1. Limitations of the Service mechanism
The load balancing function provided by Service has the following limitations:
- Only layer 4 load balancing is provided, and layer 7 load balancing is not supported.
- To use a NodePort type of Service, an external load balancer needs to be deployed outside the cluster.
- To use the Service of the LoadBalancer type, Kubernetes must run on a specific cloud service.
- Every time a Service NodePort type is created, a port will be opened on each node. When there are many projects, the port will be difficult to maintain. When there are many projects, the Iptables rules of Service also increase several times. So many iptables entries increase maintenance and fault location.
How to understand the above limitations, the following figure is the schematic diagram of NodePort mode operation:
2. How does ingress-nginx implement service discovery
In response to the above problems, k8s officially provides a compromise solution: Ingress is different from Service, Ingress is not actually a service. Instead, it sits in front of multiple services, acting as an intelligent router or entry point into the cluster.
The ingress-nginx implementation architecture is shown in the figure below:
Ingress is a resource type introduced after Kubernetes version 1.1. Ingress supports exposing Service to Kubernetes