Day 31 of 90 Days Of DevOps Challenge: Exploring Kubernetes with Headless Service and Ingress

Vaishnavi DVaishnavi D
4 min read

Yesterday, I explored Namespaces in Kubernetes, learning how they isolate and organize cluster resources. That foundation helped me understand how Kubernetes environments are structured and securely separated. Today, I went one step further and explored advanced ways to expose applications within and outside the cluster using Headless Services and Ingress Controllers.

What is a Headless Service?

A Headless Service is a special type of Service in Kubernetes used when you don’t need load balancing or a stable cluster IP. Instead of acting as a single access point, it provides DNS records for each pod, allowing clients to interact directly with individual pod endpoints.

How a Headless Service Works

A Headless Service is defined by setting clusterIP: None in the service’s YAML manifest. This configuration tells Kubernetes not to assign a virtual IP (VIP). Instead, Kubernetes uses DNS to return individual Pod IPs for all matching Pods.

Here’s what happens:

  • No virtual IP or built-in load balancing is assigned.

  • The DNS query for the service name returns multiple A/AAAA records, one for each Pod.

  • Clients can then use direct service discovery to connect to individual Pods.

This approach is ideal when the client needs more control over which Pod it talks to, such as for custom routing or when Pods aren’t interchangeable.

Real-World Use Cases for Headless Services

Stateful Applications (e.g., Cassandra, Kafka, Elasticsearch)

These apps require direct communication between nodes, each with a unique identity. With StatefulSets and Headless Services, each Pod gets a stable DNS name (e.g., cassandra-0.cassandra.default.svc.cluster.local), enabling node-to-node interactions crucial for distributed databases or message brokers.

Custom Load Balancing

When default Kubernetes load balancing isn’t enough, apps can use client-side logic to pick a Pod. Headless Services return all Pod IPs via DNS, letting tools like Netflix Ribbon or Spring Cloud select Pods based on latency, CPU usage, or other metrics.

Example: A smart app queries all Pod IPs and connects to the one with the lowest response time.

Example Headless Service YAML:

apiVersion: v1
kind: Service
metadata:
  name: example-headless-service
spec:
  clusterIP: None    # ← Marks it as headless
  selector:
    app: example
  ports:
    - protocol: TCP
      port: 80
      targetPort: 8080

Since no cluster IP is assigned (clusterIP: None), Kubernetes creates DNS A records for each Pod under the service name. This is powerful when building apps like Cassandra or MySQL Galera clusters.

What Is Ingress?

When deploying applications in Kubernetes, exposing them to the outside world is essential. While Services like NodePort and LoadBalancer can get the job done, Ingress provides a more powerful and flexible way to manage external access, especially for HTTP and HTTPS traffic.

An Ingress is a Kubernetes API object that acts as an entry point to your cluster. It’s not a Service itself, but it manages and routes external requests to the right internal Services based on defined rules, typically domain names and URL paths.

With Ingress, you can:

  1. Route traffic based on hostnames or URL paths

  2. Terminate SSL/TLS (i.e., handle HTTPS connections)

  3. Set up centralized access policies (e.g., auth, rate limiting)

This makes Ingress ideal for managing multiple applications behind a single IP or load balancer.

Sample Ingress YAML

Version: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
spec:
  rules:
    - host: example.com
      http:
        paths:
          - path: /app
            pathType: Prefix
            backend:
              service:
                name: example-service
                port:
                  number: 80

What This Does:

  • When a user visits http://example.com/app, traffic is forwarded to the internal service example-service on port 80.

  • The pathType: Prefix means it matches /app and anything that starts with it.

NOTE: To use Ingress, you need an Ingress Controller like NGINX or Traefik running in your cluster.

Final Thoughts

Headless Services and Ingress Controllers show how Kubernetes supports both fine-grained internal service discovery and robust external access control. Where standard services abstract away the backend, headless services let you reach each pod directly, which is vital for databases and stateful workloads. Meanwhile, Ingress consolidates multiple routes under one entry point, offering both elegance and efficiency.

These tools empower you to design production-ready architectures that are scalable, flexible, and secure. Tomorrow, I’ll move on to Deployments and learn how Kubernetes handles versioning and rolling updates. Stay tuned!

0
Subscribe to my newsletter

Read articles from Vaishnavi D directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Devops#90daysofdevopsKubernetesk8singresszerotoroot

Written by

Vaishnavi D
Vaishnavi D