It can be tricky to understand how Kubernetes Services and Ingresses interact. The most important distinction relates to the concept of a Kubernetes Service.
- A Kubernetes
LoadBalancer
is a type ofService
. - A Kubernetes
Ingress
is not a type ofService
. It is a collection of rules. An Ingress Controller in your cluster watches forIngress
resources, and attempts to update the server side configuration according to the rules specified in theIngress
.
For both Ingress
and LoadBalancer
resources, different Kubernetes providers (such as GKE, Amazon EKS, or bare metal) support different
features. One of the things that makes Ingresses and LoadBalancers tricky is that your YAML manifest files might not be portable between different platforms
and controllers.
Let’s talk about Services. One thing that clarified services for me is understanding how the different services build on each other. For example the ClusterIP
is a simplest type. NodePort
does everything that ClusterIP
does (and more). LoadBalancer
is another layer of capability
on top of NodePort
.
So the mental process when I need a Service
is:
- Am I trying to help my pods talk to each other? If yes, ClusterIP is enough. If not…
- Am I trying to make my
Service
accessible on the public web (on a port above 30000)? If yes, NodePorts is enough (this is unusual). If not… - Am I trying to manage most public traffic coming into the cluster? If yes, choose an Ingress or a LoadBalancer. This is where things get tricky, because your
options depend on the controllers that are available on your cluster.
- Load Balancers tend to be a little simpler than Ingresses.
- Ingresses might come with nice features like TLS/HTTPS termination and limited HTTP routing.
In my cluster I use the NGINX Ingress Controller for routing incoming HTTP requests to different services
based on their Host
HTTP header and url.
Make sure you understand what ingress controller is installed on your cluster (if any) and know that the YAML manifests for it are likely not portable to other Ingress Controllers — the YAML manifest that you give to the NGINX Ingress Controller might need to be pretty different than the manifest that you give to your GKE Ingress.