Tetrate & Bloomberg Announce the First Release of Envoy AI Gateway

Learn more › close
Tetrate Enterprise ready service mesh
Get Demo
Pricing

Frequently Asked Questions

Service Mesh Solutions

Article content

What Is a CVE (Common Vulnerability and Exposure)?

 What is CISA’s Zero Trust Maturity Model (ZTMM)

What are the five pillars of CISA’s Zero Trust Maturity Model (ZTMM)?

What Are the Pillars of Forrester’s Zero Trust Model?

What Is Threat Modeling?

What Is a Software-Defined-Perimeter (SDP) with Zero Trust?

Why Is Application Security Important?

What Is Kubernetes Security?

What is Ambient Mesh?

What Is Zero Trust Architecture (ZTA)?

What Is Tetrate Service Express (TSE)?

Does Tetrate Service Express (TSE) Integrate with Amazon Eks?

What Is Cisa’s Zero Trust Maturity Model (ZTMM)?

What Are the Five Pillars of Cisa’s Zero Trust Maturity Model (ZTMM)?

What’s the Difference Between Tetrate Products and Istio?

What Are the Benefits of CVES?

How Does Tetrate Fix Cves?

What Is CVSS?

What Are the Limitations of CVE?

What Is the Difference Between CVE and CVSS?

What Is a Cybersecurity Vulnerability?

What Is a Cybersecurity Exposure?

What Is a Kubernetes Ingress Controller

What Is Kubernetes Ingress Used For?

How Kubernetes Ingress Works

What Is Sidecarless?

Istio Ambient Mode vs. Ambient Mesh

What does CNI Mean?

Do Tetrate Products Support Multiple Cloud Deployments?

Are Tetrate Products Open Source?

Do Tetrate Products Support Non-kubernetes Workloads?

Why Do I Need Tetrate in Addition to Open Source Istio?

Do Tetrate Products Run in the Cloud and on Premises?

Why Do I Need Multitenancy in a Service Mesh?

How Do I Protect Production from Unauthorized Access in a Dynamic Compute Environment like Kubernetes?

How Can I Implement Mtls Across My Entire Infrastructure, Including Between Kubernetes and Vms?

Will Tetrate Service Bridge Work with My Existing Public Key Infrastructure?

How Do I Ensure and Prove Consistent Application of Authorization Policy Across All of My Deployments?

How Does Tetrate Service Bridge Transparently Shift Traffic to Public Cloud Services from My On-Premises, Self-Managed Infrastructure?

How Does Tetrate Service Bridge Help Optimize Locality and Minimize Egress?

How Can I Safely Roll Out My Microservices Implementation and Roll Back to the VM Implementation if It’s Not Working?

How Can I Mitigate the Damage of Infrastructure Outages by Giving My Developers Tools to Failover and Build Ha Applications?

How Does Tetrate Service Bridge Help Me Keep My Service Mesh up to Date Without Causing Outages?

How Do I Enable My Developers to Build Reliable Applications Using Mesh Primitives?

What Is the Difference Between Tetrate Service Bridge and Tetrate Service Express?

What Is an API?

What Does Kubernetes Do?

What Does “Proxied” Mean?

What Is ProxyPass?

What Is a Gateway in Microservices?

What Is ABAC?

What Does a Service Mesh Do?

What Is Istio?

What is Envoy Proxy?

What Are the Core Principles of the Zero Trust Model?

What Are the Benefits of Choosing a Zero Trust Architecture?

What Is a Kubernetes Ingress Controller

A Kubernetes Ingress Controller is a specialized component within a Kubernetes cluster that manages the routing of external HTTP and HTTPS traffic—and, in the case of some implementations with custom extensions, TCP and UDP packets—to services running inside the cluster. It interprets and implements Ingress resources, which are Kubernetes API objects that define rules for routing traffic to different services based on URL paths, hostnames, and other criteria.

Tetrate offers an enterprise-ready, 100% upstream distribution of Envoy Gateway, Tetrate Enterprise Gateway for Envoy (TEG). TEG is the easiest way to get started with Envoy, the de facto standard cloud-native data plane, for Kubernetes ingress. Get access now ›

Key Concepts

Ingress Resource: This is a configuration that defines how to route traffic from the outside world to internal services based on rules such as hostnames and paths.

Ingress Controller: This is a controller that watches the Kubernetes API server for changes to Ingress resources and updates the routing rules accordingly. It is responsible for managing and configuring the underlying load balancer or proxy (like NGINX, HAProxy, or Traefik) to handle traffic routing as specified in the Ingress resources.

Load Balancing: The Ingress Controller typically provides load balancing for HTTP and HTTPS traffic, distributing requests among the appropriate backend services.

TLS Termination: Ingress Controllers can also handle TLS termination, decrypting HTTPS traffic before passing it to the backend services.

Path-Based Routing: Ingress resources can specify different backend services for different URL paths, allowing fine-grained control over traffic routing.

Hostname-Based Routing: Ingress resources can route traffic to different services based on the requested hostname, enabling multi-tenancy and subdomain management.

External Access: The Ingress Controller enables services within a Kubernetes cluster to be accessible from outside the cluster without needing to expose each service individually.

Common Kubernetes Ingress Controllers

NGINX Ingress Controller: One of the most widely-used Ingress controllers, leveraging the NGINX web server.

Traefik Ingress Controller: A dynamic and cloud-native edge router designed for handling ingress traffic in Kubernetes.

HAProxy Ingress Controller: Utilizes HAProxy for high-performance load balancing.

Istio Ingress Gateway: Part of the Istio service mesh, providing advanced traffic management capabilities.

Gateway API Alternative to Kubernetes Ingress

Conceived as a successor to the earlier Ingress API, Gateway API aims to enhance the configuration and management of Kubernetes ingress, service discovery, load balancing, and traffic routing by providing a unified and extensible API that integrates with Kubernetes’ native resources such as Services, Endpoints, and Ingresses.

Envoy Gateway is now the standard Ingress choice for Kubernetes deployments. Built on the open-source Envoy proxy, it offers a wide range of third-party integrations and extensive capabilities that work in compatible ways across suppliers without the risk of vendor lock-in.