The Avi Kubernetes Ingress Services Solution
Modern application architectures based on microservices have made appliance-based load balancing solutions obsolete. Containerized applications deployed in Kubernetes clusters need scalable and enterprise-class Kubernetes Ingress Services for load balancing, global and local traffic management, service discovery, monitoring/analytics and security. Avi Networks offers an advanced Kubernetes ingress controller with multi-cloud application services that offer enterprise-grade features, high levels of automation based on machine learning, and observability are needed to help bring container-based applications into enterprise production environments.
Deliver Scalable, Production-Ready Containerized Applications with Avi Vantage Ingress Controller for Kubernetes
Applications based on microservices architecture require a modern, distributed application services platform to deliver an ingress gateway. Traditional appliance-based ADC solutions are no longer an option for web-scale, cloud-native applications deployed using container technology as microservices. Kubernetes container clusters can have tens and hundreds of pods, each containing hundreds and thousands of containers, mandating full automation, policy driven deployments and elastic container services for Kubernetes.
Avi Vantage is based on a software-defined, scale-out architecture that provides container services for Kubernetes beyond typical Kubernetes controllers, such as traffic management, security, observability and a rich set of tools to simplify application maintenance and rollouts. You can deploy and automate in six steps:
- Deploy a lightweight, distributed fabric of proxy services alongside nodes in the container cluster
- Automate service discovery and dynamically map between a service name and its IP address for ephemeral containers
- Observe and collect analytics through Avi Service Engines and provide Kubernetes load balancing with autoscaling based on real-time traffic
- Integrate with container orchestration platforms like Kubernetes to automate the deployment and management of containers
- Extend application services with an ingress gateway for secure service-to-service communication in multi-cluster, multi-region and multi-cloud environments
Application and Networking Services for Kubernetes
Avi Networks provides a centrally orchestrated, elastic proxy services fabric with dynamic load balancing, service discovery, security, micro-segmentation, and analytics for containerized applications running in Kubernetes environments.
Enterprises adopting Kubernetes need a cloud-native approach for traffic management and application networking services, which Avi Networks provides. Avi Networks delivers scalable, enterprise-class container ingress to deploy and manage container-based applications in production environments accessing Kubernetes clusters.
- Avi Controller: A central control, management and analytics plane that communicates with the Kubernetes master, deploys and manages the lifecycle of data plane proxies, configures services and aggregates telemetry analytics from the Avi Service Engines.
- Avi Service Engine: A service proxy providing ingress services such as load balancing, WAF, GSLB, IPAM/DNS in the dataplane and reporting real-time telemetry analytics to the Avi Controller.
Kubernetes Ecosystem + Avi’s Kubernetes Ingress Services
Avi Networks has a cloud connector model that is agnostic to the underlying Kubernetes cluster implementations. The Avi Controller integrates via REST APIs with Kubernetes ecosystems including Google Kubernetes Engine (GKE), VMware Pivotal Container Services (PKS), Red Hat OpenShift, Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), VMware Tanzu Kubernetes Grid (TKG), and more.
Multi-Cloud Load Balancing for Kubernetes
Avi extends L4-L7 services with automation, elasticity/autoscaling and continuous delivery onto Kubernetes Platform-as-a-Service (PaaS). Also, Avi provides unprecedented visibility into Kubernetes applications showing service dependencies using application maps.
Enterprise-class load balancing for modern application deployments in Kubernetes clusters.
- Load balancing for L4 (TCP/UDP) and L7 (HTTP, DNS) with autoscaling
- Extension to multi-cluster, multi-cloud and global server load balancing (GSLB)
- Session persistence for HTTP cookie, source IP, TLS ticket, caching and compression
- URL switching and redirection, content modification for header and payload
- Priority pool and traffic migration for blue-green, canary deployment patterns
Avi Controller aggregates this information from Avi Service Engines, making it available via dashboards and REST APIs for quick utilization by network administrators to create an advanced alternative to the Kubernetes controller manager.
- Over 500 hundred individual metrics across L4/L7 application services
- Logs of every HTTP or TCP/UDP transaction
- End-to-end timing from end users to applications
- Application health score, client and security insights
Avi Vantage offers a secure services fabric for enterprise-class applications deployment. It includes the following high performance security capabilities for Kubernetes networking:
- TLS/SSL protocol offload and secure TLS certificate/key management
- Micro-segmentation for IP address and microservices-based security access policies
- Web Application Firewall (WAF) for L7 applications
- DDoS detection and mitigation for L4 and L7 attacks
- Single sign-on (SSO) integration for enterprise-grade authentication and authorization
Deliver Elastic Kubernetes Ingress Controller and Services
VMware NSX® Advanced Load Balancer™ (by Avi Networks) provides a proven solution to deploy container-based workloads in production environments using Kubernetes/OpenShift/Tanzu clusters.
- Ingress Controller
- Multi-cluster, multi-site container support
- Dynamic service discovery
- Application performance monitoring and analytics
- Traffic management local and global load balancing
- Advanced network and application security
- Integrated DNS and IPAM
- Performance based elastic autoscaling