Networking Architecture
Secure, scalable, and cost-effective networking for ephemeral environments
🌐 Network Architecture
Complete networking setup showing traffic flow from users through Google Cloud Load Balancer to GKE pods.
⚡ Why NEG is Enabled
Network Endpoint Groups (NEG) provide significant performance and reliability benefits:
📈 With NEG (Optimized)
Google Load Balancer → Pod (directly)
- ✅ Direct pod connection
- ✅ Lower latency
- ✅ Pod-level health checks
- ✅ Better failover
📉 Without NEG (Traditional)
Google Load Balancer → Node → kube-proxy → Service → Pod
- ❌ Extra network hops
- ❌ Higher latency
- ❌ Node-level health checks
- ❌ Slower failover
🚀 Key Benefits
⚡ Performance
- Reduced latency for API calls
- Better throughput for static assets
- Eliminates kube-proxy overhead
- Optimal for HTMX server interactions
🛡️ Reliability
- Pod-level health monitoring
- Faster failover on pod failure
- More granular load balancing
- Better integration with GKE Autopilot
🔗 Static IP Strategy
🎯 Three-Tier Approach
-
ArgoCD:
argocd.florenciacomuzzi.com
Dedicated static IP for GitOps management interface -
Blueberry Main:
blueberry.florenciacomuzzi.com
Core platform interface with dedicated static IP -
Ephemeral Environments:
*.ephemeral.blueberry.florenciacomuzzi.com
Shared wildcard domain for all temporary environments
💰 Cost Optimization
💡 Shared Infrastructure
- Single static IP for all ephemeral environments
- Wildcard SSL certificate reduces management overhead
- GKE Autopilot eliminates node management costs
- NEG reduces CPU overhead from kube-proxy
📊 Resource Efficiency
- Auto-scaling based on actual demand
- No pre-allocated load balancer instances
- Efficient routing with path-based ingress
- Automatic cleanup of terminated environments