NodePort vs. LoadBalancer vs. Ingress Controller

TechOps Examples

Hey — It's Govardhana MK 👋

Welcome to another technical edition.

Every Tuesday – You’ll receive a free edition with a byte-size use case, remote job opportunities, top news, tools, and articles.

Every Thursday and Saturday – You’ll receive a special edition with a deep dive use case, remote job opportunities, and articles.

Kedify is Offering a Live Demo of Kubernetes scaling for modern workloads.

You’ll discover:

• How to cut cloud costs by 30–40%

• How to automate scaling for HTTP, gRPC, queue, and inference workloads

• How it is custom made for top DevOps / Platform / SRE leads.

It all takes 15 mins.

👀 Remote Jobs

• Eloquent AI is hiring a DevOps & Infrastructure Engineer

  Remote Location: Worldwide

• Platinumlist is hiring a Senior DevOps Engineer - AWS

  Remote Location: India

📚️ Resources

• Google just built the largest Kubernetes cluster with 130,000 nodes

• Rocky Linux 10.1 release brings soft reboots and new toolchains

• [Research Paper] The True Cost of Kubernetes Platform Adoption

TOGETHER WITH THE DEEP VIEW

The AI Insights Every Decision Maker Needs

You control budgets, manage pipelines, and make decisions, but you still have trouble keeping up with everything going on in AI. If that sounds like you, don’t worry, you’re not alone – and The Deep View is here to help.

This free, 5-minute-long daily newsletter covers everything you need to know about AI. The biggest developments, the most pressing issues, and how companies from Google and Meta to the hottest startups are using it to reshape their businesses… it’s all broken down for you each and every morning into easy-to-digest snippets.

If you want to up your AI knowledge and stay on the forefront of the industry, you can subscribe to The Deep View right here (it’s free!). 

🧠 DEEP DIVE USE CASE

NodePort vs. LoadBalancer vs. Ingress Controller

One of the first things you learn in Kubernetes is that Pods don’t last forever. They can get rescheduled, restarted, or replaced without warning. So when you want to expose an application running inside the cluster, you don’t point traffic directly to a Pod. You go through a Service.

A Kubernetes Service provides a stable network identity by selecting Pods using labels and exposing them through a consistent endpoint and follows a layered access model.

• ClusterIP: Exposes the service on an internal IP accessible only within the Kubernetes cluster, used for inter pod communication.

• NodePort: Exposes the service on a static port across all cluster nodes, allowing external access via any node’s IP and that port.

• LoadBalancer: Provisions an external load balancer that forwards traffic to NodePort services, providing a single external IP for client access.

Here are four traffic control patterns you’ll often see:

1. Access With NodePort

2. Access With Load Balancer

3. Ingress Controller managing service routing

4. Load Balancer combined with Ingress Controller

1. Access With NodePort

You’ll usually see this pattern in on prem clusters or early stage cloud setups where a full LoadBalancer integration isn’t available.

But here’s what you really need to know:

• NodePort isn’t real load balancing. DNS round robin may seem like a distribution method, but it doesn’t account for node health or service level metrics. If one node is overloaded or down, traffic still gets routed to it.

• Clients need to know node IPs and ports. This breaks abstraction. If your client or API gateway is outside Kubernetes, you’re hardcoding infrastructure details into configs. Bad for portability.

• Overloaded nodes aren’t just inefficient, they cause failure. Because Kubernetes can’t rebalance incoming traffic across healthy nodes, one node taking the hit can result in failed connections even if pods are healthy on other nodes.

• Port range limits matter. You only get 2767 usable ports in the default NodePort range (30000–32767). In clusters with many services or aggressive blue-green deployments, it’s easy to run out.

• No SSL termination, DNS based routing, or URL mapping. You’ll have to bolt on those capabilities manually or rely on external proxies, which adds complexity.

If you’re still using NodePort in production, treat it as a temporary bridge. Replace it with a LoadBalancer or Ingress as soon as possible unless you have strict on prem constraints.

And, we will see how to do that.

🔴 Get my DevOps & Kubernetes ebooks! (free for Premium Club and Personal Tier newsletter subscribers)

Become a paying subscriber to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In.

Paid subscriptions get you:

• • Access to archive of 250+ use cases
• • Deep Dive use case editions (Thursdays and Saturdays)
• • Access to Private Discord Community
• • Invitations to monthly Zoom calls for use case discussions and industry leaders meetups
• • Quarterly 1:1 'Ask Me Anything' power session