Voyager is a HAProxy backed secure L7 and L4 ingress controller for Kubernetes developed by AppsCode. This can be used with any Kubernetes cloud providers including aws, gce, gke, azure, acs. This can also be used with bare metal Kubernetes clusters.
Voyager provides L7 and L4 loadbalancing using a custom Kubernetes Ingress resource. This is built on top of the HAProxy to support high availability, sticky sessions, name and path-based virtual hosting. This also support configurable application ports with all the options available in a standard Kubernetes Ingress. Here is a complex ingress example that shows how various features can be used. You can find the generated HAProxy Configuration here.
Features
- HTTP and TCP loadbalancing,
- TLS Termination,
- Multi-cloud support,
- Name and Path based virtual hosting,
- Cross namespace routing support,
- URL and Request Header Re-writing,
- Wildcard Name based virtual hosting,
- Persistent sessions, Loadbalancer stats.
- Route Traffic to StatefulSet Pods Based on Host Name
- Weighted Loadbalancing for Canary Deployment
- Customize generated HAProxy config via BackendRule (can be used for http rewriting, add health checks, etc.)
- Add Custom Annotation to LoadBalancer Service and Pods
- Supports Loadbalancer Source Range
- Supports redirects/DNS resolution for
ExternalName
type service - Expose HAProxy stats for Prometheus
- Supports AWS certificate manager
- Scale load balancer using HorizontalPodAutoscaling
- Configure Custom Timeouts for HAProxy
- Custom port for HTTP
- Specify NodePort
- Backend TLS
- Configure Options
- Using Custom HAProxy Templates
- Configure Basic Auth for HTTP Backends
- Configure Sticky session to Backends
- Apply Frontend Rules
- Supported Annotations
Feauture | Kube Ingress | AppsCode Ingress |
---|---|---|
HTTP Loadbalancing | ✅ | ✅ |
TCP Loadbalancing | ❌ | ✅ |
TLS Termination | ✅ | ✅ |
Name and Path based virtual hosting | ❌ | ✅ |
Cross Namespace service support | ❌ | ✅ |
URL and Header rewriting | ❌ | ✅ |
Wildcard name virtual hosting | ❌ | ✅ |
Loadbalancer statistics | ❌ | ✅ |
Route Traffic to StatefulSet Pods Based on Host Name | ❌ | ✅ |
Weighted Loadbalancing for Canary Deployment | ❌ | ✅ |
Supports Loadbalancer Source Range | ❌ | ✅ |
Supports redirects/DNS resolve for ExternalName type service |
❌ | ✅ |
Expose HAProxy stats for Prometheus | ❌ | ✅ |
Supports AWS certificate manager | ❌ | ✅ |
Voyager can automaticallty provision and refresh SSL certificates issued from Let's Encrypt using a custom Kubernetes Certificate resource.
Feautures
- Provision free TLS certificates from Let's Encrypt,
- Manage issued certificates using a Kubernetes Third Party Resource,
- Domain validation using ACME dns-01 challenges,
- Support for multiple DNS providers,
- Auto Renew Certificates,
- Use issued Certificates with Ingress to Secure Communications.
Read more about supported DNS Providers here
Please pick a version of Voyager that matches your Kubernetes installation.
Voyager Version | Docs | Kubernetes Version | Prometheus operator Version |
---|---|---|---|
5.0.0-rc.3 (uses CRD) | User Guide | 1.7.x+ | 0.12.0+ |
3.2.2 (uses TPR) | User Guide | 1.5.x - 1.7.x | < 0.12.0 |
To deploy voyager in Kubernetes follow this guide. In short this contains those two steps
- Create
ingress.voyager.appscode.com
andcertificate.voyager.appscode.com
Third Party Resource - Deploy voyager to kubernetes.
Voyager can be configured to handle default kubernetes ingress or only ingress.appscode.com. voyager can also be run along side with other controllers.
--ingress-class
// this flag can be set to 'voyager' to handle only ingress
// with annotation kubernetes.io/ingress.class=voyager.
// If unset, voyager will also handle ingress without ingress-class annotation.
Want to learn whats happening under the hood, read the developer guide.
If you're interested in being a contributor, read the contribution guide.
Read Build Instructions to build voyager.
There are 2 parts to versioning policy:
- Operator version: Voyager does not follow semver, rather the major version of operator points to the
Kubernetes client-go version. You can verify this
from the
glide.yaml
file. This means there might be breaking changes between point releases of the operator. This generally manifests as changed annotation keys or their meaning. Please always check the release notes for upgrade instructions. - TPR version: appscode.com/v1beta1 is considered in beta. This means any changes to the YAML format will be backward compatible among different versions of the operator.
The voyager operator collects anonymous usage statistics to help us learn how the software is being used and how we can improve it.
To disable stats collection, run the operator with the flag --analytics=false
.
- docker-library/haproxy https://github.com/docker-library/haproxy
- kubernetes/contrib https://github.com/kubernetes/contrib/tree/master/service-loadbalancer
- kubernetes/ingress https://github.com/kubernetes/ingress
- xenolf/lego https://github.com/appscode/lego
- kelseyhightower/kube-cert-manager https://github.com/kelseyhightower/kube-cert-manager
- PalmStoneGames/kube-cert-manager https://github.com/PalmStoneGames/kube-cert-manager
- Kubernetes cloudprovider implementation
If you have any questions, you can reach out to us.