Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building Ingress: From Concept to Connection (#...

Scott McAllister
May 15, 2023
Programming
0
70

Building Ingress: From Concept to Connection (#JOTB23)

This is a talk given at J on the Beach 2023 in Malaga, Spain.

Talk abstract: At first glance, ingress is an easy concept: you route traffic from the wider world into your cluster. As you layer on SSL and load balancing, the principles stay the same and everything works with minimal thought and effort. But as your infrastructure grows, your clusters grow, the interactions get more complex, and your security requirements explode. In this session, I’ll walk you through how we designed and built an Ingress Controller and have converted our clusters to use it in production to support millions of requests. It wasn’t easy but running it as an open source effort from the start encouraged our team and customers to review, explore, and consider situations outside our original plans.

Scott McAllister

May 15, 2023
Tweet

More Decks by Scott McAllister

See All by Scott McAllister
Simple Ways to Make Webhook Security Better
stmcallister
0
56
What the Heck is HTTP?
stmcallister
1
92
Modules, Loops and More: How to Scale with Terraform
stmcallister
0
59
Client-side OAuth with PKCE (Indy.code() 2022)
stmcallister
1
56
Node and OAuth on the Command Line -- Twin Cities Code Camp 2018
stmcallister
0
74

Other Decks in Programming

See All in Programming
Honoの来た道とこれから
yusukebe
19
3.1k
GCCのプラグインを作る / I Made a GCC Plugin
shouth
1
150
Java ジェネリクス入門 2024
nagise
0
610
Amazon Neptuneで始めてみるグラフDB -OpenSearchによるグラフの全文検索-
satoshi256kbyte
4
340
PHP でアセンブリ言語のように書く技術
memory1994
PRO
1
150
RailsのPull requestsのレビューの時に私が考えていること
yahonda
5
1.9k
Streams APIとTCPフロー制御 / Web Streams API and TCP flow control
tasshi
2
310
讓數據說話:用 Python、Prometheus 和 Grafana 講故事
eddie
0
350
Progressive Web Apps für Desktop und Mobile mit Angular (Hands-on)
christianliebel
PRO
0
110
プロジェクト新規参入者のリードタイム短縮の観点から見る、品質の高いコードとアーキテクチャを保つメリット
d_endo
1
1k
現場で役立つモデリング 超入門
masuda220
PRO
13
3k
Sidekiqで実現する 長時間非同期処理の中断と再開 / Pausing and Resuming Long-Running Asynchronous Jobs with Sidekiq
hypermkt
6
2.7k

Featured

See All Featured
Code Review Best Practice
trishagee
64
17k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
4
370
We Have a Design System, Now What?
morganepeng
50
7.2k
Why Our Code Smells
bkeepers
PRO
334
57k
What's new in Ruby 2.0
geeforr
342
31k
Raft: Consensus for Rubyists
vanstee
136
6.6k
Intergalactic Javascript Robots from Outer Space
tanoku
268
27k
What's in a price? How to price your products and services
michaelherold
243
12k
Music & Morning Musume
bryan
46
6.1k
Documentation Writing (for coders)
carmenintech
65
4.4k
The Cost Of JavaScript in 2023
addyosmani
45
6.6k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
26
2.1k

Transcript

  1. Building Ingress From Concept to Connection Scott McAllister Principal Developer

    Advocate

  2. © ngrok. All rights reserved. Confidential Information of ngrok

  3. © ngrok. All rights reserved. Confidential Information of ngrok

  4. None

  5. Trade-offs

  6. Your service

  7. Your service Your customer Before ngrok

  8. Your service Your customer Before ngrok Internet NAT 202.45.1.1 192.168.1

    SW NAT

  9. Your service Your customer Before ngrok Internet NAT 202.45.1.1 192.168.1

    SW NAT Internet Router VPN Router VPNs Firewalls Internet Public firewall DMZ Internal firewall email

  10. After ngrok Your service Your customer

  11. > ngrok CLI ngrok http 80 —domain=“jotb-2023.ngrok.dev" Session Status online

    Account Scott McAllister (Plan: Pro) Version 3.2.2 Region Europe (eu) Latency 235ms Web Interface http://127.0.0.1:4040 Forwarding https://jotb-2023.ngrok.dev

  12. © ngrok. All rights reserved. Confidential Information of ngrok ©

    ngrok. All rights reserved. Confidential Information of ngrok “Developers are still being forced to work with the assembly language of networking” — Alan Shreve, ngrok founder

  13. © ngrok. All rights reserved. Confidential Information of ngrok Application

    Code & Dependencies

  14. © ngrok. All rights reserved. Confidential Information of ngrok Container

    Application Code & Dependencies

  15. © ngrok. All rights reserved. Confidential Information of ngrok Pod

    Container Application Code & Dependencies

  16. © ngrok. All rights reserved. Confidential Information of ngrok Pod

  17. © ngrok. All rights reserved. Confidential Information of ngrok Pod

    Pod Pod

  18. © ngrok. All rights reserved. Confidential Information of ngrok Pod

    Pod Pod Service

  19. © ngrok. All rights reserved. Confidential Information of ngrok Pod

    Pod Pod Service Ingress

  20. Typical Ingress Set Up with Nginx Source: https://www.checkmateq.com/blog/ingress-controller/

  21. ngrok’s Journey

  22. Trade-off Monolith or Microservices

  23. Lego Monolith Media Metrics Web Auth API https://inconshreveable.com/10-07-2015/the-neomonolith/

  24. ngrok as a Service in Kubernetes Source: https://www.checkmateq.com/blog/ingress-controller/ Source: https://abhishek1987.medium.com/expose-kubernetes-services-with-ngrok-65280142dab4

  25. None

  26. Architecture Seamless Kubernetes integration Idiomatic API

  27. Trusted Infrastructure Webhook Validation Auth Load Balancing Encryption Auth Webhook

    Verification
  28. None
  29. None
  30. None

  31. Typical Ingress Set Up with Nginx Source: https://www.checkmateq.com/blog/ingress-controller/

  32. ngrok Ingress Controller: our journey

  33. Development Kubebuilder Framework for building Kubernetes APIs using custom resource

    definitions (CRDs) Controller Runtime Set of standard Go libraries for building Kubernetes Controllers

  34. Trade-offs Ingress Controller vs Gateway API Spec Widely used specification

    It’s what we use internally Most Gateway implementations still in Alpha Gateway specs still in flux Supports more than just HTTP/S Standard going forward Community already knows how to use “Everything Ingress is…but better”

  35. Current Status Project Status: Beta Using Internally on Infrastructure Cluster

    For CI Processes

  36. Current Status Seeking Feedback!

  37. What’s Next Support Gateway API Spec Publicly Release v.1

  38. © ngrok. All rights reserved. Confidential Information of ngrok Resources

    Controller Runtime https://github.com/kubernetes-sigs/controller-runtime Kubebuilder https://book.kubebuilder.io/ ngrok Ingress Controller for Kubernetes https://github.com/ngrok/kubernetes-ingress-controller Kubernetes Ingress Controller https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/ Kubernetes API Gateway https://gateway-api.sigs.k8s.io/

  39. Scott McAllister Speaker, Writer, Coder @stmcallister stmcallister.github.io @stmcallister.bsky.social techhub.social/@stmcallister

  40. Thank you

  41. None