Kubernetes supports a high level abstraction called Ingress that allows simple host or URL based HTTP routing.
Although an ingress is a core concept of Kubernetes, it is always implemented by a third party proxy. These implementations are known as ingress controllers. An ingress controller is responsible for reading the Ingress Resource information and processing that data accordingly. Different ingress controllers have extended the specification in different ways to support additional use cases.
The controller provides a "Managed Ingress Controller" option as part of the default blueprint and can be disabled by a customer per managed cluster if necessary.
NOTE: The "Managed" Ingress controller can be used by all types of workloads: "Helm", "Yaml" or "Workload Wizard.
Selecting the Ingress Mode is the first decision that a developer needs to make w.r.t. their workload. Two ingress modes are supported for https traffic with the "managed" Ingress Controller.
|Application Proxy||Requests terminated at Layer 7|
|TLS Proxy||Requests handled at Layer|
Application Proxy Mode¶
Choose Application Proxy mode if you would like requests to be terminated at the application layer (Layer 7) on the Ingress Controller.
This allows the developer to offload a number of burdensome, non-strategic tasks and helps them focus 100% on their core application logic.
When operated in this mode, the application can offload the following:
- Global Load Balancing
- TLS termination
- Certificate Lifecycle Management
- Configure and Perform API routing
TLS Proxy Mode¶
Chose TLS Proxy mode if you only want the managed Ingress Controller to terminate the https at the TCP layer and route the connection a designated container. In this case, the application is responsible for terminating the TLS connection and all API gateway type functionality.
DNS based GSLB¶
For multi cluster deployments, users using the "workload wizard" can also "optionally" enable DNS based Global Server Load Balancing (GSLB) for their workloads.
This automatically programs the DNS for the workload deployed on multiple clusters.
Multiple Ingress Policies¶
Multiple ingress policies can be configured for an application. For example, the same application may be accessible on the Internet on two different domains.