Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Your Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes

Learn the difference between Kubernetes Ingress and Istio Ingress Gateway. Watch demos of both at: https://info.mirantis.com/istio-ingress

Related Books

Free with a 30 day trial from Scribd

See all
  • Be the first to comment

  • Be the first to like this

Your Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes

  1. 1. Copyright © 2019 Mirantis, Inc. All rights reserved Your App Deserves More than Kubernetes Ingress Kubernetes Ingress vs. Istio Gateway Webinar | October 15, 2019
  2. 2. 2 A few introductions (OK, just one) Andrew Lee Technical Instructor at Mirantis Andrew started his early career in a QA position for Open Networking Lab, where he gained hands-on experience in cloud technologies and SDN solutions. He joined the training team at Mirantis in October of 2015 and currently manages content development and delivery of Kubernetes and Istio courses. He is an avid believer in open source technologies and enjoys teaching engineers how to effectively utilize them.
  3. 3. 3 A little housekeeping ● Please submit questions in the Questions panel. ● We’ll provide a link where you can download the slides at the end of the webinar.
  4. 4. 4 ● What is Ingress? ● Kubernetes Ingress & Ingress Controller ● Istio Ingress Gateway ● [Demo] Overview
  5. 5. 5 What is Kubernetes Ingress?
  6. 6. 6 ● Kubernetes way to expose your app ○ NodePort type Service ○ LoadBalancer type Service ○ Ingress / Ingress Controller Entrypoint for your Application 6
  7. 7. 7 Entrypoint for your Application: NodePort 7
  8. 8. 8 ● 1 NodePort per service ● Pain for end users ○ Not a standard port range ○ Different ports for different applications NodePort Limitations 8 http://52.14.21.152:30126
  9. 9. 9 Entrypoint for your Application: Ingress 9
  10. 10. 10 Entrypoint for your Application: Ingress (with LB) 10
  11. 11. 11 ● Path / host based routing ○ mysite.com/blog -> svc A ○ mysite.com/shop -> svc B ● Multiple services behind single cloud Load Balancer Kubernetes Ingress Advantages 11
  12. 12. 12 ● Requires three components ○ Ingress ■ Kubernetes Resource ■ Define rules here ○ Ingress Controller ■ Kubernetes Pod ■ Acts as reverse proxy ■ Nginx is recommended ■ Cloud providers have their own implementations with LB ■ “Acts” on the ingress definitions provided ○ Default Backend ■ Kubernetes Pod ■ All traffic that doesn’t match any ingress rules go here (HTTP 404) Kubernetes Ingress 12
  13. 13. 13 ● Limited observability toolsets available ● No advanced traffic control / release strategies ○ % based Canary releases ○ Dark launching ● No service resiliency features ○ Retry, circuit breaking, timeouts Kubernetes Ingress Limitations
  14. 14. 14 Istio Ingress Gateway
  15. 15. 15 Istio Ingress Gateway 15
  16. 16. 16 ● Requires three resources ● Gateway ○ Configure ports, protocol, certificates ● Virtual Service ○ Configure routing information to k8s service ○ Enables “intelligent” routing ○ Similar to “Ingress” Kubernetes resource ● Ingress Gateway ○ Pod with Envoy that does the routing ○ Configured by Gateway & Virtual Service Istio Ingress Gateway
  17. 17. 17 ● Envoy proxy handles L7 traffic ○ More featureful than Kubernetes Ingress Controller ○ Advanced routing rules, distributed tracing, rate limiting, policy checking, metrics collection, etc. ○ Natively supports gRPC ● Dynamic configuration ○ Maintain connections but able to reload new config ● Egress gateway is also supported :) Istio Gateway Advantages
  18. 18. 18 ● Disadvantages: ○ Requires installation of another control plane component (Istio Pilot) ○ Internal traffic management features are shared with Edge ● Alternatives: ○ API Gateways ■ Ambassador, Traefik, Kong, … (Mainly commercial products) Istio Gateway Disadvantages and Alternatives
  19. 19. 19 Demo Overview Istio is easy!
  20. 20. 20 ● Expose via Kubernetes NodePort ● Expose via Kubernetes Ingress ● Configure DNS ● Install and configure Istio ● Expose via Istio Ingress Gateway & Domain Name! ● Bonus: Observability Demo Cat Gif: Progressive App Exposure 20
  21. 21. Copyright © 2019 Mirantis, Inc. All rights reserved Mirantis Training training.mirantis.com
  22. 22. 22 Mirantis Training: Kubernetes & Istio training.mirantis.com Kubernetes & Docker Bootcamp I (KD100) Learn Docker and Kubernetes to deploy, run, and manage containerized applications 2 days Kubernetes & Docker Bootcamp II (KD200) Advanced training for Kubernetes professionals, preparation for CKA exam 3 days Accelerated Kubernetes & Docker Bootcamp (KD250) Most popular course! A combination of KD100 & KD200 at an accelerated pace, preps for the CKA exam 4 days Service Mesh and Istio Fundamentals (IST50) New! Introduction to Istio & Service Mesh 1 day Microservices and Istio Bootcamp (IST100) New! Microservices security, resiliency and monitoring using Istio 2 days
  23. 23. Copyright © 2019 Mirantis, Inc. All rights reserved Questions? Thank you! Download the slides and view the recording at: https://info.mirantis.com/istio-ingress

×