I have always been someone who uses NGINX whenever I am setting up a Kubernetes cluster. It has always just been the quick and easy standup an NGINX ingress so I can start routing traffic. However, I recently had the chance to work with HAProxy as an ingress as we moved a client from HAProxy running on an EC2 to running HAProxy as a Kubernetes Ingress.
TL;DR
Deploying and working with it was exactly the same as working with NGINX Ingress. From cert-manager to deploying an Ingress it all worked happily and in harmony to allow things to operate correctly. Overall if I had not been the one to deploy the ingress controller you could have named it NGINX and I would not have known the difference.
This is something that I consider a win for Kubernetes. This allowed me to do something that should be quickly and easily interchangeable and overall just make life a little easier.
Rate Limiting
To me the ability to rate limit requests are about the same for both. They have slightly different annotations but they both allow rate limiting for a specific amount of time. I do wish that the HAProxy version had a little more around setting up a challenge as I think that is the biggest feature that is missing from the Kubernetes Ingress version.
Internal Load Balancer
This is probably mostly due to human error, some Helm Chart issues, and some Flux issues. I wasn’t able to stand up a separate HAProxy ingress for internal. Overall this wasn’t a big deal since I could quickly throw NGINX in there for the short term. However, it seems that the Helm Chart may have some slight issues that I wasn’t able to work around.
Ultimately I will chalk this one up to user error more than anything. Between that and some stress of getting stuff working decisions had to be made.
Certificates
Overall the Let’s Encrypt Certificate Manager works exactly the same for NGINX and HAProxy. The main benefit that I will give the Kubernetes Ingress HAProxy is that it better handles the formatting of Let’s Encrypt. Running it on the EC2 machine there was always the manual process of rotating a certificate and then having to format it very specifically so that HAProxy would read it.
Final Thoughts
Really nothing major to report here. Overall they are both Ingress options for Kubernetes that provide just that, Ingress. I don’t know that one is better or worse than the other and I think it truly just comes down to a matter of preference. I will report back as we start to do some more metric monitoring to see if there are any major differences there.