SlideShare a Scribd company logo

Kubernetes Networking

N
NGINX, Inc.

This document outlines the agenda for a virtual networking event on Kubernetes networking. The agenda includes: - A welcome and trivia session from 11:30-11:35AM - Two technical sessions from 11:35AM-12:20PM presented by Chris Akker, Jason Williams, and Jon Calalang - A Q&A session from 12:20-12:30PM - Closing at 12:30PM The document also includes information about NGINX and its application platform suite, the NGINX ingress controller, NGINX Plus ingress controller demonstrations, and F5's Container Ingress Services.

1 of 22
Download to read offline
Kubernetes Networking VIRTUAL EVENT May 21, 2020
| ©2020 F52 CONFIDENTIAL
| ©2020 F53 CONFIDENTIAL
| ©2020 F54 CONFIDENTIAL
| ©2020 F55 CONFIDENTIAL
| ©2020 F56 11:30AM – 11:35AM – Welcome and Trivia 11:35AM – 12:00 PM – Technical Session by Chris Akker and Jason Williams 12:00PM – 12:20PM – Technical Session by Jon Calalang 12:20PM – 12:30PM – Q&A 12:30PM – Closing CONFIDENTIAL Agenda
NGINX Application Platform A suite of products that together form the core of what organizations need to create applications with performance, reliability, security, and scale. 7 The NGINX Application Platform is a suite of products that together form the core of what organizations need to create applications with performance, reliability, security, and scale. The NGINX Application Platform includes NGINX Plus for load balancing and application delivery, the NGINX WAF for security, and NGINX Unit to run the application code, all monitored and managed by NGINX Controller. Ingress Controller
| ©2020 F58 8 • NGINX commonly used as Ingress Controller • Dynamic reconfiguration of endpoints (no configuration reloading) • Additional metrics, provided by a streamlined Prometheus exporter • Dedicated Helm chart repository • Support for Custom resources to expose more (all) NGINX Plus features as an Ingress • Move Layer7 logic closer to the App, managed by DevOps Nginx Plus Kubernetes Ingress Controller An advancedLayer 7 load-balancingsolution for exposingKubernetes
nginx.com 9 NGINX and F5 and represent 79% of the Kubernetes Ingress market ​ - CNCF Survey​ 79 % https://www.cncf.io/blog/2018/08/29/cncf-survey-use-of-cloud-native-technologies-in-production-has-grown-over-200-percent/
kubernetes/ingress-nginx • Kubernetes community • Custom NGINX build based on OpenResty/LUA that includes several third-party modules • Community support only nginxinc/kubernetes-ingress • NGINX Inc Commercial software • NGINX Plus KIC • Enterprise support • Significant Performance Increase NGINX Ingress Controllers
NGINX+ IngressController coffee service tea service pod pod Ingress k8 s AP I IC 1 1 2 1. Watches for Ingress and state changes from Kubernetes API 2. (re)configures NGINX Configuration a. Updates to upstream (load balancing pools) require no reloads! 3. Repeat (back to Step 1.)
| ©2020 F512 Demo – Nginx+ Ingress L7 Routing
| ©2020 F513 Environment Overview Nginx Plus Dashboard Overview Dynamic Scaling Dynamic Load Balancing Prometheus / Grafana Integration CONFIDENTIAL Demo Highlights
DemoArchitecture Digital Ocean 3-node Kubernetes cluster, with 1 or 2 NginxPlus Ingress Controllers, for URL path routing with TLS. coffee service tea service pod pod example.com/coffee example.com/tea LoadBalancer (Digital Ocean) Ingress Ingress K8s 3- node Cluster
| ©2020 F515 MORE INFORMATION AT NGINX.COM Demo Config of the IngressController • Kind = Ingress • Host = Host Header • TLS = True • Layer 7 url Path Routing • /tea and /coffee apiVersion: extensions/v1beta1 kind: Ingress metadata: name: cafe-ingress spec: tls: - hosts: - cafe.example.com secretName: cafe-secret rules: - host: cafe.example.com http: paths: - path: /tea backend: serviceName: tea-svc servicePort: 80 - path: /coffee backend: serviceName: coffee-svc servicePort: 80
| ©2020 F516 Prometheus/ Grafana
| ©2018 F5 NETWORKS17 BIG-IP Container Ingress Services
| ©2018 F5 NETWORKS18 • Native open-source integration in container environments for F5 BIG-IP Ingress control • Enable self-service selection in orchestration for app services • Scale and secure apps through automated event discovery and service insertion Introducing Container Ingress Services (CIS) F5 Container Ingress Services Container Environments Visibility and Analytics F5 BIG-IP App Performance and Security Services F5 Container Ingress Services Orchestration Dotted line = integration control plane Solid line = traffic data plane AppServicesAcrossNetwork Node 2Node 1
| ©2018 F5 NETWORKS19 CIS ReferenceArchitecture
| ©2018 F5 NETWORKS20 Hybrid CIS/N+ Architecture D D D E E E TLS termination Bot protection DDoS protection AuthN AuthZ LB Service Discovery Rate Limiting Data manipulation Req routing
| ©2020 F521 ● NGINX Ingress Controller https://github.com/nginxinc/kubernetes-ingress/ ● Examples https://github.com/nginxinc/kubernetes- ingress/tree/master/examples-of-custom-resources ● Testing the Performance of the NGINX Ingress Controller for Kubernetes https://www.nginx.com/blog/testing-performance-nginx-ingress-controller- kubernetes/ ● Release 1.7.0 blog post https://www.nginx.com/blog/announcing-nginx- ingress-controller-for-kubernetes-release-1-7-0/ Try it out
| ©2018 F5 NETWORKS22 ▪ https://clouddocs.f5.com/containers/v2/ ▪ https://docs.nginx.com/nginx-ingress- controller/overview/ CIS Resources

More Related Content

Kubernetes Networking

  • 2. | ©2020 F52 CONFIDENTIAL
  • 3. | ©2020 F53 CONFIDENTIAL
  • 4. | ©2020 F54 CONFIDENTIAL
  • 5. | ©2020 F55 CONFIDENTIAL
  • 6. | ©2020 F56 11:30AM – 11:35AM – Welcome and Trivia 11:35AM – 12:00 PM – Technical Session by Chris Akker and Jason Williams 12:00PM – 12:20PM – Technical Session by Jon Calalang 12:20PM – 12:30PM – Q&A 12:30PM – Closing CONFIDENTIAL Agenda
  • 7. NGINX Application Platform A suite of products that together form the core of what organizations need to create applications with performance, reliability, security, and scale. 7 The NGINX Application Platform is a suite of products that together form the core of what organizations need to create applications with performance, reliability, security, and scale. The NGINX Application Platform includes NGINX Plus for load balancing and application delivery, the NGINX WAF for security, and NGINX Unit to run the application code, all monitored and managed by NGINX Controller. Ingress Controller
  • 8. | ©2020 F58 8 • NGINX commonly used as Ingress Controller • Dynamic reconfiguration of endpoints (no configuration reloading) • Additional metrics, provided by a streamlined Prometheus exporter • Dedicated Helm chart repository • Support for Custom resources to expose more (all) NGINX Plus features as an Ingress • Move Layer7 logic closer to the App, managed by DevOps Nginx Plus Kubernetes Ingress Controller An advancedLayer 7 load-balancingsolution for exposingKubernetes
  • 9. nginx.com 9 NGINX and F5 and represent 79% of the Kubernetes Ingress market ​ - CNCF Survey​ 79 % https://www.cncf.io/blog/2018/08/29/cncf-survey-use-of-cloud-native-technologies-in-production-has-grown-over-200-percent/
  • 10. kubernetes/ingress-nginx • Kubernetes community • Custom NGINX build based on OpenResty/LUA that includes several third-party modules • Community support only nginxinc/kubernetes-ingress • NGINX Inc Commercial software • NGINX Plus KIC • Enterprise support • Significant Performance Increase NGINX Ingress Controllers
  • 11. NGINX+ IngressController coffee service tea service pod pod Ingress k8 s AP I IC 1 1 2 1. Watches for Ingress and state changes from Kubernetes API 2. (re)configures NGINX Configuration a. Updates to upstream (load balancing pools) require no reloads! 3. Repeat (back to Step 1.)
  • 12. | ©2020 F512 Demo – Nginx+ Ingress L7 Routing
  • 13. | ©2020 F513 Environment Overview Nginx Plus Dashboard Overview Dynamic Scaling Dynamic Load Balancing Prometheus / Grafana Integration CONFIDENTIAL Demo Highlights
  • 14. DemoArchitecture Digital Ocean 3-node Kubernetes cluster, with 1 or 2 NginxPlus Ingress Controllers, for URL path routing with TLS. coffee service tea service pod pod example.com/coffee example.com/tea LoadBalancer (Digital Ocean) Ingress Ingress K8s 3- node Cluster
  • 15. | ©2020 F515 MORE INFORMATION AT NGINX.COM Demo Config of the IngressController • Kind = Ingress • Host = Host Header • TLS = True • Layer 7 url Path Routing • /tea and /coffee apiVersion: extensions/v1beta1 kind: Ingress metadata: name: cafe-ingress spec: tls: - hosts: - cafe.example.com secretName: cafe-secret rules: - host: cafe.example.com http: paths: - path: /tea backend: serviceName: tea-svc servicePort: 80 - path: /coffee backend: serviceName: coffee-svc servicePort: 80
  • 17. | ©2018 F5 NETWORKS17 BIG-IP Container Ingress Services
  • 18. | ©2018 F5 NETWORKS18 • Native open-source integration in container environments for F5 BIG-IP Ingress control • Enable self-service selection in orchestration for app services • Scale and secure apps through automated event discovery and service insertion Introducing Container Ingress Services (CIS) F5 Container Ingress Services Container Environments Visibility and Analytics F5 BIG-IP App Performance and Security Services F5 Container Ingress Services Orchestration Dotted line = integration control plane Solid line = traffic data plane AppServicesAcrossNetwork Node 2Node 1
  • 19. | ©2018 F5 NETWORKS19 CIS ReferenceArchitecture
  • 20. | ©2018 F5 NETWORKS20 Hybrid CIS/N+ Architecture D D D E E E TLS termination Bot protection DDoS protection AuthN AuthZ LB Service Discovery Rate Limiting Data manipulation Req routing
  • 21. | ©2020 F521 ● NGINX Ingress Controller https://github.com/nginxinc/kubernetes-ingress/ ● Examples https://github.com/nginxinc/kubernetes- ingress/tree/master/examples-of-custom-resources ● Testing the Performance of the NGINX Ingress Controller for Kubernetes https://www.nginx.com/blog/testing-performance-nginx-ingress-controller- kubernetes/ ● Release 1.7.0 blog post https://www.nginx.com/blog/announcing-nginx- ingress-controller-for-kubernetes-release-1-7-0/ Try it out
  • 22. | ©2018 F5 NETWORKS22 ▪ https://clouddocs.f5.com/containers/v2/ ▪ https://docs.nginx.com/nginx-ingress- controller/overview/ CIS Resources