metalLB vs nodeport in kubernetes

Question

In https://kubernetes.github.io/ingress-nginx/deploy/baremetal/ In metalLB mode, one node attracts all the traffic for the ingress-nginx By node port we can gather all traffic and loadbalance it podes by service

what is diffrence between node port and metalLB?

Answer 1

A Nodeport offers access to a service through a port on the node (hence node+port). A port is allocated that you can access the service through on any node in the cluster.

MetalLB is a load balancer for on-prem clusters. It allocates services with separate dedicated IP addresses allocated from a pool. So, if you want to access a service (an ingress controller or something else) on a dedicated IP then MetalLB allows you to do this.

MetalLB works in two ways, either BGP or Layer2 ARP. The latter is easier to set up if you're working on a "lab" environment. Basically the MetalLB responds to ARP requests sent by clients trying to connect to a service to which it's allocated an IP.

Answer 2

I was also struggling a bit to understand: why would i need a service of type loadbalancer, if i can use a nodePort service, which would allow me to access a service through a nodeport on all the nodes (loadbalanced by kube-proxy).

I think the main reason is security. Nodeport service forces you to expose your k8s nodes ip adresses to users. Whereas when using loadbalancer service (either with metallb or any cload-provider), as @starfry mentioned it allocates services with separate dedicated IP addresses allocated from a pool.

Nodeport service allows only exposing ports of the range 30000-32767. As the port is exposed on the K8s node and would be possible otherwise to tromp on real ports used by the node. So another reason would be for exposing a service outside of this range.