Kubernetes Day 4 - pranavkumarpk01/MD-DevOps GitHub Wiki

๐Ÿงฉ Kubernetes Services - End-to-End Guide

In Kubernetes, Pods are short-lived and dynamic. When they restart or scale, their IPs change. To maintain consistent communication across services and ensure accessibility, Kubernetes Services act as a stable endpoint and load balancer.

๐Ÿš€ What is a Kubernetes Service?

A Kubernetes Service is an abstraction layer that defines a logical set of Pods and a policy by which to access them. Services provide:

  • A stable DNS name
  • A stable IP address
  • Optional load balancing for traffic

๐Ÿ” Why Services Are Needed

  • Pods are ephemeral and can die or be recreated with new IPs
  • Services allow apps to reliably communicate
  • Services offer load balancing across multiple Pods
  • You can expose apps inside or outside the cluster

๐Ÿงฑ Types of Kubernetes Services

Type Description Scope Example Use Case
ClusterIP Default; exposes the Service on internal IP Internal Only Backend to Database communication
NodePort Exposes Service on a static port on nodes External Access Quick dev/test exposure
LoadBalancer Provisions external cloud load balancer Public Access Production frontend API/UI
ExternalName Maps Service to external DNS External Redirect Use RDS or external API from a Pod

๐Ÿ—๏ธ Real-World Architecture

Example: A full-stack app

  • ๐Ÿ”น Frontend (React App) โ€“ needs to be accessed by users over the internet
    โ†’ LoadBalancer
  • ๐Ÿ”น Backend (Node.js/Java Spring) โ€“ accessed only by frontend
    โ†’ ClusterIP
  • ๐Ÿ”น Database (PostgreSQL/MongoDB) โ€“ accessed only by backend
    โ†’ No Service or Headless Service (StatefulSet)

๐Ÿ“ฆ Service YAML Examples

1๏ธโƒฃ ClusterIP Service (Default)

apiVersion: v1
kind: Service
metadata:
  name: backend-service
spec:
  selector:
    app: backend
  ports:
    - protocol: TCP
      port: 80         # Service port (inside cluster)
      targetPort: 5000 # Container port
  type: ClusterIP

Explanation:

  • Selects Pods with label app=backend
  • Routes traffic from port 80 to container port 5000
  • Only accessible within the cluster

2๏ธโƒฃ NodePort Service

apiVersion: v1
kind: Service
metadata:
  name: frontend-service
spec:
  selector:
    app: frontend
  ports:
    - port: 80
      targetPort: 3000
      nodePort: 30080
  type: NodePort

Explanation:

  • Exposes app externally via NodeIP:30080
  • Great for dev or testing
  • nodePort must be between 30000-32767

3๏ธโƒฃ LoadBalancer Service (Cloud Only)

apiVersion: v1
kind: Service
metadata:
  name: frontend-loadbalancer
spec:
  selector:
    app: frontend
  ports:
    - protocol: TCP
      port: 80
      targetPort: 3000
  type: LoadBalancer

Explanation:

  • Creates a cloud load balancer (AWS/GCP/Azure)
  • Auto-assigns a public IP
  • Ideal for production/public APIs

4๏ธโƒฃ ExternalName Service

apiVersion: v1
kind: Service
metadata:
  name: external-db
spec:
  type: ExternalName
  externalName: database.example.com

Explanation:

  • No selector or endpoint created
  • Requests to this service DNS redirect to external FQDN

โš™๏ธ How Services Work Internally

  1. kube-proxy runs on each node.
  2. It watches for Services and Endpoints.
  3. It sets up:
    • iptables or IPVS rules for routing
    • DNS via kube-dns or CoreDNS for name resolution
  4. Load balances traffic to matching Pods

๐Ÿ›ฐ๏ธ Accessing Services

Method Usage
kubectl port-forward Local testing
NodePort Access via IP of any cluster node
LoadBalancer Get public IP from your cloud provider
Ingress (with controller) Advanced routing with domains and paths

๐Ÿ“– Useful Commands

# Create a service from a YAML file
kubectl apply -f service.yaml

# List all services
kubectl get svc

# Get detailed info
kubectl describe svc <service-name>

# Delete a service
kubectl delete svc <service-name>

โœ… Best Practices

  • Use ClusterIP for internal microservices communication
  • Use NodePort only for local or quick access
  • Use LoadBalancer in production environments
  • For external APIs (e.g., AWS RDS, Stripe), use ExternalName
  • For traffic routing and SSL, consider Ingress + TLS certs

๐Ÿงช Testing Locally

# Port forward backend to localhost
kubectl port-forward svc/backend-service 8080:80

# Now you can access it on http://localhost:8080

๐Ÿงฉ Summary

Type Internal External Cloud Integration Use For
ClusterIP โœ… โŒ โŒ Microservice to microservice
NodePort โœ… โœ… โŒ Quick dev testing
LoadBalancer โœ… โœ… โœ… Public APIs, websites
ExternalName โŒ โœ… โœ… (DNS only) RDS, external APIs