Kubernetes has 3 types of services viz. ClusterIP, NodePort, and LoadBalancer. The Ingress exposes HTTP/S routes from outside the cluster to services inside the cluster. So, one thing must be clear to you now that the ingress isn’t a type of service that Kubernetes offers. Whereas the Kubernetes Ingress Controller is pledged to manage the traffic and the ingress mostly with a LoadBalancer.
What is Ingress Controller?
Ingress Controller is an intelligent Load Balancer. Ingress is a high-level abstraction responsible for allowing simple host or URL based HTTP routing. It is always implemented using a third-party proxy. These implementations are nothing but Ingress Controller. It is a Layer-7 load balancer.
Kubernetes ingress controller is accountable for reading the Ingress resource information and processing that data. Ingress is tightly integrated into K8s, meaning that your existing workflows around kubectl will likely extend nicely to managing ingress. One thing to keep in mind is that an ingress controller customarily doesn’t eliminate the need for an external load balancer instead the ingress controller simply adds an additional layer of routing & control for the load balancer.
Kubernetes Ingress Controller with a LoadBalancer
Whatever is your ingress strategy, you presumably will need to start with an external load balancer. This will route traffic to a K8s service on the cluster that will perform service-specific routing. In this setup, your load balancer provides a stable endpoint which is nothing but an IP address for external traffic to access.
Both ingress controllers and K8s services require an external load balancer. So, this concludes that NodePort is not designed to be directly used for production.
Also Read: Our blog post on Kubernetes ReadinessProbe. Click here
Cloud-Based Ingress Controller
These days most of the cloud providers have Kubernetes services, below are the major cloud providers’ Ingress Controller links:
The major advantage of using a cloud-based Ingress Controller is native integration with other cloud services. For instance, GCE Ingress Controller supports Cloud IAP for Google Kubernetes Engine to easily turn on Identity-Aware Proxy to protect internal K8s applications. As for ALB Ingress Controller, it creates an Application Load Balancer by default and integrates well with Route 53, Cognito, and AWS WAF. If you are using Azure Pipelines to manage your DevOps on Azure, AKS Application Gateway Ingress Controller is the best for Azure CI/CD workflow.
Also Check: What is a Deployment in Kubernetes? Click here
Opensource Ingress Controller
Opensource is always there to the rescue no matter what. Kubernetes has listed quite a few of them on their website, here are some of them:
- Voyager: HAProxy based Ingress Controller from AppsCode
- F5: Supports F5’s BIG-IP Container Ingress Services
- HAProxy: Community-driven HAProxy Ingress Controller as well as enterprise offering from HAProxy Tech
- Istio: Ingress Gateway for Istio-enabled clusters
- Kong: nginx-based API gateway with community or enterprise options from KongHQ
- NGINX: official Ingress for NGINX and NGINX Plus
- Skipper: HTTP router and reverse proxy from Zalando
Also Read: Docker vs Kubernetes, to know the major differences between them
NGINX-Based Ingress Controllers
If you need a straightforward simple reverse proxy, ingress-nginx is a safe and decisive option. On the other hand, if you are looking for high performance and also additional features supported by NGINX, consider using the Ingress Controller from NGINX instead.
HAProxy-Based Ingress Controllers
HAProxy is also one of the popular TCP/HTTP reverse proxy solution that existed before Kubernetes. So, if configuring the load balancing algorithm is your primary deciding factor, HAProxy Ingress is a great option with a proven record of high performance. As an Ingress Controller, HAProxy Ingress offers dynamic configuration update via API to address reliance on static configuration files with HAProxy.
Also Check: Our blog post on Kubernetes labels and Annotations. Click here
F5 Container Ingress
The F5 BIG-IP Controller (k8s-bigip-ctlr) is a cloud-native connector that can use either Kubernetes or OpenShift as a BIG-IP orchestration platform. The BIG-IP Controller watches the Kubernetes API for specially formatted resources and updates the BIG-IP system configuration accordingly.
Envoy Proxy
Envoy Proxy is a modern, high-performance service proxy. Envoy is similar to software load balancers such as NGINX and HAProxy. It was originally written and deployed at Lyft, Envoy now has a vigorous contributor base and is an official CNCF project. It provides the foundation for a service mesh.
GCP Ingress Controller
Google cloud platform is also one of the top-notch ingress controller providers. When an Ingress object is created on the GCP, the GKE Ingress controller creates a Google Cloud HTTP(S) Load Balancer and configures it according to the information in the Ingress and its associated Services. To use Ingress, the HTTP load balancing add-on must be enabled.
Traefik
The Traefik Kubernetes Ingress provider is a Kubernetes Ingress controller; that is to say, it manages access to cluster services by supporting the Ingress specification.
Istio Ingress
Istio makes heavy use of Envoy proxies to mediate all traffic within the service mesh. Istio provides the best integration with existing Istio fabric and services with traffic routing, observability, security, and deployment models. However, Istio is not lightweight and has a fairly large learning curve, so if Envoy proxy is the only functionality you are looking for, use the following options instead.
Ambassador
Ambassador is an API Gateway and L7 load balancer with Kubernetes Ingress support. It is fully-featured with various protocol supports, security, high availability, and even Knativ serverless integration. Although it’s based on Envoy, it connects nicely with other service mesh solutions besides Istio (e.g. Consul, Linkerd). The benchmark results posted on their blog compares favourably to NGINX and HAProxy, although it has not been updated for several months.
Also Read: Our previous blog post on Kubernetes dashboard. Click here
Which is the best ingress controller for Kubernetes?
With so many options on the market, how do I choose which Ingress Controller is right for my use case? You must have realised by now that ingress-nginx is a safe and one of the most popular choices when you need a simple solution to get started. If you are using Istio as your service mesh, Istio Ingress is a natural fit; otherwise, consider an Envoy-based solution that works with Consul or Linkerd. Here are some considerations before choosing a solution:
- Protocol Support: Is there a requirement for TCP/UDP or gRPC integration?
- Enterprise Support: Do you need a commercial/enterprise support for a mission-critical system?
- Advanced Features: Are you looking for a lightweight solution or are canary deployments or circuit breakers must-haves for your use case?
- API Gateway Features: Do you need API Gateway functionalities or a pure Kubernetes Ingress?
Related Post
- Kubernetes Networking: Container-to-container, Pod-to-Pod, Pod-to-Service
- Kubernetes Architecture | An Introduction to Kubernetes Components
- Kubernetes for Beginners
- Certified Kubernetes Administrator (CKA) Certification Exam: Everything You Must Know
- Certified Kubernetes Administrator (CKA) Certification: Step By Step Activity Guides/Hands-On Lab Exercise
- Kubernetes vs Docker – Understand the Difference
- Install Docker on Windows, Ubuntu and Mac: A Complete Step-by-Step Guide
- Docker Compose Overview & Steps to Install Docker Compose
- Container (Docker) vs Virtual Machines (VM): What Is The Difference?
- How To Setup A Three Node Kubernetes Cluster For CKA: Step By Step