This message was deleted.
# generala
adamant-kite-43734
05/25/2023, 4:38 PMThis message was deleted.
r
rough-farmer-49135
05/25/2023, 4:41 PMI hear people talk about Traefik as an ingress controller. I haven't really looked at it, but I hadn't heard people talking about it having service mesh capabilities.
m
miniature-ambulance-98143
05/25/2023, 4:47 PMYes it seems to be a simple service mesh that comes OOB with K3s Rancher installations
miniature-ambulance-98143
05/25/2023, 4:47 PMFrom the feature set perspective not much difference i feel
r
rough-farmer-49135
05/25/2023, 4:48 PMIt comes as the default installed ingress controller with K3S, just like RKE & RKE2 come with nginx as the default installed ingress controller.
m
miniature-ambulance-98143
05/25/2023, 4:48 PMIstio is complex to setup for sure
miniature-ambulance-98143
05/25/2023, 4:50 PMI have experience with Istio so considering migrating from Traefik to Istio but would like to understand any real benefits i gain that Traefik doesn’t provide me
r
rough-farmer-49135
05/25/2023, 4:50 PMI think you might want to look up a bit more about what service meshes do. At a 5k yard level, an ingress controller performs basic routing from outside the cluster to internal services. A service mesh allows a lot of network management, joining distinct networks into common IP spaces, traffic logging, and goes between all the pods and not just at the external boundary (though it can do things with the external boundary too).
m
miniature-ambulance-98143
05/25/2023, 4:51 PMGot it so Traefik is more of a Ingress controller than a service mesh compared to Istio?
r
rough-farmer-49135
05/25/2023, 4:52 PMIstio lives as a sidecar on pods in a configured workspace and will do metrics on all network traffic to/from those pods and their other destinations and can also allow securing traffic to implement things like zero trust where every service has to authenticate to every other service and be authorized in a way that doesn't require the application itself to be aware.
rough-farmer-49135
05/25/2023, 4:53 PMTraefik is definitely an ingress controller and I don't know if it or a sister project has service mesh capability or not. Istio is definitely a service mesh, and I think it might have an ingress controller but it can also be used with any ingress controller if you want it to just log/monitor/secure traffic within your cluster.
m
miniature-ambulance-98143
05/25/2023, 4:55 PMSo would you use a combination of Traefik + Istio to handle the API management capabilities of Traefik with the Istio service mesh capability?
miniature-ambulance-98143
05/25/2023, 4:56 PMIn other works do both complement each other?
miniature-ambulance-98143
05/25/2023, 4:57 PMTraefik handles North-South traffic with Istio handling east-west traffic?
r
rough-farmer-49135
05/25/2023, 4:58 PMMy understanding is they can and it's an option. Don't know if it's optimal for a given scenario or not. There's just a lot of a la carte with Kubernetes, so how much something is a good option or a bad option can be kinda' specific.
m
miniature-ambulance-98143
05/25/2023, 4:58 PMOkay it depends on my use case really and my setup
r
rough-farmer-49135
05/25/2023, 4:59 PMI'd recommend you look up some tutorials on service meshes and/or Istio specifically, ask yourself why you want/need that functionality, and then combine as appropriate.
rough-farmer-49135
05/25/2023, 4:59 PMYep.
rough-farmer-49135
05/25/2023, 5:00 PMYou can look up ingress controllers too, but they're pretty simple. Basically just a web server sort of appliance to service ingress rules with the various config options that you get with them (so similar tradeoffs if you're considering httpd vs nginx for a basic web server, a lot of differences in how you configure things and what's an option but pretty similar and can often be drop in replacements).
✅ 1
a
acceptable-match-53099
05/28/2023, 2:42 PMThere is the Traefik Mesh
acceptable-match-53099
05/28/2023, 2:42 PM2 Views