Mohmmad Saif's blog

Understanding Networking and Services in Kubernetes

Mohmmad Saif's photo
Mohmmad Saif
·

4 min read

Networking and services in Kubernetes are foundational components that facilitate communication within the cluster and between the cluster and external systems. Here is an in-depth look at these components:

🔗 Networking in Kubernetes

  • Flat Network Model: Kubernetes assumes a flat network where every pod can communicate with any other pod without NAT.

  • Unique Pod IPs: Each pod gets a unique IP address within the cluster for direct communication.

  • Container Network Interface (CNI): CNI plugins manage the networking setup. Popular CNI plugins include:

    • Calico: Offers both networking and network security.

    • Flannel: Simplifies networking by providing layer 3 connectivity.

    • Weave: Supports mesh networking, making it easy to connect containers.

    • Canal: Combines Flannel's networking with Calico's network policy capabilities.

  • Service Discovery and DNS

    • CoreDNS: Kubernetes uses CoreDNS for service discovery. It provides DNS-based resolution for services, allowing pods to find and communicate with each other using DNS names rather than IP addresses.

☑️ Services in Kubernetes

↪️ Service Types

  1. ClusterIP:

  • Description: The default service type, which provides an internal IP for communication within the cluster.

  • Usage: Ideal for internal services that do not require external access.

  • Example:

apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  selector:
    app: my-app
  ports:
    - protocol: TCP
      port: 80
      targetPort: 9376
  type: ClusterIP
  1. NodePort:

  • Description: Exposes the service on a static port on each node's IP address, allowing external traffic to access the service via <NodeIP>:<NodePort>.

  • Usage: Suitable for exposing a service externally on a specific port.

  • Example:

apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  type: NodePort
  selector:
    app: my-app
  ports:
    - protocol: TCP
      port: 80
      targetPort: 9376
      nodePort: 30007
  1. LoadBalancer:

  • Description: Provisions an external load balancer to distribute traffic to the service pods. This service type is typically used in cloud environments.

  • Usage: Used to expose services to the internet with automatic load balancing.

  • Example:

apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  type: LoadBalancer
  selector:
    app: my-app
  ports:
    - protocol: TCP
      port: 80
      targetPort: 9376
  1. ExternalName:

  • Description: Maps a service to an external DNS name, allowing pods to access external services using a Kubernetes service.

  • Usage: Useful for integrating with external services outside the cluster.

  • Example:

apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  type: ExternalName
  externalName: my.database.example.com

↪️ Service Components

  • Selectors and Labels: Services use selectors to match labels on pods, determining which pods are part of the service.

  • Endpoints: Kubernetes automatically creates and updates endpoint objects, which contain the IP addresses and ports of the pods matching the service's selector.

↪️ Ingress

  • Ingress Resource: Manages external HTTP and HTTPS access to services, allowing more sophisticated URL-based routing, load balancing, SSL termination, and name-based virtual hosting.

  • Ingress Controllers: Implement ingress rules. Examples include NGINX, Traefik, and Istio.

  • Example:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
spec:
  rules:
    - host: example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: my-service
                port:
                  number: 80

🔗 Advanced Networking Concepts

↪️ Network Policies

  • Network Policies: Define rules for controlling traffic between pods, enhancing security by restricting which pods can communicate with each other.

  • Policy Example:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-app
spec:
  podSelector:
    matchLabels:
      app: my-app
  policyTypes:
  - Ingress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          role: frontend
  • Service Mesh: Adds a layer for managing service-to-service communication with advanced traffic management, security, and observability. Examples include Istio, Linkerd, and Consul Connect. Uses sidecar proxies to manage network traffic.

📃 Summary

  • Pod-to-Pod Networking: Uses a flat network model with unique IP addresses for each pod, managed by CNI plugins.

  • Service Types:

    • ClusterIP for internal services

    • NodePort for exposing services on specific node ports

    • LoadBalancer for cloud-based load balancing

    • ExternalName for integrating external services

  • Service Discovery: CoreDNS provides DNS-based service discovery within the cluster.

  • Ingress: Manages external access to services with HTTP/HTTPS routing.

  • Network Policies: Enhance security by defining rules for traffic flow between pods.

  • Service Mesh: Offers advanced traffic management, security, and observability for microservices.

Types of Service in Kubernetes Service components Advance networking concepts Kubernetes#kubernetesNetworkingkubernetes-servicesingresssummary