pod
■ All traffic that doesn’t match any ingress rules go here (HTTP 404)
Kubernetes Ingress
12
13. 13
● Limited observability toolsets available
● No advanced traffic control / release strategies
○ % based Canary releases
○ Dark launching
● No service resiliency features
○ Retry, circuit breaking, timeouts
Kubernetes Ingress Limitations
16. 16
● Requires three resources
● Gateway
○ Configure ports, protocol, certificates
● Virtual Service
○ Configure routing information to k8s service
○ Enables “intelligent” routing
○ Similar to “Ingress” Kubernetes resource
● Ingress Gateway
○ Pod with Envoy that does the routing
○ Configured by Gateway & Virtual Service
Istio Ingress Gateway
17. 17
● Envoy proxy handles L7 traffic
○ More featureful than Kubernetes Ingress Controller
○ Advanced routing rules, distributed tracing, rate limiting, policy
checking, metrics collection, etc.
○ Natively supports gRPC
● Dynamic configuration
○ Maintain connections but able to reload new config
● Egress gateway is also supported :)
Istio Gateway Advantages
18. 18
● Disadvantages:
○ Requires installation of another control plane component
(Istio Pilot)
○ Internal traffic management features are shared with
Edge
● Alternatives:
○ API Gateways
■ Ambassador, Traefik, Kong, … (Mainly commercial products)
Istio Gateway Disadvantages and Alternatives
22. 22
Mirantis Training: Kubernetes & Istio
training.mirantis.com
Kubernetes & Docker
Bootcamp I (KD100)
Learn Docker and Kubernetes to deploy, run, and manage
containerized applications
2 days
Kubernetes & Docker
Bootcamp II (KD200)
Advanced training for Kubernetes professionals, preparation for
CKA exam
3 days
Accelerated Kubernetes &
Docker Bootcamp (KD250)
Most popular course! A combination of KD100 & KD200 at an
accelerated pace, preps for the CKA exam
4 days
Service Mesh and Istio
Fundamentals (IST50)
New! Introduction to Istio & Service Mesh 1 day
Microservices and Istio
Bootcamp (IST100)
New! Microservices security, resiliency and monitoring using
Istio
2 days