Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building Ingress: From Concept to Connection (#...

Building Ingress: From Concept to Connection (#JOTB23)

This is a talk given at J on the Beach 2023 in Malaga, Spain.

Talk abstract: At first glance, ingress is an easy concept: you route traffic from the wider world into your cluster. As you layer on SSL and load balancing, the principles stay the same and everything works with minimal thought and effort. But as your infrastructure grows, your clusters grow, the interactions get more complex, and your security requirements explode. In this session, I’ll walk you through how we designed and built an Ingress Controller and have converted our clusters to use it in production to support millions of requests. It wasn’t easy but running it as an open source effort from the start encouraged our team and customers to review, explore, and consider situations outside our original plans.

Scott McAllister

May 15, 2023
Tweet

More Decks by Scott McAllister

Other Decks in Programming

Transcript

  1. Your service Your customer Before ngrok Internet NAT 202.45.1.1 192.168.1

    SW NAT Internet Router VPN Router VPNs Firewalls Internet Public firewall DMZ Internal firewall email
  2. > ngrok CLI ngrok http 80 —domain=“jotb-2023.ngrok.dev" Session Status online

    Account Scott McAllister (Plan: Pro) Version 3.2.2 Region Europe (eu) Latency 235ms Web Interface http://127.0.0.1:4040 Forwarding https://jotb-2023.ngrok.dev
  3. © ngrok. All rights reserved. Confidential Information of ngrok ©

    ngrok. All rights reserved. Confidential Information of ngrok “Developers are still being forced to work with the assembly language of networking” — Alan Shreve, ngrok founder
  4. Development Kubebuilder Framework for building Kubernetes APIs using custom resource

    definitions (CRDs) Controller Runtime Set of standard Go libraries for building Kubernetes Controllers
  5. Trade-offs Ingress Controller vs Gateway API Spec Widely used specification

    It’s what we use internally Most Gateway implementations still in Alpha Gateway specs still in flux Supports more than just HTTP/S Standard going forward Community already knows how to use “Everything Ingress is…but better”
  6. © ngrok. All rights reserved. Confidential Information of ngrok Resources

    Controller Runtime https://github.com/kubernetes-sigs/controller-runtime Kubebuilder https://book.kubebuilder.io/ ngrok Ingress Controller for Kubernetes https://github.com/ngrok/kubernetes-ingress-controller Kubernetes Ingress Controller https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/ Kubernetes API Gateway https://gateway-api.sigs.k8s.io/