Support for other proxies apart from Istio.

[rohitrj22]

What would you like to be added?

Hey @adityajoshi12 . As discussed , I explored other proxies and compared them. From the below comparision, it can be noted that Traefik could be a really good alternative to istio.

• Traefik:

Pros:

• It supports L4 routing with SNI which is essentially required by all components of the HLF network for TLS termination.
• Easy to set up and configure, with built-in support for Kubernetes and other container orchestration platforms. It is kubernetes-native . This is really important because we can easily integrate it with our hlf-network just like istio.
• Built-in Let's Encrypt integration for automatic SSL/TLS certificate generation and renewal
• Supports multiple load balancing algorithms and health checks
• Scalable and efficient, with a small resource footprint

Cons:

• Limited traffic management capabilities compared to Istio. This should not be a deal-breaker since the capabilities offered by traefik should be sufficient for our use case.
• Not as flexible or customizable as HAProxy.

• HAProxy:

Pros:

• High-performance load balancer with advanced traffic management capabilities
• Highly customizable and flexible, with a rich set of features and configuration options
• Supports a wide range of protocols and load balancing algorithms
• Efficient and scalable, with a small resource footprint

Cons:

• Not as easy to set up and configure as Traefik and also it is not kubernetes-native out of the box , which makes it tough to integrate with our current setup or the codebase.
• Requires manual configuration and management, which can be time-consuming and error-prone
• Limited observability and monitoring capabilities compared to Istio

• Nginx

• The nginx ingress does not support L4 routing with SNI as it primarly serves at L7.
• While it is possible to configure it to work at L4 , it is not straight-forward.
• Hence, nginx can be ruled out

Between , HAProxy and traefik, traefik could be a really good fit as it can be easily integrated and has a rich support in terms of kubernetes platform integrations and Custom resource definitions (CRDs).

Why is this needed?

As of now, we are quite restricted to use NodePort service type (not for production-based deplyments) and Istio (can be used for production). It would be really great if we could provide another option that is quite popular so that many users can start to choose between the proxies. I have also seen couple of people asking if there's support for other proxy like traefik so that they could easily onboard the service with their existing proxy and not setup a new one like istio which could be quite tedious.

@adityajoshi12 , @dviejokfs . If approved, I would like to contribute to this issue as a feature for the upcoming release.

[dviejokfs]

@rohitrj22

I think we should look into supporting the new Gateway API:

https://gateway-api.sigs.k8s.io/