{"id":43416,"date":"2021-09-28T01:14:38","date_gmt":"2021-09-27T16:14:38","guid":{"rendered":"https:\/\/jirak.net\/wp\/a-guide-to-choosing-an-ingress-controller-part-4-nginx-ingress-controller-options\/"},"modified":"2021-09-28T01:34:20","modified_gmt":"2021-09-27T16:34:20","slug":"a-guide-to-choosing-an-ingress-controller-part-4-nginx-ingress-controller-options","status":"publish","type":"post","link":"https:\/\/jirak.net\/wp\/a-guide-to-choosing-an-ingress-controller-part-4-nginx-ingress-controller-options\/","title":{"rendered":"A Guide to Choosing an Ingress Controller, Part 4: NGINX Ingress Controller Options"},"content":{"rendered":"<p>A Guide to Choosing an Ingress Controller, Part 4: NGINX Ingress Controller Options<br \/>\n<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/jirak.net\/wp\/wp-content\/uploads\/2021\/09\/ingress-controller-tweet-Mierdin.png\" width=\"1024\" height=\"536\"><\/p>\n<p><em>This is the third blog post in our series on how to choose a Kubernetes Ingress controller. <\/p>\n<ul>\n<li><a href=\"https:\/\/www.nginx.com\/blog\/guide-to-choosing-ingress-controller-part-1-identify-requirements\/\">How to Choose a Kubernetes Ingress Controller, Part&nbsp;1: Identify Your Requirements<\/a>\n<li><a href=\"https:\/\/www.nginx.com\/blog\/guide-to-choosing-ingress-controller-part-2-risks-future-proofing\/\">How to Choose a Kubernetes Ingress Controller, Part&nbsp;2: Risks and Future-Proofing<\/a>\n<li><a href=\"https:\/\/www.nginx.com\/blog\/guide-to-choosing-ingress-controller-part-3-open-source-default-commercial\/\">How to Choose a Kubernetes Ingress Controller, Part&nbsp;3: Open Source vs. Default vs. Commercial<\/a><\/li>\n<li>How to Choose a Kubernetes Ingress Controller, Part&nbsp;4: NGINX Ingress Controller Options (this post)<\/li>\n<\/ul>\n<p><\/em><\/p>\n<p>According to the Cloud Native Computing Foundation\u2019s (CNCF) <a target=\"_blank\" href=\"https:\/\/www.cncf.io\/wp-content\/uploads\/2020\/11\/CNCF_Survey_Report_2020.pdf\" rel=\"noopener noreferrer\">Survey&nbsp;2020<\/a>, NGINX is the most commonly used data plane in <a href=\"https:\/\/www.nginx.com\/resources\/glossary\/kubernetes-ingress-controller\/\">Ingress controllers<\/a> for Kubernetes&nbsp;&ndash; but did you know there\u2019s more than one \u201cNGINX Ingress Controller\u201d? <\/p>\n<p>A previous version of this blog, published in&nbsp;2018 under the title <em>Wait, Which NGINX Ingress Controller for Kubernetes Am I Using?<\/em>, was prompted by a conversation with a community member about the existence of two popular Ingress controllers that use NGINX. <\/p>\n<p><a target=\"_blank\" href=\"https:\/\/twitter.com\/Mierdin\/status\/1063594814183231489\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.nginx.com\/wp-content\/uploads\/2018\/12\/ingress-controller-tweet-Mierdin.png\" alt=\"I kinda knew about the two different ingress controllers based on the container image locations I\u2019ve seen but I don\u2019t think I\u2019ve seen someone from NGINX outright say it before now.\" width=\"1024\" height=\"536\" class=\"alignleft size-full wp-image-60265\" style=\"border:2px solid #666666;padding:2px;margin:2px\" \/><\/a><\/p>\n<p>It\u2019s easy to see why there was (and still is) confusion. Both Ingress controllers are:<\/p>\n<ul>\n<li>Called \u201cNGINX Ingress Controller\u201d<\/li>\n<li>Open source<\/li>\n<li>Hosted on GitHub with very similar repo names<\/li>\n<li>The result of projects that started around the same time<\/li>\n<\/ul>\n<p>And of course the biggest commonality is that they implement the same function.<\/p>\n<h2>NGINX vs. Kubernetes Community Ingress Controller<\/h2>\n<p>For the sake of clarity, we differentiate the two versions like this:<\/p>\n<ul>\n<li><strong>Community version<\/strong>&nbsp;&ndash; Found in the <span><a target=\"_blank\" href=\"https:\/\/github.com\/kubernetes\/ingress-nginx\" rel=\"noopener noreferrer\"><strong>kubernetes\/ingress-nginx<\/strong><\/span><\/a> repo on GitHub, the community Ingress controller is based on NGINX Open Source with docs on <a target=\"_blank\" href=\"https:\/\/kubernetes.github.io\/ingress-nginx\/\" rel=\"noopener noreferrer\"><strong>Kubernetes.io<\/strong><\/a>. It is maintained by the Kubernetes community with a <a href=\"https:\/\/www.nginx.com\/blog\/nginx-sprint-2-0-clear-vision-fresh-code-new-commitments-to-open-source\/#resources-for-kubernetes\">commitment from F5&nbsp;NGINX<\/a> to help manage the project<\/li>\n<li><strong>NGINX version<\/strong>&nbsp;&ndash; Found in the <span><a target=\"_blank\" href=\"https:\/\/github.com\/nginxinc\/kubernetes-ingress\" rel=\"noopener noreferrer\"><strong>nginxinc\/kubernetes-ingress<\/strong><\/span><\/a> repo on GitHub, NGINX Ingress Controller is developed and maintained by F5&nbsp;NGINX with docs on <a target=\"_blank\" href=\"https:\/\/docs.nginx.com\/nginx-ingress-controller\/\" rel=\"noopener noreferrer\"><strong>docs.nginx.com<\/strong><\/a>. It is available in two editions:\n<ul>\n<li>NGINX Open Source&#8209;based (free and open source option)<\/li>\n<li><span><a href=\"https:\/\/www.nginx.com\/products\/nginx-ingress-controller\/\">NGINX Plus-based<\/a><\/span> (commercial option)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>There are also a number of other Ingress controllers based on NGINX, such as Kong, but fortunately their names are easily distinguished. If you\u2019re not sure which NGINX Ingress Controller you\u2019re using, check the container image of the running Ingress controller, then compare the Docker image name with the repos listed above.<\/p>\n<h3>NGINX Ingress Controller Goals and Priorities<\/h3>\n<p>A primary difference between NGINX Ingress Controller and the Community Ingress controller (along with other Ingress controllers based on NGINX Open Source) are their development and deployment models, which are in turn based on differing goals and priorities. <\/p>\n<ul>\n<li><strong>Development philosophy<\/strong>&nbsp;&ndash; Our top priority for all NGINX projects and products is to deliver a fast, lightweight tool with long\u2011term stability and consistency. We make every possible effort to avoid changes in behavior between releases, particularly any that break backward compatibility. We promise you won\u2019t see any unexpected surprises when you upgrade. We also believe in choice, so all our solutions can be deployed on any platform including bare metal, containers, VMs, and public, private, and hybrid clouds.<\/li>\n<li><strong>Integrated codebase<\/strong>&nbsp;&ndash; NGINX Ingress Controller uses a&nbsp;100% pure NGINX Open Source or NGINX&nbsp;Plus instance for load balancing, applying best\u2011practice configuration using native NGINX capabilities alone. It doesn\u2019t rely on any third\u2011party modules or Lua code that have not benefited from our interoperability testing. We don\u2019t assemble our Ingress controller from lots of third\u2011party repos; we develop and maintain the load balancer (NGINX and NGINX&nbsp;Plus) and Ingress controller software (a Go application) ourselves. We are the single authority for all components of our Ingress controller.<\/li>\n<li><strong>Advanced traffic management<\/strong>&nbsp;&ndash; One of the limitations of the <a target=\"_blank\" href=\"https:\/\/kubernetes.io\/docs\/concepts\/services-networking\/ingress\/#the-ingress-resource\" rel=\"noopener noreferrer\">standard Kubernetes Ingress resource<\/a> is that you must use auxiliary features like annotation, ConfigMaps, and customer templates to customize it with advanced features. <a href=\"https:\/\/www.nginx.com\/products\/nginx-ingress-controller\/nginx-ingress-resources\/\">NGINX Ingress Resources<\/a> provide a native, type&#8209;safe, and indented configuration style which simplifies implementation of Ingress load\u2011balancing capabilities, including TCP\/UDP, circuit breaking, A\/B testing, blue\u2011green deployments, header manipulation, mutual TLS authentication (mTLS), and web application firewall (WAF).<\/li>\n<li><strong>Continual production readiness<\/strong>&nbsp;&ndash; Every release is built and maintained to a supportable, production standard. You benefit from this \u201centerprise\u2011grade\u201d focus equally whether you\u2019re using the NGINX Open Source&#8209;based or <span>NGINX Plus-based<\/span> edition. NGINX Open Source users can get their questions answered on <a target=\"_blank\" href=\"https:\/\/github.com\/nginxinc\/kubernetes-ingress\" rel=\"noopener noreferrer\">GitHub<\/a> by our engineering team, while NGINX&nbsp;Plus subscribers get <a href=\"https:\/\/www.nginx.com\/support\"><span>best-in-class<\/span> support<\/a>. Either way it\u2019s like having an NGINX developer on your DevOps team!<\/li>\n<\/ul>\n<h2>NGINX Open Source vs. NGINX Plus \u2013 Why Upgrade to Our Commercial Edition?<\/h2>\n<p>And while we\u2019re here, let\u2019s review some of the key benefits you get from the <span>NGINX Plus-based<\/span> NGINX Ingress Controller. As we discussed in <a href=\"https:\/\/www.nginx.com\/blog\/guide-to-choosing-ingress-controller-part-3-open-source-default-commercial\/\">How to Choose a Kubernetes Ingress Controller, Part&nbsp;3: Open Source vs. Default vs. Commercial<\/a>, there are substantial differences between open source and commercial Ingress controllers. If you\u2019re planning for large Kubernetes deployments and complex apps in production, you\u2019ll find our commercial Ingress controller saves you time and money in some key areas.<\/p>\n<h3>Security and Compliance<\/h3>\n<p>One of the main reasons many organizations fail to deliver Kubernetes apps in production is the difficulty of keeping them secure and compliant. The <span>NGINX Plus-based<\/span> NGINX Ingress Controller unlocks five use cases that are critical for keeping your apps and customers safe.<\/p>\n<p><a href=\"https:\/\/www.nginx.com\/wp-content\/uploads\/2021\/09\/Improve-Security-Compliance-NGINX-IC_infographic.pdf\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.nginx.com\/wp-content\/uploads\/2021\/09\/Improve-Security-Compliance-NGINX-IC_infographic.png\" alt=\"\" width=\"2049\" height=\"2887\" class=\"aligncenter size-full wp-image-67996\" \/><\/a><\/p>\n<ul>\n<li><a href=\"https:\/\/www.nginx.com\/blog\/securing-apps-in-kubernetes-nginx-app-protect\/\">Secure the edge<\/a>&nbsp;&ndash; In a well\u2011architected Kubernetes deployment, the Ingress controller is the only point of entry for data plane traffic flowing to services running within Kubernetes, making it an ideal location for a web application firewall (WAF). <a href=\"https:\/\/www.nginx.com\/products\/nginx-app-protect\/\">NGINX App Protect integrates with <a href=\"https:\/\/www.nginx.com\/blog\/securing-apps-in-kubernetes-nginx-app-protect\">NGINX Ingress Controller<\/a> to protect your Kubernetes apps against the OWASP Top&nbsp;10 and many other vulnerabilities, ensures <a href=\"https:\/\/www.nginx.com\/blog\/achieving-pci-dss-compliance-with-nginx-app-protect\/\">PCI DSS compliance<\/a>, and <a href=\"https:\/\/www.nginx.com\/resources\/library\/high-performance-app-security-testing\/\">outperforms ModSecurity<\/a>.<\/li>\n<li><a href=\"https:\/\/www.nginx.com\/blog\/easy-robust-sso-openid-connect-nginx-ingress-controller\/\">Centralize authentication and authorization<\/a>&nbsp;&ndash; You can implement an authentication and single sign&#8209;on (SSO) layer at the point of ingress with OpenID Connect (OIDC)&nbsp;&ndash; built on top of the OAuth&nbsp;2.0 framework&nbsp;&ndash; and JSON Web Token (JWT) authentication.<\/li>\n<li><a href=\"https:\/\/www.nginx.com\/blog\/how-to-simplify-kubernetes-ingress-egress-traffic-management\/\">Implement <span>end-to-end<\/span> encryption<\/a>&nbsp;&ndash; When you need to secure traffic between services, you\u2019re probably going to look for a service mesh. The always free <a href=\"https:\/\/www.nginx.com\/products\/nginx-service-mesh\/\">NGINX Service Mesh<\/a> integrates seamlessly with NGINX Ingress Controller, letting you control both ingress and egress mTLS traffic efficiently with minimal less latency than other meshes.<\/li>\n<li><a href=\"https:\/\/www.nginx.com\/blog\/mitigating-security-vulnerabilities-quickly-easily-nginx-plus\/\">Get timely and proactive patch notifications<\/a>&nbsp;&ndash; When CVEs are reported, subscribers are proactively informed and get patches quickly. They reduce the risk of exploitation right away, rather than having to be on the lookout for updates in GitHub or waiting weeks (even months) for a patch to be released.<\/li>\n<li><a href=\"https:\/\/www.nginx.com\/blog\/achieving-fips-compliance-nginx-plus\/\">Be FIPS compliant<\/a>&nbsp;&ndash; You can enable FIPS mode to ensure clients talking to NGINX&nbsp;Plus are using a strong cipher with a trusted implementation.<\/li>\n<\/ul>\n<p>Learn how German automotive giant Audi secured their Red Hat OpenShift apps in <a href=\"https:\/\/www.nginx.com\/success-stories\/audi-future-proofs-tech-vision-app-innovation-with-nginx\/\">Audi Future&#8209;Proofs Tech Vision and App Innovation with NGINX<\/a>.<\/p>\n<h3>Application Performance and Resiliency<\/h3>\n<p>Uptime and app speed are often key performance indicators (KPIs) for developers and Platform Ops teams. The <span>NGINX Plus-based<\/span> NGINX Ingress Controller unlocks five use cases that help you deliver on the promises of Kubernetes.<\/p>\n<p><a href=\"https:\/\/www.nginx.com\/wp-content\/uploads\/2021\/09\/Better-App-Performance-Resiliency-NGINX-IC_infographic.pdf\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.nginx.com\/wp-content\/uploads\/2021\/09\/Better-App-Performance-Resiliency-NGINX-IC_infographic.png\" alt=\"\" width=\"2049\" height=\"2887\" class=\"aligncenter size-full wp-image-67994\" \/><\/a><\/p>\n<ul>\n<li><a href=\"https:\/\/www.nginx.com\/products\/nginx\/live-activity-monitoring\/\">Get live monitoring<\/a>&nbsp;&ndash; The NGINX&nbsp;Plus dashboard displays hundreds of key load and performance metrics so you can quickly troubleshoot the cause of slow (or down!) apps.<\/li>\n<li><a href=\"https:\/\/www.nginx.com\/blog\/improve-kubernetes-resilience-with-advanced-traffic-management\/\">Detect and resolve failures faster<\/a>&nbsp;&ndash; Implement a circuit breaker with active health checks that proactively monitors the health of your TCP and UDP upstream servers.<\/li>\n<li><a href=\"https:\/\/www.nginx.com\/blog\/dynamic-reconfiguration-with-nginx-plus\/\">Reconfigure with zero restarts<\/a>&nbsp;&ndash; Faster, non\u2011disruptive reconfiguration ensures you can deliver applications with consistent performance and resource usage and <a href=\"https:\/\/www.nginx.com\/blog\/performance-testing-nginx-ingress-controllers-dynamic-kubernetes-cloud-environment\/\">lower latency<\/a> than the open source alternatives.<\/li>\n<li><a href=\"https:\/\/www.nginx.com\/blog\/improve-kubernetes-resilience-with-advanced-traffic-management\/\">Thoroughly test new features and deployments<\/a>&nbsp;&ndash; Make A\/B testing and blue&#8209;green deployments easier to execute by leveraging the key\u2011value store to change the percentages without the need for reloads.<\/li>\n<li><a href=\"https:\/\/www.nginx.com\/support\">Resolve support needs quickly<\/a>&nbsp;&ndash; Confidential, commercial support is essential for organizations that can\u2019t wait for the community to answer questions or can\u2019t risk exposure of sensitive data. NGINX support is available in multiple tiers to fit your needs, and covers assistance with installation, deployment, debugging, and error correction. You can even get help when something just doesn\u2019t seem \u201cright\u201d.<\/li>\n<\/ul>\n<p>Learn how business text messaging company Zipwhip accomplished&nbsp;99.99% uptime for their SaaS apps in <a href=\"https:\/\/www.nginx.com\/resources\/webinars\/strengthen-security-traffic-visibility-on-amazon-eks-with-nginx\/\">Strengthen Security and Traffic Visibility on Amazon EKS with NGINX<\/a>.<\/p>\n<h2>Next Step: Try NGINX Ingress Controller<\/h2>\n<p>If you\u2019ve decided that an open source Ingress controller is the right choice for your apps, then you can get started quickly at our <a target=\"_blank\" href=\"https:\/\/github.com\/nginxinc\/kubernetes-ingress\" rel=\"noopener noreferrer\">GitHub repo<\/a>. <\/p>\n<p>For large production deployments, we hope you\u2019ll try our commercial Ingress controller based on NGINX&nbsp;Plus. It\u2019s available for a <a href=\"https:\/\/www.nginx.com\/free-trial-request-nginx-ingress-controller\/\"><span>30-day free trial<\/span><\/a> that includes NGINX App Protect.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.nginx.com\/blog\/guide-to-choosing-ingress-controller-part-4-nginx-ingress-controller-options\/\">A Guide to Choosing an Ingress Controller, Part 4: NGINX Ingress Controller Options<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.nginx.com\">NGINX<\/a>.<\/p>\n<p>Source: <a href=\"https:\/\/www.nginx.com\/blog\/guide-to-choosing-ingress-controller-part-4-nginx-ingress-controller-options\/\" target=\"_blank\" rel=\"noopener\">A Guide to Choosing an Ingress Controller, Part 4: NGINX Ingress Controller Options<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\"><p>A Guide to Choosing an Ingress Controller, Part 4: NGINX Ingress Controller Options This is the third blog post in our series on how to choose a Kubernetes Ingress controller. How to Choose a Kubernetes Ingress Controller, Part&nbsp;1: Identify Your Requirements How to Choose a Kubernetes Ingress Controller, Part&nbsp;2: Risks and Future-Proofing How to Choose a Kubernetes Ingress Controller, Part&nbsp;3: Open Source vs. Default vs. Commercial How to Choose a Kubernetes Ingress Controller, Part&nbsp;4: NGINX Ingress Controller Options (this post) According to the Cloud Native Computing Foundation\u2019s (CNCF) Survey&nbsp;2020, NGINX is the most commonly used data plane in Ingress controllers for Kubernetes&nbsp;&ndash; but did you know there\u2019s more than one \u201cNGINX Ingress Controller\u201d? A previous version of this blog, published in&nbsp;2018 under the title Wait, Which NGINX Ingress Controller for Kubernetes Am I Using?, was prompted by a conversation with <a class=\"mh-excerpt-more\" href=\"https:\/\/jirak.net\/wp\/a-guide-to-choosing-an-ingress-controller-part-4-nginx-ingress-controller-options\/\" title=\"A Guide to Choosing an Ingress Controller, Part 4: NGINX Ingress Controller Options\">[ more&#8230; ]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":43417,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[169],"tags":[652],"class_list":["post-43416","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-nginx"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/43416","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=43416"}],"version-history":[{"count":1,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/43416\/revisions"}],"predecessor-version":[{"id":43418,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/43416\/revisions\/43418"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media\/43417"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=43416"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=43416"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=43416"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}