3

An ingress controller is a Layer 7 construct. Does it bypass the Service (VIP) and Layer 4 kube proxy?

Compendius
  • 53
  • 1
  • 3

1 Answers1

4

In a nutshell: Ingress deals with North-South traffic (bringing traffic from the outside world into the cluster), a service acts a load balancer, routing the traffic to one of its pods. So, if I understand your question correctly, the answer is no: Ingress and services work together to get traffic from a client outside of the cluster to a certain pod.

You can read more about the topic in an excellent blog post series by Mark Betz (linked from here, in the "3rd-party articles" section).

Michael Hausenblas
  • 13,162
  • 4
  • 52
  • 66
  • 4
    You wrote: "the answer is no: Ingress and services work together". However, per this quote: "The NGINX ingress controller does not use Services to route traffic to the pods. Instead it uses the Endpoints API in order to bypass kube-proxy to allow NGINX features like session affinity and custom load balancing algorithms. It also removes some overhead, such as conntrack entries for iptables DNAT." – Sam Jun 07 '19 at 14:08
  • @Sam so services goes through kube-proxy, while ingress goes through ingress-controller? – Eduard Florinescu Aug 23 '22 at 09:47