What is Kubernetes Ingress?

This article is a brief overview of the Kubernetes ingress architecture including the Kubernetes services and ingress controllers.

Ingress is a Kubernetes core concept responsible for managing ingress network traffic between hosted application services and external clients. Ingress infrastructures have specific technical and business requirements such as high availability, scalability, security, performance or specific application awareness and pre-processing.

An ingress environment can be configured to provide a broad set of services including:

To support a broad set of requirements, the Kubernetes ingress architecture is designed as a platform supporting a wide variety of built-in or third-party network and security products. Third-party products must include specific integration and API features and include a Kubernetes-compliant ingress controller service module.

The Kubernetes ingress environment includes integration services:

Diagram showing a Kubernetes ingress configuration. The Kubernetes environment has three Kubernetes services as a POD cluster with ingress traffic secured and load-balanced with a third-party application delivery controller product.

Kubernetes ingress configuration, adding an ingress controller, an ingress resource and the Kube-API service.

Ingress Controller

The ingress controller is a Kubernetes service responsible for managing ingress network traffic. This is primarily accomplished by providing an interface between the Kubernetes environment and third-party ingress systems like network and security systems. These systems have proprietary management interfaces, so the ingress controller is also provided by the third-party vendor.

Ingress Resource

The ingress resource contains metadata configuration parameters for the third-party systems. These parameters include security policies, routing rules and traffic steering parameters. The ingress controller works with the ingress resource to automatically provision application delivery systems.

Kube-API

The Kube-API is the Kubernetes service responsible for processing API transactions. These API transactions provide information to the ingress controller including environmental parameter and operational status.

Ingress Controller Functions

The ingress controller is responsible for the operation and management of the traffic management systems within the ingress environment.

Initial Deployment – At startup, the ingress controller configures the ingress systems ready for traffic and security services.

Application Container Lifecycle Management – The ingress controller works with the ingress environment to automatically update application delivery product configurations in sync with Kubernetes environment changes. As new application services are deployed or removed, the configuration of all systems managing ingress traffic are updated accordingly. System updates may include security firewall rules, load balancer configurations, IP addressing, managing and any other configurations, as appropriate.

Horizontal POD Autoscaler – Kubernetes autoscaling monitors the state of application loads and will deploy new or remove application services as required to support application workload requirements. This activity requires configuration updates for systems like load balancers. When a new service is launched, the ingress controller updates the configuration, adding the new service in the load-balanced group of services, and offloading traffic to the additional application servers.

How A10 Networks Can Help

A10 Networks has a broad line of Kubernetes-compliant physical, virtual and containerized network and security products.

The A10 Networks ingress controller not only operates with ingress resources to automatically provision application delivery configuration and policies, but also ties directly into the container lifecycle to automatically update application delivery configuration with the dynamic nature of a Kubernetes environment. As application services scale up and down, the A10 Networks ADC load balancing service is also dynamically updated. The containerized load balancer scales up and down automatically with the scale of a Kubernetes cluster.

The A10 Networks ingress controller is compatible with Kubernetes deployments on Amazon Web Services (EKS on AWS), Microsoft Azure (AKS on Azure), and Google Cloud Platform (GKE on GCP) public clouds, as well as VMware and OpenStack-based private clouds.

The A10 Harmony Controller and ingress controller work together to provide application analytics by collecting metrics that can be used to troubleshoot issues, manage capacity planning, and detect performance security problems. That analytical data is available through the A10 Harmony portal or a set of APIs.

A10 Networks products include load balancing, application delivery controllers, application firewalls, denial of service protection, carrier-grade NAT, deep packet inspection firewall technologies converged into a single solution. These technologies and more are available to secure and accelerate your Kubernetes ingress infrastructure.

The combination of Kubernetes seamlessly integrated with A10 Networks ingress controller provides the reliability, performance and security capabilities uniquely available with A10 Networks products.

Data Sheet:
https://www.a10networks.com/resources/data-sheets/a10-ingress-controller-for-kubernetes-faq

Resources

Kubernetes Docs
https://kubernetes.io/docs/concepts/services-networking/ingress/#types-of-ingress
http://kubernetes.io/docs/user-guide/ingress/
https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/

Auto Scale
https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/

Azure
https://docs.microsoft.com/en-us/azure/aks/intro-kubernetes
https://azure.microsoft.com/en-us/services/kubernetes-service/

A10 Networks
http://docs.hc.a10networks.com/4.0.1/a10-ingress-controller.html
http://docs.hc.a10networks.com/IngressController/2.0/a10-thunder-ingress-controller.html


|

April 26, 2019

About Robert Keith

Robert has 30 years of experience in IT technology development and infrastructure management. He was the founder of several infrastructure ventures including Intellivence, MaxSP, Sentrik and most recently was the CTO of Iron Networks. As CTO of Iron Networks in San Jose, CA, he worked directly with many companies in the Silicon Valley to design and architect network, security, and cloud solutions. He worked directly with Microsoft engineering in the design of their cloud architectures including storage, Hyper-V, Systems Center and Virtual Networking. He also worked directly with Hortonworks to design a Hadoop deployment and management system using CentOS and many layered software packages. READ MORE