- What is Kubernetes Service?
- When to use ClusterIP, NodePort, or LoadBalancer?
- How does multi-cluster service work?
- Why both Ingress and Ingress Controller?
The answers become clear when things are explained bottom-up! π½
To make Pods mimicking traditional VMs, Kubernetes defines its networking model as follows:
- Every Pod gets its own IP address
- Pods talk to other Pods directly (no visible sNAT)
- Containers in a pod communicate via localhost
It delegates the implementation to Container Runtimes and networking plugins.
A typical example: cri-o (CR) connects pods on a node to a shared Linux bridge; flannel (plugin) puts nodes into an overlay network.
Web services normally have human-readable names. Typical web service also consists of multiple endpoints (VMs or pods).
Kubernetes Service Resource puts ephemeral pods into a named group with a ClusterIP assigned to it.
When you call a service using its domain name, KubeDNS replaces the domain name with a ClusterIP. But ClusterIP is virtual! Egress traffic to this IP is intercepted by the source node and redirected to one of the service pods.
Pod-to-Pod and Pod-to-Service networking work only within a cluster. From outside the cluster, it's rarely possible to access a pod by its IP.
But it's possible to map a ClusterIP to a port on every node using a Service with type NodePort.
No one likes services hanging on random ports. Service type LoadBalancer allows assigning a public IP address to an in-cluster service. But it must be implemented by the platform provider.
LB can send traffic to a NodePort or Pod IPs directly
NodePort and LoadBalancer services work on L4. Thus, they don't understand HTTP routing, cannot do SSL termination, etc.
An Ingress Resource describes a public L7 load balancer forwarding HTTP traffic to one or more in-cluster Kubernetes Services.
As it usually happens with Kubernetes, it doesn't come with its own implementation of Ingress.
Kubernetes defines the Ingress Resource and expects platform providers to implement a corresponding controller to do the actual request handling.
SM transparently expands Kubernetes capabilities:
- Relies on Service resources
- Doesn't require a change on the app side
- Replaces kube-proxy for Service Discovery
- Brings multi-cluster services π₯
- Provides Ingress Controller and/or Gateway
For more details on a single node container networking, check out this article
iximiuz.com
iximiuz.com
iximiuz.com
More from this author
From VMs to Containers to Pods 𧡠Containers are (just) Linux processes. A helpful approximation to "get it." But at some point it might start limiti...
Computer Networking in Layman's Terms (thread) L2 - Ethernet L3 - IP L4 - TCP L7 - HTTP Lots of server-side folks are fluent with L4/L7 concepts. Bu...
iptables - a userspace program to configure IP packets filtration and modification rules. It's a dated but still widely used tool: - Linux firewall...
Debunking Container Myths 𧡠A (never-ending) series of articles that I started writing a couple of years ago to fix my own misconceptions about conta...
Recent Threads
CBSE has systematically rewritten its rulebook to favor Coempt Eduteck. check out the blog. https://t.co/CmdXMo8pMh
SA DULO, MAGTATAGPO. β a filo #taekookau a taekook au wherein taehyung is a famous vlogger who offered a stranger to do the 24 hours jowa challenge w...
Iβm not allowed in social situations without supervision anymore https://t.co/qRXclKZQAi
yejisu au | fundamentals of me and you. where yeji was forced to face her past after yuna got her hired as a secretary to a CEO. the CEO? the same...
π¨Rollercoaster NIGHTMARE 8 students dangling 100ft on a stuck Galveston TX roller coaster! β¦ Vertical track failure left them hanging for hours. Fi...
Green flags in friendships that are highly underrated:
Popular Threads
Here's 40 TikTok hooks that could make you go viral. (Not in any particular order) //THREAD//
Please retweet and share if you support my and others' vaccine injury recoveries. https://t.co/y8xNWwRUOO
Winning the Chevening Scholarship + 12 Strong Samples of the Chevening Essay There are four important Essays on the Chevening Scholarship application...
Ware County, Ga has broken the Dominion algorithm: Using sequestered Dominion Equipment, Ware County ran a equal number of Trump votes and Biden vote...
Top-40 Footballers with Most Goal Contributions (Goals + Assists) in history. [ A MEGA THREAD ] https://t.co/gAb3QcqdYQ
The ICT Mentorship Core Content Month 1 Summarized: https://t.co/6tXJxPMDhm
