►
Description
Have you ever found yourself in a situation when all your services are running in Kubernetes, and now you need to expose them to the outside world securely and reliably? Viktor Gamov introduced the Kubernetes Ingress and how you can use it in gRPC applications.
He talked about the Kong Ingress Controller (KIC), an open-source implementation of the Kubernetes Controller that can be installed and managed precisely as any other Kubernetes resource. We learnt how to easily expose Kubernetes services to the outside world with KIC as well as the vast plugin ecosystem of Kong Gateway to declaratively enable security, API rate limiting, and native gRPC support!
A
Today,
we're
going
to
be
talking
about
somehow
specific
topic,
but
it's
not
really
specific
to
kubernetes
it.
Just
I
I
use
kubernetes
just
because
I
like
to
use
kubernetes
and
it's
my
platform
of
choice
to
deploy
my
applications
and
I
like
appreciations
around
this,
and
it's
also
a
pretty
good
tool
to
have
in
your
tool
belt,
but
all
the
things
in
terms
of
technologies
and
in
terms
of
like
how
you
run
the
services
and
how
you
can
integrate
this
with
things
like
kong
also
applicable
to
non-kubernetes
environments.
A
So
the
quant
can
be
run
anywhere,
and
I
will
be
talking
a
little
bit
about
specifics.
Why
the
quank
and
calling
ingress
controller
specifically
exist
and
how
we
can
you
know,
integrate
this
with
our
application.
A
So
in
the
introduction
I
will
talk
a
little
bit
about
the
grades
and
applications
and
after
that,
I'll
talk
a
little
bit
about
conch.
And
after
that
I
will
show
you
some
demo.
So
hopefully
we'll
have
enough
time
to
answer
the
questions.
A
So
in
in
this
presentation,
let
me
see
if
my
clicker
clicker
not
working
so
we're
going
to
be
using
keyboard.
So
I
am,
I
work
as
developer
of
the
kit
with
conc
and
as
developer
of
the
kit.
I
talk
to
developers.
I
really
like
to
see
how
our
tools
can
help
them
to
solve
the
problems
and
make
them
or
make
you
productive.
A
With
all
these
tools,
you
can
find
me
in
twitter,
I'm
pretty
you
know
you
can
ask
me
all
questions
in
twitter
and
my
twitter
is
conveniently
placed
in
the
header
of
this
presentation,
so
you
can
always
find
me
and
follow
me,
I'm
very
interesting
person,
so
what
we're
gonna
be
covering
today,
since
I
would
like
to
talk
a
little
bit
about
kubernetes,
I
will
talk
why
and
how
the
idea
of
ingress
appeared
in
kubernetes
world
in
how
it
is
evolved
and
how
this
will
involve
how
this
is
this.
A
I
think
that
that's
called
gateway,
I'm
not
going
to
talk
about
this
much,
but
the
gateway
is
the
next
version
of
kubernetes
ingress
object
and
a
lot
of
things
that
people
were
doing
with
ingress
in
the
past
influenced
the
way.
How
we're
going
to
be
doing
this
in
the
future.
Using
you
know,
kong,
just
any
type
of
ingress,
we'll
talk
about
ingress,
we'll
talk,
some
advanced
features
and
how
we
can
extend
those-
and
obviously
you
will
see
some
demos
here.
A
So
when
we
talk
about
kubernetes
native
apps,
our
applications
would
be
continualized
and
deployed,
as
pods
in
kubernetes,
environment
and
communities
will
be
responsible
for
distribution
of
this
replicas
of
your
applications
across
multiple
nodes.
So
in
this
particular
example,
I
have
a
cluster
of
three
nodes:
electro
physical
nodes,
that
running
some
of
the
physical,
all
vms
that
run
some
of
the
processes
that
allows
kubernetes
to
use
them
as
a
place
where
you
can
deploy
your
workloads
and
to
get
access
to
those
services
from
outside
world.
A
Traditionally
we
can
deploy
service
and
the
service
will
have
a
type
load
balancer,
and
this
is
a
little
bit
ambiguous.
I
would
say,
because
it
depends
on
depends
on
implementation,
depends
on
where
you're
running
this,
because
in
some
cases,
if
you're
writing
this
in
cloud
environment,
if
you're
running
this
in
managed
environment,
the
cloud
provider
will
will
provide
you
something,
so
it
will
actually
create
a
load
balancer
that
your
application
will
be
able
to
to
hit.
So
your
traffic
will
be
routed
to
a
particular
service.
A
Once
you
deploy
multiple
applications,
you
might
need
to
have
a
different
load.
Balancers.
A
To
those
services,
you'll
have
a
different
service
to
access
to
analytics
different
service
access
to
inventory,
different
service
access
to
billing
service,
with
the
concept
of
kind
of
consolidation
of
the
access
and
the
consolidation
of
the
management.
The
ukrainian
folks
come
up
with
this
idea
of
ingress
and
ingress.
It's
the
kubernetes
native
object
that
allows
to
use
kind
of
like
a
single
point
of
configuring,
access
to
services
and
the
couple
things
that
you
need
to
know
about:
kubernetes
ingress,
it's
it's
a
vendor,
neutral
spec.
A
So
in
this
case,
there's
no
there's
no
vendor-specific
things
here.
You
can
add
this
and
we'll
talk
about
this.
How
we
can
do
that,
and
but
essentially
it
is
the
standard
ingress
object
and
there's
a
standard
schema,
what
you
can
do,
what
kind
of
host
what
kind
of
path
available
for
for
http
what
kind
of
path
available
for
https.
A
So
in
this
case,
you
can
see,
if
you
hit
your
your
proxy
with
slash
bills,
it
will
route
calls
to
to
the
particular
whatever
service
is
there
like
in
this
case
it's
bills,
so
it
will
use
kubernetes,
node
discovery
and
we'll
find
this
bills
service
and
provide
the
routing.
A
So
essentially,
the
the
idea
of
this
proxies
came
in
from
the
long
long
time
known
thing
called
load
balancer.
Essentially,
all
the
modern
technology
is
doing
is
reinventing
things
that
many
people
already
knew
for
many
years
and
load.
Balancer
provides
many
many
useful
functionalities
for
the
application,
starting
from
the
simple
things
like
it
will.
A
What's
the
word
I'm
looking
for,
so
it
sits
in
front
of
your
application.
It
provides
ability
to
route
the
traffic
from
one
place
like
from
your
outside
world
to
to
inside
world,
and
if
the
the
services
like
upstream
services
will
have
some
issues
like
service
will
down,
it
will
try
to
route
to
healthy
to
healthy
nodes.
So
that's
what
the
purpose
of
load
balancer
was
for
a
very
long
time
now,
with
the
load.
A
Balancer
usually
provides
some
of
the
features
that
allows
you
to
not
implement
those
features
as
part
of
your
applications,
things
with,
like
rate
limiting
and
the
throttling
of
the
request,
and
maybe
even
do
some
like
a
traffic
shipping,
for
example,
providing
like
a
ability
to
encrypt
this
traffic
without
your
application,
doing
this
explicitly
and
so
far,
and
so
on.
A
Now,
that's
all
good
and
all
this
nice,
but
in
this
case
it
cannot
be,
you
know,
vendor
neutral,
and
it
cannot
be
something
that
you
will
rely
on
on
your
cloud
provider.
A
So
this
because
this
is
like
two
specific
things,
and
so
what
is
essentially
many
people
end
up
doing,
there's
like
a
different
vendors
and
different
the
project
that
allows
to
do
the
proxy
of
traffic.
They
come
up
with
this.
A
That
will
be
listening.
What
happens
with
this
ingress
object
and
the
translate
this
to
the
configuration
that
would
be
native,
for
you
know
certain
components,
also
some
of
the
data
responsibilities.
It's
like
very
easy
to
get
into
the
situation
where
okay,
so
you
have
a
service
where
you
should
put
certain
pieces
of
functionality.
You
should
put
this
inside
of
your
service.
You
need
to
like
put
implementation,
bring
all
the
libraries
and
make
the
big
service,
or,
in
this
case,
we'll
have
a
situation
with
distributed
monolith.
A
This
model
it
will
have
everything
and
even
though
it
runs
in
kubernetes-
and
maybe
there
is
about
multiple
replicas
of
the
service
and
so
far
and
so
on.
But
what
to
do
with
situation?
You
know
if
you
don't
want
to
implement
this.
The
idea
of
microservices
is
to
focus
on
pieces
of
functionality
that
related
only
to
to
business
tasks,
to
tasks
that
your
business
would
be.
You
know
interested
to
to
implement
and
with
the
the
load,
balancer
or
more
fancy
term
is
the
api
gateway.
A
So
we
implemented
this
as
our
own
ingress
controller,
meaning
that
there's
some
of
the
pieces
of
software
that
will
be
sitting
inside
kubernetes
cluster
and
we
will
be
listening
all
the
events
and
happening
into
ingress.
And
after
that
doing
something
for
this,
and
I
will
show
you
in
a
second
how
it
looks
like,
but
this
piece
of
functionality
will
be
built
in
into
this
api
gateway
product.
A
The
product
will
allows
you
to
configure
multiple
things
declaratively
through
the
the
concepts
that
available
in
kubernetes.
If
you're
not
familiar
with
this
concept-
and
you
can
think
about
this-
that
kubernetes,
server
or
kubernetes
cluster
is
essentially
a
api
server
that
talks
with
some
entities
and
when
you
as
a
developer
or
as
a
system
administrator
or
someone
who
wants
to
do
something
with
those
resources.
You
just
need
to
declare
those
resources
and
someone
will
be
responsible
for
making
things
happen.
A
Think
about
this,
how
you
would
work
in
an
infrastructure
system,
and
you
submitted
a
ticket
that
you
need
to
have
http
server
deployed,
and
after
that
you
don't
really
care
some
operations.
People
will
come
and
do
the
thing
so
idea
with
kubernetes
would
be
the
same.
You
define
this
resource
that
defines
your
intent.
What
you
want
to
have,
and
after
that,
the
underlying
implementation
will
make
it
happen.
A
Apart
from
the
standard
resources
that
currently
has
like
including
deployments,
including
pods,
different
networking
policies,
different
disk
policies
and
things
like
that,
there
is
ability
to
extend
this
api.
You
provide
kind
of
a
domain,
specific
language
for
particular
system.
In
our
case,
we
implemented
few
custom
resources
that
allows
us
declaratively
configure
those
one
of
the
things
that
we
have
is
a
calling
plugin
that
allows
us
to
do
something
with
particular
service
or
particular
ingress.
There's
also
cluster
plug-in.
A
That
allows
to
apply
some
of
the
configurations
to
kong
and
do
something
with
calling
itself
there's
a
custom
resource
that
allows
to
configure
some
of
the
things
that
your
normal
kubernetes
doesn't
support.
A
We
have
some
external
features
called
like
tcp
ingress,
for
example,
if
you're
running
servers
that
expose
the
gpu
or
https
or
to
grpc
or
http
2,
but
through
the
tcp
or
udp,
so
this
stuff
also
available
as
a
custom
resource
and
after
that
there
will
be
custom
controller
that
will
be
listening
this
resources
and
after
that,
these
resources
will
make
happen.
So
this
resources
will
work.
So,
let's
talk
about
jrpc,
so
let
me
I
will
get
back
to
this
slide
after
I
will
talk
about
this,
but
grpc
in
in
quan.
A
Congress
is
a
like
a
first-class
citizen
there.
So
your
services,
if
you
want
to
expose
those
services
to
outside
world
that
you
know,
use
grpc,
you
will
be
able
to
do
this
natively.
So
I
think
this
is
good
time
to
talk
about
this,
how
it
works,
and
meanwhile
like
when
I'm
switching
the
screens
to
to
my
to
my
application
demo.
Are
there
any
questions
we
have
in
the
chat,
or
maybe
you
want
to
unmute
yourself
and
ask
some
some
of
the
questions.
A
If
not,
I
will
continue
with
my
presentation
so
today
we're
going
to
be
talking
about
like
very
simple
service.
I
primarily
came
from
java
world.
Don't
hate
me
for
that
java
is
awesome
and
for
over
30
years
of
existence,
java
still
go
and
very
strong
influenced
by
some
of
the
modern
technologies
and
java
actually
has
like
pretty
good
support
for
jrpc
there's
a
plenty
of
like
standard
tools
that
comes
from
grpc
project,
but
also
there
are
community
tools
available,
for
example,
allows
to
integrate
grpc
with
frameworks
like
a
spring
framework.
A
Spring
framework
is
a
very
popular
the
set
of
tools,
spring
framework
and
spring
boot,
specifically
instead
of
tool
for
building
cloud
native
application.
It
supports
all
these
things
that
were
people
were
talking
when
people
talking
about
like
a
12
factor
applications
you
see
service
uses
so-called
spring
boot
starter,
meaning
that
for
me
as
a
developer,
I
don't
need
to
go
through
the
verbose
process
of
configuring
things.
I
just
need
to
define
the
service,
and,
after
that
I
need
to
provide
implementation,
so
yay
majority
folks
here
are
java
developers
exciting.
A
That's
pretty
good,
so
feels
feels
like
home,
so
in
in
this
particular
case,
I'm
specifying
the
java
package
there's
like
a
few
options
that
oops
a
few
options
that
are
available
for
for
java
package,
and
I
have
a
two
services.
One
service
just
gets
the
movie
quote
today.
We're
gonna
be
talking
about
the
dune.
It's
a
movie
just
released
in
the
u.s
just
last
week.
I've
seen
this
and
it's
awesome.
I
was
waiting
this
for
a
very
long
time,
huge
fan
of
the
frank
herbert's
book.
A
I
think
it's
one
of
the
most
influential
sci-fi
sci-fi
creation
or
sci-fi
series,
I'm
talking
about
like
frank
herbert's
stuff,
I
haven't
read
his
his
son
books,
but
huge
fan
of
the
overall,
the
universe
of
dune
and
my
quote
service
will
provide
the
june
quotes
as
a
as
a
result
of
the
of
the
call
of
jrpc.
So
this
one
doesn't
have
any
parameters
just
like
empty
call,
and
it
will
return
some
of
the
quote.
That
will
include
some
some
of
the
quote
here.
In
another
example,
it
uses
the
grpc
server
side
streaming.
A
So
in
this
case,
when
I
will
call
this,
it
will
return
stream
of
messages.
A
For,
like,
I
said,
the
tools
that
come
with
the
spring
boot
that
extend
this
like
code
service
implementation
base
and
provide
my
implementation
in
this
case,
it's
a
code
and
code
stream
and
I'm
using
this
library
called
faker.
I
love
this
library.
It
has
a
ability
to
generate
some
of
the
non-nonsense
data
for
your
applications.
If
you
run
your
application
and
you
need
to
have
some
sort
of
like
data
that
look
like
a
real
one,
I
highly
recommend
you
to
look
at
the
faker,
fake
library.
A
It's
it's
really
really
awesome
and
that's
that's
pretty
much
it.
So
I
will
be
using
this
to
to
call
to
call
this
to
services
since
springboot
allows
me
not
only
build
the
services
but
also
provide
some
of
the
things
to,
for
example,
build
image
spring
boot
can
create
docker
image
and
those
processes
are
based
on
another
cncf
project
called
buildpacks,
and
for
my
application,
where
I
will
be
deploying
this
application,
I
just
need
to
deploy
only
this
this
image.
Actually,
you
can
even
use
this.
A
This
demo
application
this
demo.
Application
is
available
in
in
github.
If
you
go
to
github
and
there's
demo
scene,
there
is
a
project
that
includes
all
these
things
and
the
project
called
quote
service,
with
the
all
instructions.
How
you
can
build
this
and
how
you
can
deploy
this
and
how
you
can
play
around
with
this.
There
are
some
of
the
things
that
depend
on
my
my
domain
name,
for
example,
in
this
case
like
it
is
my
domain
name,
but
like
you
can
change
that
that
will
use
your
domain
name.
A
A
A
So
if
I
will
look
into
my
my
application,
my
application
is
deployed
here
and
let
me
see,
show
you
services
once
I
deploy
this
application
as
a
port.
I
do
have
this
service
that
allows
to
hit
this
particular
service,
my
grpc
endpoint,
available
through
port
9001,
and
this
something
that
we
will
be
using
to
access
this
through
outside
world.
A
There's
a
tool
called
jrpc
curl
that
allows
me
to
just
like
try
to
hit
the
service,
and
this
service
is
available
right
now
through
through
the
public.
This
is
the
public
domain
name.
You
can
actually
run
this
command
and
you
can
see
the
result
yourself.
I'm
calling
this
service
called
quote
service,
get
quote
that
will
return
me
some
of
the
random
quote
from
june.
So
if
I'll
hit
this
the
probably
this
is
the
quote
from
dr
kinds:
liet.
A
A
That's
that's
how
my
my
service,
you
know
available.
So
let's
take
a
look.
How
how
I
make
it
happen,
how
I
you
know,
brought
this
service
from
conf
from
from
kubernetes
cluster
to
outside
world
so
and
to
do
so,
I
use
this
ingress.
So,
let's
let
me
close
this
annotation
for
a
second.
A
I
will
show
you
this
in
in
a
few
few
few
seconds,
so
one
of
the
things
that,
with
the
standard
ingress
I
will
be
able
to
do,
is
expose
this
service,
and
I
expose
the
service
through
this
like
hostname,
that
they
provide
and
the
path
would
be
available
through
root
and
that's
my
service
now.
The
next
thing
is
that
where's,
the
actual
magic
happens,
so
how
this
thing
actually
going
out.
A
So
the
couple
things
we
need
to
do
in
our
application
and
customization
comes
from
annotations
and
connotations
actually
not
very.
If,
if,
if
ingress
doesn't
know
what
to
do
with
those
annotations,
those
would
be
ignored.
So
technically,
every
annotation
is
will
not
break
anything.
So
if
you're
using
different
ingress
controller-
and
you
don't
care
about
column
connotations,
this
simply
won't
won't
work,
and
you
know
nothing
will
happen,
so
it's
still
still
kind
of
vendor
neutral,
but
for
things
like
quank,
this
specific
annotation
is
also
very
important.
A
So
this
is
where
you
actually
telling
kubernetes
that
this
particular
ingress
needs
to
be
served
by
a
particular
ingress
controller
and
when
the
clone
starts
it,
it's
actually
registered.
You
know
for
listening.
These
particular
ingresses
for
particular
ingress
class.
A
A
And
oops.
A
So
if
I
will
do
something
like
this-
and
this
is
the
response
that
I
get
from-
let's
do
this
one.
A
So
we'll
see
the
headers,
so
the
header.
Actually
this
response,
like
this
400
bed,
requests
actually
coming
from
from
congress.
You
can
see
with
these
headers.
That
is
something
that
conk
already
serving
now
the
so
in
this
case,
this
ingress
would
not
understand
the
regular
tcp.
It
will
understand
grpc
and
http
2..
Another
thing
is
that
I
want
to
provide
ability
to
deal
with
grpcs
and
I
want
to
have
something
better
than
selfsense
certificate.
So
that's
why
I'm
using
let's
encrypt
to
get
me
real
certificate
for
my
for
my
application.
A
So
in
this
particular
case
I
integrate
my
ingress
is
integrated
with
sort
manager
that
deployed
in
micromax
cluster
that
will
be
responsible
for
provisioning,
a
https
certificate
for
this
host
name.
So
jrpconproxy.me,
that's
will
have
like
a
real
http
certificate
and
another
thing
that
I
use
here.
It's
it's
not
the
point
of
to
this
conversation,
but
sometimes
it's
nice
to
so
when,
when
my
service
will
be
deployed,
there
will
be
some
external
ip
address
and
I
want
to
register
this
external
ip
address
with
my
dns
name.
A
So
I
can
call
this
service
by
name
because
ip
address
external
ip
address
of
the
service
will
be
always
changing,
and
it
will
be
also
depending
on
on
the
on
the
note,
but
it's
just
like
small
thing
that
I
use
with
the
external
dns
service
and
that's
pretty
much
it
so
rest
of
the
job
the
conch
will
do
now
for
this
service.
A
A
Now,
if
I
will,
if
I
will
just
do
grpc
girl,
try
to
run
that's
that's
my
streaming
response,
so
it
returns.
10
quotes
for
for
the
streaming,
but
this
stream
also
can
be.
You
know
the
never
ended
stream,
so
it
always
will
work.
A
And
that's:
that's
how
you
do
it
so
in
this
case,
my
application
now
is
supposed
to
outside
world.
Without
any,
you
know,
rest
nonsense
and
all
the
services
are
available
and
the
communications
happened
through
through
the
secure
channel.
So
it's
it's
secured
with
the
hps.
A
Well,
commenting
those
annotations
simply
implementing
intentions
like
this
one
and
enabling
tls
through
these
auto,
auto
provision
auto
provision
certificate.
We
make
the
service
available
through
through
the
things
now,
let's,
let's
take
a
look
on
some
of
the
plugins
that
we
might
apply
here
so
I
was,
I
was
looking
to
the
some
of
the
set
of
plugins
that
available.
One
of
the
common
use
case
that
I
usually
like
to
show
people
is
rate
limiting
is,
but
unfortunately,
this
plug-in
only
available
in
open
source
version
for
http
for
grpc.
A
This
plugin
is
not
available
as
a
free
version,
but
I
wanted
to
show
you
only
three
versions
today,
and
this
is
where
I'm
coming
into
these
two
things
so
clonk
actually
implementing
some
of
the
cool
pieces
of
functionality
that
runs
on
top
of
clunk
and
don't
require
you
to
program
anything
or
bring
some
extra
extra
software.
This
is
the
beauty
of
api
gateway
as
a
tool
that
things
that
you
don't
want
to
implement,
or
you
can't
implement.
They
will
be
available.
A
You
know
as
a
part
of
infrastructure,
so
we
do
have
a
two
plugins
that
many
people
find
very
useful.
So
essentially
it's
the
jrpc
gateway.
It
is
a
very
neat
tool
and
for
very
new
use
case.
So
in
case
you
need
to
expose
your
jrpc
service
through
rest.
A
You
can
do
that
using
this
using
this
plugin,
so
it
allows
it's
it's
very
similar
to
what
is
available
in
grpc
gateway,
product,
essentially
server
that
consumes
your
jrpc
or
protofile,
and
after
that
expose
this
through
the
as
a
you
know
as
a
resting
point
and
that's
what
available
in
the
plugin
and
this
plugin
is
free.
So
you
can
use
this
with
yeah,
it's
free!
You
can
use
this
with
any.
A
You
know
with
any
use
case,
so
how
you
will
enable
this
in
in
your
in
your
kubernetes
cluster,
so
in
in
the
in
this
config.
We
just
need
to
create
new
object,
called
calling
plugin,
so
this
plugin
will
have
a
this.
Is
the
you
know,
instance
of
the
plugin
that
the
class
of
the
plugin
that
will
create
instances
of
the
plugin?
We
need
to
provide
access
to
the
protofile
where
the
protofile
will
be
available?
A
A
Again,
it's
a
similar
image
that
jrpc
gateway
has
as
a
project.
A
A
Expose
the
services
through
grpc
web
protocol,
so
it's
a
part
of
the
standard
specification
jrpc
web
and
you
will
be
able
to
hit
your
services
through
things
like
javascript,
like
from
your
front
end
and
things
like
that.
So
it's
kind
of
like
a
downgrade
of
http
2
protocol
to
run
on
top
of
right
protocol,
so
those
plugins
available
to
to
youtube
to
play
around
with
now.
A
Like,
I
said,
the
the
ingress
works
out
of
the
box.
The
only
thing
that
you
need
to
do
here
is
just
provide
this
annotation,
so
you
need
to
tell
that
this
service
will
be
exposed
or
this
ingress
will
be
exposed
through
grpc,
and
your
service
needs
to
tell
that
we're
going
to
talk
into
to
the
service
through
grpc.
A
Yeah,
so
that's
you,
you
saw
the
demo,
that's
all
for
the
presentation,
so
I
will
open
the
floor
for
questions
and
I
would
love
to
have
some
of
the
good
questions
about
this.
If
you
would
like
to
learn
more
about
the
quank
and
things,
what
we
do
here
definitely
check
out
our
youtube
channel
and
we
do,
but
you
know,
there's
a
new
video
almost
every
day
or
at
least
twice
a
week.
Definitely
I
also
running
some
of
the.
A
I
need
to
do
it
like
more
regularly
and
the
comic
builders
is
our
live
stream.
Show
that
I
try
to
do
every
wednesday
and
this
wednesdays
actually
will
happen.
So
I
will
be
talking
about
some
of
the
new
features
that
comes
into
going
gross
controller,
specifically
edp,
ingress
and
other
things
so,
and
the
community,
where
we
can
ask
you,
can
ask
any
questions
and
you
can
like.