Kubernetes External Access
Last updated
Last updated
https://medium.com/google-cloud/kubernetes-nodeport-vs-loadbalancer-vs-ingress-when-should-i-use-what-922f010849e0
A ClusterIP service is the default Kubernetes service. It gives you a service inside your cluster that other apps inside your cluster can access. There is no external access with only ClusterIP.
However, you can access the ClusterIP service externally using Kubernetes proxy.
Use when:
Debugging your services, or connecting to them directly from your laptop for some reason
Allowing internal traffic, displaying internal dashboards, etc.
Requires you to run kubectl as an authenticated user, so should NOT use this to expose your service to the internet or use it for production services.
Most primitive way to get external traffic to service
Opens specific port on ALL NODES, then forwards traffic to service
Disadvantages:
You can only have one service per port
You can only use ports 30000–32767
If your Node/VM IP address change, you need to deal with that
Not good for long term production. Useful for demo apps or temporary apps
standard way to expose a service to the internet
All traffic on the port you specify will be forwarded to the service (no filtering, routing, etc.)
can send almost any kind of traffic to it, like HTTP, TCP, UDP, Websockets, gRPC, etc.
Disadvantage: Each service exposed with the load balancer gets its own IP address. Paying for each load balancer for each service gets expensive.
Sits in front of multiple services and act as a “smart router” or entrypoint into your cluster.
Types of Ingress controllers:
Also plugins for Ingress controllers, like the cert-manager, that can automatically provision SSL certificates for your services.
Useful:
Expose multiple services under the same IP address, and these services all use the same L7 protocol (typically HTTP)
You only pay for one load balancer if you are using the native GCP integration, and because Ingress is “smart” you can get a lot of features out of the box (like SSL, Auth, Routing, etc)
