#kubernetes (2024-09)
Archive: https://archive.sweetops.com/kubernetes/
2024-09-12
Do folks like the one LB to many services, or one LB per service pattern in K8s? Generally I’ve always liked one LB per service everywhere PAAS, but with K8s there may be issues/limitations with dynamically launching LBs (metal or otherwise).
@Dan Miller (Cloud Posse) @Andriy Knysh (Cloud Posse)
It probably depends on your choice of Ingress Controller in Kubernetes. Each have their own recommendations for how to get setup with the LB. With Istio or Kong, you typically get one LB gateway into the cluster. Multiple gateways support is coming too with the Kubernetes Gateway API on the horizon.
But with a simple aws-load-balancer-controller, you could choose to do one LB per one ingress.
I don’t know how current this is, but this is a nice comparison chart with a row for Gateway API support as well: https://docs.google.com/spreadsheets/d/191WWNpjJ2za6-nbG4ZoUMXMpUK8KlCIosvQB0f-oq3k/edit?gid=907731238#gid=907731238
Yea, I really like Kong/enterprise apigw centralization of traffic transiting a single node for all the ops gains. I suppose the same can be had for FE traffic… But at the same time it’s nice to mitigate the endpoint mgmt complexity where you want to allow a team to self-manage their ingress, launch new endpoints, etc.
You could have a hybrid approach… with ingressClassName set to different controllers
Ah I can’t see the version history of the sheet, but that’s still a lot of data on a lot of controllers.
APISIX looks cool. Glanced at that before.
A hybrid approach was what I was thinking. Ya don’t need to have one screwdriver in the toolbox.
Ah, I notice that there’s a ‘Last updated’ field on that sheet. August 21, 2023.
Yup, I assumed it’d be a bit out of date.. but at least it gives one an idea when starting to look at all of the options :)
2024-09-17
noob question: what are the benefits of using the 1password scim ?
is it just to get 1password secrets into kubernetes secrets ?
