英文:
Should Kubernetes Ingress lives together with a Spring Cloud Gateway?
问题
小型架构和设计问题,请。
问题:
Kubernetes Ingress和Spring Cloud Gateway应该共存吗?如果不行,应该优先选择哪个?
首先,使用Spring Webflux / Spring Cloud Gateway项目,我成功实现了基于路由的转发。意味着,所有客户端只需要知道这个唯一的Spring Cloud Gateway端点,Spring Cloud Gateway将根据URL将流量转发到serviceA,如果URL包含serviceA,将转发到serviceB,依此类推,非常直观。
我还添加了一些“软件级功能”,如动态配置(在运行时更改路由)、熔断器、速率限制、舱壁隔离等其他功能,非常棒,但实际上,我最终主要使用了路由转发作为主要功能。
然后,在几周前,我花时间学习了Kubernetes,更准确地说是Kubernetes Ingress。
我成功了解到Kubernetes Ingress是一种非常强大的东西,至少我能够实现基于路由的转发。
意味着,客户端只需知道这个唯一的Ingress端点,Ingress将流量转发到Kubernetes集群内的底层服务。截至目前,它将所有流量转发到Spring Cloud Gateway,然后再由Spring Cloud Gateway转发到其他所有服务(实际上,我可以直接将流量转发到实际的业务服务)。
在这一刻,我开始产生了疑问。
我刚刚是在重复工作吗?(我的意思是从功能上来说,我学习它们都很开心)。
我是否应该考虑一个只有Spring Cloud Gateway(只有它)真正执行网关功能的架构?
我是否应该考虑一个同时将Ingress和软件网关都看作重要组件的架构,同时在两者中配置功能?(接受重复工作?)
我是否应该完全移除Spring Cloud Gateway?
谢谢。
英文:
Small architecture and design question please.
Question:
Should Kubernetes Ingress lives together with Spring Cloud Gateway? If not, which one should be preferred?
First, with a Spring Webflux / Spring Cloud Gateway project, I managed to have working route-based forwarding. Meaning, all my clients only need to know this one and only Spring Cloud Gateway endpoint, and the Spring Cloud Gateway will forward to serviceA if the URL contains serviceA, to serviceB if serviceB, etc, straightforward.
I added some more “software level features” such as dynamic configuration (to change the routes at runtime), circuit breaker, rate limit, bulkhead, and few others features, very cool, but really, I ended up using the route forwarding as a main feature.
Then couple of weeks back, I spent time studying Kubernetes, and more precisely Kubernetes Ingress.
I managed to learn Kubernetes Ingress is a very cool and strong thing. I managed to perform at least the route based forwarding.
Meaning, clients needs to only know this one and only Ingress endpoint, and the Ingress will forward to underlying services within the Kubernetes cluster. Where as of now, it forwards everything to Spring Cloud Gateway, which will forward to everything else. I tried, and it could have forwarded to the real business services in the first place).
And this is the moment where I am having doubts.
Did I just duplicate work? (I mean in terms on functionally, I had fun learning both).
Should I consider an architecture where the Spring Cloud Gateway (only him) is really doing the gating?
Should I consider an architecture where both the Ingress and the Software Gateway have full importance, configuring features in both? (Accept the duplicated work?)
Should I remove the Spring Cloud Gateway entirely?
Thank you
答案1
得分: 12
依我看,Kubernetes 必须与 Spring Cloud Gateway 共存。
反向代理具备诸如集中式日志记录、安全性、缓存、路由、流量管理等功能,但也有一些它们无法完成的任务。API 网关在这一点上发挥作用。它们拥有所有反向代理的功能,还具备额外的能力。因此,API 网关被称为增强型反向代理。
因此,Kubernetes Ingress 的作用类似于反向代理,而Spring Cloud Gateway 是API网关模式的实现。正如我在上面的定义中提到的,我可以说一些 Kubernetes 无法做到的事情。
- 你能实现API组合吗?不能
- 你能通过 Kubernetes 实现JWT认证吗?如果可以,你能通过Kubernetes将大于8 KB的JWT传递到下游服务吗?不能
- 你能将所有Swagger/Open API文档都整合在 Kubernetes 中吗?不能
英文:
In my opinion, Kubernetes must lives together with Spring Cloud Gateway.
Reverse proxies has capabilities like central logging, security, caching, routing, traffic management features etc, but there are also things they cannot do. API Gateways come into play at this point. They have all the features of reverse proxies, plus they have extra capabilities that they can't. For this reason, API Gateways are called enhanced reverse proxies.
So Kubernetes ingress acts like reverse proxy, while Spring Cloud Gateway is implementation of API Gateway pattern. As I mentioned in the definition above, I can say few things you can't do with Kubernetes.
- Can you implement API composition? No
- Can you implement JWT authentication by Kubernetes? If so, Can you carry JWTs more than 8 KB to downstream service by Kubernetes? No
- Can you combine all Swagger/Open API documentation by Kubernetes? No
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论