Integrating traffic management, policy enforcement, and role-based access control, Red Hat Connectivity Link is a new technology from IBM’s Red Hat business unit that’s aimed at simplifying how enterprises manage application connectivity across distributed cloud environments. The technology is based on the open-source Kuadrant project, which combines traffic routing, security controls, and policy management capabilities that organizations typically handle through separate tools.
Red Hat Connectivity Link integrates several critical capabilities that traditionally required separate solutions:
- Advanced traffic management and routing
- Policy enforcement mechanisms
- Role-based access control (RBAC)
- Authentication and security policies
- Rate limiting controls
- DNS configuration management
- TLS certificate handling
Red Hat Connectivity Link is not mesh
In recent years, cloud-native Kubernetes deployments have increasingly adopted service mesh technologies like the Istio project. While it is possible to do networking connectivity with a mesh topology, that’s not quite the approach that Red Hat Connectivity Link is taking.
“Connectivity Link is utilizing the Gateway API, which was introduced by the Kubernetes community a little over one year ago, as well as integrating with different cloud service providers’ DNS solutions,” Chris Ferreira, senior principal technical product manager at Red Hat, explained to Network World.
Red Hat Connectivity Link is not a mesh, Ferreira emphasized. It’s an Envoy plugin through which Red Hat is able to integrate different capabilities beyond the standard features of an Istio or LinkerD mesh. He explained that via integrations with cloud DNS, as well as configuration mirroring, Red Hat Connectivity Link provides access to multiple clusters and workload health checks. It is also aware of appropriate routing, load balancing, and failover, and it’s able to create/edit/delete CNAME, A Records, Zones and more within any DNS provider in an automated, systematic approach, Ferreira said.
A key goal with Red Hat Connectivity Link is to make it easier for organizations to set up, manage and monitor cloud-native connectivity. Ferreira noted that the technology brings the core capabilities cloud administrators need for connectivity down to a single interface that is fully API-driven. Being API-driven enables automation as well as modern GitOps and DevOps workflows.
Why the Kubernetes Gateway API is better way to connect cloud-native deployments
The Kubernetes gateway API is, in some respects, an evolution of the earlier Ingress controller in Kubernetes. That said, Ferreira argued that the Gateway API is much more than just a new ingress controller standard. For example, it is role oriented, which will allow cluster operators to define how shared infrastructure can be used by many different groups, Ferreira noted.
The Gateway API also has more “expressiveness,” according to Ferreira.
“Gateway API resources provide out-of-the-box capabilities for things like header-based matching, traffic weighting, and more that are only currently possible in current ingress standards via custom code,” he said. “This allows for more intelligent routing, security and isolation of specific routes without the necessity of writing custom code or deploying extra resources.”
Multiple dashboards complement Red Hat Connectivity Link
For many administrators, dashboards are the primary way services are managed and configured.
Ferreira explained that Red Hat Connectivity Link ships with a dynamic console plugin for the Red Hat OpenShift Console as well as dashboards already available in the open-source Grafana dashboard catalog. The Grafana dashboard templates for Red Hat Connectivity Link are based on three separate personas: platform operator, application developer, and business user to ensure quick capability to metrics gathering. There are even more options for OpenShift.
“Within the OpenShift console you can directly edit, configure pre-made or your own YAML templates to set up rate limit policies, DNS policies, TLS policies and more,” he said. “You also have real-time visibility on those policies, where they are set to, and whether or not they are being enforced.”
Source:: Network World