Konubinix' opinionated web of thoughts

Hoot About Proxies, Ingress and API Gateways


  • External reference:

All About Proxies, Ingress and Gateways

ingress vs api gateway

IIUC, an ingress is more like a multiplexer proxy, while an API Gateway abstracts the service that it redirects to.

Actually, an API gateway can be considered as a super set of an ingress.

While the ingress conditionally exposes the services, the api gateway provides its own api that allows a loose coupling with the underlying services.

time text
https://youtu.be/ByeDI09AVok&t=1290.63s so if ingress allows traffic in allows
https://youtu.be/ByeDI09AVok&t=1292.94s us to do some basic routing allows us to
https://youtu.be/ByeDI09AVok&t=1295.76s do some security and and so forth what

time text
https://youtu.be/ByeDI09AVok&t=1319.91s exposes an API that is best suited for
https://youtu.be/ByeDI09AVok&t=1324.1s the clients so right here if we come
https://youtu.be/ByeDI09AVok&t=1328.429s back to ingress ingress is just exposing
https://youtu.be/ByeDI09AVok&t=1330.65s the services as they exist inside of
https://youtu.be/ByeDI09AVok&t=1333.679s your cluster

time text
https://youtu.be/ByeDI09AVok&t=1345.23s we’re not gonna expose them
https://youtu.be/ByeDI09AVok&t=1346.73s exactly like the way they’re implemented
https://youtu.be/ByeDI09AVok&t=1348.74s maybe they’re implemented with grpc and
https://youtu.be/ByeDI09AVok&t=1352.49s we want to expose them as rest services
https://youtu.be/ByeDI09AVok&t=1356.179s or maybe they’re exposed as a rest
https://youtu.be/ByeDI09AVok&t=1359.48s service but internally they’re
https://youtu.be/ByeDI09AVok&t=1362.33s implemented by three different services
https://youtu.be/ByeDI09AVok&t=1363.88s all right so the API gateway is a
https://youtu.be/ByeDI09AVok&t=1368.409s decoupling point allow clients of your
https://youtu.be/ByeDI09AVok&t=1373.61s service to see a stable API and the
https://youtu.be/ByeDI09AVok&t=1378.95s back-end components that implements the
https://youtu.be/ByeDI09AVok&t=1381.44s functionality for that API those will
https://youtu.be/ByeDI09AVok&t=1385.61s evolve the image they’re a PS engine so
https://youtu.be/ByeDI09AVok&t=1388.909s forth kick provides that abstraction
https://youtu.be/ByeDI09AVok&t=1392s abstraction away the details of the
https://youtu.be/ByeDI09AVok&t=1394.85s implementation but like I said it does
https://youtu.be/ByeDI09AVok&t=1397.37s play the role as well of getting traffic
https://youtu.be/ByeDI09AVok&t=1399.32s into the cluster so there is some
https://youtu.be/ByeDI09AVok&t=1400.909s overlap there but in my mind it’s a it’s
https://youtu.be/ByeDI09AVok&t=1403.4s a super set of capabilities that is more
https://youtu.be/ByeDI09AVok&t=1406.01s targeted at the application layer in
https://youtu.be/ByeDI09AVok&t=1411.07s networking terms so if you have a
https://youtu.be/ByeDI09AVok&t=1414.679s gateways they abstract away back in
https://youtu.be/ByeDI09AVok&t=1416.78s protocols message message shapes and so
https://youtu.be/ByeDI09AVok&t=1419.659s forth they’ve strapped away the routing
https://youtu.be/ByeDI09AVok&t=1422.919s necessary
https://youtu.be/ByeDI09AVok&t=1424.19s - let’s say compose a series of calls to
https://youtu.be/ByeDI09AVok&t=1428.63s get an appropriate message they do
https://youtu.be/ByeDI09AVok&t=1431.21s things like transformation and and so
https://youtu.be/ByeDI09AVok&t=1434.27s forth they are intended to also solve
https://youtu.be/ByeDI09AVok&t=1438.14s edge capabilities that otherwise each
https://youtu.be/ByeDI09AVok&t=1441.44s service would need to implement things
https://youtu.be/ByeDI09AVok&t=1443.66s like authorizations things like rate
https://youtu.be/ByeDI09AVok&t=1446.51s limiting things like caching and just
https://youtu.be/ByeDI09AVok&t=1449.84s like ingress make a gateways provide a
https://youtu.be/ByeDI09AVok&t=1452.24s good point
https://youtu.be/ByeDI09AVok&t=1453.14s of routing control so you can wrap up
https://youtu.be/ByeDI09AVok&t=1457.13s very fine-grain routes and as well as
https://youtu.be/ByeDI09AVok&t=1460.7s routing and traffic observability

overlap between api gateway, ingress and service mesh

time text
https://youtu.be/ByeDI09AVok&t=1475.73s then maybe
https://youtu.be/ByeDI09AVok&t=1480.65s the technology overlaps ok so for
https://youtu.be/ByeDI09AVok&t=1482.96s example you might use nginx as an
https://youtu.be/ByeDI09AVok&t=1487.49s ingress you might use something like
https://youtu.be/ByeDI09AVok&t=1489.98s Kong as API gateway or you might use
https://youtu.be/ByeDI09AVok&t=1493.91s something like envoy or maybe it C as
https://youtu.be/ByeDI09AVok&t=1498.35s ingress gateway as an ingress and maybe
https://youtu.be/ByeDI09AVok&t=1501.29s something like solo glue as an API
https://youtu.be/ByeDI09AVok&t=1505.31s Gateway

time text
https://youtu.be/ByeDI09AVok&t=1514.76s they further overlap with service mesh
https://youtu.be/ByeDI09AVok&t=1518.09s because in a service mash when we’re
https://youtu.be/ByeDI09AVok&t=1520.4s talking about the service to service
https://youtu.be/ByeDI09AVok&t=1521.84s proxies those those might also be some
https://youtu.be/ByeDI09AVok&t=1525.47s of the same foundational pieces that are
https://youtu.be/ByeDI09AVok&t=1526.91s used as an ingress or an api gateway and
https://youtu.be/ByeDI09AVok&t=1530.6s but a service master does the service
https://youtu.be/ByeDI09AVok&t=1532.79s mesh proxy does something different it
https://youtu.be/ByeDI09AVok&t=1535.01s doesn’t for example I can API a gateway
https://youtu.be/ByeDI09AVok&t=1538.51s abstract away details of API
https://youtu.be/ByeDI09AVok&t=1543.23s implementations for example what it does
https://youtu.be/ByeDI09AVok&t=1545.99s is it allows it gives the clients more
https://youtu.be/ByeDI09AVok&t=1548.72s smarts about the infrastructure so it it
https://youtu.be/ByeDI09AVok&t=1555.59s brings more detail to the clients about
https://youtu.be/ByeDI09AVok&t=1558.77s what’s happening with services that we
https://youtu.be/ByeDI09AVok&t=1563.12s might need to talk to so if service I
https://youtu.be/ByeDI09AVok&t=1565.52s need to talk to be B might be deployed
https://youtu.be/ByeDI09AVok&t=1568.52s on three different availability zones
https://youtu.be/ByeDI09AVok&t=1571.79s and one of them could go down and so the
https://youtu.be/ByeDI09AVok&t=1575.6s details of the infrastructure and the
https://youtu.be/ByeDI09AVok&t=1578.9s topology of the networks is is something
https://youtu.be/ByeDI09AVok&t=1582.65s that’s important for the client who
https://youtu.be/ByeDI09AVok&t=1584.84s wants to call the service to know and
https://youtu.be/ByeDI09AVok&t=1586.61s that’s exactly what the the proxy is
https://youtu.be/ByeDI09AVok&t=1589.76s doing on behalf of the client

difference between api gateway and reverse proxy

time text
https://youtu.be/ByeDI09AVok&t=408.199s reverse proxy where
https://youtu.be/ByeDI09AVok&t=411.44s a client doesn’t know anything about the
https://youtu.be/ByeDI09AVok&t=414.41s proxy they think they’re talking to the
https://youtu.be/ByeDI09AVok&t=415.97s server or the service and the traffic is
https://youtu.be/ByeDI09AVok&t=419.389s still going through this this proxy and
https://youtu.be/ByeDI09AVok&t=421.789s being demultiplexed into the the
https://youtu.be/ByeDI09AVok&t=426.02s different services that might live in
https://youtu.be/ByeDI09AVok&t=428.27s the backend

Notes linking here