25
votes

I understood Ingress can be used when we want to expose multiple service/routes with a single Load Balancer / public IP.

Now I want to expose my Nginx server to public. I have two choices

  1. Set service type as LoadBalancer voila I got public IP
  2. Use Nginx Ingress Controller

Now I can get my job done with Option 1 when or why would I choose Option 2 whats the advantage of having nginx with Ingress without Ingress ?

2
this question has already been answered: stackoverflow.com/questions/45079988/…iomv

2 Answers

51
votes

There is a difference between ingress rule (ingress) and ingress controller. So, technically, nginx ingress controller and LoadBalancer type service are not comparable. You can compare ingress resource and LoadBalancer type service, which is below.

Generally speaking:

LoadBalancer type service is a L4(TCP) load balancer. You would use it to expose single app or service to outside world. It would balance the load based on destination IP address and port.

Ingress type resource would create a L7(HTTP/S) load balancer. You would use this to expose several services at the same time, as L7 LB is application aware, so it can determine where to send traffic depending on the application state.

ingress and ingress controller relation:

Ingress, or ingress rules are the rules that ingress controller follows to distribute the load. Ingress controller get the packet, checks ingress rules and determines to which service to deliver the packet.

Nginx Ingress Controller

Nginx ingress controller uses LoadBalancer type service actually as entrypoint to the cluster. Then is checks ingress rules and distributes the load. This can be very confusing. You create an ingress resource, it creates the HTTP/S load balancer. It also gives you an external IP address (on GKE, for example), but when you try hitting that IP address, the connection is refused.

Conclusions:

You would use Loadbalancer type service if you would have a single app, say myapp.com that you want to be mapped to an IP address.

You would use ingress resource if you would have several apps, say myapp1.com, myapp1.com/mypath, myapp2.com, .., myappn.com to be mapped to one IP address.

As the ingress is L7 it is able to distinguish between myapp1.com and myapp1.com/mypath, it is able to route the traffic to the right service.

9
votes

Accepted answer covered a lots of stuff already. All of the reasons are valid, apart from that the reason I am using ingress controller in aws is to minimize cost. I have multiple web applications which are running in kubernetes cluster aws. To access those applications instead of exposing individual application as LoadBalancer and creating individual ELB (each ELB cost money), I expose ingress controller service as LoadBalancer and created ingress rule for each.

Steps involve:

  • Ingress service, exposed as loadbalancer which created ELB in aws lets say elb1.aws.com
  • Ingress rule for each web applications, eg example.com, awesome.com, helloworld.com
  • Route53 mapping all mapped to same ELB, eg: example.com -> elb1.aws.com awesome.com -> elb1.aws.com helloworld.com -> elb1.aws.com