There’s as much confusion as there is chaos in container land. Every day seems to bring some new capability or component to the world of container orchestration environments. That’s necessary, because it’s still maturing as use of containers expands beyond the experimental into the existential.
Speed and scale are amongst the two primary drivers of container deployments. The former is as much about development as it is delivery, and thus the focus on scale. But not just vanilla protocol scale, we’re talking about application scale.
The distinction is important. Containers have been voted most likely to contain microservices, and one of the cardinal rules of microservices is communication via API only. An API that is based on HTTP – not TCP – and thus requires a smarter solution for scale.
Most container orchestration environments come “out of the box” with proxies capable of vanilla scale. That means plain old load balancing (POLB) at the TCP layer. IP addresses and ports are the lingua franca of these proxies. While they do fine in an environment where services are differentiated based on an IP address/port combination, they don’t do so well for applications (services) that are differentiated by HTTP layer characteristics – like API version, or URI, or host name. Those are app layer (HTTP) constructs, and require smarter proxies to both route and scale with the speed desired. These constructs must be taken into consideration upon receipt of a request from a client-side entity, something most vanilla scale solutions for containers can’t provide.
In response to this need rises the notion of Ingress* control. Ingress control is basically app or HTTP routing or layer 7 switching or content switching or any other of a dozen or so names the capability has gone by since the turn of the century. Ingress control assumes service differentiation at the application (HTTP) layer, and accordingly acts upon it when making routing and scaling decisions inside the container environment.
But you can’t just slap a F5 BIG-IP in front of a container environment and call it Ingress control. That’s because an Ingress controller also needs to be integrated with the container orchestration environment to achieve the scale and speed desired. To do that, you need something that lives inside the container environment that natively speaks container orchestration and BIG-IP.
That’s what the BIG-IP Controller for Kubernetes does. It’s a Docker container that runs in a Kubernetes Pod and enables you to use a BIG-IP as a Kubernetes Ingress controller. That means it can read the Kubernetes Ingress resource and automatically configure BIG-IP with the appropriate objects to make sure requests are scaled based on the app layer constructs you desire.
Now, prior to the availability of this controller, folks tended to use BIG-IP to “spray” traffic across a second layer of proxies running inside the container orchestration environment. Those proxies provided Ingress control. There’s a few good reasons to stop doing that, including the recursive headache of running your availability service inside the thing it’s providing availability for.
Other good reasons include:
- Enabling DDoS mitigation
- Take advantage of a web application firewall to protect APIs and apps
- Support IPv6 clients to use IPv4 containerized apps
- Offload TLS to BIG-IP and re-encrypt with self-signed certificates
- Use application acceleration options to improve performance
Whatever the reason might be, the reality is that you can use a BIG-IP as an Ingress controller for Kubernetes. You don’t need two different tiers to scale. Eliminating that second tier of scale will improve speed (of delivery and deployment) and simplify deployments while providing a platform on which you can enable a wide variety of advanced services for security, speed, and scale.
You can read more about the BIG-IP Controller for Kubernetes here, or get it from the Docker hub, here or just pull it directly:
docker pull f5networks/k8s-bigip-ctlr
Scale on.
* Yes, the capital “I” is important, as it distinguishes from traditional network term “ingress” which simply refers to “access into the environment” whereas "Ingress” is used to refer to “HTTP routing”. Yes, we do tend to make things more difficult than they have to be, but such is the world in which developers are implementing network constructs and redefining more than just how apps are delivered.
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...