Thoughts-01 Conclusions from Ingress/Gateway API Learning Prototypes 1-5

less than 1 minute read

Prototypes Explanation

The Learning prototypes provided within this blog (1-5) provide various deployment scenarios of Kubernetes Ingress and Kubernetes Gateway API. In addition the prototypes are extended to integrate with Cert-Manager to manage the TLS certificate lifecycle, and Hashicorp Vault for certificate signing.

For the individual prototype functionality please review the associated Blog post and deployment scripts.

Conclusions Reached

Based upon the deployment scenarios tested, the clear winner and going forward strategy for me is the Kubernetes Gateway API using Istio Ambient Gateway Controller and associated CRDs. The major reasons for this recommendation is:

Istio Gateway provides the ability to configure multiple Gateway objects in differing namespaces which support differing types of Routes.
Ingress-nginx in supporting TLS Passthru requires Passthru for all the cluster.
Nginx Gateway Fabric only allows a single Gateway object per kubernetes cluster. As such it is less interesting to me.
Istio Gateway integrates well with Cert-Manager.

Share on

Twitter Facebook LinkedIn

Tim Snyder

Thoughts-01 Conclusions from Ingress/Gateway API Learning Prototypes 1-5

Prototypes Explanation

Conclusions Reached

Share on

Comments

You May Also Enjoy

Secure Transport Research Project - Part 6 - SignedMessage Protocol

Secure Transport Research Project - Part 5 - OpenBao Integration via Agent Sidecar

Secure Transport Research Project - Part 4 - Automated CA Certificate Rotation

Secure Transport Research Project - Part 3 - Service Authorization