Understanding Networking and Services in Kubernetes
Mohmmad Saif✅ Networking and services in Kubernetes are foundational components that facilitate communication within the cluster and between the cluster and external systems. Here is an in-depth look at these components:
🔗 Networking in Kubernetes
Flat Network Model: Kubernetes assumes a flat network where every pod can communicate with any other pod without NAT.
Unique Pod IPs: Each pod gets a unique IP address within the cluster for direct communication.
Container Network Interface (CNI): CNI plugins manage the networking setup. Popular CNI plugins include:
Calico: Offers both networking and network security.
Flannel: Simplifies networking by providing layer 3 connectivity.
Weave: Supports mesh networking, making it easy to connect containers.
Canal: Combines Flannel's networking with Calico's network policy capabilities.
Service Discovery and DNS
- CoreDNS: Kubernetes uses CoreDNS for service discovery. It provides DNS-based resolution for services, allowing pods to find and communicate with each other using DNS names rather than IP addresses.
☑️ Services in Kubernetes
↪️ Service Types
- ClusterIP:
Description: The default service type, which provides an internal IP for communication within the cluster.
Usage: Ideal for internal services that do not require external access.
Example:
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
selector:
app: my-app
ports:
- protocol: TCP
port: 80
targetPort: 9376
type: ClusterIP
- NodePort:
Description: Exposes the service on a static port on each node's IP address, allowing external traffic to access the service via
<NodeIP>:<NodePort>.Usage: Suitable for exposing a service externally on a specific port.
Example:
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
type: NodePort
selector:
app: my-app
ports:
- protocol: TCP
port: 80
targetPort: 9376
nodePort: 30007
- LoadBalancer:
Description: Provisions an external load balancer to distribute traffic to the service pods. This service type is typically used in cloud environments.
Usage: Used to expose services to the internet with automatic load balancing.
Example:
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
type: LoadBalancer
selector:
app: my-app
ports:
- protocol: TCP
port: 80
targetPort: 9376
- ExternalName:
Description: Maps a service to an external DNS name, allowing pods to access external services using a Kubernetes service.
Usage: Useful for integrating with external services outside the cluster.
Example:
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
type: ExternalName
externalName: my.database.example.com
↪️ Service Components
Selectors and Labels: Services use selectors to match labels on pods, determining which pods are part of the service.
Endpoints: Kubernetes automatically creates and updates endpoint objects, which contain the IP addresses and ports of the pods matching the service's selector.
↪️ Ingress
Ingress Resource: Manages external HTTP and HTTPS access to services, allowing more sophisticated URL-based routing, load balancing, SSL termination, and name-based virtual hosting.
Ingress Controllers: Implement ingress rules. Examples include NGINX, Traefik, and Istio.
Example:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingress
spec:
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: my-service
port:
number: 80
🔗 Advanced Networking Concepts
↪️ Network Policies
Network Policies: Define rules for controlling traffic between pods, enhancing security by restricting which pods can communicate with each other.
Policy Example:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-app
spec:
podSelector:
matchLabels:
app: my-app
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
role: frontend
- Service Mesh: Adds a layer for managing service-to-service communication with advanced traffic management, security, and observability. Examples include Istio, Linkerd, and Consul Connect. Uses sidecar proxies to manage network traffic.
📃 Summary
Pod-to-Pod Networking: Uses a flat network model with unique IP addresses for each pod, managed by CNI plugins.
Service Types:
ClusterIP for internal services
NodePort for exposing services on specific node ports
LoadBalancer for cloud-based load balancing
ExternalName for integrating external services
Service Discovery: CoreDNS provides DNS-based service discovery within the cluster.
Ingress: Manages external access to services with HTTP/HTTPS routing.
Network Policies: Enhance security by defining rules for traffic flow between pods.
Service Mesh: Offers advanced traffic management, security, and observability for microservices.
Subscribe to my newsletter
Read articles from Mohmmad Saif directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Mohmmad Saif
Mohmmad Saif
👋Hello I am Mohd Saif, passionate technology enthusiast currently pursuing a bachelor of Computer application degree. 🎓Education: I am currently pursuing a bachelor of Computer application degree with the focus on coding at Bareilly University my education journey has equipped me with strong foundation in Computer science and I am eager to apply my knowledge to real word challenges. 💡Passion for technology: I have always been deeply passionate about technology and I am particular drawn to devops with AWS. 🚀Skills: 🔹Linux 🔹Shell scripting 🔹Python 🔹Ansible 🔹Docker 🔹Kubernetes 🔹Jenkins CI/CD 🔹Maven 🔹Git and GitHub ✨Future goals: My goal is to facilitate seamless collaboration between development and operations teams, ensuring faster releases and high-quality software. I am a proactive learner, constantly exploring new DevOps trends and practices