Skip to content

Introduction to the Service Proxy Service

The Service Proxy service provides a secure, reliable, and flexible way to route external traffic from the internet to your applications running inside the Kubernetes cluster. It acts as the single entry point for all incoming HTTP/HTTPS traffic, enabling you to manage routing, security, and traffic policies from a central place.

By default, services running in a Kubernetes cluster are not accessible from the outside world. The Service Proxy service solves this by implementing an Ingress controller, a critical component that manages external access to your services. This allows you to expose multiple services under a single IP address, using standard HTTP/S routing rules.

Our managed Service Proxy is built on Contour, a modern, high-performance Ingress controller that uses the industry-standard Envoy proxy as its data plane.

How It Works

The Service Proxy continuously watches for Kubernetes resources like Ingress and Contour's own HTTPProxy custom resource. When you create one of these resources in your Git repository, you are declaring how you want traffic to be routed. For example, you can specify that traffic for app.example.com/api should be sent to your backend API service.

The Service Proxy detects these resources and dynamically configures its underlying Envoy proxies to implement your desired routing rules, all without any downtime or manual intervention.

Features

  • Advanced Traffic Routing: Route traffic based on hostname, URL path, headers, and more. This allows you to host multiple applications and services behind a single load balancer.
  • Centralized TLS Termination: The service can terminate TLS (HTTPS) connections at the edge of the cluster. It integrates seamlessly with the Certificates Service to automate the entire lifecycle of your TLS certificates.
  • High Performance and Reliability: Built on the battle-tested Envoy proxy, the service is designed for high performance, low latency, and high availability to handle production traffic.
  • Dynamic Configuration: Routing rules can be updated on the fly without requiring a restart of the proxy, ensuring zero-downtime configuration changes.
  • Fully Managed: We handle the deployment, scaling, security, and 24/7 operation of the Contour and Envoy components, so you can focus on your applications.

Tip

For general information about pricing, legal or support concerning the platform, services or components, consult your contract or see the contact page.