Sourceful

Discover the best public
Google docs

Find docs created by community members like you. Give feedback, collaborate and create your own.
 
  1. Home
  2. Google Sheet
  3. Kubernetes Ingress Controllers

Kubernetes Ingress Controllers

How do you choose the *right* Kubernetes Ingress controller when:


- Not all Ingress controllers support UDP

- Only Kong has a free LDAP integration

- Nginx Ingress and HAProxy are the only two ingress without CRDs


Here is a comparison.

programming, Kubernetes, devops, technology

Product/Project Ingress Nginx Kong Apache APISIX Azure App Gateway Ingress Nginx Ingress HAProxy Voyager Istio Ingress Contour Ambassador Gloo Traefik Skipper Citrix Ingress GKE Ingress ALB Ingress

1. General info

Based on nginx nginx nginx nginx + Azure App Gateway nginx haproxy haproxy envoy envoy envoy envoy traefik skipper Citrix ADC GLBC Elastic LB

Documentaion https://kubernetes.github.io/ingress-nginx/ https://github.com/Kong/kubernetes-ingress-controller/tree/main/docs https://github.com/apache/apisix-ingress-controller/blob/master/README.md https://azure.github.io/application-gateway-kubernetes-ingress/ https://docs.nginx.com/nginx-ingress-controller/ https://haproxy-ingress.github.io/docs/ https://voyagermesh.com/docs/v12.0.0/welcome/ https://istio.io/latest/docs/ https://projectcontour.io/docs/main/ https://www.getambassador.io/docs/latest/ https://docs.solo.io/gloo-edge/latest/ https://doc.traefik.io/traefik/ https://opensource.zalando.com/skipper/ https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/ https://cloud.google.com/kubernetes-engine/docs/concepts/ingress https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/

2. Protocols

HTTP/HTTPS ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

HTTP2 Comparison of Kubernetes Ingress controllers ✔️ ✔️ ✔️ Partial ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️

gRPC ✔️ ✔️ Preview ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️

TCP Partial ✔️ Preview ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️

TCP+TLS ✖︎ ✔️ Preview ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️

UDP Partial ✖︎ Preview ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️

Websockets ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Proxy Protocol ✔️ ✔️ ✔️ Needs help ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✖︎ ✔️

QUIC/HTTP3 ✖︎ ✖︎ ✖︎ ✖︎ Preview ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎

WAF ✔️ ✖︎ Partial ✔️ ✔️ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️

Notes

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

4. Clients Leave a comment or drop us a line at [email protected]

Rate limiting (L4) ✔️ Needs help Needs help Partial ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ Needs help

Rate limiting (L7) License: ✔️ ✔️ ✔️ Partial ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ Needs help

Timeouts Apache 2.0 ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Safe-list/Block-list Last updated: ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ Partial ✖︎ ✖︎ ✔️ Needs help ✔️ ✔️ ✔️ ✔️ Needs help

Authentication January 4, 2021 ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Authorisation ✖︎ ✔️ ✔️ ✖︎ Needs help Partial ✖︎ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️

Notes Find more research at:

https://learnk8s.io/research Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

5. Traffic routing

Host ✔️ Supported in Free version ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Path ✔️ Supported in Enterprise version ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Headers ✖︎ Not supported ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️

Querystring Partial Partially supported ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ Partial ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️

Method Needs help Not sure if it is supported ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️

Notes JWT scopes/claims, Cookie, cron, interval, chance, ...

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

6. Upstream probes/resiliency

Healthchecks ✖︎ ✔️ Preview ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️

Retries ✔️ ✔️ Preview ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ Partial ✖︎ Needs help ✖︎

Circuit Breaker ✖︎ ✔️ Preview ✖︎ ✔️ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ Needs help ✔️

Notes

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

7.Load balancer strategies

Round robin ✔️ ✔️ ✔️ ✖︎ ✔️ ✔��� ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Sticky sessions ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Partial ✔️ ✔️ ✔️

Least connections ✖︎ ✔️ ✖︎ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✔️ ✔️ ✔️

Ring hash ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✖︎ ✔️ Needs help ✔️ ✖︎

Maglev ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✖︎

Exponential-Weighted-Moving-Average ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎

Notes

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

8. Authentication

Basic auth ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎

External Auth ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎

Client certificate ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Partial ✔️ ✖︎ ✖︎

OAuth ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔�� ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

OpenID ✖︎ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️

JWT ✖︎ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎

LDAP ✖︎ ✔️ ✖︎ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✔️ ✔️ ✖︎ ✖︎ ✔️ ✖︎

HMAC ✖︎ ✔️ ✔️ ✖︎ Needs help ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✖︎

Notes

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

9. Observability

Metrics ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎

Tracing ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ Needs help ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Needs help ✖︎

Notes

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

10. Kubernetes Integration

State Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes, Nomad Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes

CRD ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ Needs help ✔️ ✔️ ✔️ ✔️ ✖︎

Scope Clusterwide and namespace Clusterwide and namespace namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Namespace Clusterwide and namespace Clusterwide and namespace Clusterwide Clusterwide and namespace

Support for the Service API (Ingress v2) ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ Needs help Experimental ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎

Integrates with service meshes ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ Needs help ✔️ ✖︎ ✔️ ✔️ ✔️ ✖︎ ✔️ Needs help ✖︎

Notes

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

11. Traffic shaping

Canary ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎

Session Affinity ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Dark launch ✔️ Needs help ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎

Notes blue-green and A/B or more generic Tee (think UNIX tee)

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

12. Interface

Dashboard ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✔️ ✖︎ ✖︎ Needs help ✔️ ✖︎ ✖︎ Needs help ✖︎

Billing and reporting ✖︎ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✖︎ Needs help ✖︎ ✖︎ ✖︎ ✔️ ✖︎

Developer portal ✖︎ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✖︎

Notes Skipper is built as library

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

<---WIP--->

13. Other

Hot reloading ✖︎ ✔️

LetsEncrypt Integration ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️

Transparent update of certificates

Wildcard certificate support ✔️ ✔️ ✖︎ ✔️ ✔️

Notes

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

Kubernetes Ingress Controllers
Info
Tags Programming, Kubernetes, Devops, Technology
Type Google Sheet
Published 06/01/2021, 18:54:39

Resources

Kubernetes — Node size
Kubernetes managed services
Service meshes