When to use external LoadBalancer in K8s?

11/15/2019

Explaining my confusion / lack of understanding

When reading about the external LoadBalancer in K8s, which is a cloud provider only feature, I don't quite understand when it should be used, as when one creates a Deployment K8s will do Round Robin load balancing on the pods in that Deployment.

So from my current understanding all one would need to do is make a NodeIP, and you have the equivalent of an external load balancer?

Or should I think of the LoadBalancer type as haproxy/nginx/Envoy, where one can do SSL, reverse proxy, and many other useful things?

My current guess is that the proper use of LoadBalancer is to add many NodeIP's, but I can't find anything to back that up.

Question

Can anyone explain when and why to use LoadBalancer and not just using the NodeIP?

-- Sandra Schlichting
kubernetes
linux

1 Answer

11/15/2019

For example, You want to deploy multiple applications in your cluster, say 10 apps. You would like to access these 10 apps over internet. One way is to set those 10 application services as nodeport so you can access them from outside. For this to happen kubernetes opens 10 nodeports on each cluster node. This is a security risk.

In most of the enterprises where they work behind firewall in a closed network dont allow external traffic to/from any ports other than http/https ( 80/443 ).

One way is to set service type as Loadbalancer for each application service. So, to access 10 app, you will be provisioning 10 load balancers to access the app servers over http/https ports. Since loadbalancers are charged resources, economically it is not viable to have one load balancer for each service that you want to access over itnernet.

Is there a way to access all those 10 app services running inside kubernetes over single port. This is where ingress controller comes into picture.

Ingress controller allows single ip-port to access all services running in k8s through ingress rules. The ingress controller service is set to load balancer so it is accessible from public internet

-- P Ekambaram
Source: StackOverflow