What is Kubernetes Ingress?
This article is a brief overview of the Kubernetes ingress architecture including the Kubernetes services and ingress controllers.
Ingress is a Kubernetes core concept responsible for managing ingress network traffic between hosted application services and external clients. Ingress infrastructures have specific technical and business requirements such as high availability, scalability, security, performance or specific application awareness and pre-processing.
An ingress environment can be configured to provide a broad set of services including:
- Reverse-proxy with externally reachable IP addresses or HTTP URLs, providing an entry point to your application services
- Application delivery controller and server load balancing services
- TLS/SSL termination
- Application firewall security features including IDS/IPS, data loss prevention, web application firewalls, deep packet inspection
- DDoS threat prevention
- Network address translation (NAT) IPv4 and IPv6
- BGP internet routing
- Authentication and authorization
- Intelligent policy-based traffic steering
To support a broad set of requirements, the Kubernetes ingress architecture is designed as a platform supporting a wide variety of built-in or third-party network and security products. Third-party products must include specific integration and API features and include a Kubernetes-compliant ingress controller service module.
The Kubernetes ingress environment includes integration services:
- Kubernetes API objects
- Routing policies
- Third-party product policy extensions
- Third-party specific Kubernetes ingress controller service module
Diagram showing a Kubernetes ingress configuration. The Kubernetes environment has three Kubernetes services as a POD cluster with ingress traffic secured and load-balanced with a third-party application delivery controller product.
Kubernetes ingress configuration, adding an ingress controller, an ingress resource and the Kube-API service.
The ingress controller is a Kubernetes service responsible for managing ingress network traffic. This is primarily accomplished by providing an interface between the Kubernetes environment and third-party ingress systems like network and security systems. These systems have proprietary management interfaces, so the ingress controller is also provided by the third-party vendor.
The ingress resource contains metadata configuration parameters for the third-party systems. These parameters include security policies, routing rules and traffic steering parameters. The ingress controller works with the ingress resource to automatically provision application delivery systems.
The Kube-API is the Kubernetes service responsible for processing API transactions. These API transactions provide information to the ingress controller including environmental parameter and operational status.
Ingress Controller Functions
The ingress controller is responsible for the operation and management of the traffic management systems within the ingress environment.
Initial Deployment – At startup, the ingress controller configures the ingress systems ready for traffic and security services.
Application Container Lifecycle Management – The ingress controller works with the ingress environment to automatically update application delivery product configurations in sync with Kubernetes environment changes. As new application services are deployed or removed, the configuration of all systems managing ingress traffic are updated accordingly. System updates may include security firewall rules, load balancer configurations, IP addressing, managing and any other configurations, as appropriate.
Horizontal POD Autoscaler – Kubernetes autoscaling monitors the state of application loads and will deploy new or remove application services as required to support application workload requirements. This activity requires configuration updates for systems like load balancers. When a new service is launched, the ingress controller updates the configuration, adding the new service in the load-balanced group of services, and offloading traffic to the additional application servers.
How A10 Networks Can Help
A10 Networks has a broad line of Kubernetes-compliant physical, virtual and containerized network and security products.
The A10 Networks ingress controller not only operates with ingress resources to automatically provision application delivery configuration and policies, but also ties directly into the container lifecycle to automatically update application delivery configuration with the dynamic nature of a Kubernetes environment. As application services scale up and down, the A10 Networks ADC load balancing service is also dynamically updated. The containerized load balancer scales up and down automatically with the scale of a Kubernetes cluster.
The A10 Networks ingress controller is compatible with Kubernetes deployments on Amazon Web Services (EKS on AWS), Microsoft Azure (AKS on Azure), and Google Cloud Platform (GKE on GCP) public clouds, as well as VMware and OpenStack-based private clouds.
The A10 Harmony Controller and ingress controller work together to provide application analytics by collecting metrics that can be used to troubleshoot issues, manage capacity planning, and detect performance security problems. That analytical data is available through the A10 Harmony portal or a set of APIs.
A10 Networks products include load balancing, application delivery controllers, application firewalls, denial of service protection, carrier-grade NAT, deep packet inspection firewall technologies converged into a single solution. These technologies and more are available to secure and accelerate your Kubernetes ingress infrastructure.
The combination of Kubernetes seamlessly integrated with A10 Networks ingress controller provides the reliability, performance and security capabilities uniquely available with A10 Networks products.