1
00:00:02,520 --> 00:00:04,799
‫If you've been thinking about your deployments and your

2
00:00:04,800 --> 00:00:06,956
‫services on them, you may have realized that

3
00:00:07,890 --> 00:00:10,960
‫so far, we haven't talked about OSI

4
00:00:11,250 --> 00:00:12,250
‫Layer 7, or HTTP

5
00:00:14,730 --> 00:00:17,572
‫name routing, or DNS routing, or whatever you want to call

6
00:00:17,760 --> 00:00:20,210
‫it. Basically, the idea that if you're on a server

7
00:00:21,030 --> 00:00:24,269
‫with multiple sites that need to use the same ports,

8
00:00:24,300 --> 00:00:26,603
‫right. Port 80 and 443, then you need something

9
00:00:27,780 --> 00:00:29,792
‫there that routes to different containers, based

10
00:00:30,960 --> 00:00:32,879
‫on something other than just the port.

11
00:00:33,240 --> 00:00:35,940
‫That in Kubernetes is known as Ingress.

12
00:00:36,360 --> 00:00:40,020
‫It's a specific resource, and it's not necessarily

13
00:00:40,110 --> 00:00:43,049
‫a load balancer or anything

14
00:00:43,110 --> 00:00:44,940
‫that you would attribute to a service.

15
00:00:45,270 --> 00:00:47,524
‫It's technically something else that is really

16
00:00:48,450 --> 00:00:51,810
‫focused on the common problem of most

17
00:00:52,020 --> 00:00:54,389
‫clusters want to run lots of different

18
00:00:55,030 --> 00:00:57,261
‫websites, or different containers for different URLs and

19
00:00:57,900 --> 00:01:00,869
‫names. That's where this whole project is

20
00:01:00,870 --> 00:01:02,389
‫focused is the Ingress project.

21
00:01:03,030 --> 00:01:05,014
‫It's not installed, by default, on your Kubernetes cluster,

22
00:01:05,015 --> 00:01:07,820
‫but there are official features for it.

23
00:01:08,190 --> 00:01:11,190
‫The way this works is Kubernetes didn't invent

24
00:01:11,420 --> 00:01:13,620
‫a HTTP proxy.

25
00:01:14,070 --> 00:01:16,874
‫They just provide mechanisms for other third-party

26
00:01:17,310 --> 00:01:20,279
‫proxies to use features so

27
00:01:20,280 --> 00:01:23,519
‫that you install the ingress in your cluster.

28
00:01:23,880 --> 00:01:26,999
‫Then you can tell your apps, based on which

29
00:01:27,000 --> 00:01:30,120
‫one you use, how to use that proxy

30
00:01:30,180 --> 00:01:31,319
‫to get to your container.

31
00:01:31,710 --> 00:01:34,366
‫A good example might be you have website A.com and you have

32
00:01:34,980 --> 00:01:35,980
‫website B.com.

33
00:01:36,630 --> 00:01:38,129
‫Those are going to be two, different deployments.

34
00:01:38,400 --> 00:01:40,850
‫You need to somehow get the same ports on all your

35
00:01:41,310 --> 00:01:42,310
‫nodes...its 80443.

36
00:01:43,113 --> 00:01:45,719
‫You need to get the different websites to the different

37
00:01:45,720 --> 00:01:48,150
‫containers. That's what Ingress is for.

38
00:01:48,810 --> 00:01:50,828
‫In Swarm, we didn't have that feature out-of-the-box.

39
00:01:50,829 --> 00:01:53,328
‫So, you really just had to deploy some proxies as a

40
00:01:53,640 --> 00:01:56,482
‫container and it didn't really have anything special to do

41
00:01:56,700 --> 00:01:58,889
‫with that container. It didn't understand what Ingress was.

42
00:01:58,920 --> 00:02:00,299
‫But, Kubernetes does.

43
00:02:00,570 --> 00:02:03,629
‫When you go look at the documentation, the default

44
00:02:03,690 --> 00:02:06,189
‫sort of example that everyone talks about is Nginx.

45
00:02:06,630 --> 00:02:08,429
‫We've been using Nginx through this course.

46
00:02:08,460 --> 00:02:11,493
‫That one should probably be the one you should try first.

47
00:02:12,660 --> 00:02:14,220
‫I prefer something else.

48
00:02:14,310 --> 00:02:17,103
‫I actually like Traefik and you'll see that in some of my

49
00:02:17,310 --> 00:02:19,034
‫examples, especially in my Swarm course.

50
00:02:19,170 --> 00:02:22,229
‫When you see me talk at conferences, I will often

51
00:02:22,230 --> 00:02:26,010
‫talk about Traefik because it was a proxy created

52
00:02:26,250 --> 00:02:27,839
‫in the world of containers.

53
00:02:27,870 --> 00:02:30,369
‫It's inception was around the idea that we have all

54
00:02:30,870 --> 00:02:33,479
‫these ephemeral containers spinning up and shutting down,

55
00:02:33,810 --> 00:02:36,162
‫and we need to reprogram a proxy, and we need to

56
00:02:36,810 --> 00:02:39,509
‫worry about SSL and all the other things that

57
00:02:39,840 --> 00:02:42,180
‫we need for multiple websites in a container cluster.

58
00:02:42,600 --> 00:02:45,900
‫So, they designed this new product that is now

59
00:02:46,020 --> 00:02:48,329
‫spawning other products. It's got a whole company behind it

60
00:02:48,330 --> 00:02:51,025
‫now and support contracts. You might want to check that

61
00:02:51,210 --> 00:02:54,300
‫out. There's lots of vendors that make these plugins

62
00:02:54,330 --> 00:02:56,261
‫for Kubernetes, including the major ones, right.

63
00:02:56,262 --> 00:02:58,059
‫HAProxy, F5

64
00:02:59,250 --> 00:03:02,520
‫and new players like Envoy and Istio also support

65
00:03:02,640 --> 00:03:05,433
‫ingress types. I will say that, you know, technically the

66
00:03:05,490 --> 00:03:08,430
‫ingress feature itself is still beta in 1.15.

67
00:03:08,520 --> 00:03:10,860
‫Each one of these is going to have their own implementation

68
00:03:11,070 --> 00:03:12,300
‫depending on which one you choose.

69
00:03:12,570 --> 00:03:15,216
‫F5 is an external hardware load balancer that's really

70
00:03:15,720 --> 00:03:16,740
‫common in the enterprise.

71
00:03:17,010 --> 00:03:19,803
‫Obviously, the Ingress controller for it is going to help

72
00:03:20,190 --> 00:03:23,050
‫control that external resource from inside your Kubernetes.

73
00:03:23,760 --> 00:03:25,769
‫The whole point of all of this is so that when you're

74
00:03:25,770 --> 00:03:28,335
‫application developers are writing their YAML

75
00:03:28,740 --> 00:03:31,190
‫with the DevOps people, or maybe with the Ops team

76
00:03:31,770 --> 00:03:34,919
‫itself, they're able to put the annotations into

77
00:03:34,920 --> 00:03:38,189
‫their YAML that are needed for

78
00:03:38,250 --> 00:03:40,949
‫the ingress controller to figure out what to do with them.

79
00:03:40,980 --> 00:03:42,409
‫Basically, how do I route them?

80
00:03:42,420 --> 00:03:45,030
‫What's the right paths? Where am I taking it?

81
00:03:45,330 --> 00:03:47,486
‫What ports am I using? Am I grabbing SSL for

82
00:03:48,330 --> 00:03:50,399
‫you? Am I getting certificates? Are you going to provide me

83
00:03:50,400 --> 00:03:52,199
‫some? All that stuff's handled.

84
00:03:52,560 --> 00:03:54,840
‫First, I'd suggest you look in the resources.

85
00:03:55,260 --> 00:03:57,089
‫Maybe just try out the Nginx by default.

86
00:03:57,390 --> 00:03:59,420
‫Definitely, if you don't have an opinion, try out Traefik

87
00:03:59,820 --> 00:04:02,159
‫because it's easy to use, and it has lots of features,

88
00:04:02,160 --> 00:04:05,189
‫including Let's Encrypt to automatically get certificates

89
00:04:05,190 --> 00:04:07,440
‫for you and your websites right out-of-the-box.

90
00:04:08,130 --> 00:04:10,825
‫If you know your own hardware requirements, or software

91
00:04:11,400 --> 00:04:13,889
‫requirements for what you need to do with Ingress, there's

92
00:04:13,920 --> 00:04:15,779
‫a list in the documentation that you can see in the

93
00:04:15,780 --> 00:04:18,120
‫resources here of all the different Ingress options.