I'm a newbie of Kubernetes and stuck by the network part.
Kubernetes documentation:
There are several ways to publish a service:
- NodePort, exposes the Service on each Node's IP at a static port (the NodePort)
- Load Balancer, Exposes the Service externally using a cloud provider's load balancer. NodePort and ClusterIP services, to which the external load balancer routes, are automatically created.
From my understanding, a Kubernetes service object is a logical layer abstraction, which is implemented via Kube Proxy, IP tables, IPVS and etc.
The service is different from the EC2 instance and Load Balancer, which physically exist and could be reachable.
The following diagram shows how load balancer service works, but it doesn't explain how Elastic load balancer reaches out to Kubernetes service.
Question 1: How does Cloud-Native Elastic Load Balancer(ELB) reach out traffic to Service?
I assume the Service of Load Balancer type is similar to the Service of NodePort type under the hood, They both take advantage of the NodePort. The only difference is, for Service of Load Balancer Type, the cloud will help us to take care of NodePort and Target group, we don't have to manually manage it by ourselves.
Traffic
↓
Load Balancer
↓
Target Group
↓
VM Node Port (IP + Port)
↓
cluster IP of service
↓
Kube proxy (IPVS)
↓
The pods of services
Is my assumption correct?
Question 2: If we disable the NodePort of VM, how does ELB route to service?
In Kubernetes V1.20.0, Kubernetes provides a new parameter allocateLoadBalancerNodePort and allows the user to disable the NodePort of VM.
KEP-1864: Optionally Disable Node Ports for Service Type=LoadBalancer
If we disable VM NodePort, how does the ELB reach out to the logical service?
Could you please explain more details? It's better to cover the TCP/IP packets routes, IP tables, IPVS, etc.
