When to use node port service , cluster Ip service and Load balancer?

Hello Team,

I have a specific question to understand when should we use service type node port vs cluster ip vs load balancer ?

Now lets suppose we have a multi-tier applications… Web front end , application tier backend and data base tier as mySQL or SQL ? Which tier should use node port service vs cluster ip vs load balancer ?

First of all, it depends if you are on a cluster where load balancers are even supported. Cloud based clusters on AWS, Azure or GCP can provision load balancers. Our labs, for example, do not. So no provisioning of load balancers, no support for a LoadBalancer service.

If you can access a node over the network, then you can use a NodePort service, and is a poor-man’s substitute for using a LoadBalancer service.

ClusterIP services are used to make a pod or deployment available to other pods in the cluster; it’s not available from outside the cluster.

Lets suppose i have created a cluster AKS on azure . Now i have multi-tier-application. 2 pODs part of web front end . 2 pods part of application middle tier and backend 2 POD’s with sql data base. Now is that i have to implement multi-ple load balancer service to communicate between each tier ? How the communication would happen between each pods ?

You could use a load balancer service for the front-end pods, and ClusterIP services for the middle and backend tiers. The ClusterIP services will distribute load to those two non-frontend pod deployments.

Thanks for your response. Another question i have is : So is that each tier will have a different label when we have a multi-tier application ? Like web application will have a label of front-end so when we configure a load-balancer service it will be associated with selector and type front-end ?

So middle-tier will have a label as middle-tier and cluster Ip service will be associated with middle-tier label and backend tier with a different label ?

If they will have different labels then is that we will have tell the web-tier that if you need to talk to middle tier use the cluster-ip service ?

Labelling is pretty much up to you; there’s no right or wrong, there’s only “clear to my team” or not. But what you’re describing is good practice, and consistent with setting up the services you’ll need to set up.

If you are setting up a proper production-ready cluster, the only real use for load-balancer services are those that are created for the cluster’s ingress controller(s). All inbound traffic for all outward facing (frontend) workloads in the cluster should be accessed via the ingress controller.

It is bad practice on production clusters to

• Expose every outward facing application on a load balancer service. Your cloud bill will suffer as a result!
• Expose node port services - as every application will have to handle its own SSL termination instead of letting the cloud load balancer or ingress controller do it for you. And by using node port would mean putting cluster nodes in public subnets which is not secure. Node ports are really only for testing and debugging internally.

With the above, everything else in the cluster should be using regular ClusterIP including your frontend applications, but these additionally have an Ingress resource to connect them to the ingress controller.