Comparison Among Top Ingress Controllers For Kubernetes
Harshit Mehndiratta
Harshit Mehndiratta
July 08, 2020
/
6 minutes read

Comparison Among Top Ingress Controllers For Kubernetes

You need to realize that deploying a Kubernetes cluster for a particular application has many essential requirements. Choosing an ingress controller is one of those. An Ingress controller for Kubernetes is a resource that helps in connecting the outside world to clusters and helps define a particular set of rules, so user requests for accessing a specific microservice are correctly processed.

Choosing the right ingress controller is also of paramount importance when considering that there will be loads of traffic coming on your Kubernetes cluster.

Keeping that in mind, we have curated a list of notable ingress controllers you can deploy into your production-grade environments for easy and effective routing.

NGINX Ingress Controller

NGINX is the most secure choice if you prefer not to stress over configuring your ingress controller. You may miss out on features like advanced load balancing algorithms and third-party modules. Still, its load-balancing options, socket support, tracing, and authentication are more than enough for routing beginners.

In general, Nginx is selected as a ‘default’ ingress controller since it does not require third-party modules to run. NGINX Inc. holds full control of all the moving parts, from NGINX to the controller. Anyway, the downside to utilizing the NGINX Ingress controller is it has no support for dynamic designs. Each time a new Kubernetes endpoint is defined, an NGINX reload is needed.

However, the business variant NGINX Plus offers NGINX modules that not only provide dynamic design changes without the need to restart NGINX. It also supports JWT validation for secure transmission, health checks, directing TCP/UDP traffic, and more.

NGINX Plus is also widely used by professionals and the Kubernetes community because of its seamless integration of third-party modules, which doesn’t require altering base images for installation and configuration.

Kong Ingress

Kong Ingress developed by Kong Inc is built upon NGINX ingress controller with the addition of expandable modules to broaden its capabilities.

Kong, at first was not evolved to work as an independent ingress controller. It was centered around the routing and handling of API requests, working as an API Gateway. But, Kong Inc has added so much functionality in previous years that you cannot argue on its working as a full-fledged Ingress controller. Kong’s standout feature is its set of extra modules/plugins, which opens the path to a wide variety of additional features over the traditional NGINX ingress controller. These plugins/modules are readily available from third-party developers, and they are anything but easy to configure and install.

Another significant feature of Kong, which makes it a choice of many developers, is its capacity to run inside one environment. Kong doesn’t support cross namespace, which means the ingress controller’s functionality is limited to a particular namespace, This can be a beneficial feature or a drawback for developers as some will think it is a waste of time to create instances of service for every namespace. At the same time, some will believe that it provides a more elevated level of security by decreasing the malfunction of a controller to a single namespace.

Kong Ingress, as an ingress controller, has two variants: business and free. The free version does provide access to some plugins. To get the maximum functionality of Kong, you will require the paid option with a vibrant ecosystem of modules/plugins and a dashboard that makes routing easy and effective.

Traefik

Traefik has gotten amazingly well known in the Ingress controller circle, and some extraordinary features make it worthy of its popularity. Traefik as an ingress controller is extremely simple, dynamic, and easy to integrate with any Kubernetes environment. It provides full support for various protocols such as TCP, HTTP, and HTTP while providing great load balancing features.

Initially, Traefik was used as a proxy to handle routing requests for microservices. The constant addition of new features over the years has made it an excellent tool for routing Kubernetes clusters. Traefik can manage multiple instances of a program while providing various load balancing algorithms for different instances.

All the traffic routed using Traefik goes through Let’s Encrypt certificate system out of the box to provide more secure HTTPS communication. It also supports HTTP/2 as a protocol very well if you want to secure the network communication with another layer.

Unlike other Kubernetes ingress controllers, Traefik is not based on NGINX. It is an open-source project which has ultimately evolve on its own over the years. So, at any point, if you run into issues while utilizing Traefik, you can depend on the premium help offered in the paid version of this ingress controller.

HAProxy

HAProxy, which stands for High Availability Proxy, is another open-source ingress controller which supports load balancing. As a single-purpose tool, it improves the performance of a server environment by distributing the workload across multiple servers.

HAProxy has improved with its every release in the market and has gained stability over the years, which is the reason numerous Kubernetes users use HAProxy for load balancing. With some configuring, you can run a highly balanced cluster ready to handle all sorts of server overloads and traffic.

Depending on your requirements to balance the load, there are three popular load balancing techniques: Round-Robin, IP Hash, Least Connections. But HA proxy doubles that list by providing more load balancing techniques such as static-RR, first source, and url_param. See the HAProxy Configuration Manual for a complete list of techniques.

HAProxy is also quite thorough when it comes to providing metrics per site. It provides a comprehensive list of 61 different metrics. See section 9 for a full list of available metrics. The UI is user-friendly, and the integration of other third-party monitoring tools such as Datadog is easy and quick.

The only drawback to HAProxy is that it is a standalone load balancing solution compared to other Nginx based ingress controllers, which provides web server functionality.

Comparison Matrix

NGINX Kong Traefik HAproxy
Supported Protocols http/https, http2, grpc, tcp/udp http/https, http2, grpc, tcp (l4) http/https, http2 (h2c), grpc, tcp, tcp+tls http/https, http2, grpc, tcp, tcp+tls
Built upon nginx/nginx plus nginx traefik haproxy
Routing logic host, path, header, method, query param (all with regex expect host) host, path, method, header * host (regex), path (regex), headers (regex), query, path prefix, method host, path
Scope Cluster or specified namespaces Specified namespace Cluster or specified namespaces Cluster or specified namespaces
Load balancing Algorithms round-robin, least-conn, ip-hash, hash, random, least-time, sticky sessions weighted-round-robin, sticky sessions weighted-round-robin, dynamic-round-robin, sticky sessions round-robin, static-rr, leastconn, first, source, uri, url_param, header, sticky sessions
Authentication Protocols Basic, Client cert, external Basic, external OAuth Basic, HMAC, Key, LDAP, OAuth 2.0, PASETO, OpenID Connect ** Basic, auth-url, auth-tls, external auth Basic, OAuth, Auth TLS
GUI (Graphical User Interface) Yes * ** Yes * ** Yes No
Request Tracing Yes Yes Yes No
24/7 Technical Support Yes * Yes * Yes * Yes *

* Enterprise/paid edition only

** Module has to be installed

Final Thoughts

All ingress controllers mentioned above are extremely helpful. But there is no winner since every ingress controller has a different set of features that will suit the production environments differently. However, it is essential to define a starting point so you can start experimenting.

The default choice is always Nginx ingress. It is the one that most beginners and Kubernetes community people use because of its reliability and ease of use. You can also upgrade to business variant NGINX Plus if you want more customization, security, and quality.

Use Kong if you are more about the integration of third-party modules/plugins for routing. It offers a lot in its commercial version. Lastly, go for Traefik and HAproxy if you have more requirements for authentication and balancing. They have introduced a lot of options over the years and continues to grow with their capabilities.

message