Kubernetes: Who is first a loadbalancer or ingress

Question is straightforward, but I've not been able to quite figure out which steps a request follows when it reaches kubernetes system.

  1. Who first handle a received request? Ingress Controller, LoadBalancer, ClusterIP...

So, I know there are several ways to make pods externally accessible:

  1. Creating a NodePort service.
  2. Creating an LoadBalancer service.
  3. Creating an Ingress rule.

Some questions here related with best-practices or mandatory facts?

  1. Ingress is in front of a ClusterIP Service mandatory?

    1.1 Could or shouldn't I create an Ingress in front of a NodePort or a LoadBalancer service?

  2. Ingress Controllers are LoadBalancer Services? I mean, traefik or other Ingress Controllers are all of them deployed as LoadBalancer services?

Misunderstanding arises from several texts I've found over there:

  1. image here: Seems LoadBalancer is placed first of Ingress Controllers.
  2. image here: Seems Ingress is in front of a LoadBalancer.

Above questions arises from an attempt of expose externally a mongodb replicatset.

  1. I've created a LoadBalancer for each node. Is this correct?
  2. I'd like to create a domain using my Ingress Controller for those LoadBalancer. Can this be possible?
  3. Is there point to create an Ingress in front of a headless service?

Solution 1:

Ingress is in front of a ClusterIP Service mandatory?

If you want the service accessible externally, then you will need an externally accessible service. This can be a LoadBalancer service or an Ingress. A ClusterIP service is not accessible outside the cluster.

Could or shouldn't I create an Ingress in front of a NodePort or a LoadBalancer service?

You can create an Ingress in front of a NodePort or LoadBalancer, but there's no point in creating an Ingress in front of a LoadBalancer unless you want two different endpoints for accessing the same service (the LoadBalancer will get one IP and the Ingress Controller's own LoadBalancer will get another IP). However, using an Ingress will allow you to have additional functionality, such as SSL Certificates, which the standard LoadBalancer service resource does not (normally) provide

Ingress Controllers are LoadBalancer Services? I mean, traefik or other Ingress Controllers are all of them deployed as LoadBalancer services?

Correct. An Ingress controller opens an endpoint for traffic into the cluster, and then uses the ingress resources you create in the cluster to determine how and where to route the traffic.

The endpoint is a publicly accessible endpoint (unless you configure it to be an internal loadbalancer, in which case only machines within your corporate network will be able to access it).

The controller will normally update the Ingress resource in your cluster so you will see the IP of the loadbalancer belonging to the ingress