NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
- 1. WelcomeNGINX Lunch and Learn
- 2. 3/14 Agenda 11:00 AM - Doors Open 11:00 AM - 11:30 AM - Registration and Networking begin 11:30 AM - Opening Remarks by Andrew Edie 11:35 AM - 12:15 PM - Session: Kubernetes and the NGINX Plus Ingress Controller by Kevin Jones 12:15 PM - 1:00 PM - Live demo session. Lunch is served. 1:00 PM - 1:30 PM - Interactive Q&A 1:30 PM - 2:00 PM - Raffle: Winner receives a Google Home. This time will be used for any additional questions you may have for the NGINX team.
- 3. • Andrew Edie– PNW Account Manager [email protected] • Kevin Jones – Technical Solutions Architect Technical Questions: [email protected] • Coy Ibanez - Named Account Manager [email protected] • Ian Knight – Head of Americas Sales Executive Sponsor: [email protected] • Katherine Bagood – Event Marketing Specialist [email protected] Sr. Level Executive Sponsor: [email protected] NGINX Support
- 5. TODAY EVERY CUSTOMER FACING APPLICATION IS MISSION CRITICAL
- 6. In today’s world, you need to move faster and smarter than ever to deliver extraordinary Digital Experiences
- 7. So, what is NGINX doing about it?
- 9. 9 “... when I started NGINX, I focused on a very specific problem – how to handle more customers per a single server.” - Igor Sysoev, NGINX creator and founder
- 10. 10 High Performance Webserver and Reverse Proxy Web Server
- 11. 11 Flawless Application Delivery for the Modern Web Load Balancer Content Cache Web Server Monitoring & Management Security Controls
- 12. 458 million Total sites running on NGINX Source: Netcraft January 2018 Web Server Survey6
- 13. 62% of the Top 10,000 most visited websites Source: : W3Techs Web Technology Survey136
- 14. 54% of the Top 100,000 most visited websites Source: : W3Techs Web Technology Survey137
- 15. 40% of all instances on Amazon Web Services Source: : Sumologic: The State of Modern Applications in AWS Report138
- 16. About NGINX, Inc. • Founded in 2011, NGINX Plus first released in 2013 • VC-backed by enterprise software industry leaders • Offices in SF, London, Cork, Singapore and Moscow • 1,400+ commercial customers • 200+ employees 16
- 17. 22
- 18. NGINX Application Platform 18 A suite of technologies to develop and deliver digital experiences that span from legacy, monolithic apps to modern, microservices apps.
- 19. NGINX Unit The new dynamic web and application server from NGINX. Open source, support for multiple languages, and a dynamic REST API-driven configuration. * Currently in public beta NGINX Plus The only all-in-one load balancer, web server, and content cache. Simplify your architecture while reducing costs. Our Products 19 NGINX Controller Centralized monitoring and management for NGINX Plus. Deploy virtual load balancers with a single, beautiful interface. Automate with a GraphQL API. * Currently in private beta NGINX WAF Open source web application firewall (WAF). Stop SQL injection, LFI, RFI, and other Layer 7 attacks. Powered by ModSecurity.
- 20. Monolith ● The way we’ve been doing things ● Single codebase ● Long deployment process ○ Testing dependencies ○ Rolling restarts of servers ○ Traffic rerouting
- 21. NGINX for Microservices 21 NGINX helps ensure microservices are: • Connected • Served • Authenticated • Secured • Cached • Load Balanced • Scaled
- 22. Proxy Model ● Load Balances requests to services ● Analogous to connectivity for a horizontally scaled monolith ● Services are left to communicate with each other ● Acts as an entry point for monolith migration ● Lays the foundation for building a service mesh
- 23. Router Mesh ● Standalone NGINX Plus instance which acts as a traffic manager ● Provides service discovery via DNS SRV records ● Load balances to instances of services ● NGINX Plus provides active health checks allowing for circuit breaker functionality
- 24. Fabric Model ● NGINX Plus exists as a sidecar within the same container as the service ● NGINX Plus and the app communicate only on localhost ● Instances of NGINX Plus communicate directly with each other ● Incorporates all the features of the Router Mesh and adds persistent SSL connections
- 25. Persistent SSL Connections ● An SSL handshake requires as few as seven steps or as many as 10 ● NGINX Plus uses a keepalive mechanism to persist connections between instances ● The number of handshakes is greatly reduced, thereby decreasing overall latency while maintaining encrypted transmission 1 SYN > 2 < SYN/ACK 3 ACK > 4 ClientHello > 5 < ServerHello < Certificate < ServerKeyExchange < ServerHelloDone 6 ClientKeyExchange > ChangeCipherSpec > ClientFinished > 7 < ChangeCipherSpec < ServerFinished
- 28. 28 Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications
- 29. Kubernetes makes ops easy… • Run anywhere • Rolling updates • Fault Tolerance • Horizontal Scaling • Load Balancing • YAML… and more! 29
- 30. Built in Load Balancing
- 31. 3 1 kube-proxykube-proxy hello kube-proxy hello NodePort NodePort NodePort hello Built-in load balancing - NodePort
- 32. 3 2 kube-proxykube-proxy hello kube-proxy hello NodePort NodePort NodePort hello LB LoadBalancer
- 33. 33 • Simple and easy to setup • Limited to layer 4 load balancing • If you need advanced load balancing consider using an Ingress controller so you can bring your own! Built-in load balancing
- 34. Why use an Ingress?
- 35. 35 Ingress • Kubernetes resource • Benefits • Externally reachable URLs • Advanced L7 Load Balancing • SSL/TLS • SNI (hostname based routing)
- 36. 36 Ingress Example – Basic
- 37. 37 Ingress Example – URL based routing
- 38. 38 Ingress Example – Host based routing
- 39. 39 Ingress Example – SSL offloading
- 40. 40 Ingress • Pluggable load balancer implementation: • NGINX/NGINX Plus • GCE HTTP load balancer • HAProxy • … and others - A load balancer is integrated via an Ingress controller that you must deploy
- 41. Deploying NGINX and NGINX Plus as an Ingress Controller
- 42. NGINX and NGINX Plus 42 NGINX • Load balancing w/ SSL/TLS termination • WebSocket and HTTP/2 support • Layer 7 Routing / Modification NGINX Plus • Session persistence • JWT authentication • 24/7 support, no additional cost • Advanced Monitoring… and more!
- 43. 43 NGINX Ingress Controller • Runs in a container • Well designed, fast and efficient golang script under the hood • Community driven codebase • Available for NGINX and NGINX Plus https://github.com/nginxinc/kubernetes-ingress
- 45. Configuring NGINX or NGINX Plus without Ingress
- 46. 46 Data store + template • Register services with a data store (aka etcd or consul) • Template the NGINX configuration and manage NGINX service via CLI (confd or consul template) datastore Services (containers) NGINX Open Source
- 47. 47 We love APIs! • Services availability is managed by kubernetes and available via API • Orchestration script can be in any language • NGINX Plus upstreams managed dynamically without configuration reload Services (containers) NGINX Plus API Kubernetes API Orchestration (script)
- 48. 48 Service Discovery ;D • Built in DNS resolver • Control over TTL • Easily Integrates with existing DNS based service discovery tools
- 49. Coming Soon!
- 50. 50
- 51. Break Time!
- 52. Welcome back…
- 53. 53 My demo today… • URL based routing • Hostname based routing • SSL termination at LB • Support for scaling of replicas at LB via dynamic reconfiguration • Available on github within the Ingress Controller repository ../examples/complete-example/
- 54. 54 Café Simulation • Café themed application • Two services (URL routing) ◦ /Tea ◦ /Coffee
- 55. 55 Create a GCP Project
- 57. 57 Install the Google Cloud SDK
- 59. 59 Create the Kubernetes cluster $ gcloud container clusters create backend --num-nodes 5 --machine-type g1-small
- 60. 60 Allow HTTP / HTTPS Traffic
- 62. 62 NGINX Plus Cert/Key $ pwd /Users/kjones/Projects/kubernetes/kubernetes-ingress/nginx-controller $ ls -l nginx-repo.* -rw-r--r--@ 1 kjones staff 1334 Jan 23 11:47 nginx-repo.crt -rw-r--r--@ 1 kjones staff 1704 Jan 23 11:47 nginx-repo.key -rw-r--r-- 1 kjones staff 2549 Jan 23 11:47 nginx-repo.pfx
- 63. 63 Build the NGINX Plus Ingress Controller $ sudo make DOCKERFILE=DockerfileForPlus PREFIX=gcr.io/nginx-ingress-demo/nginx-plus-ingress TAG=latest PUSH_TO_GCR=1
- 64. 64 Update your NGINX Plus RC YAML $ cat nginx-plus-ingress-rc.yaml apiVersion: v1 kind: ReplicationController metadata: name: nginx-plus-ingress-rc labels: app: nginx-plus-ingress spec: replicas: 1 selector: app: nginx-plus-ingress template: metadata: labels: app: nginx-plus-ingress spec: containers: - image: gcr.io/nginx-ingress-demo/nginx-plus-ingress:latest imagePullPolicy: Always name: nginx-plus-ingress ports: - containerPort: 80 hostPort: 80 - containerPort: 443 hostPort: 443 - containerPort: 8080 hostPort: 8080 env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace # NGINX configuration with configmaps args: - -nginx-plus #- -v=3 #- -nginx-configmaps=$(POD_NAMESPACE)/nginx-config - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret
- 65. 65 Become a Cluster Admin $ kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud config get-value core/account)
- 66. Demo
- 67. If you like NGINX, you’ll love NGINX Plus! nginx.com/developer-license use code: kjla2018
- 68. Kevin Jones @webopsx Thank You! Learn more at nginx.com
Editor's Notes
- #5: Before we dive into NGINX, and how we work with Kubernetes, it’s important to address and highlight an industry trend that is occurring not only in technology, but to industries across the board. Based on conversations we are having, all industries are undergoing a digital transformation, and this digital transformation is making all customer facing applications mission critical.
- #6: In order to satisfy the ever-increasing needs of the digital customer, companies must treat every customer facing application as mission critical, every customer facing application is now revenue generating and a key part of the business. With more and more consumers turning to their devices to purchase goods and services, applications must perform flawlessly to ensure customer satisfaction. To do so, companies not only need to acknowledge this trend, but also adapt.
- #7: Speed to market is the difference between winning and losing, so companies must move faster and smarter than ever to deliver extraordinary Digital Experiences.
- #8: We’re going to be providing tools that help you reduce the complexity of managing your applications. We’re going to bring you tools that help you move those legacy apps forward into your modern application architecture so that they’re not left behind. One way NGINX Plus is helping some of our largest customers is our NGINX Kubernetes Ingress controller that provides enterprise grade delivery services for Kubernetes applications. Now I will turn it over to Kevin who will take you deeper into how we are doing that.
- #11: Our vision for the product is to provide flawless application delivery for the modern web.
- #12: Our vision for the product is to provide flawless application delivery for the modern web.
- #14: We power more than half of the top 10,000, and are the leader for application delivery among the highest trafficked sites and applications in the world. We’re also now the number one web server for the top 100,000, and climbing fast in every category. Source: http://w3techs.com/technologies/cross/web_server/ranking
- #15: We power more than half of the top 10,000, and are the leader for application delivery among the highest trafficked sites and applications in the world. We’re also now the number one web server for the top 100,000, and climbing fast in every category.
- #16: Our adoption within cloud and containers is equally as powerful.
- #18: NGINX is more than just a product, we offer an entire Application platform to help you make this digital transformation
- #19: We offer an entire suite of technologies to help you develop and deliver digital experiences that span from legacy, monolithic apps to modern, microservices apps. (Point out key areas on the slide)
- #20: And lastly, what we would like to do now is talk about your specific environment and your unique challenges, in order to see how NGINX can help you make this transition as well.
- #43: OSS: Load balancing w/ SSL/TLS termination WebSocket and HTTP/2 support URI rewriting before request is forwarded to application Plus: Session persistence * JWT authentication * 24/7 support, no additional cost *
- #68: I wish I could tell you it’s over and we can all relax. But sorry, it only gets worse from here!