Kubernetes Ingress Controllers

How do you choose the *right* Kubernetes Ingress controller when:

programming
Kubernetes
devops
technology
  1. Home
  2. Google Sheet
  3. Kubernetes Ingress Controllers

Kubernetes Ingress Controllers

How do you choose the *right* Kubernetes Ingress controller when:


- Not all Ingress controllers support UDP

- Only Kong has a free LDAP integration

- Nginx Ingress and HAProxy are the only two ingress without CRDs


Here is a comparison.

programming, Kubernetes, devops, technology

Product/Project Ingress Nginx Kong Apache APISIX Azure App Gateway Ingress Nginx+ HAProxy Tech HAProxy (jcmoraisjr) Voyager Istio Ingress Contour Ambassador Gloo Traefik Skipper Citrix Ingress GKE Ingress ALB Ingress AKO

1. General info

Based on nginx nginx nginx nginx + Azure App Gateway nginx haproxy haproxy haproxy envoy envoy envoy envoy traefik skipper Citrix ADC GLBC Elastic LB NSX Advanced LB (Avi)

Documentation https://kubernetes.github.io/ingress-nginx/ https://github.com/Kong/kubernetes-ingress-controller/tree/main/docs https://github.com/apache/apisix-ingress-controller/blob/master/README.md https://azure.github.io/application-gateway-kubernetes-ingress/ https://docs.nginx.com/nginx-ingress-controller/ https://github.com/haproxytech/kubernetes-ingress https://haproxy-ingress.github.io/docs/ https://voyagermesh.com/docs/v12.0.0/welcome/ https://istio.io/latest/docs/ https://projectcontour.io/docs/main/ https://www.getambassador.io/docs/latest/ https://docs.solo.io/gloo-edge/latest/ https://doc.traefik.io/traefik/ https://opensource.zalando.com/skipper/ https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/ https://cloud.google.com/kubernetes-engine/docs/concepts/ingress https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/ https://avinetworks.com/docs/ako/1.3/avi-kubernetes-operator/

2. Protocols

HTTP/HTTPS ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

HTTP2 Comparison of Kubernetes Ingress controllers ✔️ ✔️ ✔️ Partial ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️

gRPC ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️

TCP Partial ✔️ Preview ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️

TCP+TLS ✖︎ ✔️ Preview ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ Partial

UDP Partial ✖︎ Preview ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️

Websockets ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Proxy Protocol ✔️ ✔️ ✔️ Needs help ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✔️

QUIC/HTTP3 ✖︎ ✖︎ ✖︎ ✖︎ Preview ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎

WAF ✔️ ✖︎ Partial ���️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️

Notes

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

3. Clients Leave a comment or drop us a line at [email protected]

Rate limiting (L4) ✔️ Needs help Needs help Partial ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ Needs help ✔️

Rate limiting (L7) License: ✔️ ✔️ ✔️ Partial ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ Needs help ✔️

Timeouts Apache 2.0 ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Safe-list/Block-list Last updated: ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ Partial ✖︎ ✖︎ ✔️ Needs help ✔️ ✔️ ✔️ ✔️ Needs help ✔️

Authentication February 17, 2021 ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Authorisation ✖︎ ✔️ ✔️ ✖︎ Needs help ✔️ Partial ✖︎ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️

Notes Find more research at:

https://learnk8s.io/research Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

4. Traffic routing

Host ✔️ Supported in Free version ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Path ✔️ Supported in Enterprise version ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Headers ✖︎ Not supported ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️

Querystring Partial Partially supported ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✔️ ✖︎ Partial ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️

Method Needs help Not sure if it is supported ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️

ClientIP ✖︎ ✔️

Notes

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

5. Upstream probes/resiliency

Healthchecks ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️

Retries ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ Partial ✖︎ Needs help ✖︎ ✔️

Circuit Breaker ✖︎ ✔️ ✔️ ✖︎ ✔️ ✔️ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ Needs help ✖︎ ✖︎

Notes

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

6.Load balancer strategies

Round robin ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Sticky sessions ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Partial ✔️ ✔️ ✔️ ✔️

Least connections ✖︎ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✔️ ✔️ ✔️ ✔️

Ring hash ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✖︎ ✔️ Needs help ✔️ ✖︎ ✔️

Maglev ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✖︎

Exponential-Weighted-Moving-Average ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ��︎ ✖︎ ✖︎

Notes

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

7. Authentication

Basic auth ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✔️

External Auth ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✖︎

Client certificate ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Partial ✔️ ✖︎ ✖︎ ✔️

OAuth ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎

OpenID ✖︎ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✖︎

JWT ✖︎ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ Partial

LDAP ✖︎ ✔️ ✖︎ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✔️ ✔️ ✖︎ ✖︎ ✔️ ✖︎ ✔️

HMAC ✖︎ ✔️ ✔️ ✖︎ Needs help ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎

SAML ✖︎ ✔️

Notes

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

8. Observability

Metrics ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️

Tracing ✔️ ✔️ ✔️ ✔️ ✔️ Needs help ✖︎ Needs help ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Needs help ✖︎ ✖︎

Notes

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

9. Kubernetes Integration

State Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes, Nomad Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes

CRD ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✔️ ✔️ ✔️ ✔️ Needs help ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️

Scope Clusterwide and namespace Clusterwide and namespace namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide Clusterwide and namespace Clusterwide, namespace & Multi cluster

Support for the Service API (Ingress v2) ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ Needs help Experimental ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎

Integrates with service meshes ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ Needs help ✔️ ✖︎ ✔️ ✔️ ✔️ ✖︎ ✔️ Needs help ✖︎ ✖︎

Notes

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

10. Traffic shaping

Canary ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✔️

Session Affinity ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Dark launch ✔️ Needs help ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✔️

Notes blue-green and A/B or more generic Tee (think UNIX tee)

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

11. Interface

Dashboard ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✖︎ Needs help ✔️ ✖︎ ✖︎ Needs help ✖︎ ✔️

Billing and reporting ✖︎ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✖︎ Needs help ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✔️

Developer portal ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✖︎ ✔️

Notes Skipper is built as library

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

12. Performance

Elastic HA ✔️

DPDK ✔️

TCP Segmentation Offload ✔️

Generic Receive Offload ✔️

Receive Side Scaling ✔️

Notes

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

<---WIP--->

13. Other

Hot reloading ✖︎ Needs help ✔️ Needs help ✔️ ✔️ Needs help ✔️ ✔️ ✔️ Needs help ✖︎ ✔️ Needs help Needs help Needs help ✔️

LetsEncrypt Integration ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✖︎

Transparent update of certificates ✔️

Wildcard certificate support ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️

Rolling Upgrades ✔️

Global load balancing ✔️

Notes

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

Kubernetes Ingress Controllers
Info
Tags Programming, Kubernetes, Devops, Technology
Type Google Sheet
Published 07/05/2021, 18:48:38

Resources

Kubernetes — Node size
Kubernetes managed services
Service meshes