#kubernetes (2024-09)

@Dan Miller (Cloud Posse) @Andriy Knysh (Cloud Posse)

It probably depends on your choice of Ingress Controller in Kubernetes. Each have their own recommendations for how to get setup with the LB. With Istio or Kong, you typically get one LB gateway into the cluster. Multiple gateways support is coming too with the Kubernetes Gateway API on the horizon.

But with a simple aws-load-balancer-controller, you could choose to do one LB per one ingress.

I don’t know how current this is, but this is a nice comparison chart with a row for Gateway API support as well: https://docs.google.com/spreadsheets/d/191WWNpjJ2za6-nbG4ZoUMXMpUK8KlCIosvQB0f-oq3k/edit?gid=907731238#gid=907731238

Yea, I really like Kong/enterprise apigw centralization of traffic transiting a single node for all the ops gains. I suppose the same can be had for FE traffic… But at the same time it’s nice to mitigate the endpoint mgmt complexity where you want to allow a team to self-manage their ingress, launch new endpoints, etc.

You could have a hybrid approach… with ingressClassName set to different controllers

Ah I can’t see the version history of the sheet, but that’s still a lot of data on a lot of controllers.

APISIX looks cool. Glanced at that before.

A hybrid approach was what I was thinking. Ya don’t need to have one screwdriver in the toolbox.

Ah, I notice that there’s a ‘Last updated’ field on that sheet. August 21, 2023.

Yup, I assumed it’d be a bit out of date.. but at least it gives one an idea when starting to look at all of the options :)

is it just to get 1password secrets into kubernetes secrets ?

typical scim usage is getting users provisioned from your idp into 1pass