Kangaroot, profile picture
Uploaded byKangaroot
PDF, PPTX64 views

Deploying NGINX in Cloud Native Kubernetes

The document discusses the challenges and solutions associated with Kubernetes load balancer services, specifically focusing on the NGINX Ingress Controller (KIC) in cloud-native environments. It highlights features, including the need for enhanced security, flexibility, and dynamic configuration, while comparing community versus enterprise versions of NGINX for performance and latency. Additionally, it includes use cases for mutual TLS, traffic management, and application protection to illustrate the benefits of using NGINX in Kubernetes environments.

Download as PDF, PPTX
NGINX KIC in Cloud Native Kubernetes From Network to Identity Layer Koen Vanderpoorten Solution Engineer BELUX
| ©2020 F5 2 PUBLIC CLOUD KUBERNETES
| ©2020 F5 3 So everything is perfect… …or is it not?
| ©2020 F5 4 Challenge of k8s loadbalancer services in public clouds? Users Operational, Financial and Security Challenges Cloud Native Kubernetes
| ©2020 F5 5 • Accepts traffic from outside the Kubernetes platform, and load-balances it to pods (containers) running inside the platform • One single IP address and load balancer for multiple applications, routing is based on URI’s (L7 info) • Monitors the pods running in Kubernetes, and automatically updates the load balancing rules if, for example, pods are added or removed from a service The Ingress Controller Internal Network Users Ingress Controller A specialized load balancer for Kubernetes environments: Load Balancer
| ©2020 F5 6 Ingress and Annotations – the pros and cons apiVersion: extensions/v1beta1 kind: Ingress metadata: name: webapp annotations: nginx.org/lb-method: "ip_hash" nginx.org/ssl-services: "webapp" nginx.org/proxy-connect-timeout: "10s" nginx.org/proxy-read-timeout: "10s" nginx.org/proxy-send-timeout: "10s" nginx.org/rewrites: "serviceName=webapp rewrite=/v1" nginx.com/jwt-key: "webapp-jwk" nginx.com/jwt-realm: "Webb App" nginx.com/jwt-token: "$cookie_auth_token" nginx.com/jwt-login-url: "https://login.example.com"" spec: rules: - host: webapp.example.com . . . Implement features missing in Ingress spec Lack validation Not suited for granular configuration Good Things: Can quickly grow bigger than the spec Bad Things: Not portable
| ©2020 F5 7 Enter NGINX KIC CRD’s
| ©2021 F5 8 Host TLS Upstreams Routes - Path Action Split Match Route ErrorPage pass redirect return proxy delegation optional Host TLS Upstreams Routes - Path Action Split Match Route ErrorPage pass redirect return proxy delegation optional NGINX Ingress Resources – Rich Capabilities Host TLS Policies Upstreams Routes - Path Policies Action Split Match Route ErrorPage pass redirect return proxy delegation VirtualServer pass redirect return proxy pass redirect return proxy Host Upstreams Subroutes - Path Policies Action Split Match ErrorPage pass redirect return proxy VirtualServerRoute NGINX server configuration NGINX http configuration Server and HTTP snippets NGINX location configuration Location snippets Policies Access Control Rate Limiting Auth (JWT, OIDC) MTLS (Ingress/Egress) App Protect WAF
| ©2020 F5 9 Conditional Routing Split Routing Error Pages Rate Limiting Authentication Web Application Firewall NGINX Snippets Multiple versions, multiple clients A|B Testing for safe production deployment Implement ‘Circuit Breakers’ to contain failures Protect vulnerable apps, limit greedy clients Offload identity checking from apps and centralize Protect from known and unknown vulnerabilities “to-the-metal” with NGINX configuration Use Cases
| ©2021 F5 10 NGINX Ingress Resources – Distributed Configuration
| ©2021 F5 11 NGINX Ingress Resources – Distributed Configuration NetOps DevOps-FE DevOps-NG Identity DevSecOps
| ©2021 F5 12 NGINX Ingress Controller WITH KUBERNETES & NGINX INGRESS CONTROLLER Manage Complexity in Production Apps Teams Basic Ingress Solutions 1 Many Many 1
| ©2020 F5 13 Why not use the Community version of NGINX Ingress Controller? WAIT, THERE’S MORE THAN ONE? Footprint Latency Timeouts Security Community: 500MB NGINX Plus: 120MB Community: Slowed by timeouts NGINX Plus: Dynamically reconfigures Community: 8809 NGINX Plus: 0 Community: OpenResty = CVE problems NGINX Plus: Proactive CVE patching, Integrated WAF & service mesh Driven by innovation at the expense of feature stability Driven by enterprise-ready stability without compromising innovation
| ©2020 F5 14 2020 PERFORMANCE TEST RESULTS Latency in a Dynamic Deployment
| ©2020 F5 15 UNNECESSARY RISK IN YOUR K8S ENVIRONMENTS Delays in CVE patching Competitor
| ©2021 F5 16 THE COST OF ADDING SECURITY IS LOW COMPARED WITH ITS IMPACT NGINX App Protect Performance 0 0,5 1 1,5 2 2,5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000 Requests/sec No Protection NGINX App Protect ModSec 0 100 200 300 400 500 600 700 800 Latency (ms) No Protection NGINX App Protect ModSec
| ©2021 F5 17 AppProtect + KIC + NSM = Mesh Ingress WAF • AppProtect runs in NGINX+ KIC at the edge • Provides L7 WAF security for all mesh-based ingress • mTLS between KIC and NSM NGINX AppProtect
| ©2021 F5 18 Mutual TLS Instrumentation Tracing Rate Limiting Traffic Splitting Access Control Egress Control Secure traffic in a zero-trust network Monitor performance, latency and availability Debug transactions and locate faults Protect vulnerable apps, limit greedy clients Implement A|B, Canary and Blue-Green upgrades Implement allow-lists to accurately govern traffic Manage and broker traffic to external services Spotlight on Service Mesh - Use Cases
| ©2021 F5 19 Demo Time
Deploying NGINX in Cloud Native Kubernetes

More Related Content

PDF
RootStack - Devfactory
byKangaroot
 
PDF
Cloud demystified, what remains after the fog has lifted.
byKangaroot
 
PDF
Welcome at OPEN'22
byKangaroot
 
PDF
EDB Postgres in Public Sector
byKangaroot
 
PPTX
EasyStack True Private Cloud | Quek Keng Oei
byVietnam Open Infrastructure User Group
 
PPTX
CDK - The next big thing - Quang Phuong
byVietnam Open Infrastructure User Group
 
PDF
Migrating to Cloud Native Solutions
byinwin stack
 
PPTX
Building Cloud Native Applications Using Azure Kubernetes Service
byDennis Moon
 
RootStack - Devfactory
byKangaroot
 
Cloud demystified, what remains after the fog has lifted.
byKangaroot
 
Welcome at OPEN'22
byKangaroot
 
EDB Postgres in Public Sector
byKangaroot
 
EasyStack True Private Cloud | Quek Keng Oei
byVietnam Open Infrastructure User Group
 
CDK - The next big thing - Quang Phuong
byVietnam Open Infrastructure User Group
 
Migrating to Cloud Native Solutions
byinwin stack
 
Building Cloud Native Applications Using Azure Kubernetes Service
byDennis Moon
 

What's hot

PPTX
CWIN17 london becoming cloud native part 2 - guy martin docker
byCapgemini
 
PDF
Journey from on prem to the cloud with kubernetes
byLibbySchulze
 
PPTX
AnsibleFest 2020 - Automate cybersecurity solutions in a cloud native scenario
byRoberto Carratala
 
PDF
Intro - Cloud Native
byAlbert Suwandhi
 
PDF
8.cncf en
byJuraj Hantak
 
PDF
Prometheus - basics
byJuraj Hantak
 
PPTX
OpenStack 3rd Birthday Presentation
byOpenStack Foundation
 
PPTX
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
byDevOps.com
 
PPTX
Docker Federal Summit 2017 General Session
byDocker, Inc.
 
PPTX
Tectonic Summit 2016: Betting on Kubernetes
byCoreOS
 
PDF
All roads lead to the cloud
byDocker, Inc.
 
PPTX
PKS - Solving Complexity for Modern Data Workloads
byCarlos Andrés García
 
PPTX
Why cloud native matters
byCheryl Hung
 
PDF
Cloud Native Development
byManuel Garcia
 
PPTX
Istio - A Service Mesh for Microservices as Scale
byRam Vennam
 
PDF
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
byWeaveworks
 
PDF
VietOpenStack meetup 7th Kilo overview
byVietnam Open Infrastructure User Group
 
PPTX
Cloud native policy enforcement with Open Policy Agent
byLibbySchulze
 
PDF
DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...
byDocker, Inc.
 
PDF
Containers - Transforming the data centre as we know it 2016
byKeith Lynch
 
CWIN17 london becoming cloud native part 2 - guy martin docker
byCapgemini
 
Journey from on prem to the cloud with kubernetes
byLibbySchulze
 
AnsibleFest 2020 - Automate cybersecurity solutions in a cloud native scenario
byRoberto Carratala
 
Intro - Cloud Native
byAlbert Suwandhi
 
8.cncf en
byJuraj Hantak
 
Prometheus - basics
byJuraj Hantak
 
OpenStack 3rd Birthday Presentation
byOpenStack Foundation
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
byDevOps.com
 
Docker Federal Summit 2017 General Session
byDocker, Inc.
 
Tectonic Summit 2016: Betting on Kubernetes
byCoreOS
 
All roads lead to the cloud
byDocker, Inc.
 
PKS - Solving Complexity for Modern Data Workloads
byCarlos Andrés García
 
Why cloud native matters
byCheryl Hung
 
Cloud Native Development
byManuel Garcia
 
Istio - A Service Mesh for Microservices as Scale
byRam Vennam
 
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
byWeaveworks
 
VietOpenStack meetup 7th Kilo overview
byVietnam Open Infrastructure User Group
 
Cloud native policy enforcement with Open Policy Agent
byLibbySchulze
 
DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...
byDocker, Inc.
 
Containers - Transforming the data centre as we know it 2016
byKeith Lynch
 

Similar to Deploying NGINX in Cloud Native Kubernetes

PDF
Load Balancing Applications on Kubernetes with NGINX
byAine Long
 
PPTX
Control Kubernetes Ingress and Egress Together with NGINX
byNGINX, Inc.
 
PPTX
NGINX Kubernetes Ingress Controller: Getting Started – EMEA
byAine Long
 
PDF
Relevez les défis Kubernetes avec NGINX
byNGINX, Inc.
 
PDF
Securing Your Apps & APIs in the Cloud
byOlivia LaMar
 
PDF
Get the Most Out of Kubernetes with NGINX
byNGINX, Inc.
 
PDF
Using NGINX and NGINX Plus as a Kubernetes Ingress
byKevin Jones
 
PPTX
API Workloads on Kubernetes | Show Code Part 4
byNGINX, Inc.
 
PDF
Kubernetes Networking
byNGINX, Inc.
 
PDF
Cncf k8s_network_03 (Ingress introduction)
byErhwen Kuo
 
PDF
Control Kubernetes Ingress and Egress Together with NGINX
byNGINX, Inc.
 
PPTX
Nginx Deep Dive Kubernetes Ingress
byKnoldus Inc.
 
PPTX
Production-Grade Kubernetes With NGINX Ingress Controller
byNGINX, Inc.
 
PPTX
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
byOlivia LaMar
 
PPTX
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
byKatherine Bagood
 
PDF
Ingress controller present, past and future
byAdam Hamsik
 
PDF
Ingress controller present, past and future
byJuraj Hantak
 
PDF
NGINX Ingress Controller for Kubernetes
byNGINX, Inc.
 
PDF
Kubernetes and the NGINX Plus Ingress Controller
byKatherine Bagood
 
PDF
Load Balancing in the Cloud using Nginx & Kubernetes
byLee Calcote
 
Load Balancing Applications on Kubernetes with NGINX
byAine Long
 
Control Kubernetes Ingress and Egress Together with NGINX
byNGINX, Inc.
 
NGINX Kubernetes Ingress Controller: Getting Started – EMEA
byAine Long
 
Relevez les défis Kubernetes avec NGINX
byNGINX, Inc.
 
Securing Your Apps & APIs in the Cloud
byOlivia LaMar
 
Get the Most Out of Kubernetes with NGINX
byNGINX, Inc.
 
Using NGINX and NGINX Plus as a Kubernetes Ingress
byKevin Jones
 
API Workloads on Kubernetes | Show Code Part 4
byNGINX, Inc.
 
Kubernetes Networking
byNGINX, Inc.
 
Cncf k8s_network_03 (Ingress introduction)
byErhwen Kuo
 
Control Kubernetes Ingress and Egress Together with NGINX
byNGINX, Inc.
 
Nginx Deep Dive Kubernetes Ingress
byKnoldus Inc.
 
Production-Grade Kubernetes With NGINX Ingress Controller
byNGINX, Inc.
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
byOlivia LaMar
 
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
byKatherine Bagood
 
Ingress controller present, past and future
byAdam Hamsik
 
Ingress controller present, past and future
byJuraj Hantak
 
NGINX Ingress Controller for Kubernetes
byNGINX, Inc.
 
Kubernetes and the NGINX Plus Ingress Controller
byKatherine Bagood
 
Load Balancing in the Cloud using Nginx & Kubernetes
byLee Calcote
 

More from Kangaroot

PPTX
So you think you know SUSE?
byKangaroot
 
PDF
Live demo: Protect your Data
byKangaroot
 
PDF
Zimbra at Kangaroot / OPEN{virtual}
byKangaroot
 
PDF
NGINX Controller: faster deployments, fewer headaches
byKangaroot
 
PDF
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
byKangaroot
 
PDF
Do you want to start with OpenShift but don’t have the manpower, knowledge, e...
byKangaroot
 
PDF
Red Hat multi-cluster management & what's new in OpenShift
byKangaroot
 
PDF
There is no such thing as “Vanilla Kubernetes”
byKangaroot
 
PDF
Elastic SIEM (Endpoint Security)
byKangaroot
 
PDF
Hashicorp Vault - OPEN Public Sector
byKangaroot
 
PDF
Kangaroot - Bechtle kadercontracten
byKangaroot
 
PDF
Red Hat Enterprise Linux 8
byKangaroot
 
PDF
Kangaroot open shift best practices - straight from the battlefield
byKangaroot
 
PDF
Kubecontrol - managed Kubernetes by Kangaroot
byKangaroot
 
PDF
OpenShift 4, the smarter Kubernetes platform
byKangaroot
 
PDF
10 - MongoDB
byKangaroot
 
PDF
9 - Making Sense of Containers in the Microsoft Cloud
byKangaroot
 
PDF
8 - OpenShift - A look at a container platform: what's in the box
byKangaroot
 
PDF
7 - Monitoring Kubernetes with Elastic
byKangaroot
 
PDF
6 - Past, Present and Future of API Management
byKangaroot
 
So you think you know SUSE?
byKangaroot
 
Live demo: Protect your Data
byKangaroot
 
Zimbra at Kangaroot / OPEN{virtual}
byKangaroot
 
NGINX Controller: faster deployments, fewer headaches
byKangaroot
 
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
byKangaroot
 
Do you want to start with OpenShift but don’t have the manpower, knowledge, e...
byKangaroot
 
Red Hat multi-cluster management & what's new in OpenShift
byKangaroot
 
There is no such thing as “Vanilla Kubernetes”
byKangaroot
 
Elastic SIEM (Endpoint Security)
byKangaroot
 
Hashicorp Vault - OPEN Public Sector
byKangaroot
 
Kangaroot - Bechtle kadercontracten
byKangaroot
 
Red Hat Enterprise Linux 8
byKangaroot
 
Kangaroot open shift best practices - straight from the battlefield
byKangaroot
 
Kubecontrol - managed Kubernetes by Kangaroot
byKangaroot
 
OpenShift 4, the smarter Kubernetes platform
byKangaroot
 
10 - MongoDB
byKangaroot
 
9 - Making Sense of Containers in the Microsoft Cloud
byKangaroot
 
8 - OpenShift - A look at a container platform: what's in the box
byKangaroot
 
7 - Monitoring Kubernetes with Elastic
byKangaroot
 
6 - Past, Present and Future of API Management
byKangaroot
 

Recently uploaded

PDF
Transform Salesforce Workflows: The Basics You Must Know to Deploy AI Agents
byCymetrix Software
 
PPTX
Systems Programming Lecture Compute.pptx
byAdekunle25
 
PDF
Vibe Coding and AI-Assisted Development (Ploneconf 2025, Lightning Talk)
bykitconcept GmbH
 
PPTX
Soft(ware) Stories: Tecnologia, Identità e Giustizia di genere nel mondo digi...
byLetizia Jaccheri
 
DOCX
Best Tableau Alternatives for Data Analytics and Reporting.docx
byVarsha Nayak
 
PDF
Best Tableau Alternatives for Data Analytics and Reporting.pdf
byVarsha Nayak
 
PDF
Dreamforce 2025: Welcome to the Agentic Enterprise
byDele Amefo
 
PPTX
What is the Best BI Tool for Real-Time Data Exploration Beyond Tableau.pptx
byVarsha Nayak
 
PDF
Privacy-first in-browser Generative AI web apps: offline-ready, future-proof,...
byMaxim Salnikov
 
PDF
The 50+ First-Timer: My OpenTelemetry Contribution and How Your CNCF Journey...
byImma Valls Bernaus
 
PPTX
White Label Travel Portal Solutions for B2C, B2B & B2E
byRayds Services Limited
 
PDF
Top Tech Stacks for Developing Scalable Social Networking Apps.pdf
byOlivia Rose
 
PDF
End-to-End Payroll Processing Checklist for Growing Businesses.pdf
byCRMLeaf
 
PDF
OpenChain Global Update @ Open Source Tech Day 2025
byShane Coughlan
 
PDF
Practical Performance Tuning for Serverless Java on AWS- InfoQ Dev Summit
byVadym Kazulkin
 
PDF
What Writing 250+ Blog Posts Taught Me About Artificial Intelligence.pdf
byMarkus Eisele
 
PDF
The Scarcity of Engineering Craftsmanship
byVasileios Christopoulos
 
PDF
The journey from (not)REST to GraphQL at scale - The Deezer experience
byLoïc Doubinine
 
PDF
Driving Stress Detection Using Multimodal CNN with Nonlinear Representation o...
byPranjal Kumar
 
PDF
VADY Enterprise AI Foresight — Explain What, Why & What-Next with Context-Awa...
byNewFangledVision
 
Transform Salesforce Workflows: The Basics You Must Know to Deploy AI Agents
byCymetrix Software
 
Systems Programming Lecture Compute.pptx
byAdekunle25
 
Vibe Coding and AI-Assisted Development (Ploneconf 2025, Lightning Talk)
bykitconcept GmbH
 
Soft(ware) Stories: Tecnologia, Identità e Giustizia di genere nel mondo digi...
byLetizia Jaccheri
 
Best Tableau Alternatives for Data Analytics and Reporting.docx
byVarsha Nayak
 
Best Tableau Alternatives for Data Analytics and Reporting.pdf
byVarsha Nayak
 
Dreamforce 2025: Welcome to the Agentic Enterprise
byDele Amefo
 
What is the Best BI Tool for Real-Time Data Exploration Beyond Tableau.pptx
byVarsha Nayak
 
Privacy-first in-browser Generative AI web apps: offline-ready, future-proof,...
byMaxim Salnikov
 
The 50+ First-Timer: My OpenTelemetry Contribution and How Your CNCF Journey...
byImma Valls Bernaus
 
White Label Travel Portal Solutions for B2C, B2B & B2E
byRayds Services Limited
 
Top Tech Stacks for Developing Scalable Social Networking Apps.pdf
byOlivia Rose
 
End-to-End Payroll Processing Checklist for Growing Businesses.pdf
byCRMLeaf
 
OpenChain Global Update @ Open Source Tech Day 2025
byShane Coughlan
 
Practical Performance Tuning for Serverless Java on AWS- InfoQ Dev Summit
byVadym Kazulkin
 
What Writing 250+ Blog Posts Taught Me About Artificial Intelligence.pdf
byMarkus Eisele
 
The Scarcity of Engineering Craftsmanship
byVasileios Christopoulos
 
The journey from (not)REST to GraphQL at scale - The Deezer experience
byLoïc Doubinine
 
Driving Stress Detection Using Multimodal CNN with Nonlinear Representation o...
byPranjal Kumar
 
VADY Enterprise AI Foresight — Explain What, Why & What-Next with Context-Awa...
byNewFangledVision
 

Deploying NGINX in Cloud Native Kubernetes

  • 1.
    NGINX KIC inCloud Native Kubernetes From Network to Identity Layer Koen Vanderpoorten Solution Engineer BELUX
  • 2.
    | ©2020 F5 2 PUBLICCLOUD KUBERNETES
  • 3.
    | ©2020 F5 3 Soeverything is perfect… …or is it not?
  • 4.
    | ©2020 F5 4 Challengeof k8s loadbalancer services in public clouds? Users Operational, Financial and Security Challenges Cloud Native Kubernetes
  • 5.
    | ©2020 F5 5 •Accepts traffic from outside the Kubernetes platform, and load-balances it to pods (containers) running inside the platform • One single IP address and load balancer for multiple applications, routing is based on URI’s (L7 info) • Monitors the pods running in Kubernetes, and automatically updates the load balancing rules if, for example, pods are added or removed from a service The Ingress Controller Internal Network Users Ingress Controller A specialized load balancer for Kubernetes environments: Load Balancer
  • 6.
    | ©2020 F5 6 Ingressand Annotations – the pros and cons apiVersion: extensions/v1beta1 kind: Ingress metadata: name: webapp annotations: nginx.org/lb-method: "ip_hash" nginx.org/ssl-services: "webapp" nginx.org/proxy-connect-timeout: "10s" nginx.org/proxy-read-timeout: "10s" nginx.org/proxy-send-timeout: "10s" nginx.org/rewrites: "serviceName=webapp rewrite=/v1" nginx.com/jwt-key: "webapp-jwk" nginx.com/jwt-realm: "Webb App" nginx.com/jwt-token: "$cookie_auth_token" nginx.com/jwt-login-url: "https://login.example.com"" spec: rules: - host: webapp.example.com . . . Implement features missing in Ingress spec Lack validation Not suited for granular configuration Good Things: Can quickly grow bigger than the spec Bad Things: Not portable
  • 7.
    | ©2020 F5 7 EnterNGINX KIC CRD’s
  • 8.
    | ©2021 F5 8 Host TLS Upstreams Routes -Path Action Split Match Route ErrorPage pass redirect return proxy delegation optional Host TLS Upstreams Routes - Path Action Split Match Route ErrorPage pass redirect return proxy delegation optional NGINX Ingress Resources – Rich Capabilities Host TLS Policies Upstreams Routes - Path Policies Action Split Match Route ErrorPage pass redirect return proxy delegation VirtualServer pass redirect return proxy pass redirect return proxy Host Upstreams Subroutes - Path Policies Action Split Match ErrorPage pass redirect return proxy VirtualServerRoute NGINX server configuration NGINX http configuration Server and HTTP snippets NGINX location configuration Location snippets Policies Access Control Rate Limiting Auth (JWT, OIDC) MTLS (Ingress/Egress) App Protect WAF
  • 9.
    | ©2020 F5 9 ConditionalRouting Split Routing Error Pages Rate Limiting Authentication Web Application Firewall NGINX Snippets Multiple versions, multiple clients A|B Testing for safe production deployment Implement ‘Circuit Breakers’ to contain failures Protect vulnerable apps, limit greedy clients Offload identity checking from apps and centralize Protect from known and unknown vulnerabilities “to-the-metal” with NGINX configuration Use Cases
  • 10.
    | ©2021 F5 10 NGINXIngress Resources – Distributed Configuration
  • 11.
    | ©2021 F5 11 NGINXIngress Resources – Distributed Configuration NetOps DevOps-FE DevOps-NG Identity DevSecOps
  • 12.
    | ©2021 F5 12 NGINX IngressController WITH KUBERNETES & NGINX INGRESS CONTROLLER Manage Complexity in Production Apps Teams Basic Ingress Solutions 1 Many Many 1
  • 13.
    | ©2020 F5 13 Whynot use the Community version of NGINX Ingress Controller? WAIT, THERE’S MORE THAN ONE? Footprint Latency Timeouts Security Community: 500MB NGINX Plus: 120MB Community: Slowed by timeouts NGINX Plus: Dynamically reconfigures Community: 8809 NGINX Plus: 0 Community: OpenResty = CVE problems NGINX Plus: Proactive CVE patching, Integrated WAF & service mesh Driven by innovation at the expense of feature stability Driven by enterprise-ready stability without compromising innovation
  • 14.
    | ©2020 F5 14 2020PERFORMANCE TEST RESULTS Latency in a Dynamic Deployment
  • 15.
    | ©2020 F5 15 UNNECESSARYRISK IN YOUR K8S ENVIRONMENTS Delays in CVE patching Competitor
  • 16.
    | ©2021 F5 16 THECOST OF ADDING SECURITY IS LOW COMPARED WITH ITS IMPACT NGINX App Protect Performance 0 0,5 1 1,5 2 2,5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000 Requests/sec No Protection NGINX App Protect ModSec 0 100 200 300 400 500 600 700 800 Latency (ms) No Protection NGINX App Protect ModSec
  • 17.
    | ©2021 F5 17 AppProtect+ KIC + NSM = Mesh Ingress WAF • AppProtect runs in NGINX+ KIC at the edge • Provides L7 WAF security for all mesh-based ingress • mTLS between KIC and NSM NGINX AppProtect
  • 18.
    | ©2021 F5 18 MutualTLS Instrumentation Tracing Rate Limiting Traffic Splitting Access Control Egress Control Secure traffic in a zero-trust network Monitor performance, latency and availability Debug transactions and locate faults Protect vulnerable apps, limit greedy clients Implement A|B, Canary and Blue-Green upgrades Implement allow-lists to accurately govern traffic Manage and broker traffic to external services Spotlight on Service Mesh - Use Cases
  • 19.