NGINX Ingress Controller for Kubernetes

NGINX as an Ingress Controller by Michael Pleshakov, Platform Integration Engineer, NGINX

Speaker Info 2 Michael Pleshakov Platform Integration Engineer at NGINX michael@nginx.com

Agenda 1. What is NGINX Ingress Controller? 2. Basic demo 3. Advanced configuration options/demo 4. Custom annotations/demo 5. NGINX and NGINX Plus

NGINX on Kubernetes 4 Kubernetes cluster $ kubectl apply -f shapes.yaml$ kubectl ? How to configure NGINX? Users

Ingress Resource 5 Kubernetes cluster apiVersion: extensions/v1beta1 kind: Ingress metadata: name: shapes spec: rules: - host: shapes.example.com http: paths: - path: /circles backend: serviceName: circles servicePort: 80 - path: /triangles backend: serviceName: triangles servicePort: 8080

NGINX on Kubernetes 6 Kubernetes cluster $ kubectl apply -f shapes.yaml$ kubectl ? How to configure NGINX? Users $ kubectl apply –f shapes-ingress.yaml

NGINX Ingress Controller 7 NGINX Ingress Controller Ingress 1 Ingress 2 Ingress N ConfigureGet updates Run inside the cluster in the same pod

Kubernetes cluster Demo 8 IC Users L3/L4 LB

Config Generation - ConfigMap 9 http { . . . include /etc/nginx/conf.d/*.conf; } # ingress-1 upstream { . . . } server { . . . } # ingress-2 upstream { . . . } server { . . . } nginx.tmplConfigMap /etc/nginx/nginx.conf /etc/nginx/conf.d/

ConfigMap 10 kind: ConfigMap apiVersion: v1 metadata: name: nginx-config namespace: nginx-ingress data: worker-processes: "1" log-format: '[$time_local] $remote_addr "$request" $status "$upstream_response_time"' nginx-config-1.yaml

Config Generation - Ingress 11 http { . . . include /etc/nginx/conf.d/*.conf; } # ingress-1 upstream { . . . } server { . . . } # ingress-2 upstream { . . . } server { . . . } nginx.tmplConfigMap /etc/nginx/nginx.conf /etc/nginx/conf.d/ nginx. ingress.tmpl Ingress

Config Generation - ConfigMap 12 http { . . . include /etc/nginx/conf.d/*.conf; } # ingress-1 upstream { . . . } server { . . . } # ingress-2 upstream { . . . } server { . . . } nginx.tmplConfigMap /etc/nginx/nginx.conf /etc/nginx/conf.d/ nginx. ingress.tmpl Ingress ConfigMap

ConfigMap 13 kind: ConfigMap apiVersion: v1 metadata: name: nginx-config namespace: nginx-ingress data: worker-processes: "1" log-format: '[$time_local] $remote_addr "$request" $status "$upstream_response_time"' lb-method: "least_conn" nginx-config-2.yaml

Config Generation - Annotations 14 http { . . . include /etc/nginx/conf.d/*.conf; } # ingress-1 upstream { . . . } server { . . . } # ingress-2 upstream { . . . } server { . . . } nginx.tmplConfigMap /etc/nginx/nginx.conf /etc/nginx/conf.d/ nginx. ingress.tmpl Ingress ConfigMap Annotations

Annotations 15 apiVersion: extensions/v1beta1 kind: Ingress metadata: name: shapes-ingress annotations: kubernetes.io/ingress.class: "nginx" nginx.org/lb-method: "random" spec: rules: - host: shapes.example.com http: paths: - path: /circles backend: serviceName: circles servicePort: 80 - path: /triangles backend: serviceName: triangles servicePort: 80 shapes-ingress-1.yaml

Snippets - ConfigMap 16 user nginx; . . . http { . . . include /etc/nginx/conf.d/*.conf } main-snippets http-snippets upstream one { . . . } # 1 or more server { . . . # one or more location /path { . . . } } server-snippets location-snippets

Snippets - Annotations 17 upstream one { . . . } # 1 or more server { . . . # one or more location /path { . . . } } nginx.org/server-snippets nginx.org/location-snippets Annotations override ConfigMap keys

Snippets 18 apiVersion: extensions/v1beta1 kind: Ingress metadata: name: shapes-ingress annotations: kubernetes.io/ingress.class: "nginx" nginx.org/lb-method: "random" nginx.org/server-snippets: | location / { return 302 /circles; } spec: rules: - host: shapes.example.com http: paths: . . . shapes-ingress-2.yaml

Custom Templates 19 http { . . . include /etc/nginx/conf.d/*.conf; } # ingress-1 upstream { . . . } server { . . . } # ingress-2 upstream { . . . } server { . . . } nginx.tmplConfigMap /etc/nginx/nginx.conf /etc/nginx/conf.d/ nginx. ingress.tmpl Ingress ConfigMap Annotations nginx.tmpl nginx.ingress.tmpl nginx.ingress.tmpl nginx.tmpl

Config Generation Summary 20 Method Contexts Complexity ConfigMap main, http, server, location, upstream Easy Annotations server, location, upstream Easy Snippets - ConfigMap main, http, server, location Medium Snippets - Annotations server, location Medium Custom Template - nginx.tmpl main, http Hard Custom Template - nginx.ingress.tmpl http, server, location, upstream Hard

Custom Annotations 21 apiVersion: extensions/v1beta1 kind: Ingress metadata: name: shapes-ingress annotations: kubernetes.io/ingress.class: "nginx" custom.nginx.org/rate-limiting: "on" custom.nginx.org/rate-limiting-rate: "5r/s" custom.nginx.org/rate-limiting-burst: "1" spec: rules: - host: ”shapes.example.com" http: paths: - path: /circles backend: serviceName: circles servicePort: 80 - path: /triangles backend: serviceName: triangles servicePort: 80

Custom Annotations 22 apiVersion: extensions/v1beta1 kind: Ingress metadata: name: shapes-ingress annotations: kubernetes.io/ingress.class: "nginx" custom.nginx.org/rate-limiting: "on" custom.nginx.org/rate-limiting-rate: ”1r/s" custom.nginx.org/rate-limiting-burst: ”3" spec: rules: - host: ”shapes.example.com" http: paths: - path: /circles backend: serviceName: circles servicePort: 80 - path: /triangles backend: serviceName: triangles servicePort: 80 # configuration for default/shapes-ingress . . . limit_req_zone $binary_remote_addr zone=default- shapes-ingress:10m rate=1r/s; server { listen 80; . . . location /circles { limit_req zone=default-cafe-ingress burst=3 nodelay; . . . }

Config Generation Summary 23 Method Contexts Complexity ConfigMap main, http, server, location, upstream Easy Annotations server, location, upstream Easy Snippets - ConfigMap main, http, server, location Medium Snippets - Annotations server, location Medium Custom Template - nginx.tmpl main, http Hard Custom Template - nginx.ingress.tmpl http, server, location, upstream Hard Custom Annotations http, server, location, upstream Hard

Config Generation Summary 24 Method Contexts Cmpl for Admin Cmpl for User ConfigMap main, http, server, location, upstream Easy N/A Annotations server, location, upstream Easy Easy Snippets - ConfigMap main, http, server, location Medium N/A Snippets - Annotations server, location Medium Medium Custom Template - nginx.tmpl main, http Hard N/A Custom Template - nginx.ingress.tmpl http, server, location, upstream Hard N/A Custom Annotations http, server, location, upstream Hard Easy

NGINX and NGINX Plus Dynamic reconfiguration of upstream servers Extended real-time and Prometheus metrics JWT validation Session persistence and lb methods Support from NGINX Inc. Available as an Ingress Controller

MORE INFORMATION AT NGINX.COM NGINX Ingress Controllers • NGINX/NGINX Plus Ingress Controllers -- https://github.com/nginxinc/kubernetes-ingress • NGINX Ingress Controller -- https://github.com/kubernetes/ingress-nginx

NGINX Ingress Controllers Aspect of Feature kubernetes/ingress-nginx nginxinc/kubernetes-ingress with NGINX nginxinc/kubernetes- ingress with NGINX Plus Authors Kubernetes community NGINX Inc and community NGINX Inc and community NGINX version Custom NGINX build with third-party modules NGINX official mainline build NGINX Plus Commercial support No No Included Standard Ingress Yes Yes Yes Annotations Yes Yes Yes ConfigMaps Yes Yes Yes TCP/UDP Extension Yes Yes Yes JWT Validation No No Yes Extended Status Yes, via a third-party module No Yes Prometheus Yes Yes (limited) Yes Dynamic Reconfiguration Yes, via a third-party module No Yes

Links • NGINX/NGINX Plus Ingress Controllers -- https://github.com/nginxinc/kubernetes-ingress • Custom Annotations Example -- https://github.com/nginxinc/kubernetes- ingress/tree/master/examples/custom-annotations

NGINX Ingress Controller for Kubernetes

More Related Content

What's hot

Similar to NGINX Ingress Controller for Kubernetes

More from NGINX, Inc.

Recently uploaded

In this document

NGINX Ingress Controller for Kubernetes