Yash Singh
GitHubLeetcodeCodeforces
Back to all posts
DevOps
Load Balancer
Ingress Controller

Load Balancers & Ingress Controllers

8 min read
Load Balancers & Ingress Controllers

Introduction

In modern distributed systems and cloud-native architectures, efficiently routing traffic to your applications is crucial for performance, reliability, and scalability. Two key components that enable this routing are load balancers and ingress controllers. While they may seem similar at first glance, they serve different purposes and operate at different levels of the network stack.

Load Balancers

What is a Load Balancer?

A load balancer is a device or service that distributes incoming network traffic across multiple servers to ensure no single server becomes overwhelmed. This improves application availability and reliability by preventing any single point of failure.

Loading diagram...
graph TB subgraph "External Network" client[Client] end subgraph "Load Balancer" lb[Load Balancer] lb_health[Health Checker] end subgraph "Backend Servers" server1[Server 1] server2[Server 2] server3[Server 3] end client -->|Request| lb lb_health -->|Monitor| server1 lb_health -->|Monitor| server2 lb_health -->|Monitor| server3 lb -->|Route Traffic| server1 lb -->|Route Traffic| server2 lb -->|Route Traffic| server3 classDef external fill:#f9f,stroke:#333,stroke-width:2px; classDef lb fill:#bbf,stroke:#333,stroke-width:2px; classDef servers fill:#bfb,stroke:#333,stroke-width:2px; class client external; class lb,lb_health lb; class server1,server2,server3 servers;

Types of Load Balancers

1. Layer 4 Load Balancers (Transport Layer)

  • Operates at the transport layer (TCP/UDP)
  • Routes traffic based on IP address and port
  • Faster but less feature-rich than L7 load balancers
  • Examples: AWS Network Load Balancer, HAProxy (in TCP mode)

2. Layer 7 Load Balancers (Application Layer)

  • Operates at the application layer (HTTP/HTTPS)
  • Routes traffic based on content (headers, URL paths, cookies)
  • More intelligent routing capabilities
  • Examples: AWS Application Load Balancer, NGINX, HAProxy (in HTTP mode)

Key Features of Load Balancers

  • Health Checks: Monitors backend servers and routes traffic only to healthy instances
  • Session Persistence: Ensures a client's requests go to the same server
  • SSL Termination: Handles encryption/decryption to offload this work from application servers
  • Auto-scaling Integration: Works with auto-scaling groups to handle varying loads
  • Global Server Load Balancing (GSLB): Distributes traffic across multiple data centers

Ingress Controllers

What is an Ingress Controller?

An Ingress Controller is a specialized application-layer (L7) controller specifically designed for Kubernetes environments. It implements the Kubernetes Ingress resource, which defines rules for routing external HTTP/HTTPS traffic to internal services.

Loading diagram...
graph TB subgraph "External Network" client[Client] extLB[External Load Balancer] end subgraph "Kubernetes Cluster" node1[Node 1] node2[Node 2] subgraph "Ingress Controller" ic[Ingress Controller Pod] ingress[Ingress Resources] end subgraph "Services Layer" svc1[Service A] svc2[Service B] end subgraph "Pod Layer" podA1[Pod A-1] podA2[Pod A-2] podB1[Pod B-1] podB2[Pod B-2] end end client -->|Request| extLB extLB -->|Forward| node1 extLB -->|Forward| node2 node1 ---|NodePort/LoadBalancer| ic node2 ---|NodePort/LoadBalancer| ic ic -->|Consult| ingress ic -->|Route to /service-a| svc1 ic -->|Route to /service-b| svc2 svc1 -->|Load Balance| podA1 svc1 -->|Load Balance| podA2 svc2 -->|Load Balance| podB1 svc2 -->|Load Balance| podB2 classDef external fill:#f9f,stroke:#333,stroke-width:2px; classDef nodes fill:#fbb,stroke:#333,stroke-width:2px; classDef ingress fill:#bbf,stroke:#333,stroke-width:2px; classDef service fill:#bfb,stroke:#333,stroke-width:2px; classDef pods fill:#ffb,stroke:#333,stroke-width:2px; class client,extLB external; class node1,node2 nodes; class ic,ingress ingress; class svc1,svc2 service; class podA1,podA2,podB1,podB2 pods;

How Ingress Controllers Work

  1. Kubernetes admin creates Ingress resources (YAML configurations)
  2. Ingress Controller watches for Ingress resources
  3. Controller configures the underlying load balancing solution based on Ingress rules
  4. External traffic is routed according to these rules

Popular Ingress Controllers

  • NGINX Ingress Controller: Based on NGINX, highly configurable
  • Traefik: Cloud-native edge router with automatic service discovery
  • HAProxy Ingress: Based on HAProxy, good for high-performance needs
  • AWS ALB Ingress Controller: Uses AWS Application Load Balancer
  • Istio Gateway: Part of the Istio service mesh

Key Features of Ingress Controllers

  • Path-based Routing: Route traffic based on URL paths
  • Host-based Routing: Route traffic based on host headers
  • TLS Termination: Handle SSL/TLS certificates
  • Canary Deployments: Gradually shift traffic to new versions
  • Rate Limiting: Control request rates to protect services
  • Authentication: Support for various authentication methods
  • Integration with Service Mesh: Work with service mesh solutions for advanced traffic management

Key Differences Between Load Balancers and Ingress Controllers

Loading diagram...
graph TB subgraph "Traditional Load Balancer Setup" client1[Client] lb1[Load Balancer] webA[Web Server A] webB[Web Server B] apiA[API Server A] apiB[API Server B] client1 -->|Request| lb1 lb1 -->|/web traffic| webA lb1 -->|/web traffic| webB lb1 -->|/api traffic| apiA lb1 -->|/api traffic| apiB end subgraph "Kubernetes with Ingress Setup" client2[Client] extLB[External Load Balancer] nodes[Kubernetes Nodes] ic[Ingress Controller] ing[Ingress Rules] svcWeb[Web Service] svcAPI[API Service] podWebA[Web Pod A] podWebB[Web Pod B] podApiA[API Pod A] podApiB[API Pod B] client2 -->|Request| extLB extLB -->|All Traffic| nodes nodes --> ic ic -->|Consult| ing ic -->|/web traffic| svcWeb ic -->|/api traffic| svcAPI svcWeb -->|Load Balance| podWebA svcWeb -->|Load Balance| podWebB svcAPI -->|Load Balance| podApiA svcAPI -->|Load Balance| podApiB end classDef clients fill:#f9f,stroke:#333,stroke-width:2px; classDef loadbalancers fill:#bbf,stroke:#333,stroke-width:2px; classDef servers fill:#bfb,stroke:#333,stroke-width:2px; classDef k8s fill:#ffb,stroke:#333,stroke-width:2px; classDef ingress fill:#fbf,stroke:#333,stroke-width:2px; class client1,client2 clients; class lb1,extLB loadbalancers; class webA,webB,apiA,apiB,podWebA,podWebB,podApiA,podApiB servers; class nodes,svcWeb,svcAPI k8s; class ic,ing ingress;
AspectLoad BalancerIngress Controller
Level of OperationCan operate at L4 or L7Operates at L7 (HTTP/HTTPS)
EnvironmentGeneral networking infrastructureKubernetes-specific
Architecture PositionOften external to application clustersRuns within the Kubernetes cluster
ConfigurationVendor-specific configurationKubernetes Ingress resources (YAML)
ScopeGeneral traffic distributionHTTP/HTTPS routing with advanced features
Cloud IntegrationNative services in cloud providersKubernetes-native with cloud provider integrations
Protocol SupportCan support any protocol (L4) or HTTP/HTTPS (L7)Primarily HTTP/HTTPS

When to Use What?

Use a Load Balancer When:

  • You need to balance non-HTTP traffic (e.g., TCP/UDP)
  • You're working outside of Kubernetes environments
  • You need simpler, high-performance traffic distribution
  • You need global load balancing across regions

Use an Ingress Controller When:

  • You're working within Kubernetes
  • You need sophisticated HTTP routing capabilities
  • You want to leverage Kubernetes-native configuration
  • You need advanced features like canary releases, authentication, etc.

Common Architectures

External Load Balancer + Ingress Controller

A common pattern is to have an external load balancer (often provided by the cloud provider) directing traffic to multiple nodes in a Kubernetes cluster, with an Ingress Controller inside the cluster handling the fine-grained HTTP routing:

  1. External Load Balancer distributes traffic to Kubernetes nodes
  2. Traffic reaches the Ingress Controller
  3. Ingress Controller routes traffic to appropriate services based on Ingress rules

Load Balancing Algorithms

Both load balancers and ingress controllers use various algorithms to distribute traffic:

  • Round Robin: Requests are distributed sequentially across servers
  • Least Connections: Requests go to the server with the fewest active connections
  • IP Hash: Server selection based on client IP address hash (ensures session persistence)
  • Response Time: Routes to servers with fastest response times
  • Random: Random selection with optional weighting
  • Weighted Round Robin/Least Connections: Servers assigned different weights based on capacity

Implementation Examples

Basic Load Balancer Configuration (HAProxy)

frontend http_front
   bind *:80
   default_backend http_back

backend http_back
   balance roundrobin
   server server1 192.168.1.10:80 check
   server server2 192.168.1.11:80 check
   server server3 192.168.1.12:80 check

Basic Kubernetes Ingress Resource

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: example.com
    http:
      paths:
      - path: /app1
        pathType: Prefix
        backend:
          service:
            name: app1-service
            port:
              number: 80
      - path: /app2
        pathType: Prefix
        backend:
          service:
            name: app2-service
            port:
              number: 80

Best Practices

Load Balancer Best Practices

  • Implement proper health checks
  • Plan for high availability with redundant load balancers
  • Consider session persistence requirements
  • Monitor and adjust timeout settings
  • Implement proper SSL/TLS configuration
  • Set up meaningful logging and monitoring

Ingress Controller Best Practices

  • Use namespace isolation for multi-tenant clusters
  • Implement rate limiting to protect services
  • Set appropriate resource requests and limits
  • Configure proper TLS settings and certificate management
  • Use annotations for controller-specific features
  • Consider multiple ingress controllers for different traffic types
  • Implement proper monitoring and alerting

Troubleshooting Tips

Common Load Balancer Issues

  • Health check failures
  • SSL/TLS certificate problems
  • Connection draining issues
  • Timeout misconfigurations
  • Network ACL and security group restrictions

Common Ingress Controller Issues

  • Incorrect Ingress resource configuration
  • Certificate management problems
  • Path matching issues
  • Controller-specific annotation problems
  • Resource constraints
  • Service backend connectivity issues

Conclusion

Both load balancers and ingress controllers are vital components of modern infrastructure, each serving different but complementary roles. Load balancers provide broad traffic distribution capabilities across various protocols, while ingress controllers offer specialized HTTP routing within Kubernetes environments.

In many modern architectures, both components work together: external load balancers handle the initial traffic distribution, while ingress controllers manage the fine-grained routing within Kubernetes clusters.

Understanding the strengths and appropriate use cases for each helps in designing robust, scalable, and efficient application delivery infrastructures.