Services & Networking

25 minLesson 3 of 8

Learning Objectives

  • Understand Kubernetes networking model
  • Create ClusterIP, NodePort, and LoadBalancer services
  • Configure Ingress for HTTP routing
  • Use DNS for service discovery

Kubernetes Networking Model

Every Pod gets its own IP address. Pods can communicate with each other directly without NAT.

┌─────────────────────────────────────────┐
│              Cluster Network             │
│                                         │
│  ┌─────────┐  ┌─────────┐  ┌────────┐  │
│  │ Pod A   │  │ Pod B   │  │ Pod C  │  │
│  │10.1.0.5 │  │10.1.0.6 │  │10.1.1.3│  │
│  └────┬────┘  └────┬────┘  └───┬────┘  │
│       │             │           │        │
│  ─────┴─────────────┴───────────┴─────── │
│              Pod Network                 │
└─────────────────────────────────────────┘

Networking Rules

  1. Every Pod gets a unique IP
  2. Pods on any node can communicate without NAT
  3. Agents (kubelet) can communicate with all Pods
  4. Services provide stable endpoints for Pods

Service Types

ClusterIP (Default)

Internal-only access within the cluster.

apiVersion: v1
kind: Service
metadata:
  name: app-service
spec:
  type: ClusterIP
  selector:
    app: nextgen-app
  ports:
  - port: 80
    targetPort: 3000

NodePort

Exposes the service on each node's IP at a static port.

apiVersion: v1
kind: Service
metadata:
  name: app-nodeport
spec:
  type: NodePort
  selector:
    app: nextgen-app
  ports:
  - port: 80
    targetPort: 3000
    nodePort: 30080    # Range: 30000-32767

Access: http://<node-ip>:30080

LoadBalancer

Provisions an external load balancer (cloud providers).

apiVersion: v1
kind: Service
metadata:
  name: app-lb
spec:
  type: LoadBalancer
  selector:
    app: nextgen-app
  ports:
  - port: 80
    targetPort: 3000

Service Comparison

TypeAccessUse Case
ClusterIPInternal onlyMicroservice communication
NodePortExternal via node portDevelopment, testing
LoadBalancerExternal via cloud LBProduction traffic
ExternalNameDNS aliasExternal service mapping

Working with Services

# Create a service
kubectl apply -f service.yaml
 
# List services
kubectl get services
kubectl get svc
 
# Describe a service
kubectl describe svc app-service
 
# Get endpoints (pods backing the service)
kubectl get endpoints app-service
 
# Test internal access
kubectl run curl --image=curlimages/curl -it --rm -- curl http://app-service

DNS & Service Discovery

Kubernetes has built-in DNS. Every service gets a DNS entry:

<service-name>.<namespace>.svc.cluster.local

# From within a pod:
curl http://app-service                          # Same namespace
curl http://app-service.default                  # Explicit namespace
curl http://app-service.default.svc.cluster.local  # Fully qualified

DNS for Pods

# Pod DNS format
<pod-ip-dashed>.<namespace>.pod.cluster.local
 
# Example: Pod with IP 10.1.0.5 in default namespace
10-1-0-5.default.pod.cluster.local

Ingress

Ingress provides HTTP/HTTPS routing to services based on hostnames and paths.

┌──────────────────────────────────────────┐
│              Ingress Controller           │
│         (NGINX, Traefik, etc.)           │
└────────┬──────────────┬─────────────────┘
         │              │
    /app ─┘         /api ─┘
         │              │
┌────────▼───┐   ┌─────▼──────┐
│ app-service│   │ api-service │
└────────────┘   └────────────┘

Ingress Resource

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: app-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  rules:
  - host: learn.nextgenplayground.org
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: app-service
            port:
              number: 80
      - path: /api
        pathType: Prefix
        backend:
          service:
            name: api-service
            port:
              number: 80
  tls:
  - hosts:
    - learn.nextgenplayground.org
    secretName: tls-secret

Installing Ingress Controller

# NGINX Ingress Controller
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.9.0/deploy/static/provider/cloud/deploy.yaml
 
# Verify
kubectl get pods -n ingress-nginx
kubectl get svc -n ingress-nginx

Network Policies

Control traffic flow between pods:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-web-to-api
spec:
  podSelector:
    matchLabels:
      app: api
  policyTypes:
  - Ingress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: web
    ports:
    - protocol: TCP
      port: 3000

Summary

You've learned:

  • Kubernetes networking model and Pod communication
  • Service types: ClusterIP, NodePort, LoadBalancer
  • DNS-based service discovery
  • Ingress for HTTP/HTTPS routing
  • Network Policies for traffic control

Next Steps

Next, we'll manage application configuration with ConfigMaps, Secrets, and persistent storage with Volumes.

Pods & DeploymentsStorage, ConfigMaps & Secrets