Kubernetes service exposure methods¶

Kubernetes service exposure methods define how applications running within a Kubernetes cluster are made accessible to other services or external end-users. While Kubernetes provides internal service discovery through [[ClusterIP]], exposing services to traffic outside the cluster requires specific resource configurations and integrations with cloud providers or ingress controllers.

Core Service Types¶

ClusterIP¶

ClusterIP is the default Kubernetes Service type. It exposes the service on an internal IP address within the cluster, making it reachable only from inside the cluster network^[400-devops__06-Kubernetes__k8s-ithelp__Day11__README.md]. This method is suitable for inter-service communication where external access is not required^[400-devops__06-Kubernetes__k8s-ithelp__Day11__README.md].

NodePort¶

NodePort exposes the service on a static port (the NodePort) on each Node's IP address^[400-devops__06-Kubernetes__k8s-ithelp__Day11__README.md]. The traffic routing logic follows a specific path: User -> NodeIP:NodePort -> Service -> Pod^[400-devops__06-Kubernetes__k8s-ithelp__Day11__README.md].

While this makes the service accessible externally, it has limitations: * It requires users to know the specific IP addresses of the Nodes^[400-devops__06-Kubernetes__k8s-ithelp__Day11__README.md]. * It exposes a non-standard high port (e.g., 30000+) rather than standard HTTP/HTTPS ports like 80 or 443^[400-devops__06-Kubernetes__k8s-ithelp__Day11__README.md].

LoadBalancer¶

LoadBalancer exposes the service externally using a cloud provider's load balancer^[400-devops__06-Kubernetes__k8s-ithelp__Day11__README.md]. This is typically the standard method for exposing services in cloud environments^[400-devops__06-Kubernetes__k8s-ithelp__Day11__README.md].

The traffic flow for a LoadBalancer service is: User -> Cloud Load Balancer -> NodeIP:NodePort -> Service -> Pod^[400-devops__06-Kubernetes__k8s-ithelp__Day11__README.md]. The external load balancer routes traffic to the NodePort, which then forwards it to the appropriate Pods^[400-devops__06-Kubernetes__k8s-ithelp__Day11__README.md].

Limitations: * Each service requires a separate external Load Balancer, which can incur significant costs^[400-devops__06-Kubernetes__k8s-ithelp__Day11__README.md]. * It lacks the ability to define complex routing rules, such as routing based on URL paths (e.g., /api vs /app)^[400-devops__06-Kubernetes__k8s-ithelp__Day11__README.md].

Advanced Traffic Management¶

Ingress¶

To overcome the limitations of LoadBalancers regarding cost and routing flexibility, Kubernetes utilizes Ingress^[400-devops__06-Kubernetes__k8s-ithelp__Day11__README.md]. Ingress functions as a set of routing rules that act as a "smart entry point" into the cluster^[400-devops__06-Kubernetes__k8s-ithelp__Day11__README.md].

Ingress allows for a single external Load Balancer (or public IP) to route traffic to multiple internal services based on rules such as: * URL Paths: Routing requests to different services based on the specific path requested^[400-devops__06-Kubernetes__k8s-ithelp__Day11__README.md]. * Domain Names: Routing requests based on the Host header^[400-devops__06-Kubernetes__k8s-ithelp__Day11__README.md].

This architecture typically operates with a flow of: User -> Ingress -> Services -> Pods^[400-devops__06-Kubernetes__k8s-ithelp__Day11__README.md]. To function, an Ingress Controller (such as Nginx) must be deployed in the cluster to implement the rules defined in Ingress resources^[400-devops__06-Kubernetes__k8s-ithelp__Day11__README.md].

Sources¶

• 400-devops__06-Kubernetes__k8s-ithelp__Day11__README.md