Kubernetes Ingress Controllers

How do you choose the *right* Kubernetes Ingress controller when:

programming
Kubernetes
devops
technology
  1. Home
  2. Google Sheet
  3. Kubernetes Ingress Controllers

Kubernetes Ingress Controllers

How do you choose the *right* Kubernetes Ingress controller when:


- Not all Ingress controllers support UDP

- Only Kong has a free LDAP integration

- Nginx Ingress and HAProxy are the only two ingress without CRDs


Here is a comparison.

programming, Kubernetes, devops, technology

Product/Project Ingress Nginx Kong Apache APISIX Azure App Gateway Ingress Nginx+ HAProxy Tech HAProxy (jcmoraisjr) Voyager Istio Ingress Contour Emissary-ingress (ex Ambassador) Gloo Traefik Skipper Citrix Ingress GKE Ingress ALB Ingress AKO KrakenD Tyk

1. General info

Based on nginx nginx nginx nginx + Azure App Gateway nginx haproxy haproxy haproxy envoy envoy envoy envoy traefik skipper Citrix ADC GLBC Elastic LB NSX Advanced LB (Avi) Lura Project (Linux foundation) Golang http server

Documentation https://kubernetes.github.io/ingress-nginx/ https://docs.konghq.com/kubernetes-ingress-controller/latest/ https://github.com/apache/apisix-ingress-controller/blob/master/README.md https://azure.github.io/application-gateway-kubernetes-ingress/ https://docs.nginx.com/nginx-ingress-controller/ https://github.com/haproxytech/kubernetes-ingress https://haproxy-ingress.github.io/docs/ https://voyagermesh.com/docs/v12.0.0/welcome/ https://istio.io/latest/docs/ https://projectcontour.io/docs/main/ https://www.getambassador.io/products/api-gateway/ https://docs.solo.io/gloo-edge/latest/ https://doc.traefik.io/traefik/ https://opensource.zalando.com/skipper/ https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/ https://cloud.google.com/kubernetes-engine/docs/concepts/ingress https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/ https://avinetworks.com/docs/ako/1.3/avi-kubernetes-operator/ https://www.krakend.io/docs/overview/ https://tyk.io/docs/

2. Protocols reference

HTTP/HTTPS ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

HTTP2 Comparison of Kubernetes Ingress controllers ✔️ ✔️ ✔️ Partial ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

HTTP3 (QUIC) Preview ✖︎ ✖︎ ✖︎ Preview ✖︎ ✖︎ ✖︎ Preview ✖︎ ✔️ ✖︎ Preview ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎

gRPC ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ Partial ✔️

TCP Partial ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️

TCP+TLS ✖︎ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️

UDP Partial ✔️ ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎

Websockets ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Proxy Protocol ✔️ ✔️ ✔️ Needs help ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✔️ ✖︎ ✔️

3. Clients Leave a comment or drop us a line at [email protected]

Rate limiting (L4) ✔️ ✔️ Needs help Partial ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ Needs help ✔️ ✖︎ ✖︎

Rate limiting (L7) ✔️ ✔️ ✔️ Partial ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Needs help ✔️ ✔️ ✔️

WAF License: ✔️ ✔️ Partial ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎

Timeouts Apache 2.0 ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Safe-list/Block-list Last updated: ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ Partial ✔️ ✖︎ ✔️ Needs help ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Authentication August 21, 2023 ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Authorisation ✖︎ ✔️ ✔️ ✖︎ ✔️ ✔️ Partial ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

4. Traffic routing Find more research at:

Host https://learnk8s.io/research ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Path ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Headers ✔️ Supported in Free version ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✖︎ ✔️

Querystring ✔️ Supported in Enterprise version ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✖︎ ✔️

Method ✖︎ Not supported ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️

ClientIP Partial Partially supported ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✖︎ ✔️

Notes Needs help Not sure if it is supported

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

5. Upstream probes/resiliency

Healthchecks ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ Partial ✔️

Retries ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ Partial ✖︎ Needs help ✖︎ ✔️ ✖︎ ✔️

Circuit Breaker ✖︎ ✔️ ✔️ ✖︎ ✔️ ✔️ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ Needs help ✖︎ ✖︎ ✔️ ✔️

6.Load balancer strategies

Round robin ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Sticky sessions ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Partial ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎

Least connections ✖︎ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎

Ring hash ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✖︎

Maglev ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✖︎

Exponential-Weighted-Moving-Average ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎

Custom load balancing ✖︎ ✖︎ ✔️ ✖︎ Partial ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎

Power of two random choices Needs help Needs help Needs help Needs help ✔️ ✖︎ ✖︎ Needs help Needs help Needs help Needs help Needs help Needs help ✔️ Needs help Needs help Needs help Needs help ✔️ ✔️

Global load balancing Needs help Needs help ✔️ Needs help ✔️ ✖︎ Needs help Needs help Needs help Needs help Needs help Needs help Needs help Needs help ✔️ Needs help Needs help ✔️ ✖︎ ✖︎

External load balancing Needs help Needs help Needs help Needs help ✔️ ✔️ Needs help Needs help Needs help Needs help Needs help Needs help ✔️ Needs help ✔️ Needs help Needs help Needs help ✖︎ ✖︎

Notes

Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes

7. Authentication

Basic auth ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✔️ ✔️ ✖︎

External Auth ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✔️ ✔️

Client certificate - mTLS ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Partial ✔️ ✖︎ ✖︎ ✔️ ✔️ ✔️

OAuth ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ Partial

OpenID ✖︎ ✔️ ✔️ ✖︎ ✔️ ✔️ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎

JWT ✖︎ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Partial ✔️ ✔️

LDAP ✖︎ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✔️ ✔️ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✖︎ ✖︎

HMAC ✖︎ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎ ✖︎

SAML Needs help ✔️ ✔️ Needs help ✔️ ✖︎ Needs help Needs help Needs help Needs help Needs help Needs help Needs help Needs help ✔️ Needs help Needs help ✔️ ✖︎ ✖︎

8. Observability

Logging ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

Metrics ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️

Tracing ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ Needs help ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Needs help ✖︎ ✖︎ ✔️ ✔️

9. Kubernetes Integration

CRD ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✔️

Scope Clusterwide and namespace Clusterwide and namespace namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide and namespace Clusterwide Clusterwide and namespace Clusterwide, namespace & Multi cluster Clusterwide Clusterwide

Support for the Gateway API (Ingress v2) current v1alpha2 ✖︎ ✔️ Preview ✖︎ Preview Preview ✔️ Needs help Preview ✔️ Preview Preview ✔️ ✖︎ ✖︎ Preview ✖︎ ✖︎ ✖︎ ✖︎

Integrates with service meshes ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ Needs help ✔️ ✖︎ ���️ ✔️ ✔️ ✔️ Needs help ✖︎ ✖︎ ✖︎ ✖︎

10. Traffic shaping

Canary ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✔️ ✖︎ ✔️

Session Affinity ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎

Traffic Mirroring ✔️ Needs help ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✔️ ✔️ ✖︎

11. Interface

Dashboard ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✔️ Needs help ✔️ ✖︎ ✖︎ Needs help ✖︎ ✔️ ✔️ ✔️

Billing and reporting ✖︎ ✔️ ✔️ ✔️ ✖︎ ✔️ ✖︎ ✖︎ ✖︎ ✖︎ ✔️ Needs help ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️

Developer portal ✖︎ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎ ✖︎ ✔️ ✖︎ ✔️

12. Other

Hot reloading ✔️ ✔️ ✔️ Needs help ✔️ ✔️ ✔️ Needs help ✔️ ✔️ ✔️ Needs help ✔️ ✔️ Needs help Needs help Needs help ✔️ ✔️ ✔️

LetsEncrypt Integration ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✖︎ ✔️ ✔️ ✔️ ✔️ ✖︎ ✖︎

Transparent update of certificates Needs help Needs help ✔️ Needs help Needs help ✔️ Needs help Needs help Needs help Needs help Needs help Needs help Needs help Needs help ✔️ Needs help Needs help ✔️ ✖︎ ✖︎

Wildcard certificate support ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Needs help Needs help Needs help Needs help ✔️ Needs help Needs help Needs help Needs help Needs help Needs help ✔️ ✖︎ ✖︎

State sharing Needs help Needs help Needs help Needs help ✔️ ✔️ Needs help Needs help Needs help Needs help Needs help Needs help Needs help Needs help ✔️ Needs help Needs help Needs help ✖︎ ✖︎

Kubernetes Ingress Controllers
Info
Tags Programming, Kubernetes, Devops, Technology
Type Google Sheet
Published 18/04/2024, 10:14:40

Resources

Kubernetes — Node size
Kubernetes managed services
Service meshes