Charles Holbrow - Kubernetes: What is the Difference Between a LoadBalancer and an Ingress?

It can be tricky to understand how Kubernetes Services and Ingresses interact. The most important distinction relates to the concept of a Kubernetes Service.

A Kubernetes LoadBalancer is a type of Service.
A Kubernetes Ingress is not a type of Service. It is a collection of rules. An Ingress Controller in your cluster watches for Ingress resources, and attempts to update the server side configuration according to the rules specified in the Ingress.

For both Ingress and LoadBalancer resources, different Kubernetes providers (such as GKE, Amazon EKS, or bare metal) support different features. One of the things that makes Ingresses and LoadBalancers tricky is that your YAML manifest files might not be portable between different platforms and controllers.

Let’s talk about Services. One thing that clarified services for me is understanding how the different services build on each other. For example the ClusterIP is a simplest type. NodePort does everything that ClusterIP does (and more). LoadBalancer is another layer of capability on top of NodePort.

So the mental process when I need a Service is:

Am I trying to help my pods talk to each other? If yes, ClusterIP is enough. If not…
Am I trying to make my Service accessible on the public web (on a port above 30000)? If yes, NodePorts is enough (this is unusual). If not…
Am I trying to manage most public traffic coming into the cluster? If yes, choose an Ingress or a LoadBalancer. This is where things get tricky, because your options depend on the controllers that are available on your cluster.
- Load Balancers tend to be a little simpler than Ingresses.
- Ingresses might come with nice features like TLS/HTTPS termination and limited HTTP routing.

In my cluster I use the NGINX Ingress Controller for routing incoming HTTP requests to different services based on their Host HTTP header and url.

Make sure you understand what ingress controller is installed on your cluster (if any) and know that the YAML manifests for it are likely not portable to other Ingress Controllers — the YAML manifest that you give to the NGINX Ingress Controller might need to be pretty different than the manifest that you give to your GKE Ingress.