Name: Kubernetes Ingress Controllers
Brand: Google
SKU: https://docs.google.com/spreadsheets/d/191WWNpjJ2za6-nbG4ZoUMXMpUK8KlCIosvQB0f-oq3k/
Rating: 5 (4 reviews)

Product/Project Ingress Nginx Kong Apache APISIX Azure App Gateway Ingress Nginx+ HAProxy Tech HAProxy (jcmoraisjr) Voyager Istio Ingress Contour Emissary-ingress (ex Ambassador) Gloo Traefik Skipper Citrix Ingress GKE Ingress ALB Ingress AKO KrakenD Tyk

1. General info

Based on nginx nginx nginx nginx + Azure App Gateway nginx haproxy haproxy haproxy envoy envoy envoy envoy traefik skipper Citrix ADC GLBC Elastic LB NSX Advanced LB (Avi) Lura Project (Linux foundation) Golang http server

Documentation https://kubernetes.github.io/ingress-nginx/ https://docs.konghq.com/kubernetes-ingress-controller/latest/ https://github.com/apache/apisix-ingress-controller/blob/master/README.md https://azure.github.io/application-gateway-kubernetes-ingress/ https://docs.nginx.com/nginx-ingress-controller/ https://github.com/haproxytech/kubernetes-ingress https://haproxy-ingress.github.io/docs/ https://voyagermesh.com/docs/v12.0.0/welcome/ https://istio.io/latest/docs/ https://projectcontour.io/docs/main/ https://www.getambassador.io/products/api-gateway/ https://docs.solo.io/gloo-edge/latest/ https://doc.traefik.io/traefik/ https://opensource.zalando.com/skipper/ https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/ https://cloud.google.com/kubernetes-engine/docs/concepts/ingress https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/ https://avinetworks.com/docs/ako/1.3/avi-kubernetes-operator/ https://www.krakend.io/docs/overview/ https://tyk.io/docs/

2. Protocols reference

HTTP/HTTPS ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

HTTP2 Comparison of Kubernetes Ingress controllers ✔️ ✔️ ✔️ Partial ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

HTTP3 (QUIC) Preview ✖︎ ✖︎ ✖︎ Preview ✖︎ ✖︎ ✖︎ Preview ✖︎ ✔️ ✖︎ Preview ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎

gRPC ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ Partial ✔️

TCP Partial ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️

TCP+TLS ✖︎ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️

UDP Partial ✔️ ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎

Websockets ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Proxy Protocol ✔️ ✔️ ✔️ Needs help ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✔️ ✖︎ ✔️

3. Clients Leave a comment or drop us a line at research@learnk8s.io

Rate limiting (L4) ✔️ ✔️ Needs help Partial ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ Needs help ✔️ ✖︎ ✖︎

Rate limiting (L7) ✔️ ✔️ ✔️ Partial ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Needs help ✔️ ✔️ ✔️

WAF License: ✔️ ✔️ Partial ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎

Timeouts Apache 2.0 ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Safe-list/Block-list Last updated: ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ Partial ✔️ ✖︎ ✔️ Needs help ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Authentication August 21, 2023 ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Authorisation ✖︎ ✔️ ✔️ ✖︎ ✔️ ✔️ Partial ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

4. Traffic routing Find more research at:

Host https://learnk8s.io/research ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Path ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Headers ✔️ Supported in Free version ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✖︎ ✔️

Querystring ✔️ Supported in Enterprise version ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✖︎ ✔️

Method ✖︎ Not supported ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️

ClientIP Partial Partially supported ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✖︎ ✔️

Notes Needs help Not sure if it is supported

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

5. Upstream probes/resiliency

Healthchecks ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ Partial ✔️

Retries ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ Partial ✖︎ Needs help ✖︎ ✔️ ✖︎ ✔️

Circuit Breaker ✖︎ ✔️ ✔️ ✖︎ ✔️ ✔️ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ Needs help ✖︎ ✖︎ ✔️ ✔️

6.Load balancer strategies

Round robin ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Sticky sessions ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Partial ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎

Least connections ✖︎ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎

Ring hash ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✖︎

Maglev ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✖︎

Exponential-Weighted-Moving-Average ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎

Custom load balancing ✖︎ ✖︎ ✔️ ✖︎ Partial ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎

Power of two random choices Needs help Needs help Needs help Needs help ✔️ ✖︎ ✖︎ Needs help Needs help Needs help Needs help Needs help Needs help ✔️ Needs help Needs help Needs help Needs help ✔️ ✔️

Global load balancing Needs help Needs help ✔️ Needs help ✔️ ✖︎ Needs help Needs help Needs help Needs help Needs help Needs help Needs help Needs help ✔️ Needs help Needs help ✔️ ✖︎ ✖︎

External load balancing Needs help Needs help Needs help Needs help ✔️ ✔️ Needs help Needs help Needs help Needs help Needs help Needs help ✔️ Needs help ✔️ Needs help Needs help Needs help ✖︎ ✖︎

Notes

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

7. Authentication

Basic auth ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✔️ ✔️ ✖︎

External Auth ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✔️ ✔️

Client certificate - mTLS ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Partial ✔️ ✖︎ ✖︎ ✔️ ✔️ ✔️

OAuth ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ Partial

OpenID ✖︎ ✔️ ✔️ ✖︎ ✔️ ✔️ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎

JWT ✖︎ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Partial ✔️ ✔️

LDAP ✖︎ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✔️ ✔️ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✖︎ ✖︎

HMAC ✖︎ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎

SAML Needs help ✔️ ✔️ Needs help ✔️ ✖︎ Needs help Needs help Needs help Needs help Needs help Needs help Needs help Needs help ✔️ Needs help Needs help ✔️ ✖︎ ✖︎

8. Observability

Logging ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Metrics ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️

Tracing ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ Needs help ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Needs help ✖︎ ✖︎ ✔️ ✔️

9. Kubernetes Integration

CRD ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✔️

Scope Clusterwide and namespace Clusterwide and namespace namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide Clusterwide and namespace Clusterwide, namespace & Multi cluster Clusterwide Clusterwide

Support for the Gateway API (Ingress v2) current v1alpha2 ✖︎ ✔️ Preview ✖︎ Preview Preview ✔️ Needs help Preview ✔️ Preview Preview ✔️ ✖︎ ✖︎ Preview ✖︎ ✖︎ ✖︎ ✖︎

Integrates with service meshes ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ Needs help ✔️ ✖︎ ��️ ✔️ ✔️ ✔️ Needs help ✖︎ ✖︎ ✖︎ ✖︎

10. Traffic shaping

Canary ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✔️ ✖︎ ✔️

Session Affinity ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎

Traffic Mirroring ✔️ Needs help ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✔️ ✔️ ✖︎

11. Interface

Dashboard ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✔️ Needs help ✔️ ✖︎ ✖︎ Needs help ✖︎ ✔️ ✔️ ✔️

Billing and reporting ✖︎ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✖︎ ✔️ Needs help ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️

Developer portal ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✔️

12. Other

Hot reloading ✔️ ✔️ ✔️ Needs help ✔️ ✔️ ✔️ Needs help ✔️ ✔️ ✔️ Needs help ✔️ ✔️ Needs help Needs help Needs help ✔️ ✔️ ✔️

LetsEncrypt Integration ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎

Transparent update of certificates Needs help Needs help ✔️ Needs help Needs help ✔️ Needs help Needs help Needs help Needs help Needs help Needs help Needs help Needs help ✔️ Needs help Needs help ✔️ ✖︎ ✖︎

Wildcard certificate support ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Needs help Needs help Needs help Needs help ✔️ Needs help Needs help Needs help Needs help Needs help Needs help ✔️ ✖︎ ✖︎

State sharing Needs help Needs help Needs help Needs help ✔️ ✔️ Needs help Needs help Needs help Needs help Needs help Needs help Needs help Needs help ✔️ Needs help Needs help Needs help ✖︎ ✖︎

Info
Tags	Programming, Kubernetes, Devops, Technology
Type	Google Sheet
Published	18/04/2024, 10:14:40

Kubernetes Ingress Controllers

How do you choose the right Kubernetes Ingress controller when:

Kubernetes Ingress Controllers

How do you choose the right Kubernetes Ingress controller when:

- Not all Ingress controllers support UDP
- Only Kong has a free LDAP integration
- Nginx Ingress and HAProxy are the only two ingress without CRDs

Here is a comparison.

programming, Kubernetes, devops, technology

Resources

Kubernetes — Node size

Kubernetes managed services

Service meshes

heystack

Kubernetes Ingress Controllers

How do you choose the right Kubernetes Ingress controller when:

Kubernetes Ingress Controllers

How do you choose the *right* Kubernetes Ingress controller when:

Kubernetes Ingress Controllers

How do you choose the *right* Kubernetes Ingress controller when:- Not all Ingress controllers support UDP- Only Kong has a free LDAP integration- Nginx Ingress and HAProxy are the only two ingress without CRDsHere is a comparison.

programming, Kubernetes, devops, technology

Resources

Kubernetes — Node size

Kubernetes managed services

Service meshes

heystack

Kubernetes Ingress Controllers

How do you choose the *right* Kubernetes Ingress controller when:

How do you choose the right Kubernetes Ingress controller when:

How do you choose the right Kubernetes Ingress controller when:

- Not all Ingress controllers support UDP
- Only Kong has a free LDAP integration
- Nginx Ingress and HAProxy are the only two ingress without CRDs

Here is a comparison.

How do you choose the right Kubernetes Ingress controller when: