Amy Ma is an 11th Grade student attending Marjory Stoneman Douglas High School in Florida, USA.
Amy joined the HPCC Systems Intern Program to work on a project that supports our Cloud Native platform, which was released early in 2021. Since this was Amy's first internship and she was unfamiliar with HPCC Systems, her first steps involved familiarising herself with our Cloud Native platform infrastructure, Kubernetes and Ingress. Amy's work included researching Ingress exercises on Microsoft Azure and looking at basic Ingress functions, configuring TLS encryption on Azure and authentication with a username and password and traffic splitting. She also needed to deploy an nginx controller on Azure and look at more nginx controller features through annotations and configMap. Deliverables included preparing a spreadsheet of results of all Ingress controllers tested, routing patterns and adding some example files to the HPCC Systems GitHub Repository, including bash scripts and ECL test code. She was also in great position to identify any necessary changes and add-ons needed for the HPCC Systems platform to support Ingress usage, allowing her to write some guidelines for using Ingress in an HPCC Systems service.
As well as the resources included here, read Amy's intern blog journal which includes a more in depth look of her work.
An Ingress is an object that allows access to Kubernetes services from outside the Kubernetes cluster. Ingress is made up of an Ingress object and the Ingress Controller. An Ingress Controller is the implementation of the Ingress. In this project, two Ingress implementations, HAProxy and Nginx were examined on Azure environment. These two Ingress controllers both use the in-cluster Ingress solutions, where load balancing is performed by pods within the cluster. My works explore the different setup used to configure Ingress features through annotations and Kubernetes ingress specifications.
The basic functions exercised in this project include routing, authentication, and access control features such as whitelist, rate limit, buffer size. Various TLS configurations were investigated, including using self-generated certificates with open SSL, using HPCC TLS implementation with Cert-manager, and configuring TLS with a dynamic, externally reachable IP address. Also explored and tested are deployment patterns blue-green and canary deployment, implemented by HAProxy and Nginx controllers, respectively. These configurations are very useful in real Cloud application development and maintenance. For example, utilizing canary to gradually adapt new application features such as with ECLwatch in HPCC cluster. User end-to-end request to response time was collected from nine ECL samples, with the scenarios being the usage of HPCC with and without the Nginx Ingress controller. The initial latency tests indicate that Ingress does not add much performance delay.
Some benefits of using Ingress for cloud are that it comes with a wide range of features, such as access control, basic authentication, providing a singular access point for external traffic, and advanced routing.
In this Video Recording, Amy provides a tour and explanation of her poster content.
Click on the poster for a larger image.