Objective
To understand the Service concept in Kubernetes.
Concepts
The following concepts are critical to understand the Service API in Kubernetes.
Service
Service is an abstraction to expose groups of Pods over a newtwork. Pods are selected via Labels and Selectors. Each Service object defines a logic set of Endpoints or EndpointSlice by Kubernetes control plane automatically.
There are 4 Services types: ClusterIP, NodePort, LoadBalancer and ExternalName. Refer this article for illustration.
ClusterIP
CluterIP is the default Service type and exposes the Service within the cluster ONLY. The IP address can be statically or dynamically chosen from service-cluster-ip-range configured for the Kubernetes API server.
Key fields in the specification is: type, selector, clusterIP, port, protocol, targetPort.
NodePort
NodePort exposes the Service externally on each Node’s IP at a static port so that the Service is accessible via each
Node’s IP and nodePort outside of the Kubernete cluster. Kubernetes control plane allocates a port from a range specified by --service-node-port-range.
Key fields in the specification is: type, selector, port, targetPort, and nodePort.
LoadBalancer
LoadBalancer exposes the Service externally using a load blancer, which directs traffic from a loadBalancerIP to clusterIP.
Key fields in the specification is: type, clusterIP, selector, protocol, port and targetPort
ExternalName
ExternalName maps the Service to the DNS name specified by externalName field, not a typical seletor such as cassandra.
Key fields in the specification is: type and externalName.
Ports
Port definition is critical to understand the Service.
containerPort or name in Pod spec is the port the application in the pod actively listens. targetPort in Service spec
corresponds to containerPort in the Pod spec. port in Sevice spec is the port used by either internal Pod or external services, while nodePort is the port on each Node to access the service.
Service, Load Balancer, Ingress
Service is the main approach to expose applications running either within or outside of the cluster. Service can be exposed by LoadBalancer by creating an external Load Balancer such as F5. Service usually works at Layer 4 within cluster.
While Ingress is one way to manage external access to the Service in a Kubernete cluster via HTTP or HTTPS protocol. An Ingress may be configured to give Services externally-reachable URLs, load blance traffice, terminate SSL/TLS, and ususlly require an ingress controller such as Istio Ingress. Ingress usually works at Layer 7.