Add to collection(s) Add to saved
  1. No category
Uploaded by kangakos gcp

NGINX Ingres Controller

advertisement 
NGINX For Modern
Apps Architecture
THE KEY TO DELIVERING GREAT CUSTOMER EXPERIENCES
8 letters
Kubernetes (k8s) 101
2 | ©2020 F5
3 | ©2020 F5
1-min Microservices Concepts
Namespace
Deployment (how to deploy pod)
Deployment: Blue
Service: blue-svc.bluens.local
Deployment: Red
Service: red-svc.redns.local
Master
Worker
Worker
Worker
Worker
Deployment: Yellow
Service: yellow-svc.yellowns.local
Deployment: Purple
Cluster
4 | ©2020 F5
Use Case #6
NGINX Plus - Kubernetes Ingress Controller
Important Benefits not found in
NGINX OSS:
•
•
•
•
•
•
•
5 | ©2020 F5
Advanced Load balancing
Dynamic reconfiguration
JWT authentication
Session persistence
Real-time monitoring
24x7 support
Optional - NGINX App Protect
Ingress / Ingress Controller
Ingress resource
Kubernetes
API
Watch Ingress resource
NGINX
Ingress
Controller
Configures
6 | ©2020 F5
HAProxy
Ingress
Controller
Configures
Two Challenges at Scale
7 | ©2020 F5
Complex Applications
Multitenancy (Teams)
How can you provide the
advanced capabilities that
complex applications require?
How can multiple teams and
applications share a Container
environment safely and securely?
Meet your personas
David
Olivia
Iron
Chris
Dwayne
Super-NetOps
DevOps
Platform Team
SecOps
Cloud Architect
8 | ©2020 F5
NGINX Ingress Resources – Rich Capabilities
Access Control
NGINX server configuration
Rate Limiting
NGINX http configuration
Server and HTTP snippets
Host
TLS
Host
optional
Policies
Host
optional
TLS
Upstreams
TLS
Upstreams
Routes
Upstreams
Routes
pass
-Routes
Path
pass
pass
- Policies
Path
redirect
redirect
- Action
Path
redirect
return
Action
return
Action
return
Split
proxy
Split
proxy
Split
proxy
Match
Match
Match
Route
delegation
Route
delegation
Route
ErrorPage
delegation
ErrorPage
ErrorPage
Auth (JWT, OIDC)
MTLS (Ingress/Egress)
Host
Upstreams
Subroutes
- Path
Policies
Action
Split
Match
ErrorPage
App Protect WAF
Policies
pass
pass
pass
redirect
redirect
redirect
return
return
return
proxy
proxy
proxy
Location snippets
VirtualServerRoute
9 | ©2021 F5
VirtualServer
NGINX location configuration
NGINX+ Ingress Controller
BUILT FOR ALL PERSONAS
10 | ©2020 F5
NGINX Ingress Resources – Distributed Configuration
11 | ©2021 F5
NGINX Ingress Resources – Distributed Configuration
NetOps
DevOps-FE
DevSecOps
DevOps-NG
Identity
12 | ©2021 F5
VirtualServer & VirtualServerRoute
The VirtualServer and VirtualServerRoute resources are new load balancing configuration, enable use cases not
supported with the Ingress resource, such as traffic splitting and advanced content-based routing.
• Ease of configuration
• Less error prone
• Granular controls
VirtualServerRoute
Namespace: coffee
Policy
- ACL
- Rate limiting
- JWT Validation
- Advance Routing
- Persistency
- Traffic Splitting
- etc
VirtualServer
KIC
Namespace: cafe
VirtualServerRoute
Namespace: tea
13 | ©2020 F5
Policy
- ACL
- Rate limiting
- JWT Validation
- Advance Routing
- Persistency
- Traffic Splitting
- etc
Key Takeaways
Against opensource NGINX,
NGINX Plus provides the best-in-class performance and features as Ingress Controller
Against other Ingress Controller,
NGINX Plus provides the best-in-class performance and features as Ingress Controller
Besides performance and features
NGINX Plus as Ingress Controller enable ease of configurations and granular control
If security is important,
NGINX App Protect (NAP) provides a Lightweight, CI/CD friendly, Enterprise grade WAF with
Ingress Controller
If security within cluster (Zero Trust) is important,
NGINX App Protect (NAP) provides a Lightweight, CI/CD friendly, Enterprise grade WAF as PerService WAF, Per-Pod WAF
14 | ©2020 F5
Related documents
IP Ratings (Ingress Protection)
IP Ratings (Ingress Protection)
MiteshKumar SIG 2021 Resume
MiteshKumar SIG 2021 Resume
nginx A practical guide to high performance - Stephen Corona
nginx A practical guide to high performance - Stephen Corona
Download
advertisement