Hey folks, I am new to k3s. I was trying to understand how klipper-lb/svc-lb works. I deployed a Single Node cluster with traefik disabled. I don't see any difference between NodePort service v/s klipper lb. I saw the klipper-lb entry script on Github and it seems like it's just opening traffic on Node's IPTables to Cluster IP. Both are opening ports on the Nodes to direct the incoming traffic to the Cluster IP. I am sure there is something more to it which I can't understand. I would love to understand it more in depth. Can any expert please help me in understanding what benefit I am getting on using it in a private cluster? And what extra does it offer in comparison to the NodePort service as in my understanding both will redirect the traffic to Cluster IP and Cluster IP will do the internal Load Balancing among the pods. Thanks!

It lets you use LoadBalancer Services. Some things want to be deployed behind a LoadBalancer Service, instead of using NodePorts; this lets you use those things without needing to make any modifications. It is similar to the LocalPath Provisioner for PVCs in that you don’t have to use it, but having a cluster with no way to provision PVs for PVCs will break things, so we include a lightweight default implementation.

Thanks for the answer Brandon. I am unable to think of any example for an workload that will need to be deployed behing a LoadBalancer without an actual load balancer like kube-vip, metal-lb being there. Can you give me an example of such scenario? And how the cluster will break coz in regular k8s it will stay in pending but still I will be able to acccess the service from <NodeIP>:<NodePort>?

Lots of folks just use ServiceLB instead of something like metallb or kube-vip, it depends on what your needs are. If you don’t like it, don’t use it. It’s there as a convenience.

Hey Brandon, I think I misplaced my ques so I wanted to know that as you said "Some things want to be deployed behind a Load Balancer instead of NodePorts" can you give a few real-life/prod examples for this in on-prem scenarios where we have a 1 or 2 nodes without any service ip range? This would help make some sense to me. I know that when we have service ips available then most of the community prefers to use metal-lb and kube-vip but I wanted to know from u in the above scenario which I mentioned when we don't give service ip range. Sorry, I am very new to all this kubernetes stuff, but I could not find any valid ans on the internet and I am really willing to understand the k3s and its components. Thanks for replying.

Example: I have 3 nodes, each have its own IP address, and my service will run in one of these 3 nodes That means outside of kubernetes cluster, we need to know IP address of nodes where my service running. If my service always run in a same node, that should be fine, but that is regulated by kubernetes cluster. Each time when service is moved to other node, client have to change IP address

Thanks for reply @wooden-autumn-36808. I think I got ur point in this case klipper/servicelb controller part of k3s will keep a track of those available nodes and fill this info in the exposed services. This will be useful in cases where we use ingress and we will not have to manually add and remove IPs of the nodes. Is this the right understanding?

👍