Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building Ingress: From Concept to Connection (#...

Scott McAllister
May 15, 2023
Programming
0
70

Building Ingress: From Concept to Connection (#JOTB23)

This is a talk given at J on the Beach 2023 in Malaga, Spain.

Talk abstract: At first glance, ingress is an easy concept: you route traffic from the wider world into your cluster. As you layer on SSL and load balancing, the principles stay the same and everything works with minimal thought and effort. But as your infrastructure grows, your clusters grow, the interactions get more complex, and your security requirements explode. In this session, I’ll walk you through how we designed and built an Ingress Controller and have converted our clusters to use it in production to support millions of requests. It wasn’t easy but running it as an open source effort from the start encouraged our team and customers to review, explore, and consider situations outside our original plans.

Scott McAllister

May 15, 2023
Tweet

More Decks by Scott McAllister

See All by Scott McAllister
Simple Ways to Make Webhook Security Better
stmcallister
0
56
What the Heck is HTTP?
stmcallister
1
92
Modules, Loops and More: How to Scale with Terraform
stmcallister
0
59
Client-side OAuth with PKCE (Indy.code() 2022)
stmcallister
1
57
Node and OAuth on the Command Line -- Twin Cities Code Camp 2018
stmcallister
0
74

Other Decks in Programming

See All in Programming
Enabling DevOps and Team Topologies Through Architecture: Architecting for Fast Flow
cer
PRO
0
350
Compose 1.7のTextFieldはPOBox Plusで日本語変換できない
tomoya0x00
0
200
Remix on Hono on Cloudflare Workers
yusukebe
1
300
ECS Service Connectのこれまでのアップデートと今後のRoadmapを見てみる
tkikuc
2
260
Streams APIとTCPフロー制御 / Web Streams API and TCP flow control
tasshi
2
360
카카오페이는 어떻게 수천만 결제를 처리할까? 우아한 결제 분산락 노하우
kakao
PRO
0
110
OnlineTestConf: Test Automation Friend or Foe
maaretp
0
120
ヤプリ新卒SREの オンボーディング
masaki12
0
130
みんなでプロポーザルを書いてみた
yuriko1211
0
280
PHP でアセンブリ言語のように書く技術
memory1994
PRO
1
170
レガシーシステムにどう立ち向かうか 複雑さと理想と現実/vs-legacy
suzukihoge
14
2.3k
色々なIaCツールを実際に触って比較してみる
iriikeita
0
330

Featured

See All Featured
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
1.9k
Become a Pro
speakerdeck
PRO
25
5k
Large-scale JavaScript Application Architecture
addyosmani
510
110k
What's new in Ruby 2.0
geeforr
343
31k
Building Your Own Lightsaber
phodgson
103
6.1k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
6
430
Into the Great Unknown - MozCon
thekraken
32
1.5k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.7k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
26
2.1k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
93
16k

Transcript

  1. Building Ingress From Concept to Connection Scott McAllister Principal Developer

    Advocate

  2. © ngrok. All rights reserved. Confidential Information of ngrok

  3. © ngrok. All rights reserved. Confidential Information of ngrok

  4. None

  5. Trade-offs

  6. Your service

  7. Your service Your customer Before ngrok

  8. Your service Your customer Before ngrok Internet NAT 202.45.1.1 192.168.1

    SW NAT

  9. Your service Your customer Before ngrok Internet NAT 202.45.1.1 192.168.1

    SW NAT Internet Router VPN Router VPNs Firewalls Internet Public firewall DMZ Internal firewall email

  10. After ngrok Your service Your customer

  11. > ngrok CLI ngrok http 80 —domain=“jotb-2023.ngrok.dev" Session Status online

    Account Scott McAllister (Plan: Pro) Version 3.2.2 Region Europe (eu) Latency 235ms Web Interface http://127.0.0.1:4040 Forwarding https://jotb-2023.ngrok.dev

  12. © ngrok. All rights reserved. Confidential Information of ngrok ©

    ngrok. All rights reserved. Confidential Information of ngrok “Developers are still being forced to work with the assembly language of networking” — Alan Shreve, ngrok founder

  13. © ngrok. All rights reserved. Confidential Information of ngrok Application

    Code & Dependencies

  14. © ngrok. All rights reserved. Confidential Information of ngrok Container

    Application Code & Dependencies

  15. © ngrok. All rights reserved. Confidential Information of ngrok Pod

    Container Application Code & Dependencies

  16. © ngrok. All rights reserved. Confidential Information of ngrok Pod

  17. © ngrok. All rights reserved. Confidential Information of ngrok Pod

    Pod Pod

  18. © ngrok. All rights reserved. Confidential Information of ngrok Pod

    Pod Pod Service

  19. © ngrok. All rights reserved. Confidential Information of ngrok Pod

    Pod Pod Service Ingress

  20. Typical Ingress Set Up with Nginx Source: https://www.checkmateq.com/blog/ingress-controller/

  21. ngrok’s Journey

  22. Trade-off Monolith or Microservices

  23. Lego Monolith Media Metrics Web Auth API https://inconshreveable.com/10-07-2015/the-neomonolith/

  24. ngrok as a Service in Kubernetes Source: https://www.checkmateq.com/blog/ingress-controller/ Source: https://abhishek1987.medium.com/expose-kubernetes-services-with-ngrok-65280142dab4

  25. None

  26. Architecture Seamless Kubernetes integration Idiomatic API

  27. Trusted Infrastructure Webhook Validation Auth Load Balancing Encryption Auth Webhook

    Verification
  28. None
  29. None
  30. None

  31. Typical Ingress Set Up with Nginx Source: https://www.checkmateq.com/blog/ingress-controller/

  32. ngrok Ingress Controller: our journey

  33. Development Kubebuilder Framework for building Kubernetes APIs using custom resource

    definitions (CRDs) Controller Runtime Set of standard Go libraries for building Kubernetes Controllers

  34. Trade-offs Ingress Controller vs Gateway API Spec Widely used specification

    It’s what we use internally Most Gateway implementations still in Alpha Gateway specs still in flux Supports more than just HTTP/S Standard going forward Community already knows how to use “Everything Ingress is…but better”

  35. Current Status Project Status: Beta Using Internally on Infrastructure Cluster

    For CI Processes

  36. Current Status Seeking Feedback!

  37. What’s Next Support Gateway API Spec Publicly Release v.1

  38. © ngrok. All rights reserved. Confidential Information of ngrok Resources

    Controller Runtime https://github.com/kubernetes-sigs/controller-runtime Kubebuilder https://book.kubebuilder.io/ ngrok Ingress Controller for Kubernetes https://github.com/ngrok/kubernetes-ingress-controller Kubernetes Ingress Controller https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/ Kubernetes API Gateway https://gateway-api.sigs.k8s.io/

  39. Scott McAllister Speaker, Writer, Coder @stmcallister stmcallister.github.io @stmcallister.bsky.social techhub.social/@stmcallister

  40. Thank you

  41. None