What are the Advantages of using Kubernetes Ingress in Azure AKS











up vote
2
down vote

favorite
1












My understanding is that setting the Service type to LoadBalancer creates a new Azure Load Balancer and assigns an IP address to the Service. Does this mean that I can have multiple Services using port 80? If the app behind my Service (an ASP.NET Core app) can handle TLS and HTTPS why shouldn't I just use LoadBalancer's for any Service I want to expose to the internet?



what is the advantage of using an Ingress if I don't care about TLS termination (You can let Cloudflare handle TLS termination)? If anything, it slows things down by adding an extra hop for every request.










share|improve this question




























    up vote
    2
    down vote

    favorite
    1












    My understanding is that setting the Service type to LoadBalancer creates a new Azure Load Balancer and assigns an IP address to the Service. Does this mean that I can have multiple Services using port 80? If the app behind my Service (an ASP.NET Core app) can handle TLS and HTTPS why shouldn't I just use LoadBalancer's for any Service I want to expose to the internet?



    what is the advantage of using an Ingress if I don't care about TLS termination (You can let Cloudflare handle TLS termination)? If anything, it slows things down by adding an extra hop for every request.










    share|improve this question


























      up vote
      2
      down vote

      favorite
      1









      up vote
      2
      down vote

      favorite
      1






      1





      My understanding is that setting the Service type to LoadBalancer creates a new Azure Load Balancer and assigns an IP address to the Service. Does this mean that I can have multiple Services using port 80? If the app behind my Service (an ASP.NET Core app) can handle TLS and HTTPS why shouldn't I just use LoadBalancer's for any Service I want to expose to the internet?



      what is the advantage of using an Ingress if I don't care about TLS termination (You can let Cloudflare handle TLS termination)? If anything, it slows things down by adding an extra hop for every request.










      share|improve this question















      My understanding is that setting the Service type to LoadBalancer creates a new Azure Load Balancer and assigns an IP address to the Service. Does this mean that I can have multiple Services using port 80? If the app behind my Service (an ASP.NET Core app) can handle TLS and HTTPS why shouldn't I just use LoadBalancer's for any Service I want to expose to the internet?



      what is the advantage of using an Ingress if I don't care about TLS termination (You can let Cloudflare handle TLS termination)? If anything, it slows things down by adding an extra hop for every request.







      azure kubernetes kubernetes-ingress azure-kubernetes azure-aks






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 21 at 17:10

























      asked Nov 21 at 15:34









      Muhammad Rehan Saeed

      11.3k9107179




      11.3k9107179
























          1 Answer
          1






          active

          oldest

          votes

















          up vote
          1
          down vote













          No, you cant have multiple services listening on port 80, as load balancer wont know where to route them (ingress will, however). If you can affort to host each service on different port you could use load balancer. alternatively, if you have public ip for each service and different backend port on each service you can achieve this.



          quote: The protocol and port combination you entered matches another rule used by this load balancer. The protocol and port combination of each load balancing rule and inbound NAT rule on a load balancer must be unique.



          again, if you are a developer, you probably do not realize how much more convenient it is to manage certificate on ingress, and not on all individual containers that are supposed to be accessible






          share|improve this answer























          • But if the load balancer is a separate IP address, then in theory each can have it's own application on port 80. Could the load balancer route port 80 requests to Services on different ports?
            – Muhammad Rehan Saeed
            Nov 21 at 16:11






          • 1




            yeah, with different backend ports that would work
            – 4c74356b41
            Nov 21 at 16:47










          • I'm guessing the only downside might be cost, I'm not sure how the pricing works out or what you pay for? On the upside, you would not be paying for the compute power to run the ingress containers. BTW, I thinking that you could use Cloudflare to do TLS termination. I suspect that this is the fastest, cheapest compromise when it comes to using Kubernetes.
            – Muhammad Rehan Saeed
            Nov 21 at 17:12










          • nah, biggest downside is complexity. ip addresses cost almost nothing. managing certificates on different deployments would be a nightmare. and you'd have to code for that as well. makes no sense really
            – 4c74356b41
            Nov 21 at 17:14










          • In Azure, every service of type LoadBalancer gets a new PublicIP attached to the one Load Balancer created when the first service of this type is created. So it's perfectly possible to expose multiple services on the same port.
            – alev
            Nov 21 at 22:19











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53415487%2fwhat-are-the-advantages-of-using-kubernetes-ingress-in-azure-aks%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          1
          down vote













          No, you cant have multiple services listening on port 80, as load balancer wont know where to route them (ingress will, however). If you can affort to host each service on different port you could use load balancer. alternatively, if you have public ip for each service and different backend port on each service you can achieve this.



          quote: The protocol and port combination you entered matches another rule used by this load balancer. The protocol and port combination of each load balancing rule and inbound NAT rule on a load balancer must be unique.



          again, if you are a developer, you probably do not realize how much more convenient it is to manage certificate on ingress, and not on all individual containers that are supposed to be accessible






          share|improve this answer























          • But if the load balancer is a separate IP address, then in theory each can have it's own application on port 80. Could the load balancer route port 80 requests to Services on different ports?
            – Muhammad Rehan Saeed
            Nov 21 at 16:11






          • 1




            yeah, with different backend ports that would work
            – 4c74356b41
            Nov 21 at 16:47










          • I'm guessing the only downside might be cost, I'm not sure how the pricing works out or what you pay for? On the upside, you would not be paying for the compute power to run the ingress containers. BTW, I thinking that you could use Cloudflare to do TLS termination. I suspect that this is the fastest, cheapest compromise when it comes to using Kubernetes.
            – Muhammad Rehan Saeed
            Nov 21 at 17:12










          • nah, biggest downside is complexity. ip addresses cost almost nothing. managing certificates on different deployments would be a nightmare. and you'd have to code for that as well. makes no sense really
            – 4c74356b41
            Nov 21 at 17:14










          • In Azure, every service of type LoadBalancer gets a new PublicIP attached to the one Load Balancer created when the first service of this type is created. So it's perfectly possible to expose multiple services on the same port.
            – alev
            Nov 21 at 22:19















          up vote
          1
          down vote













          No, you cant have multiple services listening on port 80, as load balancer wont know where to route them (ingress will, however). If you can affort to host each service on different port you could use load balancer. alternatively, if you have public ip for each service and different backend port on each service you can achieve this.



          quote: The protocol and port combination you entered matches another rule used by this load balancer. The protocol and port combination of each load balancing rule and inbound NAT rule on a load balancer must be unique.



          again, if you are a developer, you probably do not realize how much more convenient it is to manage certificate on ingress, and not on all individual containers that are supposed to be accessible






          share|improve this answer























          • But if the load balancer is a separate IP address, then in theory each can have it's own application on port 80. Could the load balancer route port 80 requests to Services on different ports?
            – Muhammad Rehan Saeed
            Nov 21 at 16:11






          • 1




            yeah, with different backend ports that would work
            – 4c74356b41
            Nov 21 at 16:47










          • I'm guessing the only downside might be cost, I'm not sure how the pricing works out or what you pay for? On the upside, you would not be paying for the compute power to run the ingress containers. BTW, I thinking that you could use Cloudflare to do TLS termination. I suspect that this is the fastest, cheapest compromise when it comes to using Kubernetes.
            – Muhammad Rehan Saeed
            Nov 21 at 17:12










          • nah, biggest downside is complexity. ip addresses cost almost nothing. managing certificates on different deployments would be a nightmare. and you'd have to code for that as well. makes no sense really
            – 4c74356b41
            Nov 21 at 17:14










          • In Azure, every service of type LoadBalancer gets a new PublicIP attached to the one Load Balancer created when the first service of this type is created. So it's perfectly possible to expose multiple services on the same port.
            – alev
            Nov 21 at 22:19













          up vote
          1
          down vote










          up vote
          1
          down vote









          No, you cant have multiple services listening on port 80, as load balancer wont know where to route them (ingress will, however). If you can affort to host each service on different port you could use load balancer. alternatively, if you have public ip for each service and different backend port on each service you can achieve this.



          quote: The protocol and port combination you entered matches another rule used by this load balancer. The protocol and port combination of each load balancing rule and inbound NAT rule on a load balancer must be unique.



          again, if you are a developer, you probably do not realize how much more convenient it is to manage certificate on ingress, and not on all individual containers that are supposed to be accessible






          share|improve this answer














          No, you cant have multiple services listening on port 80, as load balancer wont know where to route them (ingress will, however). If you can affort to host each service on different port you could use load balancer. alternatively, if you have public ip for each service and different backend port on each service you can achieve this.



          quote: The protocol and port combination you entered matches another rule used by this load balancer. The protocol and port combination of each load balancing rule and inbound NAT rule on a load balancer must be unique.



          again, if you are a developer, you probably do not realize how much more convenient it is to manage certificate on ingress, and not on all individual containers that are supposed to be accessible







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Nov 21 at 16:48

























          answered Nov 21 at 15:55









          4c74356b41

          23.2k32050




          23.2k32050












          • But if the load balancer is a separate IP address, then in theory each can have it's own application on port 80. Could the load balancer route port 80 requests to Services on different ports?
            – Muhammad Rehan Saeed
            Nov 21 at 16:11






          • 1




            yeah, with different backend ports that would work
            – 4c74356b41
            Nov 21 at 16:47










          • I'm guessing the only downside might be cost, I'm not sure how the pricing works out or what you pay for? On the upside, you would not be paying for the compute power to run the ingress containers. BTW, I thinking that you could use Cloudflare to do TLS termination. I suspect that this is the fastest, cheapest compromise when it comes to using Kubernetes.
            – Muhammad Rehan Saeed
            Nov 21 at 17:12










          • nah, biggest downside is complexity. ip addresses cost almost nothing. managing certificates on different deployments would be a nightmare. and you'd have to code for that as well. makes no sense really
            – 4c74356b41
            Nov 21 at 17:14










          • In Azure, every service of type LoadBalancer gets a new PublicIP attached to the one Load Balancer created when the first service of this type is created. So it's perfectly possible to expose multiple services on the same port.
            – alev
            Nov 21 at 22:19


















          • But if the load balancer is a separate IP address, then in theory each can have it's own application on port 80. Could the load balancer route port 80 requests to Services on different ports?
            – Muhammad Rehan Saeed
            Nov 21 at 16:11






          • 1




            yeah, with different backend ports that would work
            – 4c74356b41
            Nov 21 at 16:47










          • I'm guessing the only downside might be cost, I'm not sure how the pricing works out or what you pay for? On the upside, you would not be paying for the compute power to run the ingress containers. BTW, I thinking that you could use Cloudflare to do TLS termination. I suspect that this is the fastest, cheapest compromise when it comes to using Kubernetes.
            – Muhammad Rehan Saeed
            Nov 21 at 17:12










          • nah, biggest downside is complexity. ip addresses cost almost nothing. managing certificates on different deployments would be a nightmare. and you'd have to code for that as well. makes no sense really
            – 4c74356b41
            Nov 21 at 17:14










          • In Azure, every service of type LoadBalancer gets a new PublicIP attached to the one Load Balancer created when the first service of this type is created. So it's perfectly possible to expose multiple services on the same port.
            – alev
            Nov 21 at 22:19
















          But if the load balancer is a separate IP address, then in theory each can have it's own application on port 80. Could the load balancer route port 80 requests to Services on different ports?
          – Muhammad Rehan Saeed
          Nov 21 at 16:11




          But if the load balancer is a separate IP address, then in theory each can have it's own application on port 80. Could the load balancer route port 80 requests to Services on different ports?
          – Muhammad Rehan Saeed
          Nov 21 at 16:11




          1




          1




          yeah, with different backend ports that would work
          – 4c74356b41
          Nov 21 at 16:47




          yeah, with different backend ports that would work
          – 4c74356b41
          Nov 21 at 16:47












          I'm guessing the only downside might be cost, I'm not sure how the pricing works out or what you pay for? On the upside, you would not be paying for the compute power to run the ingress containers. BTW, I thinking that you could use Cloudflare to do TLS termination. I suspect that this is the fastest, cheapest compromise when it comes to using Kubernetes.
          – Muhammad Rehan Saeed
          Nov 21 at 17:12




          I'm guessing the only downside might be cost, I'm not sure how the pricing works out or what you pay for? On the upside, you would not be paying for the compute power to run the ingress containers. BTW, I thinking that you could use Cloudflare to do TLS termination. I suspect that this is the fastest, cheapest compromise when it comes to using Kubernetes.
          – Muhammad Rehan Saeed
          Nov 21 at 17:12












          nah, biggest downside is complexity. ip addresses cost almost nothing. managing certificates on different deployments would be a nightmare. and you'd have to code for that as well. makes no sense really
          – 4c74356b41
          Nov 21 at 17:14




          nah, biggest downside is complexity. ip addresses cost almost nothing. managing certificates on different deployments would be a nightmare. and you'd have to code for that as well. makes no sense really
          – 4c74356b41
          Nov 21 at 17:14












          In Azure, every service of type LoadBalancer gets a new PublicIP attached to the one Load Balancer created when the first service of this type is created. So it's perfectly possible to expose multiple services on the same port.
          – alev
          Nov 21 at 22:19




          In Azure, every service of type LoadBalancer gets a new PublicIP attached to the one Load Balancer created when the first service of this type is created. So it's perfectly possible to expose multiple services on the same port.
          – alev
          Nov 21 at 22:19


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53415487%2fwhat-are-the-advantages-of-using-kubernetes-ingress-in-azure-aks%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Berounka

          Sphinx de Gizeh

          Different font size/position of beamer's navigation symbols template's content depending on regular/plain...