Skip to main content

Networking & the API Gateway

Bare-metal LoadBalancer services with MetalLB, and Kong as the API gateway/ingress, including an admin surface secured behind a reverse proxy.

The bare-metal LoadBalancer problem

Ask Kubernetes for a Service of type LoadBalancer in the cloud and you get a real load balancer w...

MetalLB in L2 mode

MetalLB has two modes: BGP (it speaks routing protocols to your network gear) and L2 (it answers ...

Why an API gateway, not just an ingress

Once you can get an external IP, you need something to route HTTP to the right app and, ideally, ...

Kong, backed by PostgreSQL

Kong can run config-only ("DB-less") or backed by a database. I chose DB-backed, against the exis...

Securing the admin surface (the loopback trick)

Kong's Admin API is powerful — it can reconfigure the whole gateway — and the open-source edition...

TLS lives at the edge, not in the gateway

A natural instinct is to give Kong a certificate and let it serve HTTPS. I did that first — and t...
Back to top