Kubernetes NodePort vs LoadBalancer vs Ingress Intro

发表于 分类于 阅读次数: 本文字数: 2.2k 阅读时长 ≈ 2 分钟

NodePort vs LoadBalancer vs Ingress

ClusterIP

A ClusterIP service is the default Kubernetes service. It gives you a service inside your cluster that other apps inside your cluster can access. There is no external access.

1
2
3
4
5
6
7
8
9
10
11
12
13
apiVersion: v1
kind: Service
metadata:
  name: my-internal-service
spec:
  selector:
    app: my-app
  type: ClusterIP
  ports:
  - name: http
    port: 80
    targetPort: 80
    protocol: TCP

Kubernetes ClusterIP

NodePort

NodePort, opens a specific port on all the Nodes, and any traffic that is sent to this port is forwarded to the service.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
apiVersion: v1
kind: Service
metadata:
  name: my-nodeport-service
spec:
  selector:
    app: my-app
  type: NodePort
  ports:
  - name: http
    port: 80
    targetPort: 80
    nodePort: 30036
    protocol: TCP

Kubernetes NodePort

1
2
3
4
5
1. You can only have one service per port
2. You can only use ports 30000-32767
3. You need to track which node have pods with exposed ports

Don't recommand using this method in production to directly expose your service.

LoadBalancer

A LoadBalancer service is the standard way to expose a service to the interne.

Kubernetes LoadBalancer

1
Traffic on the port you specify will be forwarded to the service. There is no filtering, no routing, etc. This means you can send almost any kind of traffic to it. like HTTP, TCP, UDP, Websockets, gRPC, or whatever.

Ingress - L7 HTTP Load Balancer

Ingress is not a type of service, Instead, it sits in front of multiple services and act as a “smart router” or entrypoint into your cluster.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-ingress
spec:
  backend:
    serviceName: other
    servicePort: 8080
  rules:
  - host: foo.mydomain.com
    http:
      paths:
      - backend:
        serviceName: foo
        servicePort: 8080
  - host: mydomain.com
    http:
      paths:
      - path: /bar/*
        backend:
          seviceName: bar
          servicePort: 8080
1
2
3
Ingress is the most useful if you want to expose multiple services under the same IP address, and these servcies all use same L7 protocol

Under the hood, Ingress will use a NodePort or LoadBalancer service to expose itself to the world so it can act as that proxy.

Cheat Sheet

NodePort LoadBalancer Ingress
Supported by core Kubernetes Yes Yes Yes
Works on every platform Kubernetes will deploy Yes Only supports a few public clouds. MetalLB project allows use on-premises. Yes
Direct access to service Yes Yes No
Proxies each service through third party(NGINX, HAProxy) No No Yes
Multiple ports per service No Yes Yes
Multiple services per IP Yes No Yes
Allows use of standard service ports (80,443,etc) No Yes Yes
Have to track individual node IPs Yes No Yes, When using NodePort; No, when using LoadBalancer