What's the difference between exposing nginx as load balancer vs Ingress controller?

Siva picture Siva · Jun 21, 2018 · Viewed 8.1k times · Source

I understood Ingress can be used when we want to expose multiple service/routes with a single Load Balancer / public IP.

Now I want to expose my Nginx server to public. I have two choices

  1. Set service type as LoadBalancer voila I got public IP
  2. Use Nginx Ingress Controller

Now I can get my job done with Option 1 when or why would I choose Option 2 whats the advantage of having nginx with Ingress without Ingress ?

Answer

suren picture suren · Jun 21, 2018

There is a difference between ingress rule (ingress) and ingress controller. So, technically, nginx ingress controller and LoadBalancer type service are not comparable. You can compare ingress resource and LoadBalancer type service, which is below.

Generally speaking:

LoadBalancer type service is a L4(TCP) load balancer. You would use it to expose single app or service to outside world. It would balance the load based on destination IP address and port.

Ingress type resource would create a L7(HTTP/S) load balancer. You would use this to expose several services at the same time, as L7 LB is application aware, so it can determine where to send traffic depending on the application state.

ingress and ingress controller relation:

Ingress, or ingress rules are the rules that ingress controller follows to distribute the load. Ingress controller get the packet, checks ingress rules and determines to which service to deliver the packet.

Nginx Ingress Controller

Nginx ingress controller uses LoadBalancer type service actually as entrypoint to the cluster. Then is checks ingress rules and distributes the load. This can be very confusing. You create an ingress resource, it creates the HTTP/S load balancer. It also gives you an external IP address (on GKE, for example), but when you try hitting that IP address, the connection is refused.

Conclusions:

You would use Loadbalancer type service if you would have a single app, say myapp.com that you want to be mapped to an IP address.

You would use ingress resource if you would have several apps, say myapp1.com, myapp1.com/mypath, myapp2.com, .., myappn.com to be mapped to one IP address.

As the ingress is L7 it is able to distinguish between myapp1.com and myapp1.com/mypath, it is able to route the traffic to the right service.