One drawback of both NodePort and the cluster internal ClusterIP loadbalancing (they are essentially the same) is that they are Layer 4 only and purely probabilistic, so the load distribution between the actual service pods can only get so good. Using HAProxy as an intermediary, the distribution between HAProxy pods is only so good, but each of them (provided you have a wrapper that configures them with pod IPs) knows about all the pods and can do Layer 7 loadbalancing between them, thus taking load better into account.
My understanding is that the Google Cloud Balancer will also just connect to NodePorts, so even though it itself is a layer 7 LB, there is another implicit layer 4 LB between it and the pods – this may be outdated information though, check how it is actually configured. /MR On Mon, May 15, 2017 at 2:27 PM Joe Auty <joea...@gmail.com> wrote: > Thanks Evan, I'm watching this video now, thanks for passing this on! > > I actually have external load balancing working with HAProxy just by using > the cluster IPs and their NodePort-assigned ports. I'm interested in > learning about how I could run HAProxy (or NGinx) inside my cluster to > replicate this same load balancing, and what the Kubernetes-native > alternatives would be, if any. > > Evan Jones <evan.jo...@triggermail.io> > May 15, 2017 at 8:50 AM > > This won't directly help answer your questions, since I don't know the > answers. However, I found this talk about Kubernetes networking to be > extremely helpful to understand the basics. Whenever I'm running into > weirdness I end up reviewing it: > https://www.youtube.com/watch?v=y2bhV81MfKQ > > Hopefully it will help with the basics. For example, I *think* one of the > reasons an "external" load balancer may not work correctly is that it may > not see the actual state of services inside the cluster. E.g. it doesn't > know what nodes are running the actual pods. According to what I seem to > recall from this talk: one of the ways services can work is that external > processes connect to any node in the cluster, and that node forwards it to > a pod that is actually running the service. > > However, this may be completely inaccurate since I am far from an expert > here, so I'm looking forward to seeing the real answers :) > > Evan > > > > > On Sunday, May 14, 2017 at 1:28:45 PM UTC-4, Joe Auty wrote: > -- > You received this message because you are subscribed to the Google Groups > "Kubernetes user discussion and Q&A" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to kubernetes-users+unsubscr...@googlegroups.com. > To post to this group, send email to kubernetes-users@googlegroups.com. > Visit this group at https://groups.google.com/group/kubernetes-users. > For more options, visit https://groups.google.com/d/optout. > > Joe Auty <joea...@gmail.com> > May 14, 2017 at 1:28 PM > > Sorry for such a vague subject, but I think I need some help breaking > things down here. > > I think I understand how the Google layer 7 LBs work (this diagram helped > me: > https://storage.googleapis.com/static.ianlewis.org/prod/img/750/gcp-lb-objects2.png) > , I understand NGinx and HAProxy LBs independently, and I believe I also > understand the concepts of NodePort, Ingress controllers, services, etc. > > What I don't understand is why when I research things like socket.io > architectures in Kubernetes (for example), or features like IP > whitelisting, session affinity, etc. I see people putting NGinx or HAProxy > into their clusters. It is hard for me to keep straight all of the > different levels of load balancing and their controls: > > > - Google backend services (i.e. Google LB) > - Kubernetes service LB > - HAProxy/NGinx > > > The rationale for HAProxy and NGinx seems to involve compensating for > missing features and/or bugs (kube-proxy, etc.) and it is hard to keep > straight what is a reality today and what the best path is? > > Google's LBs support session affinity, and there are session affinity > Kubernetes service settings, so for starters, when and why is NGinx or > HAProxy necessary, and are there outstanding issues with tracking source > IPs and setting/respecting proper headers? > > I'm happy to get into what sort of features I need if this will help steer > the discussion, but at this point I'm thinking maybe it is best to start at > a more basic level where you treat me like I'm 6 years old :) > > Thanks in advance! > -- > You received this message because you are subscribed to the Google Groups > "Kubernetes user discussion and Q&A" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to kubernetes-users+unsubscr...@googlegroups.com. > To post to this group, send email to kubernetes-users@googlegroups.com. > Visit this group at https://groups.google.com/group/kubernetes-users. > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "Kubernetes user discussion and Q&A" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to kubernetes-users+unsubscr...@googlegroups.com. > To post to this group, send email to kubernetes-users@googlegroups.com. > Visit this group at https://groups.google.com/group/kubernetes-users. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
