We are trying to find and implement best practises for Kubernetes and LoadBalancer typed services.
We found an entry that an open NodePort is a bad-practise if you use a LoadBalancer. Kubernetes now always creates a NodePort too, when we use type: LoadBalancer
service: type: LoadBalancer port: 30111
I cannot find a hint in the documentation why this happens, if this is normal or how to avoid a NodePort here.
What's the reason Kubernetes always creates a NodePort too?
It's a normal behavior.
From documentation:
LoadBalancer: Exposes the service externally using a cloud provider’s load balancer. NodePort and ClusterIP services, to which the external load balancer will route, are automatically created.
The problem configuring an external load balancer and a NodePort service type, is that you would be balancing requests between the nodes twice: one time at the external load balancer and another time at svc Kubernetes level.
As far as I know, using the LoadBalancer service type Kubernetes avoids doing this and at least in EKS uses the NodePort service for health check purposes (target groups).