tencent cloud

Feedback

Ingress Controllers

Last updated: 2022-02-22 17:34:16

    Ingress Controllers

    Application CLB

    Application CLB is a TKE Ingress Controller based on the Tencent Cloud Load Balancer (CLB), which can implement the access of different services in the cluster with different URLs. CLB directly forwards the traffic to the Pod through the NodePort (the traffic is forwarded to Pod in the CLB-to-Pod direct access mode). One Ingress configuration is bound to one CLB instance (IP), which is suitable for scenarios that only require simple routing management and are insensitive to IP address convergence. For more information, see CLB Type Ingress.

    Istio Ingress Gateway

    Istio Ingress Gateway is an Ingress Controller based on Tencent Cloud CLB and Istio Ingress Gateway (provided by Tencent Cloud TCM). The control plane and related supporting components are maintained by Tencent Cloud. You only need to deploy the containerized data plane that performs traffic forwarding in the cluster. You can use native Kubernetes Ingress or Istio API that provides more refined traffic management capabilities. A layer of proxy (envoy) is added after CLB, which is suitable for scenarios where there are more requirements for access layer routing management, IP address convergence, and entrance traffic management of cross-cluster and heterogeneous deployment service.

    Dedicated API Gateway

    Dedicated API Gateway is a TKE Ingress Controller based on dedicated Tencent Cloud API Gateway instance. It is suitable for scenarios where multiple TKE clusters require a unified access layer or the access layer requires authentication and traffic throttling. It has the following strengths:

    • API Gateway is directly connected to the Pods of the TKE cluster without any intermediate nodes.
    • An API Gateway TKE tunnel can connect multiple TKE services at the same time, among which the traffic is distributed according to the weighted round robin algorithm.
    • Advanced extended capabilities provided by API Gateway can be used, such as authentication, traffic throttling, grayscale traffic distribution, caching, and downgrade upon circuit breaking.
    • Supported by the dedicated API Gateway instance, the underlying physical resources are exclusive to one user, with a stable performance and high SLA delivered.

    Nginx Ingress Controller

    Nginx Ingress Controller is an Ingress controller based on Tencent Cloud CLB and Nginx reverse proxy (containerized deployment in cluster). It extends the features of native Kubernetes Ingress through Annotations, and adds a layer of proxy (nginx) after CLB, which is suitable for scenarios where there are more requirements for access layer routing management and IP address convergence. For more information, see Nginx Type Ingress.

    Ingress Controllers Comparison

    Module Feature Application CLB Istio Ingress Gateway (provided by Tencent Cloud TCM) Dedicated API Gateway Nginx Ingress Controller
    Traffic management Supported protocol http, https http, https, http2, grpc, tcp, tcp+tls http, https, http2, grpc http, https, http2, grpc, tcp, udp
    IP management One Ingress rule corresponds to one IP (CLB) Multiple Ingress rules correspond to one IP (CLB). IP address convergence is supported. Multiple Ingress rules correspond to one IP (dedicated API Gateway). IP address convergence is supported. Multiple Ingress rules correspond to one IP (CLB). IP address convergence is supported.
    Attribute route host, URL More attributes are supported: header, method, query, parameter, etc. More attributes are supported: header, method, query, parameter, etc. More attributes are supported: header, cookie, etc.
    Traffic behavior Not supported Rewrite, redirection, etc. are supported. Redirection, custom request, custom response, etc. are supported. Rewrite, redirection, etc. are supported.
    Region-aware load balancing Not supported Supported Not supported Not supported
    Application access addressing Service discovery Single Kubernetes cluster Multiple Kubernetes clusters + heterogeneous service Multiple Kubernetes clusters Single Kubernetes cluster
    Security SSL configuration Supported Supported Supported Supported
    Authentication authorization Not supported Supported Supported Supported
    Observability Monitoring metrics Supported. View in CLB. Supported. (Cloud native monitoring or Cloud Monitor) Supported. View in API Gateway. Supported. (Cloud native monitoring)
    Call tracking Not supported Supported Not supported Not supported
    Add-on OPS The associated CLB has been managed. You only need to run TKE Ingress Controller in the cluster. The control plane has been managed. You only need to run the data plane Ingress Gateway. You don't need to run the control plane in the Kubernetes cluster; instead, simply enable the private network access feature in the cluster. You need to run Nginx Ingress Controller in the cluster (control plane + data plane).
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support