Hoot About Proxies, Ingress and API Gateways

External reference:

ingress vs api gateway

IIUC, an ingress is more like a multiplexer proxy, while an API Gateway abstracts the service that it redirects to.

Actually, an API gateway can be considered as a super set of an ingress.

While the ingress conditionally exposes the services, the api gateway provides its own api that allows a loose coupling with the underlying services.

time text

https://youtu.be/ByeDI09AVok&t=1290.63s so if ingress allows traffic in allows

https://youtu.be/ByeDI09AVok&t=1292.94s us to do some basic routing allows us to

https://youtu.be/ByeDI09AVok&t=1295.76s do some security and and so forth what

—

time	text
https://youtu.be/ByeDI09AVok&t=1290.63s	so if ingress allows traffic in allows
https://youtu.be/ByeDI09AVok&t=1292.94s	us to do some basic routing allows us to
https://youtu.be/ByeDI09AVok&t=1295.76s	do some security and and so forth what

time text

https://youtu.be/ByeDI09AVok&t=1319.91s exposes an API that is best suited for

https://youtu.be/ByeDI09AVok&t=1324.1s the clients so right here if we come

https://youtu.be/ByeDI09AVok&t=1328.429s back to ingress ingress is just exposing

https://youtu.be/ByeDI09AVok&t=1330.65s the services as they exist inside of

https://youtu.be/ByeDI09AVok&t=1333.679s your cluster

—

time	text
https://youtu.be/ByeDI09AVok&t=1319.91s	exposes an API that is best suited for
https://youtu.be/ByeDI09AVok&t=1324.1s	the clients so right here if we come
https://youtu.be/ByeDI09AVok&t=1328.429s	back to ingress ingress is just exposing
https://youtu.be/ByeDI09AVok&t=1330.65s	the services as they exist inside of
https://youtu.be/ByeDI09AVok&t=1333.679s	your cluster

time text

https://youtu.be/ByeDI09AVok&t=1345.23s we’re not gonna expose them

https://youtu.be/ByeDI09AVok&t=1346.73s exactly like the way they’re implemented

https://youtu.be/ByeDI09AVok&t=1348.74s maybe they’re implemented with grpc and

https://youtu.be/ByeDI09AVok&t=1352.49s we want to expose them as rest services

https://youtu.be/ByeDI09AVok&t=1356.179s or maybe they’re exposed as a rest

https://youtu.be/ByeDI09AVok&t=1359.48s service but internally they’re

https://youtu.be/ByeDI09AVok&t=1362.33s implemented by three different services

https://youtu.be/ByeDI09AVok&t=1363.88s all right so the API gateway is a

https://youtu.be/ByeDI09AVok&t=1368.409s decoupling point allow clients of your

https://youtu.be/ByeDI09AVok&t=1373.61s service to see a stable API and the

https://youtu.be/ByeDI09AVok&t=1378.95s back-end components that implements the

https://youtu.be/ByeDI09AVok&t=1381.44s functionality for that API those will

https://youtu.be/ByeDI09AVok&t=1385.61s evolve the image they’re a PS engine so

https://youtu.be/ByeDI09AVok&t=1388.909s forth kick provides that abstraction

https://youtu.be/ByeDI09AVok&t=1392s abstraction away the details of the

https://youtu.be/ByeDI09AVok&t=1394.85s implementation but like I said it does

https://youtu.be/ByeDI09AVok&t=1397.37s play the role as well of getting traffic

https://youtu.be/ByeDI09AVok&t=1399.32s into the cluster so there is some

https://youtu.be/ByeDI09AVok&t=1400.909s overlap there but in my mind it’s a it’s

https://youtu.be/ByeDI09AVok&t=1403.4s a super set of capabilities that is more

https://youtu.be/ByeDI09AVok&t=1406.01s targeted at the application layer in

https://youtu.be/ByeDI09AVok&t=1411.07s networking terms so if you have a

https://youtu.be/ByeDI09AVok&t=1414.679s gateways they abstract away back in

https://youtu.be/ByeDI09AVok&t=1416.78s protocols message message shapes and so

https://youtu.be/ByeDI09AVok&t=1419.659s forth they’ve strapped away the routing

https://youtu.be/ByeDI09AVok&t=1422.919s necessary

https://youtu.be/ByeDI09AVok&t=1424.19s - let’s say compose a series of calls to

https://youtu.be/ByeDI09AVok&t=1428.63s get an appropriate message they do

https://youtu.be/ByeDI09AVok&t=1431.21s things like transformation and and so

https://youtu.be/ByeDI09AVok&t=1434.27s forth they are intended to also solve

https://youtu.be/ByeDI09AVok&t=1438.14s edge capabilities that otherwise each

https://youtu.be/ByeDI09AVok&t=1441.44s service would need to implement things

https://youtu.be/ByeDI09AVok&t=1443.66s like authorizations things like rate

https://youtu.be/ByeDI09AVok&t=1446.51s limiting things like caching and just

https://youtu.be/ByeDI09AVok&t=1449.84s like ingress make a gateways provide a

https://youtu.be/ByeDI09AVok&t=1452.24s good point

https://youtu.be/ByeDI09AVok&t=1453.14s of routing control so you can wrap up

https://youtu.be/ByeDI09AVok&t=1457.13s very fine-grain routes and as well as

https://youtu.be/ByeDI09AVok&t=1460.7s routing and traffic observability

—

time	text
https://youtu.be/ByeDI09AVok&t=1345.23s	we’re not gonna expose them
https://youtu.be/ByeDI09AVok&t=1346.73s	exactly like the way they’re implemented
https://youtu.be/ByeDI09AVok&t=1348.74s	maybe they’re implemented with grpc and
https://youtu.be/ByeDI09AVok&t=1352.49s	we want to expose them as rest services
https://youtu.be/ByeDI09AVok&t=1356.179s	or maybe they’re exposed as a rest
https://youtu.be/ByeDI09AVok&t=1359.48s	service but internally they’re
https://youtu.be/ByeDI09AVok&t=1362.33s	implemented by three different services
https://youtu.be/ByeDI09AVok&t=1363.88s	all right so the API gateway is a
https://youtu.be/ByeDI09AVok&t=1368.409s	decoupling point allow clients of your
https://youtu.be/ByeDI09AVok&t=1373.61s	service to see a stable API and the
https://youtu.be/ByeDI09AVok&t=1378.95s	back-end components that implements the
https://youtu.be/ByeDI09AVok&t=1381.44s	functionality for that API those will
https://youtu.be/ByeDI09AVok&t=1385.61s	evolve the image they’re a PS engine so
https://youtu.be/ByeDI09AVok&t=1388.909s	forth kick provides that abstraction
https://youtu.be/ByeDI09AVok&t=1392s	abstraction away the details of the
https://youtu.be/ByeDI09AVok&t=1394.85s	implementation but like I said it does
https://youtu.be/ByeDI09AVok&t=1397.37s	play the role as well of getting traffic
https://youtu.be/ByeDI09AVok&t=1399.32s	into the cluster so there is some
https://youtu.be/ByeDI09AVok&t=1400.909s	overlap there but in my mind it’s a it’s
https://youtu.be/ByeDI09AVok&t=1403.4s	a super set of capabilities that is more
https://youtu.be/ByeDI09AVok&t=1406.01s	targeted at the application layer in
https://youtu.be/ByeDI09AVok&t=1411.07s	networking terms so if you have a
https://youtu.be/ByeDI09AVok&t=1414.679s	gateways they abstract away back in
https://youtu.be/ByeDI09AVok&t=1416.78s	protocols message message shapes and so
https://youtu.be/ByeDI09AVok&t=1419.659s	forth they’ve strapped away the routing
https://youtu.be/ByeDI09AVok&t=1422.919s	necessary
https://youtu.be/ByeDI09AVok&t=1424.19s	- let’s say compose a series of calls to
https://youtu.be/ByeDI09AVok&t=1428.63s	get an appropriate message they do
https://youtu.be/ByeDI09AVok&t=1431.21s	things like transformation and and so
https://youtu.be/ByeDI09AVok&t=1434.27s	forth they are intended to also solve
https://youtu.be/ByeDI09AVok&t=1438.14s	edge capabilities that otherwise each
https://youtu.be/ByeDI09AVok&t=1441.44s	service would need to implement things
https://youtu.be/ByeDI09AVok&t=1443.66s	like authorizations things like rate
https://youtu.be/ByeDI09AVok&t=1446.51s	limiting things like caching and just
https://youtu.be/ByeDI09AVok&t=1449.84s	like ingress make a gateways provide a
https://youtu.be/ByeDI09AVok&t=1452.24s	good point
https://youtu.be/ByeDI09AVok&t=1453.14s	of routing control so you can wrap up
https://youtu.be/ByeDI09AVok&t=1457.13s	very fine-grain routes and as well as
https://youtu.be/ByeDI09AVok&t=1460.7s	routing and traffic observability

overlap between api gateway, ingress and service mesh

time text

https://youtu.be/ByeDI09AVok&t=1475.73s then maybe

https://youtu.be/ByeDI09AVok&t=1480.65s the technology overlaps ok so for

https://youtu.be/ByeDI09AVok&t=1482.96s example you might use nginx as an

https://youtu.be/ByeDI09AVok&t=1487.49s ingress you might use something like

https://youtu.be/ByeDI09AVok&t=1489.98s Kong as API gateway or you might use

https://youtu.be/ByeDI09AVok&t=1493.91s something like envoy or maybe it C as

https://youtu.be/ByeDI09AVok&t=1498.35s ingress gateway as an ingress and maybe

https://youtu.be/ByeDI09AVok&t=1501.29s something like solo glue as an API

https://youtu.be/ByeDI09AVok&t=1505.31s Gateway

—

time	text
https://youtu.be/ByeDI09AVok&t=1475.73s	then maybe
https://youtu.be/ByeDI09AVok&t=1480.65s	the technology overlaps ok so for
https://youtu.be/ByeDI09AVok&t=1482.96s	example you might use nginx as an
https://youtu.be/ByeDI09AVok&t=1487.49s	ingress you might use something like
https://youtu.be/ByeDI09AVok&t=1489.98s	Kong as API gateway or you might use
https://youtu.be/ByeDI09AVok&t=1493.91s	something like envoy or maybe it C as
https://youtu.be/ByeDI09AVok&t=1498.35s	ingress gateway as an ingress and maybe
https://youtu.be/ByeDI09AVok&t=1501.29s	something like solo glue as an API
https://youtu.be/ByeDI09AVok&t=1505.31s	Gateway

time text

https://youtu.be/ByeDI09AVok&t=1514.76s they further overlap with service mesh

https://youtu.be/ByeDI09AVok&t=1518.09s because in a service mash when we’re

https://youtu.be/ByeDI09AVok&t=1520.4s talking about the service to service

https://youtu.be/ByeDI09AVok&t=1521.84s proxies those those might also be some

https://youtu.be/ByeDI09AVok&t=1525.47s of the same foundational pieces that are

https://youtu.be/ByeDI09AVok&t=1526.91s used as an ingress or an api gateway and

https://youtu.be/ByeDI09AVok&t=1530.6s but a service master does the service

https://youtu.be/ByeDI09AVok&t=1532.79s mesh proxy does something different it

https://youtu.be/ByeDI09AVok&t=1535.01s doesn’t for example I can API a gateway

https://youtu.be/ByeDI09AVok&t=1538.51s abstract away details of API

https://youtu.be/ByeDI09AVok&t=1543.23s implementations for example what it does

https://youtu.be/ByeDI09AVok&t=1545.99s is it allows it gives the clients more

https://youtu.be/ByeDI09AVok&t=1548.72s smarts about the infrastructure so it it

https://youtu.be/ByeDI09AVok&t=1555.59s brings more detail to the clients about

https://youtu.be/ByeDI09AVok&t=1558.77s what’s happening with services that we

https://youtu.be/ByeDI09AVok&t=1563.12s might need to talk to so if service I

https://youtu.be/ByeDI09AVok&t=1565.52s need to talk to be B might be deployed

https://youtu.be/ByeDI09AVok&t=1568.52s on three different availability zones

https://youtu.be/ByeDI09AVok&t=1571.79s and one of them could go down and so the

https://youtu.be/ByeDI09AVok&t=1575.6s details of the infrastructure and the

https://youtu.be/ByeDI09AVok&t=1578.9s topology of the networks is is something

https://youtu.be/ByeDI09AVok&t=1582.65s that’s important for the client who

https://youtu.be/ByeDI09AVok&t=1584.84s wants to call the service to know and

https://youtu.be/ByeDI09AVok&t=1586.61s that’s exactly what the the proxy is

https://youtu.be/ByeDI09AVok&t=1589.76s doing on behalf of the client

—

time	text
https://youtu.be/ByeDI09AVok&t=1514.76s	they further overlap with service mesh
https://youtu.be/ByeDI09AVok&t=1518.09s	because in a service mash when we’re
https://youtu.be/ByeDI09AVok&t=1520.4s	talking about the service to service
https://youtu.be/ByeDI09AVok&t=1521.84s	proxies those those might also be some
https://youtu.be/ByeDI09AVok&t=1525.47s	of the same foundational pieces that are
https://youtu.be/ByeDI09AVok&t=1526.91s	used as an ingress or an api gateway and
https://youtu.be/ByeDI09AVok&t=1530.6s	but a service master does the service
https://youtu.be/ByeDI09AVok&t=1532.79s	mesh proxy does something different it
https://youtu.be/ByeDI09AVok&t=1535.01s	doesn’t for example I can API a gateway
https://youtu.be/ByeDI09AVok&t=1538.51s	abstract away details of API
https://youtu.be/ByeDI09AVok&t=1543.23s	implementations for example what it does
https://youtu.be/ByeDI09AVok&t=1545.99s	is it allows it gives the clients more
https://youtu.be/ByeDI09AVok&t=1548.72s	smarts about the infrastructure so it it
https://youtu.be/ByeDI09AVok&t=1555.59s	brings more detail to the clients about
https://youtu.be/ByeDI09AVok&t=1558.77s	what’s happening with services that we
https://youtu.be/ByeDI09AVok&t=1563.12s	might need to talk to so if service I
https://youtu.be/ByeDI09AVok&t=1565.52s	need to talk to be B might be deployed
https://youtu.be/ByeDI09AVok&t=1568.52s	on three different availability zones
https://youtu.be/ByeDI09AVok&t=1571.79s	and one of them could go down and so the
https://youtu.be/ByeDI09AVok&t=1575.6s	details of the infrastructure and the
https://youtu.be/ByeDI09AVok&t=1578.9s	topology of the networks is is something
https://youtu.be/ByeDI09AVok&t=1582.65s	that’s important for the client who
https://youtu.be/ByeDI09AVok&t=1584.84s	wants to call the service to know and
https://youtu.be/ByeDI09AVok&t=1586.61s	that’s exactly what the the proxy is
https://youtu.be/ByeDI09AVok&t=1589.76s	doing on behalf of the client

difference between api gateway and reverse proxy

time text

https://youtu.be/ByeDI09AVok&t=408.199s reverse proxy where

https://youtu.be/ByeDI09AVok&t=411.44s a client doesn’t know anything about the

https://youtu.be/ByeDI09AVok&t=414.41s proxy they think they’re talking to the

https://youtu.be/ByeDI09AVok&t=415.97s server or the service and the traffic is

https://youtu.be/ByeDI09AVok&t=419.389s still going through this this proxy and

https://youtu.be/ByeDI09AVok&t=421.789s being demultiplexed into the the

https://youtu.be/ByeDI09AVok&t=426.02s different services that might live in

https://youtu.be/ByeDI09AVok&t=428.27s the backend

—

time	text
https://youtu.be/ByeDI09AVok&t=408.199s	reverse proxy where
https://youtu.be/ByeDI09AVok&t=411.44s	a client doesn’t know anything about the
https://youtu.be/ByeDI09AVok&t=414.41s	proxy they think they’re talking to the
https://youtu.be/ByeDI09AVok&t=415.97s	server or the service and the traffic is
https://youtu.be/ByeDI09AVok&t=419.389s	still going through this this proxy and
https://youtu.be/ByeDI09AVok&t=421.789s	being demultiplexed into the the
https://youtu.be/ByeDI09AVok&t=426.02s	different services that might live in
https://youtu.be/ByeDI09AVok&t=428.27s	the backend

Notes linking here

proxy vs adapter vs gateway vs facade

Konubinix' opinionated web of thoughts