🔍
👤
🌐 Module 2 4 LabsEst. 50 min

Networking Services

Master ClusterIP, NodePort, LoadBalancers, and Ingress to expose your applications.

Theory: How Pods Talk

Pods are ephemeral—they die, and their IPs change. A Service is an abstract way to expose an application running on a set of Pods as a network service. A Service gets a stable IP and DNS name.

Types of Services

  • ClusterIP: (Default) Exposes the Service on a cluster-internal IP. Not reachable from outside.
  • NodePort: Exposes the Service on each Node's IP at a static port. Reaches it via `NodeIP:NodePort`.
  • LoadBalancer: Exposes the Service externally using a cloud provider's load balancer.
  • Ingress: Not actually a Service type, but an API object linking routing rules (like URL paths) to internal Services.

Hands-on Labs

Lab 1: Exposing a Deployment
Use the expose command to quickly create a ClusterIP service for your nginx deployment on port 80.
kubectl expose deployment nginx-deploy --port=80
Lab 2: Listing Services
Verify that your service was created and see its internal ClusterIP.
kubectl get svc
Lab 3: NodePort Testing
Edit the service to expose it via NodePort, allowing external traffic.
kubectl edit svc nginx-deploy
Lab 4: Ingress Controllers
Deploy an Ingress controller to manage HTTP/HTTPS routes to services.
kubectl apply -f https://[ingress-yaml]

Interview Prep: Networking

Q: What is the difference between NodePort and LoadBalancer Services?

NodePort exposes the service on a static port across all Nodes' external IPs. LoadBalancer does this as well, but automatically provisions a managed external load balancer from the cloud provider (like AWS ELB) to route traffic to those NodePorts.

Q: How does DNS work inside a Kubernetes cluster?

CoreDNS watches the Kubernetes API for new Services and creates DNS records for them. If a Pod needs to talk to a Service named "database" in the same namespace, it can simply resolve "database". If it's in a different namespace (e.g., "prod"), it would use "database.prod.svc.cluster.local".

Q: How do you restrict a pod from communicating with another pod?

Using NetworkPolicies. By default, all traffic is allowed. Once a NetworkPolicy selects a Pod, it blocks all traffic unless explicitly allowed by the policy rules (either Ingress for incoming, or Egress for outgoing traffic).

Module Knowledge Check

Question 1

Terminal Simulator
K8s.Learn Simulator connected.
Type 'help' for available commands.
root@k8s-master:~#