NI
Uploaded byNGINX, Inc.
PPTX, PDF196 views

Production-Grade Kubernetes With NGINX Ingress Controller

This document discusses the challenges of managing traffic in Kubernetes and presents the NGINX Ingress Controller as a solution for advanced networking needs. It highlights the importance of security and scalability in Kubernetes environments while comparing various ingress controller options. The content also emphasizes the necessity for more sophisticated data protection measures against rising cybersecurity threats.

Embed presentation

Downloaded 22 times
Production-Grade Kubernetes with NGINX Ingress Controller Amir Rawdat Technical Marketing Engineer, NGINX
| ©2020 F5 3 Agenda • Common challenges with managing traffic inside Kubernetes • Taking control of Kubernetes edge networking with NGINX • Choosing the NGINX ingress controller that fits your needs • Staying relevant in Kubernetes when security is top priority • Scaling Ingress Controller provisioning to multiple teams • Q&A
| ©2020 F5 4 Kubernetes becoming platform for developing, testing and running applications Applications are becoming ephemeral by nature This brings limitations to Layer 4 Kubernetes Networking NGINX provides L5-7 networking policies as an alternative to IP addresses Cybersecurity is an ever- growing, ever-complicating field Traditional firewalls and anti virus security is irrelevant or obsolete. Data breaches on the rise and will continue to rise throughout 2021. What we see in the market KUBERNETES-CENTRIC PERSPECTIVE SOURCE: INFORMATION EXAMPLE Adoption of managed and commercial Kubernetes platforms We see rapid adoption of OpenShift and Rancher in the private cloud space EKS and GKE adoption in public cloud
| ©2020 F5 5 MY FAVORITE ARTICLE TITLES But K8s Adoption Brings Complexity “Let’s Use Kubernetes!”N ow You Have 8 Problems” ”Will Complexity Kill Kubernetes?” “Has Kubernetes Already Become To Unnecessarily Complex for Enterprise IT?” ”Why Kubernetes Networking Is Hard – And What You Can Do About It”
| ©2020 F5 6 WHAT’S MISSING IN K8S AND WHAT DO YOU REALLY WANT AND NEED FROM NGINX? Networking: K8s, L4-L7 • K8s, and CNI, provides L4 servicing – IP endpoints • Many, complex options • https://kubernetes.io/docs/concepts/cluster-administration/networking/ • L7 Traffic Management is missing • Service-level access control • SSL/mTLS enforcement • Canary releases, A/B Testing, and blue-green deployments • Circuit breaking • WAF protection • Enter: KIC – Taking control of Kubernetes networking
| ©2020 F5 7 What is the NGINX Ingress Controller ?
| ©2020 F5 8 Special load balancer for Kubernetes environments: • Bridging Kubernetes apps with external services • Configured with the Kubernetes API • Load balancing rules are updated when apps scale up/down CONFIDENTIAL TOPOLOGY What is the NGINX Ingress Controller ?
| ©2020 F5 9 Problems with Ingress Resources • Kubernetes Ingress resources are limited to basic SSL/TLS and HTTP load balancing • Configuration can be further customized with Annotations, ConfigMaps, and templates • Global scoped and not fine grained • Very error prone • Not Secure
| ©2020 F5 10 NGINX Ingress Resources • Native Type-Safe Configuration • Provides advanced app delivery features with native Kubernetes workflow. • Increased modularity and reusability • Finer grained multi-tenancy with NGINX cross-namespacing
| ©2020 F5 11 Confidential – Do Not Distribute
| ©2020 F5 12 Confidential – Do Not Distribute
| ©2020 F5 13 Which NGINX Ingress Controller Should I use ?
| ©2020 F5 14 The top ingress providers for 2020 are NGINX (62%), Envoy (37%), and HAProxy (27%) Top Ingress providers for 2020 CNCF
| ©2020 F5 15 Features Community Ingress Controller NGINX OSS Ingress Controller NGINX Plus Ingress Controller Authors K8s F5 F5 Feature stability Inconsistent Consistent Consistent Performance (reloads) Great Good Excellent Support Community Community F5 Multi-tenant focus Weak Excellent Excellent NGINX Ingress Controller Options https://www.nginx.com/blog/performance-testing-nginx-ingress-controllers-dynamic-kubernetes-cloud- environment/
| ©2020 F5 16 Traffic Policies
| ©2020 F5 17  Zero trust security at the edge – Mutual TLS authentication  JWT/OIDC authentication (SSO)  Rate limiting – Make your apps resilient to traffic overload DEVOPS Traffic Policies
| ©2020 F5 18 Protecting your Kubernetes Apps from Vulnerabilities and Attacks
| ©2020 F5 19 Blocking Threats with NGINX App Protect SECURE PERIMETER FOR YOUR APPLICATIONS IN KUBERNETES
| ©2020 F5 20  Consolidating the NGINX Ingress Controller with a battle tested WAF  Configuration is fully managed by the Kubernetes API  Leverage Kubernetes RBAC to securely delegate WAF configurations to a dedicated DevSecOps team  Block unrecognized threats with user defined signatures WAF Blocking Threats with NGINX App Protect
| ©2020 F5 21  Get Started with the NGINX Ingress Controller -- https://github.com/nginxinc/kubernetes-ingress  Get a free trial of NGINX Plus Ingress Controller -- https://www.nginx.com/free-trial- request-nginx-ingress-controller/  Download the Complete NGINX Cookbook -- https://go.f5.net/cookbook Get Started Today !!
Q&A Contact Us: Amir Rawdat: a.rawdat@f5.com NGINX: sales@nginx.com

More Related Content

PDF
Deploy Application on Kubernetes
byOpsta
 
PPTX
Jenkins
bypenetration Tester
 
PPSX
Microservices Docker Kubernetes Istio Kanban DevOps SRE
byAraf Karsh Hamid
 
PPSX
Microservices, DevOps & SRE
byAraf Karsh Hamid
 
PDF
Kubernetes
byMeng-Ze Lee
 
PDF
How OpenShift SDN helps to automate
byIlkka Tengvall
 
PPSX
Microservices Testing Strategies JUnit Cucumber Mockito Pact
byAraf Karsh Hamid
 
PPSX
Docker Kubernetes Istio
byAraf Karsh Hamid
 
Deploy Application on Kubernetes
byOpsta
 
Jenkins
bypenetration Tester
 
Microservices Docker Kubernetes Istio Kanban DevOps SRE
byAraf Karsh Hamid
 
Microservices, DevOps & SRE
byAraf Karsh Hamid
 
Kubernetes
byMeng-Ze Lee
 
How OpenShift SDN helps to automate
byIlkka Tengvall
 
Microservices Testing Strategies JUnit Cucumber Mockito Pact
byAraf Karsh Hamid
 
Docker Kubernetes Istio
byAraf Karsh Hamid
 

What's hot

PDF
Kubernetes architecture
byJanakiram MSV
 
PDF
OpenShift-Technical-Overview.pdf
byJuanSalinas593459
 
PDF
Kubernetes Secrets Management on Production with Demo
byOpsta
 
ODP
Introduction to Ansible
byKnoldus Inc.
 
PPTX
Kubernetes Introduction
byMartin Danielsson
 
PDF
Kubernetes 101
byCrevise Technologies
 
PPSX
Elastic-Engineering
byAraf Karsh Hamid
 
PDF
Hands-On Introduction to Kubernetes at LISA17
byRyan Jarvinen
 
PPTX
Docker 101 - Nov 2016
byDocker, Inc.
 
PPTX
Kubernetes PPT.pptx
byssuser0cc9131
 
PDF
Introduction to Kubernetes Workshop
byBob Killen
 
PDF
Gitops: the kubernetes way
bysparkfabrik
 
PDF
Kubernetes Introduction
byPeng Xiao
 
PPTX
Microservices Part 3 Service Mesh and Kafka
byAraf Karsh Hamid
 
PDF
Kubernetes: A Short Introduction (2019)
byMegan O'Keefe
 
PPTX
A brief study on Kubernetes and its components
byRamit Surana
 
PDF
Kubernetes Networking
byCJ Cullen
 
PDF
Kubernetes Basics
byEueung Mulyana
 
PDF
OpenShift Overview
byroundman
 
PDF
OpenShift 4, the smarter Kubernetes platform
byKangaroot
 
Kubernetes architecture
byJanakiram MSV
 
OpenShift-Technical-Overview.pdf
byJuanSalinas593459
 
Kubernetes Secrets Management on Production with Demo
byOpsta
 
Introduction to Ansible
byKnoldus Inc.
 
Kubernetes Introduction
byMartin Danielsson
 
Kubernetes 101
byCrevise Technologies
 
Elastic-Engineering
byAraf Karsh Hamid
 
Hands-On Introduction to Kubernetes at LISA17
byRyan Jarvinen
 
Docker 101 - Nov 2016
byDocker, Inc.
 
Kubernetes PPT.pptx
byssuser0cc9131
 
Introduction to Kubernetes Workshop
byBob Killen
 
Gitops: the kubernetes way
bysparkfabrik
 
Kubernetes Introduction
byPeng Xiao
 
Microservices Part 3 Service Mesh and Kafka
byAraf Karsh Hamid
 
Kubernetes: A Short Introduction (2019)
byMegan O'Keefe
 
A brief study on Kubernetes and its components
byRamit Surana
 
Kubernetes Networking
byCJ Cullen
 
Kubernetes Basics
byEueung Mulyana
 
OpenShift Overview
byroundman
 
OpenShift 4, the smarter Kubernetes platform
byKangaroot
 

Similar to Production-Grade Kubernetes With NGINX Ingress Controller

PPTX
Control Kubernetes Ingress and Egress Together with NGINX
byNGINX, Inc.
 
PDF
Control Kubernetes Ingress and Egress Together with NGINX
byNGINX, Inc.
 
PDF
Relevez les défis Kubernetes avec NGINX
byNGINX, Inc.
 
PDF
Get the Most Out of Kubernetes with NGINX
byNGINX, Inc.
 
PDF
Securing Your Apps & APIs in the Cloud
byOlivia LaMar
 
PDF
Kubernetes Networking
byNGINX, Inc.
 
PPTX
NGINX Kubernetes Ingress Controller: Getting Started – EMEA
byAine Long
 
PDF
Deploying NGINX in Cloud Native Kubernetes
byKangaroot
 
PDF
Using NGINX and NGINX Plus as a Kubernetes Ingress
byKevin Jones
 
PDF
Load Balancing Applications on Kubernetes with NGINX
byAine Long
 
PDF
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...
byNGINX, Inc.
 
PDF
Mastering kubernetes ingress nginx
bySidhartha Mani
 
PPTX
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
byOlivia LaMar
 
PDF
NGINX Ingress Controller for Kubernetes
byNGINX, Inc.
 
PPTX
API Workloads on Kubernetes | Show Code Part 4
byNGINX, Inc.
 
PPTX
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
byKatherine Bagood
 
PDF
Application Security with NGINX
byNGINX, Inc.
 
PPTX
Modernizing Applications by Replacing F5 with the NGINX Application Delivery ...
byNGINX, Inc.
 
PPTX
Security and Observability of Application Traffic in Kubernetes
byAkshay Mathur
 
PDF
Ingress controller present, past and future
byJuraj Hantak
 
Control Kubernetes Ingress and Egress Together with NGINX
byNGINX, Inc.
 
Control Kubernetes Ingress and Egress Together with NGINX
byNGINX, Inc.
 
Relevez les défis Kubernetes avec NGINX
byNGINX, Inc.
 
Get the Most Out of Kubernetes with NGINX
byNGINX, Inc.
 
Securing Your Apps & APIs in the Cloud
byOlivia LaMar
 
Kubernetes Networking
byNGINX, Inc.
 
NGINX Kubernetes Ingress Controller: Getting Started – EMEA
byAine Long
 
Deploying NGINX in Cloud Native Kubernetes
byKangaroot
 
Using NGINX and NGINX Plus as a Kubernetes Ingress
byKevin Jones
 
Load Balancing Applications on Kubernetes with NGINX
byAine Long
 
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...
byNGINX, Inc.
 
Mastering kubernetes ingress nginx
bySidhartha Mani
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
byOlivia LaMar
 
NGINX Ingress Controller for Kubernetes
byNGINX, Inc.
 
API Workloads on Kubernetes | Show Code Part 4
byNGINX, Inc.
 
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
byKatherine Bagood
 
Application Security with NGINX
byNGINX, Inc.
 
Modernizing Applications by Replacing F5 with the NGINX Application Delivery ...
byNGINX, Inc.
 
Security and Observability of Application Traffic in Kubernetes
byAkshay Mathur
 
Ingress controller present, past and future
byJuraj Hantak
 

More from NGINX, Inc.

PDF
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
byNGINX, Inc.
 
PDF
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
byNGINX, Inc.
 
PDF
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
byNGINX, Inc.
 
PPTX
Get Hands-On with NGINX and QUIC+HTTP/3
byNGINX, Inc.
 
PPTX
Managing Kubernetes Cost and Performance with NGINX & Kubecost
byNGINX, Inc.
 
PDF
Manage Microservices Chaos and Complexity with Observability
byNGINX, Inc.
 
PDF
Accelerate Microservices Deployments with Automation
byNGINX, Inc.
 
PDF
Unit 2: Microservices Secrets Management 101
byNGINX, Inc.
 
PDF
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
byNGINX, Inc.
 
PDF
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
byNGINX, Inc.
 
PDF
Easily View, Manage, and Scale Your App Security with F5 NGINX
byNGINX, Inc.
 
PDF
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
byNGINX, Inc.
 
PDF
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
byNGINX, Inc.
 
PPTX
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
byNGINX, Inc.
 
PPTX
Protecting Apps from Hacks in Kubernetes with NGINX
byNGINX, Inc.
 
PPTX
NGINX Kubernetes API
byNGINX, Inc.
 
PPTX
Successfully Implement Your API Strategy with NGINX
byNGINX, Inc.
 
PPTX
Installing and Configuring NGINX Open Source
byNGINX, Inc.
 
PPTX
Shift Left for More Secure Apps with F5 NGINX
byNGINX, Inc.
 
PPTX
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
byNGINX, Inc.
 
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
byNGINX, Inc.
 
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
byNGINX, Inc.
 
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
byNGINX, Inc.
 
Get Hands-On with NGINX and QUIC+HTTP/3
byNGINX, Inc.
 
Managing Kubernetes Cost and Performance with NGINX & Kubecost
byNGINX, Inc.
 
Manage Microservices Chaos and Complexity with Observability
byNGINX, Inc.
 
Accelerate Microservices Deployments with Automation
byNGINX, Inc.
 
Unit 2: Microservices Secrets Management 101
byNGINX, Inc.
 
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
byNGINX, Inc.
 
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
byNGINX, Inc.
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
byNGINX, Inc.
 
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
byNGINX, Inc.
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
byNGINX, Inc.
 
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
byNGINX, Inc.
 
Protecting Apps from Hacks in Kubernetes with NGINX
byNGINX, Inc.
 
NGINX Kubernetes API
byNGINX, Inc.
 
Successfully Implement Your API Strategy with NGINX
byNGINX, Inc.
 
Installing and Configuring NGINX Open Source
byNGINX, Inc.
 
Shift Left for More Secure Apps with F5 NGINX
byNGINX, Inc.
 
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
byNGINX, Inc.
 

Recently uploaded

PDF
Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architectu...
byCheryl Hung
 
PPTX
Guardrails in Action - Ensuring Safe AI with Azure AI Content Safety.pptx
byUdaiappa Ramachandran
 
PDF
Crane Accident Prevention Guide: Key OSHA Regulations for Safer Operations
bySharpEagle Technology
 
PDF
So You Want to Work at Google | DevFest Seattle 2025
byMargaret Maynard-Reid
 
PPTX
Leon Brands - Intro to GPU Occlusion (Graphics Programming Conference 2024)
byleonbrands1998
 
PDF
"DISC as GPS for team leaders: how to lead a team from storming to performing...
byFwdays
 
PDF
[BDD 2025 - Mobile Development] Mobile Engineer and Software Engineer: Are we...
bywintari3
 
PPTX
MuleSoft AI Series : Introduction to MCP
byMulesoftMunichMeetup
 
PDF
Accessibility & Inclusion: What Comes Next. Presentation of the Digital Acces...
byAssociazione Digital Days
 
PDF
PCCC25(設立25年記念PCクラスタシンポジウム):エヌビディア合同会社 テーマ2「NVIDIA BlueField-4 DPU」
byPC Cluster Consortium
 
PDF
[BDD 2025 - Artificial Intelligence] AI for the Underdogs: Innovation for Sma...
byWintari Yasmin
 
PDF
Parallel Computing BCS702 Module notes of the vtu college 7th sem 4.pdf
byMatheshVishnu
 
PDF
Transcript: The partnership effect: Libraries and publishers on collaborating...
byBookNet Canada
 
PDF
[BDD 2025 - Mobile Development] Crafting Immersive UI with E2E and AGSL Shade...
byWintari Yasmin
 
PDF
The Evolving Role of the CEO in the Age of AI
byPipal Tree Services Executive Search Firm
 
PPTX
kernel PPT (Explanation of Windows Kernal).pptx
byINFOBYTES1
 
PDF
Mastering Agentic Orchestration with UiPath Maestro | Hands on Workshop
byUiPathCommunity
 
PPTX
The power of Slack and MuleSoft | Bangalore MuleSoft Meetup #60
byshyamraj55
 
PDF
[BDD 2025 - Full-Stack Development] Agentic AI Architecture: Redefining Syste...
byWintari Yasmin
 
PDF
[BDD 2025 - Full-Stack Development] Digital Accessibility: Why Developers nee...
bywintari3
 
Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architectu...
byCheryl Hung
 
Guardrails in Action - Ensuring Safe AI with Azure AI Content Safety.pptx
byUdaiappa Ramachandran
 
Crane Accident Prevention Guide: Key OSHA Regulations for Safer Operations
bySharpEagle Technology
 
So You Want to Work at Google | DevFest Seattle 2025
byMargaret Maynard-Reid
 
Leon Brands - Intro to GPU Occlusion (Graphics Programming Conference 2024)
byleonbrands1998
 
"DISC as GPS for team leaders: how to lead a team from storming to performing...
byFwdays
 
[BDD 2025 - Mobile Development] Mobile Engineer and Software Engineer: Are we...
bywintari3
 
MuleSoft AI Series : Introduction to MCP
byMulesoftMunichMeetup
 
Accessibility & Inclusion: What Comes Next. Presentation of the Digital Acces...
byAssociazione Digital Days
 
PCCC25(設立25年記念PCクラスタシンポジウム):エヌビディア合同会社 テーマ2「NVIDIA BlueField-4 DPU」
byPC Cluster Consortium
 
[BDD 2025 - Artificial Intelligence] AI for the Underdogs: Innovation for Sma...
byWintari Yasmin
 
Parallel Computing BCS702 Module notes of the vtu college 7th sem 4.pdf
byMatheshVishnu
 
Transcript: The partnership effect: Libraries and publishers on collaborating...
byBookNet Canada
 
[BDD 2025 - Mobile Development] Crafting Immersive UI with E2E and AGSL Shade...
byWintari Yasmin
 
The Evolving Role of the CEO in the Age of AI
byPipal Tree Services Executive Search Firm
 
kernel PPT (Explanation of Windows Kernal).pptx
byINFOBYTES1
 
Mastering Agentic Orchestration with UiPath Maestro | Hands on Workshop
byUiPathCommunity
 
The power of Slack and MuleSoft | Bangalore MuleSoft Meetup #60
byshyamraj55
 
[BDD 2025 - Full-Stack Development] Agentic AI Architecture: Redefining Syste...
byWintari Yasmin
 
[BDD 2025 - Full-Stack Development] Digital Accessibility: Why Developers nee...
bywintari3
 
In this document
Powered by AI

Amir Rawdat introduces the challenges and solutions of managing Kubernetes traffic with NGINX.

Amir Rawdat introduces the challenges and solutions of managing Kubernetes traffic with NGINX.

Highlights the rise of Kubernetes and its complexities in networking; enumerates common issues faced with Kubernetes adoption.

Discusses missing features in Kubernetes, specifically the need for L7 traffic management and enhanced security protocols.

Introduces NGINX Ingress Controller as a specialized load balancer for Kubernetes to manage external service connections.

Examines the limitations of basic Ingress resources in Kubernetes, including security and customization issues.

Describes advanced features of NGINX Ingress, including type-safe configuration and better modularity.

Discusses various NGINX Ingress Controllers available, their market share, and differences in features.

Explains the importance of traffic security policies including mutual TLS and rate limiting for resilience.

Focuses on using NGINX App Protect to block threats and configure WAF to secure Kubernetes applications.

Provides resources for getting started with NGINX Ingress Controller and contact information for further inquiries.

Production-Grade Kubernetes With NGINX Ingress Controller

  • 1.
    Production-Grade Kubernetes with NGINX Ingress Controller AmirRawdat Technical Marketing Engineer, NGINX
  • 3.
    | ©2020 F5 3 Agenda •Common challenges with managing traffic inside Kubernetes • Taking control of Kubernetes edge networking with NGINX • Choosing the NGINX ingress controller that fits your needs • Staying relevant in Kubernetes when security is top priority • Scaling Ingress Controller provisioning to multiple teams • Q&A
  • 4.
    | ©2020 F5 4 Kubernetesbecoming platform for developing, testing and running applications Applications are becoming ephemeral by nature This brings limitations to Layer 4 Kubernetes Networking NGINX provides L5-7 networking policies as an alternative to IP addresses Cybersecurity is an ever- growing, ever-complicating field Traditional firewalls and anti virus security is irrelevant or obsolete. Data breaches on the rise and will continue to rise throughout 2021. What we see in the market KUBERNETES-CENTRIC PERSPECTIVE SOURCE: INFORMATION EXAMPLE Adoption of managed and commercial Kubernetes platforms We see rapid adoption of OpenShift and Rancher in the private cloud space EKS and GKE adoption in public cloud
  • 5.
    | ©2020 F5 5 MYFAVORITE ARTICLE TITLES But K8s Adoption Brings Complexity “Let’s Use Kubernetes!”N ow You Have 8 Problems” ”Will Complexity Kill Kubernetes?” “Has Kubernetes Already Become To Unnecessarily Complex for Enterprise IT?” ”Why Kubernetes Networking Is Hard – And What You Can Do About It”
  • 6.
    | ©2020 F5 6 WHAT’SMISSING IN K8S AND WHAT DO YOU REALLY WANT AND NEED FROM NGINX? Networking: K8s, L4-L7 • K8s, and CNI, provides L4 servicing – IP endpoints • Many, complex options • https://kubernetes.io/docs/concepts/cluster-administration/networking/ • L7 Traffic Management is missing • Service-level access control • SSL/mTLS enforcement • Canary releases, A/B Testing, and blue-green deployments • Circuit breaking • WAF protection • Enter: KIC – Taking control of Kubernetes networking
  • 7.
    | ©2020 F5 7 Whatis the NGINX Ingress Controller ?
  • 8.
    | ©2020 F5 8 Specialload balancer for Kubernetes environments: • Bridging Kubernetes apps with external services • Configured with the Kubernetes API • Load balancing rules are updated when apps scale up/down CONFIDENTIAL TOPOLOGY What is the NGINX Ingress Controller ?
  • 9.
    | ©2020 F5 9 Problemswith Ingress Resources • Kubernetes Ingress resources are limited to basic SSL/TLS and HTTP load balancing • Configuration can be further customized with Annotations, ConfigMaps, and templates • Global scoped and not fine grained • Very error prone • Not Secure
  • 10.
    | ©2020 F5 10 NGINXIngress Resources • Native Type-Safe Configuration • Provides advanced app delivery features with native Kubernetes workflow. • Increased modularity and reusability • Finer grained multi-tenancy with NGINX cross-namespacing
  • 11.
    | ©2020 F5 11Confidential – Do Not Distribute
  • 12.
    | ©2020 F5 12Confidential – Do Not Distribute
  • 13.
    | ©2020 F5 13 WhichNGINX Ingress Controller Should I use ?
  • 14.
    | ©2020 F5 14 Thetop ingress providers for 2020 are NGINX (62%), Envoy (37%), and HAProxy (27%) Top Ingress providers for 2020 CNCF
  • 15.
    | ©2020 F5 15 FeaturesCommunity Ingress Controller NGINX OSS Ingress Controller NGINX Plus Ingress Controller Authors K8s F5 F5 Feature stability Inconsistent Consistent Consistent Performance (reloads) Great Good Excellent Support Community Community F5 Multi-tenant focus Weak Excellent Excellent NGINX Ingress Controller Options https://www.nginx.com/blog/performance-testing-nginx-ingress-controllers-dynamic-kubernetes-cloud- environment/
  • 16.
  • 17.
    | ©2020 F5 17 Zero trust security at the edge – Mutual TLS authentication  JWT/OIDC authentication (SSO)  Rate limiting – Make your apps resilient to traffic overload DEVOPS Traffic Policies
  • 18.
    | ©2020 F5 18 Protectingyour Kubernetes Apps from Vulnerabilities and Attacks
  • 19.
    | ©2020 F5 19 BlockingThreats with NGINX App Protect SECURE PERIMETER FOR YOUR APPLICATIONS IN KUBERNETES
  • 20.
    | ©2020 F5 20 Consolidating the NGINX Ingress Controller with a battle tested WAF  Configuration is fully managed by the Kubernetes API  Leverage Kubernetes RBAC to securely delegate WAF configurations to a dedicated DevSecOps team  Block unrecognized threats with user defined signatures WAF Blocking Threats with NGINX App Protect
  • 21.
    | ©2020 F5 21 Get Started with the NGINX Ingress Controller -- https://github.com/nginxinc/kubernetes-ingress  Get a free trial of NGINX Plus Ingress Controller -- https://www.nginx.com/free-trial- request-nginx-ingress-controller/  Download the Complete NGINX Cookbook -- https://go.f5.net/cookbook Get Started Today !!
  • 22.
    Q&A Contact Us: Amir Rawdat:a.rawdat@f5.com NGINX: sales@nginx.com

Editor's Notes

  • #2 A couple house keeping items: 1. All attendees for todays session will receive a $25 gift card from our marketing teams within 24-48 hours) 2. We're going to play a little trivia in a moment and we ask that you please type your responses in the chat window – the first person to answer correctly will win some NGINX Swag 3. I will be moderating the chat window so if you have questions as Amir is going through his discussion points, please enter them and we will be sure to answer those. If we don't get to them during the session today, we will certainly get the answers for you following todays call 4. I wanted to point out, that we are also doing more hands-on lab sessions around various NGINX solutions (KIC being one of them) so, please send me your email in a DM if you'd like to get registered for this or receive further information. These labs are usually 3-4 hours and Amir can share a little more detail on what they entail. Amir...
  • #5 Cybersecurity is an ever-growing, ever-complicating field Authentication is enforced independent of IP addresses Both the client and server before connections are accepted.   Broader shift away from perimeter focused, firewall-based security to where security is everywhere and is based on identity (such as identity of applications sharing or requesting information) 
  • #8 While we can’t solve all of the complexity that comes with K8s, we can offer up a simpler and more secure way to manage all service-to-service traffic.
  • #13 Delegate security, and traffic control to each team. Configure the ingress networking for applications pods inside their respective namespace.
  • #14 While we can’t solve all of the complexity that comes with K8s, we can offer up a simpler and more secure way to manage all service-to-service traffic.
  • #16 Multi-tenant focus:
  • #17 While we can’t solve all of the complexity that comes with K8s, we can offer up a simpler and more secure way to manage all service-to-service traffic.
  • #19 While we can’t solve all of the complexity that comes with K8s, we can offer up a simpler and more secure way to manage all service-to-service traffic.