10. Publishing Applications
From Monoliths to Services Mesh
Monolith Application Router Mesh Service Mesh
GATEWAY
GATEWAY
G
ATEW
AY
GATEWAY
GATEW
AY
GATEWAY
10
12. Publishing Applications
From Monoliths to Services Mesh
Router Mesh
GATEWAY
Solutions for publishing applications
must managed dynamic service
components routing when they
change:
● Manage North-South Traffic
● Resilience
● Scaling
● Host Maintenances
● Updatings/Rollbacks
...Etc…..
12
13. Publishing Applications
From Monoliths to Services Mesh
Router Mesh
GATEWAY
Solutions for publishing applications
must managed dynamic service
components routing when they
change:
● Manage North-South Traffic
● Resilience
● Scaling
● Host Maintenances
● Updatings/Rollbacks
...Etc…..
13
14. Publishing Applications
• Kubernetes publishing
• Pods are mortal and their number can be scale up/down
whenever we need it.
• Services are abstraction which defines a logical set of Pods
and a policy by which to access them:
■ Endpoints API updated whenever the set of Pods in a
Service changes, for Kubernetes-native applications.
■ A Virtual-IP-based bridge to Services which redirects to
the backend Pods, for non-native applications.
Containers Routing Publishing Mesh
14
19. Publishing Applications
SERVICE
POD POD POD
LOAD BALANCER
VIP
Load Balancer
The big downside is that each
service you expose with a
LoadBalancer will get its own IP
address, and you have to pay for a
LoadBalancer per exposed service,
which can get expensive!
19
21. Publishing Applications
SERVICE
POD POD POD
Service
Port
Service
Port
Service
Port
EXTERNAL LOAD BALANCER
NodePort
There are many downsides to this
method:
● You can only have once service
per port
● You can only use ports
30000–32767 (configurable, but
fixed)
● If your Node/VM IP address
change, you need to deal with that
21
30. Publishing Applications
Main Features
● Based on Community Nginx with third-party modules
● Supported by Kubernetes community
● Host rules (allow merging)
● HTTP load balancing extensions (Annotations and ConfigMap)
● HTTP/S, TCP/UDP and TCP SSL Passthrough
● Websocket
● Prometheus Integration
● Dynamic reconfiguration with third-party LUA plugin
Kubernetes Nginx Ingress Controller
30
31. Publishing Applications
Main Features
● HTTP/S host header and path routing
● Circuit Breakers
● Status Based Health Checks
● Routing with Basic authentication
● Extended configuration via toml
● Routing Priorities
Traëfik Ingress Controller
31
33. Publishing Applications
NGINX and NGINX Plus supports the following Ingress features:
● SSL termination
● Path-based rules
● Multiple host names and Mergeable Ingress resources
● Websocket, which allows you to load balance Websocket applications.
● SSL Services, which allows you to load balance HTTPS applications.
● Rewrites, which allows you to rewrite the URI of a request before
sending it to the application.
● Customized templates using annotations
NGINX Ingress Controller
33
34. Publishing Applications
Nginx Plus Only Available Ingress features:
● Dynamic Reconfiguration without reloading
● Complex Health Checks with pattern matching
● Extended Nginx Plus Dashboard
● Session Persistence.
● Support for JWTs to authenticate requests by validating JSON Web
Tokens (JWTs).
NGINX Plus Ingress Controller
34
37. Publishing Applications
Main features:
● Act as Controller for Kong (almost everything Kong does it is available).
● Kong ingress controller does not use Services to route traffic to the
pods. Instead it uses the Endpoints API to bypass kube-proxy to allow
Kong features like session affinity and custom load balancing
algorithms. It also removes overhead, such as conntrack entries for
iptables DNAT.
● Add New KongPlugin Resource
● Routing through API gateway
Kong Ingress Controller
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: add-ratelimiting-to-route
namespace: kong
config:
hour: "100"
limit_by: "ip"
second: "10"
37