KB: LoadBalancers vs Ingress

Kubernetes Ingress and Service LoadBalancer both handle external access to applications running in a Kubernetes cluster, but they operate in different ways and are used in different scenarios. Here’s a comparison to understand their differences:

Kubernetes Service LoadBalancer

  1. Purpose: Exposes a single Service to external traffic by creating a load balancer.
  2. Operation:
    • Directly creates a cloud provider load balancer (e.g., AWS ELB, GCP LB).
    • Maps a single Service to the external load balancer, which routes traffic to the Service's Pods.
    • Provides a single external IP address for the Service.
  3. Use Case: Suitable for simple use cases where a single Service needs to be exposed to external traffic.
  4. Complexity: Less complex setup, easy to configure, ideal for straightforward scenarios.
  5. Example: Exposing a single web application to the internet.

Kubernetes Ingress

  1. Purpose: Manages external access to multiple Services, typically HTTP and HTTPS, providing load balancing, SSL termination, and name-based virtual hosting.
  2. Operation:
    • Requires an Ingress Controller to be deployed in the cluster (e.g., NGINX, HAProxy, Traefik).
    • Defines routing rules to direct traffic to different Services based on hostnames or paths.
    • Provides more sophisticated traffic management features, such as SSL/TLS termination, URL rewriting, and more.
  3. Use Case: Suitable for complex scenarios where multiple Services need to be exposed, or advanced routing and traffic management features are required.
  4. Complexity: More complex setup, but offers greater flexibility and functionality.
  5. Example: Hosting multiple web applications on a single IP address, with traffic routed based on the URL path or hostname.

Example YAML Definitions

Service LoadBalancer:

-yaml:
apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  selector:
    app: MyApp
  ports:
    - protocol: TCP
      port: 80
      targetPort: 9376
  type: LoadBalancer

Ingress:

-yaml:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
spec:
  rules:
    - host: myapp.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: my-service
                port:
                  number: 80
    - host: anotherapp.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: another-service
                port:
                  number: 80

Key Differences

  1. Scope:

    • LoadBalancer: Focuses on exposing a single Service.
    • Ingress: Can expose multiple Services and manage routing rules.

  2. Flexibility:

    • LoadBalancer: Limited to basic load balancing.
    • Ingress: Offers advanced features like SSL termination, path-based routing, and name-based virtual hosting.

  3. Resource Usage:

    • LoadBalancer: Each Service requires a separate load balancer, potentially leading to higher costs and resource usage.
    • Ingress: A single Ingress Controller can manage traffic for multiple Services, often reducing costs and resource usage.

  4. Configuration:

    • LoadBalancer: Simpler to configure, directly creates a cloud load balancer.
    • Ingress: Requires an Ingress Controller and more detailed configuration but provides more capabilities.

In summary, use a Service LoadBalancer for simple, single-Service exposure and Ingress for more complex, multi-Service routing and advanced traffic management.

Comments

Post a Comment

Popular posts from this blog

KB: Azure ACA Container fails to start (no User Assigned or Delegated Managed Identity found for specified ClientId)

Image
When deploying secure workloads using Azure Container Apps (ACA) , teams often face confusion between User Assigned Managed Identities (UAMI) and App Registrations . While both entities are visible in Azure Active Directory and have similar identifiers (Application ID, Object ID), they serve very different purposes . This confusion can lead to authentication failures when accessing services like Azure App Configuration or Key Vault . A common issue occurs when a container app is configured with a managed identity, but the environment variables or role assignments mistakenly reference an App Registration instead, causing errors like: "No User Assigned or Delegated Managed Identity found for specified ClientId" This article breaks down the difference between UAMI and App Registrations, explains why this issue happens, and outlines the correct approach to resolve it. Symptoms Azure Container App fails to authenticate to Azure App Configuration or other services. Logs...
Read more

Electron Process Execution Failure with FSLogix

  Technical Note: Electron Process Execution Failure with FSLogix 1. Overview When running Electron-based applications in environments using FSLogix Profile or Office Containers , users may encounter issues where the Electron process fails to launch or execute properly . This behavior has been observed in Azure Virtual Desktop (AVD) , Windows Virtual Desktop (WVD) , and other environments where FSLogix filter drivers are active. 2. Symptoms Electron-based applications (e.g., desktop apps built on Electron, CLI wrappers) do not start , remain unresponsive, or terminate silently. No visible logs or error messages are generated by the application. Standard executables run correctly when placed outside of the FSLogix-controlled profile path (e.g., copying to C:\Temp allows execution). The issue is reproducible across all Electron apps in the FSLogix-managed profile. 3. Root Cause The issue is linked to FSLogix filter drivers ( frxdrv , frxdrvvt , frxccd ) interfe...
Read more

KB:RMM VS DEX (Remote Monitoring Management vs Digital Employee Experience)

Digital Employee Experience (DEX) and Remote Monitoring and Management (RMM) tools serve different purposes and cater to distinct aspects of IT and employee management. Digital Employee Experience (DEX) Focus: Enhancing the overall experience of employees with their digital workplace tools and environment. Key Features: User Experience Monitoring: Tracks how employees interact with software and hardware, identifying issues impacting productivity. Performance Analytics: Provides insights into the performance of applications from the end-user's perspective. Feedback Mechanisms: Allows employees to report issues and give feedback on their digital tools and environment. Employee Well-being: Monitors factors that affect employee satisfaction and well-being, such as system performance and usability. Proactive Support: Identifies potential issues before they become significant problems, enabling proactive IT support. Goals: Improve employee satisfaction and productivity. Ensure a sm...
Read more