/voyager

✈️️ Secure Ingress Controller for Kubernetes

Primary LanguageGoApache License 2.0Apache-2.0

Go Report Card

WebsiteSlackForumTwitter

voyager

Voyager is a HAProxy backed secure L7 and L4 ingress controller for Kubernetes developed by AppsCode. This can be used with any Kubernetes cloud providers including aws, gce, gke, azure, acs. This can also be used with bare metal Kubernetes clusters.

Ingress

Voyager provides L7 and L4 loadbalancing using a custom Kubernetes Ingress resource. This is built on top of the HAProxy to support high availability, sticky sessions, name and path-based virtual hosting. This also support configurable application ports with all the options available in a standard Kubernetes Ingress. Here is a complex ingress example that shows how various features can be used. You can find the generated HAProxy Configuration here.

Feautures

Comparison with Kubernetes

Feauture Kube Ingress AppsCode Ingress
HTTP Loadbalancing
TCP Loadbalancing
TLS Termination
Name and Path based virtual hosting
Cross Namespace service support
URL and Header rewriting
Wildcard name virtual hosting
Loadbalancer statistics
Route Traffic to StatefulSet Pods Based on Host Name
Weighted Loadbalancing for Canary Deployment
Supports Loadbalancer Source Range
Supports redirects/DNS resolve for ExternalName type service
Expose HAProxy stats for Prometheus
Supports AWS certificate manager

Certificate

Voyager can automaticallty provision and refresh SSL certificates issued from Let's Encrypt using a custom Kubernetes Certificate resource.

Feautures

  • Provision free TLS certificates from Let's Encrypt,
  • Manage issued certificates using a Kubernetes Third Party Resource,
  • Domain validation using ACME dns-01 challenges,
  • Support for multiple DNS providers,
  • Auto Renew Certificates,
  • Use issued Certificates with Ingress to Secure Communications.

Supported Domain Providers

Read more about supported DNS Providers here

Supported Versions

Kubernetes 1.3+

User Guide

To deploy voyager in Kubernetes follow this guide. In short this contains those two steps

  1. Create ingress.voyager.appscode.com and certificate.voyager.appscode.com Third Party Resource
  2. Deploy voyager to kubernetes.

Running voyager alongside with other ingress controller

Voyager can be configured to handle default kubernetes ingress or only ingress.appscode.com. voyager can also be run along side with other controllers.

  --ingress-class
  // this flag can be set to 'voyager' to handle only ingress
  // with annotation kubernetes.io/ingress.class=voyager.

  // If unset, voyager will also handle ingress without ingress-class annotation.

Developer Guide

Want to learn whats happening under the hood, read the developer guide.

Contribution

If you're interested in being a contributor, read the contribution guide.

Building voyager

Read Build Instructions to build voyager.

Versioning Policy

There are 2 parts to versioning policy:

  • Operator version: Voyager does not follow semver, rather the major version of operator points to the Kubernetes client-go version. You can verify this from the glide.yaml file. This means there might be breaking changes between point releases of the operator. This generally manifests as changed annotation keys or their meaning. Please always check the release notes for upgrade instructions.
  • TPR version: appscode.com/v1beta1 is considered in beta. This means any changes to the YAML format will be backward compatible among different versions of the operator.

The voyager operator collects anonymous usage statistics to help us learn how the software is being used and how we can improve it. To disable stats collection, run the operator with the flag --analytics=false.

Acknowledgement

Support

If you have any questions, you can reach out to us.