Networking at the Edge: API Gateways, Ingress and ProxiesMay 14, 2020
The modernization to microservices architecture and hybrid environments changes the challenges and solutions to how application networking is handled in this modern applications and platforms. There are multiple directions of traffic patterns that need to be enabled, managed, secured, and integrated. This resource article and videos will explain the concepts, application and solutions available to aid in your education and evaluation.
This article includes:
Here are definitions of terms that will be referred to repeatedly during this article for your reference. More terms can be found in our cloud-native glossary here.
- Proxy – A server that acts as an intermediary for requests from clients seeking resources from servers that provide those resources.
- Reverse Proxy – Type of proxy that retrieves resources on behalf of a client from one or more servers and then returns these resources to the client, appearing as from the proxy.
- API Gateway – A system to that receives API requests, performs traffic routing and management to the backend services and returns a response to the client / end user requester.
- Ingress – Incoming traffic (north/south) to a cluster running your application services. When referred to in Kubernetes environments, an Ingress Controller object exists to specifically fulfill this function.
- North/South – This direction of traffic is defined as the client to server traffic, between the clients or end users outside of the datacenter to the network inside the datacenter.
- East/West – The service to service communication that occurs within the cluster and does not leave your network.
- Service Mesh – An example of east/west traffic using an architecture where a proxy sidecar is deployed alongside each service to manage the traffic.
To help explain the evolving landscape of technologies for north/south traffic management and their intersection with service mesh (east/west), we’ve developed a video series to explore proxies, ingress, API gateways, and how they solve challenges at the edge and how they complement a service mesh to provide a holistic solution.
In this series we discuss the evolution of proxy technologies like NGINX, HA Proxy and Envoy Proxy as well as API Gateways, Ingress Controllers and more.
Episodes of this Hoot Series – Networking at the Edge, include:
- All About Proxies, Ingress vs. API Gateways vs. Service Mesh
- API Gateway – Ambassador
- API Gateway – Kong
- Reverse Proxy – Traefik
- Ingress Controller – VMware Contour
- API Gateway – Gloo
Episode: All About Proxies, Ingress vs. API Gateways vs. Service Mesh
Christian Posta explains the landscape of proxy technology and the differences between reverse proxy, ingress, and API gateway for north/south traffic and how that integrates with east/west service mesh.
Episode: Ambassador API Gateway
In this episode, Christian Posta unboxes the open source Ambassador API gateway, one of the open source Kubernetes-native API gateways that are built using Envoy Proxy.
Episode: Kong API Gateway
In this episode, Rick Ducott unboxes the open source Kong, an API gateway built using the NGINX proxy.
Episode: Traefik Edge Router
In this episode, Ashley unboxes open source Traefik, an edge router built with the Traefik proxy.
Episode: VMware Contour Ingress Controller
In this episode, Kevin unboxes Contour, a Kubernetes ingress controller built with Envoy Proxy.
Episode: Gloo API Gateway
Gloo is the API gateway and Ingress Controller by Solo.io, built with Envoy Proxy. Gloo is Kubernetes-Native using Custom Resource Definitions (CRDs) and also supports non-Kubernetes environments using the HashiCorp stack. Gloo is available in open source and enterprise editions.
Here are some links to learn more about API Gateways, Gloo and Tutorials to try with traffic routing and management: