It can be tricky to understand how Kubernetes Services and Ingresses interact. The most important distinction relates to the concept of a Kubernetes Service.
- A Kubernetes
LoadBalanceris a type of
- A Kubernetes
Ingressis not a type of
Service. It is a collection of rules. An Ingress Controller in your cluster watches for
Ingressresources, and attempts to update the server side configuration according to the rules specified in the
LoadBalancer resources, different Kubernetes providers (such as GKE, Amazon EKS, or bare metal) support different
features. One of the things that makes Ingresses and LoadBalancers tricky is that your YAML manifest files might not be portable between different platforms
Let’s talk about Services. One thing that clarified services for me is understanding how the different services build on each other. For example the
ClusterIP is a simplest type.
NodePort does everything that
ClusterIP does (and more).
LoadBalancer is another layer of capability
on top of
So the mental process when I need a
- Am I trying to help my pods talk to each other? If yes, ClusterIP is enough. If not…
- Am I trying to make my
Serviceaccessible on the public web (on a port above 30000)? If yes, NodePorts is enough (this is unusual). If not…
- Am I trying to manage most public traffic coming into the cluster? If yes, choose an Ingress or a LoadBalancer. This is where things get tricky, because your
options depend on the controllers that are available on your cluster.
- Load Balancers tend to be a little simpler than Ingresses.
- Ingresses might come with nice features like TLS/HTTPS termination and limited HTTP routing.
In my cluster I use the NGINX Ingress Controller for routing incoming HTTP requests to different services
based on their
Host HTTP header and url.
Make sure you understand what ingress controller is installed on your cluster (if any) and know that the YAML manifests for it are likely not portable to other Ingress Controllers — the YAML manifest that you give to the NGINX Ingress Controller might need to be pretty different than the manifest that you give to your GKE Ingress.