Kubernetes Ingress Controllers - Comparison

Azure App
Apache HAProxy HAProxy

Ingress Nginx Kong Gateway Nginx+ Voyager Istio Ingress Contour Ambassador Gloo Traefik Skipper Citrix Ingress GKE Ingress ALB Ingress AKO
APISIX Tech (jcmoraisjr)
Product/Project Ingress
1. General info
nginx + Azure NSX Advanced
Based on nginx nginx nginx nginx haproxy haproxy haproxy envoy envoy envoy envoy traefik skipper Citrix ADC GLBC Elastic LB
App Gateway LB (Avi)
Documentation https://kubernetes.github.io/ingress-nginx/
https://github.com/Kong/kubernetes-ingress-controller/tree/main/docs
https://github.com/apache/apisix-ingress-controller/blob/master/README.md
https://azure.github.io/application-gateway-kubernetes-ingress/
https://docs.nginx.com/nginx-ingress-controller/
https://github.com/haproxytech/kubernetes-ingress
https://haproxy-ingress.github.io/docs/
https://voyagermesh.com/docs/v12.0.0/welcome/
https://istio.io/latest/docs/
https://projectcontour.io/docs/main/
https://www.getambassador.io/docs/latest/
https://docs.solo.io/gloo-edge/latest/
https://doc.traefik.io/traefik/
https://opensource.zalando.com/skipper/
https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/
https://cloud.google.com/kubernetes-engine/docs/concepts/ingress
https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/
https://avinetworks.com/docs/ako/1.3/avi-kubernete
2. Protocols
HTTP/HTTPS ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
HTTP2 ✔ ✔ ✔ Partial ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✖ ✔ ✔ [1] ✔ ✔
gRPC ✔ ✔ ✔ ✖ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✖ ✔ ✔ [2] ✔ ✔
TCP Partial ✔ ✔ ✖ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✖ ✔ ✔ ✔ ✔
✖ ✔ ✔ ✖ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✖ ✔ ✔ ✔
TCP+TLS
UDP
Comparison of Partial ✔ ✔ ✖ ✔ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✔ ✖ ✔ ✔ ✔
Partial [3]
✔
Websockets
Kubernetes Ingress ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
✖
✔ ✔ ✔ ✔
✖
✔
✖
✔
✖
✔ ✔
Proxy Protocol [4] ✔ ✔ ✔ Needs help ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
QUIC/HTTP3 controllers ✖ ✖ Preview ✖ Preview ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖
WAF [5] ✔ ✖ Partial ✔ ✔ ✔ ✔ ✖ ✖ ✖ ✔ ✔ ✖ ✔ ✔ ✔ ✔ ✔
mTLS ✔ ✔
Notes
Notes [6] Notes [7] Notes [8] Notes [9] Notes [10] Notes Notes [11] Notes [12] Notes [13] Notes [14] Notes [15] Notes [16] Notes [17] Notes [18] Notes [19] Notes [20] Notes [21] Notes [22]
Leave a comment or drop us a line at
3. Clients research@learnk8s.io
Rate limiting (L4) [23] ✔ ✔ Needs help Partial ✔ ✔ ✔ ✔ ✔ ✖ ✔ ✔ ✔ ✖ ✔ ✔ [24] Needs help ✔
Rate limiting (L7) [25] License: ✔ ✔ ✔ Partial ✔ ✔ ✔ ✔ ✔ ✖ ✔ ✔ ✖ ✔ ✔ ✔ [26] Needs help ✔
Timeouts Apache 2.0 ✔ ✔ ✔ ✖ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Safe-list/Block-list [27] Last updated: ✔ ✔ ✔ ✖ ✔ ✔ ✔ Partial ✖ ✖ ✔ Needs help ✔ ✔ ✔ ✔ Needs help ✔
Authentication February 17, 2021 ✔ ✔ ✔ ✖ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Authorisation ✖ ✔ ✔ ✖ Needs help ✔ Partial ✖ ✔ ✔ ✖ ✔ ✖ ✔ ✔ ✔ ✔ ✔
Find more research at:
Notes
https://learnk8s.io/research Notes [28] Notes [29] Notes Notes Notes [30] Notes [31] Notes [32] Notes [33] Notes [34] Notes [35] Notes [36] Notes [37] Notes [38] Notes Notes [39] Notes [40] Notes [41] Notes [42]
4. Traffic routing
Host ✔ Supported in Free version ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Path ✔ Supported in Enterprise version ✔ [43] ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Headers ✖ Not supported ✔ [44] ✔ ✔ ✔ ✔ ✖ ✔ ✖ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✖ ✔ ✔
Querystring Partial Partially supported ✔ [45] ✔ [46] ✔ ✔ ✔ ✖ ✔ ✖ ✔ ✖ Partial ✔ ✔ ✔ ✔ ✖ ✔ ✔
Method Needs help Not sure if it is supported ✔ [47] ✔ ✔ ✔ ✔ ✖ ✔ ✖ ✔ ✖ ✔ ✔ ✔ ✔ ✔ ✖ ✔ ✔
ClientIP ✔ ✖ ✔
Notes
Notes [48] Notes [49] Notes Notes [50] Notes [51] Notes Notes [52] Notes [53] Notes [54] Notes [55] Notes [56] Notes [57] Notes [58] Notes [59] Notes [60] Notes [61] Notes [62] Notes [63]
5. Upstream probes/resiliency
Healthchecks [64] ✖ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✖ [65] ✔ ✔ ✔ ✔
Retries ✔ [66] ✔ ✔ ✔ ✔ ✔ ✔ ✖ ✔ ✔ ✔ ✔ ✔ Partial [67] ✖ Needs help ✖ ✔
Circuit Breaker ✖ ✔ ✔ ✖ ✔ ✔ ✖ ✖ ✔ ✖ ✔ ✔ ✔ ✔ [68] ✔ Needs help ✖ ✖
Notes
Notes Notes [69] Notes [70] Notes [71] Notes [72] Notes [73] Notes [74] Notes [75] Notes [76] Notes [77] Notes [78] Notes [79] Notes [80] Notes Notes [81] Notes [82] Notes [83] Notes [84]
6.Load balancer strategies
Round robin ✔ ✔ ✔ ✖ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Sticky sessions ✔ ✔ ✔ ✖ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ Partial [85] ✔ ✔ ✔ ✔
Least connections ✖ ✔ ✔ ✖ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✖ ✖ ✔ ✔ ✔ ✔
Ring hash ✔ ✔ ✔ ✖ ✔ ✖ ✖ ✖ ✔ ✖ ✔ ✔ ✖ ✔ Needs help ✔ ✖ ✔
Maglev ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✔ ✖ ✔ ✔ ✖ ✖ ✖ ✔ ✖ ✖
Exponential-Weighted-Moving-Average ✔ ✖ ✔ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖
Custom load balancing ✔
Notes
Notes [86] Notes [87] Notes [88] Notes [89] Notes [90] Notes [91] Notes [92] Notes [93] Notes [94] Notes [95] Notes [96] Notes [97] Notes [98] Notes [99] Notes [100] Notes [101] Notes [102]
7. Authentication
Basic auth ✔ [103] ✔ ✔ ✖ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✖ ✖ ✔
External Auth ✔ [104] ✔ ✔ ✖ ✔ ✖ ✖ ✔ ✔ ✔ ✔ ✔ ✔ ✔ [105] ✖ ✔ ✖ ✖
Client certificate ✔ [106] ✔ ✔ ✖ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ Partial [107] ✔ ✖ ✖ ✔
OAuth ✔ ✔ ✔ ✖ ✔ ✖ ✔ ✔ ✔ ✖ ✔ ✔ ✔ ✔ [108] ✔ ✔ ✔ ✖
OpenID ✖ ✔ ✔ ✖ ✔ ✖ ✖ ✖ ✔ ✖ ✔ ✔ ✔ ✔ ✖ ✔ ✔ ✖
JWT ✖ ✔ ✔ ✖ ✔ ✖ ✖ ✖ ✔ ✖ ✔ ✔ ✔ ✔ ✖ ✔ ✖ Partial [109]
LDAP ✖ ✔ ✔ ✖ ✔ ✖ ✖ ✖ ✖ ✖ ✖ ✔ ✔ ✖ ✖ ✔ ✖ ✔
HMAC ✖ ✔ ✔ ✖ Needs help ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✔ ✖ ✖ ✖ ✖ ✖
SAML ✔ ✖ ✔
Notes
Notes Notes [110] Notes [111] Notes Notes [112] Notes [113] Notes [114] Notes [115] Notes [116] Notes [117] Notes [118] Notes [119] Notes [120] Notes Notes [121] Notes [122] Notes [123] Notes [124]
8. Observability
Metrics ✔ [125] ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✖ ✔
Tracing ✔ [126] ✔ ✔ ✔ ✔ Needs help ✖ Needs help ✔ ✔ ✔ ✔ ✔ ✔ ✔ Needs help ✖ ✖ [127]
Notes
Notes Notes [128] Notes [129] Notes [130] Notes [131] Notes [132] Notes [133] Notes [134] Notes [135] Notes [136] Notes [137] Notes [138] Notes [139] Notes [140] Notes Notes [141] Notes [142]
9. Kubernetes Integration
Kubernetes,
Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes Kubernetes
State Nomad
CRD ✖ ✔ ✔ ✔ ✔ ✖ ✖ ✔ ✔ ✔ ✔ Needs help ✔ ✔ ✔ ✔ ✖ ✔
Clusterwide Clusterwide Clusterwide Clusterwide Clusterwide Clusterwide Clusterwide Clusterwide Clusterwide Clusterwide Clusterwide Clusterwide Clusterwide Clusterwide Clusterwide Clusterwide,
Scope and and namespace and and and and and and and and and and and and Clusterwide and namespace &
namespace namespace namespace namespace namespace namespace namespace namespace namespace namespace namespace namespace namespace namespace namespace Multi cluster
Support for the Service API (Ingress v2) ✖ ✖ Preview ✖ [143] ✖ ✖ ✖ Needs help Experimental ✖ ✖ ✖ ✖ ✖ [144] ✖ ✖ ✖ ✖
Integrates with service meshes ✔ ✔ ✔ ✖ ✔ ✔ ✔ Needs help ✔ ✖ ✔ ✔ ✔ ✖ [145] ✔ Needs help ✖ ✖ [146]
Azure App
Notes
Notes [147] Notes Notes Notes [148] Notes [149] Notes Notes [150] Notes Notes [151] Notes Notes Notes Notes [152] Notes [153] Notes [154] Notes Notes [155] Notes [156]
10. Traffic shaping
Canary ✔ [157] ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✖ ✖ ✔
Session Affinity ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ [158] ✔ ✔ ✔ ✔
Dark launch ✔ Needs help ✔ ✔ ✔ ✔ ✔ ✖ ✔ ✖ ✔ ✔ ✔ ✔ [159] ✔ ✖ ✖ ✔
blue-green and A/B or more generic Tee (think UNIX tee)
Notes
Notes Notes [160] Notes [161] Notes [162] Notes Notes [163] Notes Notes Notes [164] Notes [165] Notes [166] Notes Notes [167] Notes [168] Notes [169] Notes Notes [170]
11. Interface
Dashboard ✖ ✔ ✔ ✔ ✔ ✖ ✖ ✖ ✔ ✖ ✖ Needs help ✔ ✖ [171] ✖ Needs help ✖ ✔
Billing and reporting ✖ ✔ ✔ ✔ ✖ ✖ ✖ ✖ ✔ ✖ ✖ Needs help ✖ ✖ ✖ ✔ ✖ ✔
Developer portal ✖ ✔ ✔ ✔ ✔ ✖ ✖ ✖ ✔ ✖ ✔ ✔ ✔ ✔ [172] ✖ ✖ ✖ ✔
Skipper is built as library [173]
Notes
Notes Notes Notes Notes [174] Notes [175] Notes Notes Notes Notes [176] Notes Notes Notes Notes [177] Notes [178] Notes Notes [179] Notes Notes [180]
12. Performance
Elastic HA ✔ ✔
DPDK ✔ ✔
TCP Segmentation Offload ✔ ✔
Generic Receive Offload ✔ ✔
Receive Side Scaling ✔ ✔
Notes
Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes Notes [181]
<---WIP--->
13. Other
Hot reloading [182] ✖ Needs help ✔ Needs help ✔ ✔ Needs help ✔ ✔ ✔ Needs help ✖ ✔ Needs help Needs help Needs help ✔
LetsEncrypt Integration ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✖ ✔ ✔ ✔ ✖
Transparent update of certificates ✔ ✔
Wildcard certificate support ✔ ✔ ✔ ✔ ✔ ✔
Rolling Upgrades ✔ ✔
Global load balancing ✔ ✔
Notes
Notes [183] Notes [184] Notes Notes [185] Notes [186] Notes [187] Notes [188] Notes [189] Notes [190] Notes [191] Notes [192] Notes [193] Notes [194] Notes [195] Notes [196] Notes Notes [197]
Azure App
Azure App
Azure App
Azure App
Azure App
Azure App
Azure App
Azure App
Azure App
Azure App
Azure App
Azure App
[1] TLS termination not supported.
[2] TLS termination not supported
[3] Feature supported on Avi

Configuration CRD on Roadmap
[4] https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
[5] Web application firewall
[6] Proxy Protocol: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#use-proxy-protocol
QUIC/HTTP3: https://github.com/kubernetes/ingress-nginx/issues/4760
WAF:
https://kubernetes.github.io/ingress-nginx/user-guide/third-party-addons/modsecurity/
[7]
- TCP & TLS Support
https://docs.konghq.com/kubernetes-ingress-controller/1.1.x/guides/using-tcpingress/
- UDP released in Kong's Ingress Controller 2.0: https://konghq.com/blog/kong-ingress-controller-2-0-now-ga-udp-support-prometheus-integrations-and-

more/
- QUIC/HTTP3
https://github.com/Kong/kong/issues/4103
[8] gRPC https://github.com/apache/apisix-ingress-controller/issues/114
TCP https://github.com/apache/apisix-ingress-controller/issues/11
TCP+TLS https://github.com/apache/apisix-ingress-controller/issues/119
UDP https://github.com/apache/apisix-ingress-controller/issues/116
[9] - HTTP2 is supported for inbound traffic only. Traffic to listeners is HTTP/1.1.
- gRPC is in development.
[10] - https://docs.nginx.com/nginx-ingress-controller/overview/#nginx-ingress-controller
WAF: https://docs.nginx.com/nginx-waf/
[11] Proxy Protocol: https://haproxy-ingress.github.io/docs/configuration/keys/#proxy-protocol
WAF: https://haproxy-ingress.github.io/docs/examples/modsecurity/
[12] https://voyagermesh.com/docs/10.0.0/guides/ingress/
Proxy Protocol: https://voyagermesh.com/docs/10.0.0/guides/ingress/configuration/accept-proxy/
[13] https://istio.io/latest/docs/ops/configuration/traffic-management/protocol-selection/
[14] https://projectcontour.io/docs/main/httpproxy/
[15] https://github.com/datawire/ambassador
WAF: https://blog.getambassador.io/integration-enables-secure-self-service-microservice-deployment-fbc0e6c0f087
[16] https://docs.solo.io/gloo/latest/guides/traffic_management/listener_configuration/
WAF: https://docs.solo.io/gloo-edge/latest/guides/security/waf/
[17] https://doc.traefik.io/traefik/routing/entrypoints/
Proxy protocol
https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol
[18] WAF: https://github.com/zalando/skipper/blob/master/docs/kubernetes/ingress-controller.md#comparison-with-other-ingress-controllers
[19] HTTP2: https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/how-to/http-use-cases/#http2-upgrade
GRPC: https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/how-to/grpc/
TCP: https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/configure/profiles/#tcp-profile
UDP: https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/how-to/tcp-udp-ingress/
WAF: https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/crds/waf/#configure-web-application-firewall-policies-with-the-citrix-
ingress-controller
TCP: https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/configure/profiles/#tcp-profile
UDP: https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/how-to/tcp-udp-ingress/
WAF: https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/crds/waf/#configure-web-application-firewall-policies-with-the-citrix-
ingress-controller
[20] HTTP(S): https://cloud.google.com/kubernetes-engine/docs/concepts/ingress
HTTP2:
https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-http2
GRPC Example:
https://medium.com/google-cloud/gke-grpc-ingress-loadbalancing-4b9cdbc09758
HTTP2/GRPC TLS issue tracked at:

https://github.com/kubernetes/ingress-gce/issues/18
https://issuetracker.google.com/issues/169122105
Websocket:
https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-xlb#support_for_websocket
Proxy Protocol:
https://github.com/kubernetes/ingress-gce/issues/1002
WAF:
This is possible by using Google cloud armor
https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#cloud_armor
[21] HTTP(S):
https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/ingress/annotations/#backend-protocol
HTTP2/GRPC:
https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/ingress/annotations/#backend-protocol-version
TCP/UDP:
https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/service/nlb_ip_mode/#protocols
Websockets:
Refer for config
https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/1090#issuecomment-561842212
Proxy Protocol:
WAF:
https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/deploy/configurations/#default-throttle-config
Websockets:
Refer for config
https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/1090#issuecomment-561842212
Proxy Protocol:
WAF:
https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/deploy/configurations/#default-throttle-config
[22] HTTP/HTTPS: https://avinetworks.com/docs/20.1/architectural-overview/templates/profiles/application-profile/#http-profile
HTTP2 and gRPC: https://avinetworks.com/docs/20.1/http-2-support/
TCP: https://avinetworks.com/docs/20.1/architectural-overview/templates/profiles/application-profile/#l4-profile
TCP+TLS: https://avinetworks.com/docs/18.2/layer-4-ssl-support/
UDP: https://avinetworks.com/docs/20.1/architectural-overview/templates/profiles/application-profile/#l4-profile
Websockets: https://avinetworks.com/docs/20.1/configuration-guide/templates/profiles/application-profile/#http-profile-tab
Proxy Protocol: https://avinetworks.com/docs/20.1/proxy-protocol-support/
WAF: https://avinetworks.com/docs/20.1/waf-support/
GSLB: https://github.com/avinetworks/avi-helm-charts/blob/master/docs/AMKO/README.md
https://avinetworks.com/docs/20.1/avi-gslb-architecture/
[23] Mostly used as a DDoS mitigation strategy
[24] RPS documentation is not straight forward, possibly involves work around.
Refer issue: https://github.com/kubernetes/ingress-gce/issues/670
[25] Used to track requests (e.g. API Gateway)
[26] RPS documentation is not straight forward, possibly involves work around.
Refer issue: https://github.com/kubernetes/ingress-gce/issues/670
[27] allowlist/denylist
[28] - https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/
-
https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-proxied-http/#testing-the-request-rate-limit
https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-health-check/
[28] - https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/
-
https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-proxied-http/#testing-the-request-rate-limit
https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-health-check/
[29] - Rate limit

https://docs.konghq.com/hub/kong-inc/rate-limiting/
- Timeout
https://docs.konghq.com/2.2.x/proxy/#3-proxying--upstream-timeouts
- Safe-list/Block-list
https://docs.konghq.com/hub/kong-inc/ip-restriction/
- Authentication
https://docs.konghq.com/hub/#authentication
-Authorization
https://konghq.com/blog/custom-authentication-and-authorization-framework-with-kong/
[30] Rate limiting, Timeout docs:

https://docs.nginx.com/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/
Safe-list/Block-list example:
https://github.com/nginxinc/kubernetes-ingress/tree/5047caf007ce5ba6239a4c4c0b64c118435d32a1/examples-of-custom-resources/access-control
[31] - Rate limit

https://www.haproxy.com/blog/four-examples-of-haproxy-rate-limiting/
- Timeout
https://www.haproxy.com/documentation/hapee/latest/onepage/#4.2-timeout%20check
https://www.haproxy.com/documentation/aloha/12-0/security/packetshield/blacklist/
https://www.haproxy.com/documentation/aloha/12-0/security/packetshield/whitelist/
- Authentication
-Authorization
https://www.haproxy.com/blog/using-haproxy-as-an-api-gateway-part-2-authentication/
- Authentication
-Authorization
[32] - Rate limit

https://www.haproxy.com/blog/four-examples-of-haproxy-rate-limiting/
- Timeout
- Authentication
-Authorization
[33] - Rate limit

https://voyagermesh.com/docs/10.0.0/guides/ingress/configuration/rate-limit/
- Timeout
https://voyagermesh.com/docs/5.0.0/guides/ingress/configuration/default-timeouts/
https://voyagermesh.com/docs/7.1.1/guides/ingress/configuration/whitelist/
- Authentication
https://voyagermesh.com/docs/7.1.1/guides/ingress/security/basic-auth/
[34] - Rate limit

Deprecated, recommended to use envoy native rate limiting
https://istio.io/latest/docs/tasks/policy-enforcement/rate-limiting/
- Timeout
https://istio.io/latest/docs/tasks/policy-enforcement/denial-and-list/
- Authentication
https://istio.io/latest/docs/tasks/security/authentication/
-Authorization
- Timeout
https://istio.io/latest/docs/tasks/policy-enforcement/denial-and-list/
- Authentication
https://istio.io/latest/docs/tasks/security/authentication/
-Authorization
https://istio.io/latest/docs/tasks/security/authorization/
[35] - Rate limit

https://github.com/projectcontour/contour/blob/main/design/ratelimit-design.md
- Timeout
https://projectcontour.io/docs/main/annotations/
- Authentication
https://projectcontour.io/client-cert-auth-ingress-improvements/
[36] - Rate limit

https://www.getambassador.io/docs/latest/topics/using/rate-limits/rate-limits/
- Timeout
https://www.getambassador.io/docs/latest/topics/using/timeouts/
- Authentication
https://www.getambassador.io/docs/latest/howtos/basic-auth/
[37] - Rate limit

https://docs.solo.io/gloo/latest/guides/security/rate_limiting/
- Timeout
https://docs.solo.io/gloo/latest/guides/traffic_management/request_processing/timeout/
- Authentication & Authorisation

https://docs.solo.io/gloo/latest/guides/security/auth/
[38] - Rate limit

https://doc.traefik.io/traefik/middlewares/ratelimit/
- Timeout
https://doc.traefik.io/traefik/v1.7/configuration/commons/#timeouts
https://doc.traefik.io/traefik/middlewares/ipwhitelist/
[38] - Rate limit
https://doc.traefik.io/traefik/middlewares/ratelimit/
- Timeout
https://doc.traefik.io/traefik/v1.7/configuration/commons/#timeouts
https://doc.traefik.io/traefik/middlewares/ipwhitelist/
https://pilot.traefik.io/plugins/276812076107694611/deny-ip-plugin
- Authentication
https://docs.konghq.com/getting-started-guide/2.1.x/secure-services/
-Authorization
https://doc.traefik.io/traefik/middlewares/forwardauth/
[39] Rate Limit: https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/crds/rate-limit/
Timeout: https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/how-to/http-use-cases/#reqtimeout-and-reqtimeoutaction
Safe-list/Block-list
https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/how-to/ip-whitelist-blacklist/
Authentication/Authorisation:
https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/crds/auth/
[40] Rate limit:

https://cloud.google.com/load-balancing/docs/backend-service#target_capacity
Timeout: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#timeout
Safe-list/Block-list:
Requires google cloud armor
- Reference https://github.com/kubernetes/ingress-gce/issues/38
Authentication/Authorization:
Possible with using google Identity Aware Proxy (IAP)
Docs:https://cloud.google.com/iap/docs/enabling-kubernetes-howto
- Reference: https://github.com/kubernetes/ingress-gce/issues/914
[41] Timeout:
idle_timeout
https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/ingress/annotations/#custom-attributes
Authentication: https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/ingress/annotations/#authentication
[41] Timeout:
idle_timeout
https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/ingress/annotations/#custom-attributes
Authentication: https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/ingress/annotations/#authentication
Authorisation:
https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/tasks/cognito_authentication/#cognito-configuration
[42] Rate limiting (L4): https://avinetworks.com/docs/20.1/rate-limiters/
Rate limiting (L7): https://avinetworks.com/docs/20.1/rate-limiters/
Timeouts: https://avinetworks.com/docs/20.1/tcpudp-profile/#custom
Safe-list/Block-list: https://avinetworks.com/docs/20.1/architectural-overview/applications/vs-policies/#network-security
Authentication: https://avinetworks.com/docs/20.1/configuration-guide/applications/vs-policies/#access
Authorization:
SAML: https://avinetworks.com/docs/20.1/configuring-saml-authorization-policies/
JWT: https://avinetworks.com/docs/20.1/jwt-validation-configuration/
[43] with regex
[44] with regex
[45] with regex
[46] With the "Route Transformer Advanced" plugin
[47] with regex
[48] Headers, Querystrings and Methods are not supported in the Ingress manifest. You need to use the configuration snippet and configure Nginx directly:
https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#configuration-snippet
[49] - Routing
https://docs.konghq.com/2.0.x/proxy/#routes-and-matching-capabilities
- Header based routing

https://docs.konghq.com/hub/kong-inc/route-by-header/
[49] - Routing
https://docs.konghq.com/2.0.x/proxy/#routes-and-matching-capabilities
- Header based routing

https://docs.konghq.com/hub/kong-inc/route-by-header/
[50] Path rewrite is in preview as of 2020 November 25.

More details at: https://docs.microsoft.com/en-us/azure/application-gateway/rewrite-url-portal
[51] All routing techniques supported by nginx is supported. Use raw config
More here: https://github.com/nginxinc/kubernetes-ingress/blob/00618a60c3419348411df4ba805a9827e3e8520a/docs-web/configuration/ingress-
resources/advanced-configuration-with-snippets.md#advanced-configuration-with-snippets
[52] - Routing
HTTP Routing section
https://www.haproxy.com/blog/using-haproxy-as-an-api-gateway-part-1/
- Method: https://cbonte.github.io/haproxy-dconv/2.3/configuration.html&sa=D&ust=1609811768642000&usg=AFQjCNE0aCgu_IRlpqnwBsEOL46K2Ef5QA
[53] - Routing
https://voyagermesh.com/docs/7.1.1/guides/ingress/http/virtual-hosting/#hostname-based-routing
[54] - Routing
https://istio.io/latest/docs/concepts/traffic-management/#routing-rules
https://istio.io/latest/docs/reference/config/networking/virtual-service/#HTTPRoute
[55] - Routing
https://github.com/projectcontour/contour/blob/main/site/docs/v1.0.0/ingressroute.md
[56]
- Header based Routing
https://www.getambassador.io/docs/latest/topics/using/headers/headers/
- Methods based routing

https://www.getambassador.io/docs/latest/topics/using/method/
[57] https://docs.solo.io/gloo/latest/introduction/traffic_management/
[58] - Routing
https://doc.traefik.io/traefik/routing/routers/
[59] Predicates match routes https://opensource.zalando.com/skipper/reference/predicates/

Route processing is explained at https://opensource.zalando.com/skipper/reference/architecture/#route-processing
How features are exposed to users via Ingress https://opensource.zalando.com/skipper/kubernetes/ingress-usage/
For more complex routes we support Routegroups https://opensource.zalando.com/skipper/kubernetes/routegroups/
[59] Predicates match routes https://opensource.zalando.com/skipper/reference/predicates/
Route processing is explained at https://opensource.zalando.com/skipper/reference/architecture/#route-processing
How features are exposed to users via Ingress https://opensource.zalando.com/skipper/kubernetes/ingress-usage/
For more complex routes we support Routegroups https://opensource.zalando.com/skipper/kubernetes/routegroups/
[60] https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/crds/content-routing/
[61] GLBC supports only Host and Path routing, documented here: https://cloud.google.com/load-balancing/docs/url-map
In the github repository was able to find only Host and Path based routing.
https://github.com/kubernetes/ingress-gce/search?q=routing
[62] Rules Example: https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/ingress/annotations/#traffic-routing
[63] https://avinetworks.com/docs/20.1/http-request-policy/
https://github.com/avinetworks/avi-helm-charts/blob/master/docs/AKO/crds/hostrule.md
[64] Active and passive healthchecks for upstreams
[65] relies on Kubernetes readinessProbes and skipper handled retries
[66] https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#custom-timeouts
[67] automated retry in case of TCP/TLS connect to backend was not possible
[68] configurable per route via filters

https://opensource.zalando.com/skipper/reference/filters/#ratebreaker
https://opensource.zalando.com/skipper/reference/filters/#consecutivebreaker
[69] - Healthchecks
https://docs.konghq.com/2.2.x/health-checks-circuit-breakers/
- Retries
https://docs.konghq.com/2.2.x/proxy/#4-errors--retries
- Circuit breaker
https://docs.konghq.com/2.2.x/health-checks-circuit-breakers/#passive-health-checks-circuit-breakers
[70] Healthchecks https://github.com/apache/apisix-ingress-controller/issues/117
Retries https://github.com/apache/apisix-ingress-controller/issues/118
Circuit Breaker https://github.com/apache/apisix-ingress-controller/issues/117

[70] Healthchecks https://github.com/apache/apisix-ingress-controller/issues/117
Retries https://github.com/apache/apisix-ingress-controller/issues/118
Circuit Breaker https://github.com/apache/apisix-ingress-controller/issues/117
[71] Detailed info on health checks /retries:

https://docs.microsoft.com/en-us/azure/application-gateway/ingress-controller-add-health-probes
[72]
Circuit breaker:
https://www.nginx.com/blog/announcing-nginx-ingress-controller-for-kubernetes-release-1-7-0/#circuit-breaker
[73] - Healthchecks
https://www.haproxy.com/documentation/aloha/latest/traffic-management/lb-layer7/health-checks/
- Retries
https://www.haproxy.com/blog/haproxy-layer-7-retries-and-chaos-engineering/
- Circuit Breaker
https://www.haproxy.com/blog/circuit-breaking-haproxy/
[74] - Healthchecks
https://www.haproxy.com/documentation/aloha/latest/traffic-management/lb-layer7/health-checks/
- Retries
https://www.haproxy.com/blog/haproxy-layer-7-retries-and-chaos-engineering/
[75] - Healthchecks
https://voyagermesh.com/docs/10.0.0/guides/ingress/configuration/health-check/
[76] - Healthchecks
https://istio.io/latest/docs/ops/configuration/mesh/app-health-check/
- Retries
https://istio.io/latest/docs/concepts/traffic-management/#retries
- Circuit breakers
https://istio.io/latest/docs/concepts/traffic-management/#circuit-breakers
- Retries
https://istio.io/latest/docs/concepts/traffic-management/#retries
- Circuit breakers
https://istio.io/latest/docs/concepts/traffic-management/#circuit-breakers
[77] - Healthchecks
https://projectcontour.io/docs/main/httpproxy/#per-route-health-checking
- Retries
https://projectcontour.io/docs/main/httpproxy/#response-timeout
[78] - Healthchecks
https://www.getambassador.io/docs/latest/topics/running/diagnostics/#health-status
- Retries
https://www.getambassador.io/docs/latest/topics/using/retries/
- Circuit breakers
https://www.getambassador.io/docs/latest/topics/using/circuit-breakers/
[79] - Healthchecks
https://docs.solo.io/gloo/1.1.0/gloo_routing/gateway_configuration/health_checks/
- Retries
https://docs.solo.io/gloo/latest/introduction/traffic_management/
- Circuit breakers
https://www.getambassador.io/docs/latest/topics/using/circuit-breakers/
[80] - Healthchecks
https://doc.traefik.io/traefik/routing/services/#health-check
- Retries
https://doc.traefik.io/traefik/middlewares/retry/#retry
- Circuit breaker
https://doc.traefik.io/traefik/middlewares/circuitbreaker/
[81] https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/multicluster/multi-cluster/#failover-deployment
[82] Health Check
https://cloud.google.com/kubernetes-engine/docs/concepts/ingress#health_checks
[83] Health Check: https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/ingress/annotations/#health-check
[84] Healthchecks: https://avinetworks.com/docs/20.1/overview-of-health-monitors/
HTTPRule CRD: https://github.com/avinetworks/avi-helm-charts/blob/master/docs/AKO/crds/httprule.md
Retries: https://avinetworks.com/docs/20.1/http-server-reselect/
[85] consistentHash algorithm is sticky until backends scales up/down
[86] https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#custom-nginx-load-balancing
[87] type here
- Algorithms
Check algorithm attribute
https://docs.konghq.com/2.2.x/admin-api/#upstream-object
[88] 在此处键入
在此处键入
Least connections https://github.com/apache/apisix/issues/308
Maglev https://research.google/pubs/pub44824/
[89] https://opensource.zalando.com/skipper/reference/backends/#load-balancer-backend
power of N choices based on HTTP requests is an open PR
[90] lb Setting:
https://docs.nginx.com/nginx-ingress-controller/configuration/ingress-resources/advanced-configuration-with-annotations/#backend-services-upstreams
Sticky session:
Available in nginx plus
https://github.com/nginxinc/kubernetes-ingress/tree/v1.9.0/examples/session-persistence
[90] lb Setting:
https://docs.nginx.com/nginx-ingress-controller/configuration/ingress-resources/advanced-configuration-with-annotations/#backend-services-upstreams
Sticky session:
Available in nginx plus
https://github.com/nginxinc/kubernetes-ingress/tree/v1.9.0/examples/session-persistence
[91] - Algorithms
check balance section in
https://cbonte.github.io/haproxy-dconv/2.0/configuration.html
[92] - Algorithms
https://voyagermesh.com/docs/10.0.0/guides/ingress/configuration/loadbalance-algorithm/
[93] - Algorithms
https://istio.io/latest/docs/reference/config/networking/destination-rule/
[94] - Algorithms
https://github.com/projectcontour/contour/blob/main/design/ingressroute-design.md#load-balancing
[95] - Algorithms
https://www.getambassador.io/docs/latest/topics/running/load-balancer/
[96] - Algorithms
https://docs.solo.io/gloo/1.3.0/api/github.com/solo-io/gloo/projects/gloo/api/v1/load_balancer.proto.sk/
[97] - Algorithms
https://doc.traefik.io/traefik/routing/providers/kubernetes-crd/#server-load-balancing
[98] https://opensource.zalando.com/skipper/reference/backends/#load-balancer-backend
power of N choices based on HTTP requests is an open PR
[99] Round Robin:

https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/multicluster/multi-cluster/#round-robin-deployment
Sticky Session:
https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/how-to/session-affinity/#source-ip-address-persistence
Least connections:
https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/configure/annotations/#sample-ingress-yaml-with-smart-annotations
[100] List from github code. Couldn't find clear documentation.
https://github.com/kubernetes/ingress-gce/blob/6c3ddf60041c71718d7b67c753cc8c44b25afb02/pkg/composite/gen.go#L425
[100] List from github code. Couldn't find clear documentation.
https://github.com/kubernetes/ingress-gce/blob/6c3ddf60041c71718d7b67c753cc8c44b25afb02/pkg/composite/gen.go#L425
[101] Couldn't find proper docs for config.
ELB supports RR and Least Connections
https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/how-elastic-load-balancing-works.html#request-routing
Github Code: https://github.com/kubernetes-sigs/aws-load-balancer-

controller/blob/9776d298fddc1bb7fe9245510467d2507580ec96/internal/alb/tg/attributes_test.go#L148
[102] Avi supports many more algorithms
LB Algorithms: https://avinetworks.com/docs/20.1/load-balancing-algorithms/
HTTPRule CRD: https://github.com/avinetworks/avi-helm-charts/blob/master/docs/AKO/crds/httprule.md
[103] https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#authentication
[104] https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#external-authentication
[105] https://opensource.zalando.com/skipper/reference/filters/#webhook
[106] https://kubernetes.github.io/ingress-nginx/examples/auth/oauth-external-auth/
[107] not accessible to the user by Kubernetes resources
[108] oauth sv2svc via tokeinfo and tokenintrospection

OAuth2 UI flow via lua script, but native implementation is in the pipe and right now tested internally.
[109] Feature present in Avi. Configuration of JWT auth using AKO is on roadmap
[110] - Basic Auth

https://docs.konghq.com/hub/kong-inc/basic-auth/
- External Auth
- Client Certificate
https://docs.konghq.com/hub/kong-inc/mtls-auth/
- OAuth
https://docs.konghq.com/hub/kong-inc/basic-auth/
- External Auth
https://docs.konghq.com/hub/kong-inc/mtls-auth/
- OAuth
https://docs.konghq.com/hub/kong-inc/oauth2/
- OpenID
https://docs.konghq.com/hub/kong-inc/openid-connect/
-JWT
https://docs.konghq.com/hub/kong-inc/jwt/
-LDAP
https://docs.konghq.com/hub/kong-inc/ldap-auth/
-HMAC
https://docs.konghq.com/hub/kong-inc/hmac-auth/
[111] LDAP https://github.com/apache/apisix/issues/3087
[112] External auth:

https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/
OAuth:
https://github.com/nginxinc/kubernetes-ingress/issues/982
LDAP:
https://github.com/nginxinc/nginx-ldap-auth
[113] - Basic Auth

https://cbonte.github.io/haproxy-dconv/2.2/configuration.html#7.3.6-http_auth
https://www.loadbalancer.org/blog/client-certificate-authentication-with-haproxy/
- OAuth
- OAuth
[114] - Basic Auth

- OAuth
[115] https://voyagermesh.com/docs/7.1.1/guides/ingress/security/basic-auth/
[116] - Client Certificate

https://istio.io/latest/docs/tasks/security/authentication/authn-policy/
- OpenID
https://istio.io/latest/blog/2019/app-identity-and-access-adapter/#protecting-web-applications
-JWT
https://istio.io/latest/docs/concepts/security/#request-authentication
- Basic auth: https://github.com/istio/proxy/pull/2954/files
[117] https://github.com/projectcontour/contour-authserver
[118] - Basic Auth

https://www.getambassador.io/docs/latest/howtos/basic-auth/
- External Auth
https://www.getambassador.io/docs/latest/topics/running/services/auth-service/#configure-an-external-authservice
https://www.getambassador.io/docs/latest/howtos/client-cert-validation/
- OAuth
https://www.getambassador.io/docs/latest/howtos/oauth-oidc-auth/
-JWT
https://www.getambassador.io/docs/latest/topics/using/filters/jwt/
https://www.getambassador.io/docs/latest/topics/running/services/auth-service/#configure-an-external-authservice
https://www.getambassador.io/docs/latest/howtos/client-cert-validation/
- OAuth
https://www.getambassador.io/docs/latest/howtos/oauth-oidc-auth/
-JWT
https://www.getambassador.io/docs/latest/topics/using/filters/jwt/
[119] https://docs.solo.io/gloo/latest/guides/security/auth/
[120] - Basic Auth

https://doc.traefik.io/traefik/middlewares/basicauth/
- External Auth
https://doc.traefik.io/traefik/middlewares/forwardauth/
https://doc.traefik.io/traefik/https/tls/#client-authentication-mtls
- OAuth
https://doc.traefik.io/traefik-enterprise/middlewares/oauth-intro/
- OpenID
https://doc.traefik.io/traefik-enterprise/middlewares/oidc/
-JWT
https://doc.traefik.io/traefik-enterprise/middlewares/jwt/
-LDAP
https://doc.traefik.io/traefik-enterprise/middlewares/ldap/
-HMAC
https://doc.traefik.io/traefik-enterprise/middlewares/hmac/
[121] Basic Auth:

https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/crds/auth/#basic-authentication
OAuth:
https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/crds/auth/#oauth-authentication
Client certificate:
https://github.com/citrix/citrix-k8s-ingress-controller/blob/5e357361726988a4a01691c9a14dfd4f80c6e9a1/docs/certificate-management/client-auth-support.
md
OAuth:
https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/crds/auth/#oauth-authentication
Client certificate:
https://github.com/citrix/citrix-k8s-ingress-controller/blob/5e357361726988a4a01691c9a14dfd4f80c6e9a1/docs/certificate-management/client-auth-support.
md
[122] External Auth: https://cloud.google.com/iap/docs/quickstart-external-identities
LDAP:
https://cloud.google.com/iap/docs/concepts-overview#authentication
JWT:
https://cloud.google.com/iap/docs/signed-headers-howto
OpenID:
https://cloud.google.com/iap/docs/authentication-howto#obtaining_an_oidc_token_for_the_default_service_account
[123] OAuth: https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/tasks/cognito_authentication/#cognito-configuration
[124] Basic auth: https://avinetworks.com/docs/latest/architectural-overview/applications/virtual-services/create-virtual-service/#http-basic-authentication
Client certificate: https://avinetworks.com/docs/20.1/client-ssl-certificate-validation/
SAML: https://avinetworks.com/docs/20.1/single-sign-on-with-saml/
JWT: https://avinetworks.com/docs/20.1/jwt-validation/
LDAP: https://avinetworks.com/docs/18.2/ldap-authentication/
[125] https://kubernetes.github.io/ingress-nginx/user-guide/monitoring/
[126] https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/third-party-addons/opentracing.md
[127] Per Virtual Service Traffic Logs are supported as an alternative
[128] - Prometheus
https://docs.konghq.com/hub/kong-inc/prometheus/
- StatsD
https://docs.konghq.com/hub/kong-inc/statsd/
- Zipkin
https://docs.konghq.com/hub/kong-inc/zipkin/
https://docs.konghq.com/hub/kong-inc/prometheus/
- StatsD
https://docs.konghq.com/hub/kong-inc/statsd/
- Zipkin
https://docs.konghq.com/hub/kong-inc/zipkin/
[129] Metrics can be obtained from Azure Monitor
[130] Metrics support via prometheus.

https://docs.nginx.com/nginx-ingress-controller/logging-and-monitoring/prometheus/
Tracing support via opentracing

https://docs.nginx.com/nginx-ingress-controller/third-party-modules/opentracing/
[131] - Prometheus
https://www.haproxy.com/blog/haproxy-exposes-a-prometheus-metrics-endpoint/
- Tracing
https://www.haproxy.com/blog/announcing-haproxy-2-3/
[132] - Prometheus
https://www.haproxy.com/blog/haproxy-exposes-a-prometheus-metrics-endpoint/
[133] - Metrics
https://voyagermesh.com/docs/10.0.0/guides/ingress/monitoring/using-builtin-prometheus/
[134] - Metrics
https://istio.io/latest/docs/tasks/observability/metrics/
- Tracing
https://istio.io/latest/docs/tasks/observability/distributed-tracing/
[135] - Metrics
https://projectcontour.io/guides/prometheus/
- Tracing
https://github.com/projectcontour/contour/issues/399
[136] - Metrics
https://www.getambassador.io/docs/latest/topics/running/statistics/
-Tracing
https://www.getambassador.io/docs/latest/topics/running/services/tracing-service/
[136] - Metrics
https://www.getambassador.io/docs/latest/topics/running/statistics/
-Tracing
https://www.getambassador.io/docs/latest/topics/running/services/tracing-service/
[137] - Metrics
https://docs.solo.io/gloo/1.1.0/observability/metrics/
-Tracing
https://docs.solo.io/gloo/1.1.0/observability/tracing/
[138] - Metrics
https://doc.traefik.io/traefik/observability/metrics/overview/
- Tracing
https://doc.traefik.io/traefik/observability/tracing/overview/
[139] see https://opensource.zalando.com/skipper/operation/operation/#opentracing
[140] Metrics support via prometheus.

https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/metrics/promotheus-grafana/
Tracing support:
https://developer-docs.citrix.com/projects/citrix-observability-exporter/en/latest/deploy-coe/
[141] Metrics support tracked at:

https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/1212
[142] Metrics: https://avinetworks.com/docs/20.1/architectural-overview/applications/virtual-services/vs-analytics/#metrics-tiles-b
Traffic Log: https://avinetworks.com/docs/20.1/architectural-overview/applications/virtual-services/vs-logs/
[143] Ingress v2 is not yet defined as a beta resource
[144] Ingress v2 is not yet defined as a beta resource
[145] whatever is meant by this row
[146] Can be used as L4 LB for ingress Gateway

[147] https://kubernetes.github.io/ingress-nginx/how-it-works/
[148] see also https://opensource.zalando.com/skipper/kubernetes/ingress-controller/#aws-deployment
Skipper is strong in HTTP routing and best result can be achieved in combination with Cloud load balancers, or baremetal load balancers that terminate TLS
traffic.
For AWS there is https://github.com/zalando-incubator/kube-ingress-aws-controller that integrates with ALB or NLB (shared cloud loadbalancer)
[149] Scope:
https://docs.nginx.com/nginx-ingress-controller/installation/running-multiple-ingress-controllers/
[150] - Scope
https://github.com/jcmoraisjr/haproxy-ingress/issues/400
- Consul support
https://www.hashicorp.com/resources/integrating-consul-connect-with-haproxy
[151] Ingress v2 support: https://istio.io/latest/news/releases/1.6.x/announcing-1.6/#networking-improvements
[152] - CRD
https://doc.traefik.io/traefik/reference/dynamic-configuration/kubernetes-crd/
[153] see also https://opensource.zalando.com/skipper/kubernetes/ingress-controller/#aws-deployment
Skipper is strong in HTTP routing and best result can be achieved in combination with Cloud load balancers, or baremetal load balancers that terminate TLS
traffic.
For AWS there is https://github.com/zalando-incubator/kube-ingress-aws-controller that integrates with ALB or NLB (shared cloud loadbalancer)
[154] Scope: https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/deploy/deploy-cic-yaml/#deploy-the-citrix-ingress-controller-for-

a-namespace
Service Mesh: https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/deploy/service-mesh-lite/
[155] CRD support tracked at:

https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/1515
Scope:
https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/deploy/configurations/#limiting-namespaces
[156] CRD: https://github.com/avinetworks/avi-helm-charts/blob/master/docs/AKO/crds/overview.md
Service API: Currently supported only for Tanzu Kubernetes Cluster

[156] CRD: https://github.com/avinetworks/avi-helm-charts/blob/master/docs/AKO/crds/overview.md
Service API: Currently supported only for Tanzu Kubernetes Cluster
[157] https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#canary
[158] via consistentHash load balancing
[159] https://opensource.zalando.com/skipper/tutorials/shadow-traffic/
[160] type here
- Canary
https://docs.konghq.com/hub/kong-inc/canary/
[161] automation for blue-green with canary available via https://github.com/zalando-incubator/stackset-controller

or via https://github.com/weaveworks/flagger
[162] Canary release:

https://www.nginx.com/blog/nginx-plus-backend-upgrades-application-version/#application-canary-release
[163] Session affinity

https://www.haproxy.com/blog/load-balancing-affinity-persistence-sticky-sessions-what-you-need-to-know/
[164] -Canary
https://github.com/projectcontour/contour/blob/main/design/ingressroute-design.md#canary-deployments
[165] - Canary
https://www.getambassador.io/docs/latest/topics/using/canary/
- Dark launch
https://blog.getambassador.io/embrace-the-dark-side-of-api-gateways-traffic-shadowing-and-dark-launching-976984f9d094
[166] - Canary
https://docs.solo.io/gloo/1.2.0/gloo_routing/virtual_services/canary/
- Dark launch
https://blog.getambassador.io/embrace-the-dark-side-of-api-gateways-traffic-shadowing-and-dark-launching-976984f9d094
[167] automation for blue-green with canary available via https://github.com/zalando-incubator/stackset-controller
or via https://github.com/weaveworks/flagger
[168] Canary release:

https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/multicluster/multi-cluster/#canary-deployment
Session Affinity:
https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/how-to/session-affinity/
[169] Session affinity: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features
[170] Session affinity: https://avinetworks.com/docs/20.1/architectural-overview/templates/profiles/persistence-profile/
[171] use grafana + prometheus
[172] https://opensource.zalando.com/skipper/tutorials/development/
[173] https://pkg.go.dev/github.com/zalando/skipper
[174] Provided through the Azure Portal.
[175] Dev portal: https://docs.nginx.com/nginx-controller/services/api-management/manage-dev-portals/
[176] - Apigee Integration

https://istio.io/latest/docs/reference/config/policy-and-telemetry/adapters/apigee/
- Developer portal
https://istio.io/latest/docs/tasks/observability/kiali/
[177] Dashboard: https://doc.traefik.io/traefik/operations/dashboard/
[178] https://opensource.zalando.com/skipper/tutorials/
[179] Billing & Reporting via apigee:

https://cloud.google.com/solutions/patterns-for-deploying-kubernetes-apis-at-scale-with-apigee
[180] Dashboard, Developer portal: https://avinetworks.com/docs/20.1/architectural-overview/applications/virtual-services/vs-analytics/

https://avinetworks.com/docs/18.2/configuration-guide/applications/virtual-services/vs-security/#view_security_insights
Billing and reporting: https://avinetworks.com/docs/20.1/avi-pulse/services/case-management/case-management-service/

[180] Dashboard, Developer portal: https://avinetworks.com/docs/20.1/architectural-overview/applications/virtual-services/vs-analytics/
https://avinetworks.com/docs/18.2/configuration-guide/applications/virtual-services/vs-security/#view_security_insights
Billing and reporting: https://avinetworks.com/docs/20.1/avi-pulse/services/case-management/case-management-service/
[181] Elastic HA: https://avinetworks.com/docs/20.1/elastic-ha-for-avi-service-engines/
TSO, GRO, RSS: https://avinetworks.com/docs/20.1/tso-gro-rss-blocklist-feature/
SSL Performance: https://avinetworks.com/docs/20.1/ssl-performance/
[182] Reload without dropping existing connections.
[183] Hot reloading: https://kubernetes.github.io/ingress-nginx/how-it-works/#when-a-reload-is-required
Integrates with cert-manager
WildCard Certificate: https://github.com/jetstack/cert-manager/blob/efbd1a0095e104177f7dea9c0966d9d8b98d5f6f/design/release-notes/release-0.3/draft-

release-notes.md#acmev2-and-lets-encrypt-wildcard-certificates
Lets encrypt:
https://kubernetes.github.io/ingress-nginx/user-guide/tls/#automated-certificate-management-with-kube-lego
[184]
Integrates with cert-manager
https://docs.konghq.com/kubernetes-ingress-controller/1.1.x/guides/cert-manager/
[185] cert-manager integration:

https://github.com/Azure/application-gateway-kubernetes-ingress/blob/d73b16e2609449a4544be7a6e488fa8d40acb2f1/docs/how-tos/lets-encrypt.md
[186] Integrates with cert-manager

https://github.com/nginxinc/kubernetes-ingress/issues/275
Hot reload: https://www.nginx.com/faq/how-does-zero-downtime-configuration-testingreload-in-nginx-plus-work/
[187] Reload: https://github.com/jcmoraisjr/haproxy-

ingress/blob/1e65cb89f77560ccc8b97796acb3ae7d130cdee5/docs/content/en/docs/configuration/command-line.md#--rate-limit-update
[188] Letsencrypt: https://github.com/voyagermesh/voyager/blob/869936e4d4d6b8c111ff02ec9fc676e3ac37ca8a/README.md#certificate
[189] Hot reload: https://github.com/istio/istio/issues/15182
LetsEncrypt: https://github.com/istio/istio/issues/6486
[189] Hot reload: https://github.com/istio/istio/issues/15182
LetsEncrypt: https://github.com/istio/istio/issues/6486
[190] Hot reload:

https://github.com/projectcontour/contour/blob/b77cdb0d3078ba0cb1b3928c222229a60cc2fe95/site/about.md#introduction-to-envoy
LetsEncrypt: https://github.com/projectcontour/contour/blob/53c21fa0781e61a48ee9945687b46ccfd6bb6efe/site/_guides/cert-manager.md
[191] Hot reload: https://github.com/datawire/ambassador/blob/7cb0556e9742c16c622d93c32e1f901d39bfc3de/cmd/ambex/README.md
LetsEncrypt: https://github.com/datawire/ambassador/blob/e76d06e99de4feef16566bfbb50dd406666a8e7b/docs/howtos/cert-manager.md
[192] LetsEncrypt: https://github.com/solo-

io/gloo/blob/d4fea10aee2053e0e8cd2fb7803c608a9bb5fcae/docs/content/guides/integrations/cert_manager/_index.md
[193] Hot reload: https://github.com/traefik/traefik/issues/1188
LetsEncrypt: https://github.com/traefik/traefik/blob/2747e240c1a97031367a1a566a1401a2367a54d2/docs/content/providers/kubernetes-ingress.md
[194] Hot reload: https://github.com/zalando/skipper/issues/248
[195] LetsEncrypt: https://github.com/citrix/citrix-k8s-ingress-controller/blob/d3f8f2dad5ba24c25b00f1583b6da71f3dabe90b/docs/certificate-

management/acme.md
[196] LetsEncrypt: https://github.com/kubernetes/ingress-gce/issues/733
[197] Hot reloading: Configuration change does not need reload
Auto Certificate Renewal: https://avinetworks.com/docs/20.1/certificate-management-integration-for-csr-automation/
Rolling upgrade: https://avinetworks.com/docs/20.1/elastic-ha-for-avi-service-engines-16-2/#rolling-service-engine-upgrade

Kubernetes Ingress Controllers - Comparison

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Kubernetes Ingress Controllers - Comparison

Uploaded by

Copyright:

Available Formats

Azure App

Apache HAProxy HAProxy

[2] TLS termination not supported

[3] Feature supported on Avi

[5] Web application firewall

[6] Proxy Protocol: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#use-proxy-protocol

- UDP released in Kong's Ingress Controller 2.0: https://konghq.com/blog/kong-ingress-controller-2-0-now-ga-udp-support-prometheus-integrations-and-

[8] gRPC https://github.com/apache/apisix-ingress-controller/issues/114

[11] Proxy Protocol: https://haproxy-ingress.github.io/docs/configuration/keys/#proxy-protocol

Proxy Protocol: https://voyagermesh.com/docs/10.0.0/guides/ingress/configuration/accept-proxy/

[18] WAF: https://github.com/zalando/skipper/blob/master/docs/kubernetes/ingress-controller.md#comparison-with-other-ingress-controllers

[19] HTTP2: https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/how-to/http-use-cases/#http2-upgrade

[20] HTTP(S): https://cloud.google.com/kubernetes-engine/docs/concepts/ingress

HTTP2/GRPC TLS issue tracked at:

[22] HTTP/HTTPS: https://avinetworks.com/docs/20.1/architectural-overview/templates/profiles/application-profile/#http-profile

HTTP2 and gRPC: https://avinetworks.com/docs/20.1/http-2-support/

Proxy Protocol: https://avinetworks.com/docs/20.1/proxy-protocol-support/

[23] Mostly used as a DDoS mitigation strategy

[25] Used to track requests (e.g. API Gateway)

[29] - Rate limit

[30] Rate limiting, Timeout docs:

[31] - Rate limit

[32] - Rate limit

[33] - Rate limit

[34] - Rate limit

[35] - Rate limit

[36] - Rate limit

[37] - Rate limit

- Authentication & Authorisation

[38] - Rate limit

[39] Rate Limit: https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/crds/rate-limit/

[40] Rate limit:

[42] Rate limiting (L4): https://avinetworks.com/docs/20.1/rate-limiters/

Rate limiting (L7): https://avinetworks.com/docs/20.1/rate-limiters/

[43] with regex

[44] with regex

[45] with regex

[46] With the "Route Transformer Advanced" plugin

[47] with regex

- Header based routing

- Header based routing

[50] Path rewrite is in preview as of 2020 November 25.

- Methods based routing

[59] Predicates match routes https://opensource.zalando.com/skipper/reference/predicates/

[62] Rules Example: https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/ingress/annotations/#traffic-routing

[64] Active and passive healthchecks for upstreams

[65] relies on Kubernetes readinessProbes and skipper handled retries

[68] configurable per route via filters

[70] Healthchecks https://github.com/apache/apisix-ingress-controller/issues/117

Circuit Breaker https://github.com/apache/apisix-ingress-controller/issues/117

Circuit Breaker https://github.com/apache/apisix-ingress-controller/issues/117

[71] Detailed info on health checks /retries:

[83] Health Check: https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/ingress/annotations/#health-check

[84] Healthchecks: https://avinetworks.com/docs/20.1/overview-of-health-monitors/

HTTPRule CRD: https://github.com/avinetworks/avi-helm-charts/blob/master/docs/AKO/crds/httprule.md

[85] consistentHash algorithm is sticky until backends scales up/down

[87] type here

Least connections https://github.com/apache/apisix/issues/308

[99] Round Robin:

[100] List from github code. Couldn't find clear documentation.

[101] Couldn't find proper docs for config.

ELB supports RR and Least Connections

Github Code: https://github.com/kubernetes-sigs/aws-load-balancer-