Service and Endpoint decoupling¶

Service and Endpoint decoupling is a networking pattern in Kubernetes that allows a Service object to manage traffic for backends located outside of the cluster. By defining a Service without a standard Pod selector and manually creating a corresponding Endpoints object, cluster-internal applications can access external services using standard Kubernetes DNS names.^[400-devops-06-kubernetes-out-network-k8s.md]

Configuration¶

To implement this decoupling, a standard Kubernetes Service is configured without a selector, which tells the cluster not to automatically look for local Pods to fulfill the request.^[400-devops-06-kubernetes-out-network-k8s.md] Instead, a separate Endpoints resource is created with the same name as the Service, explicitly listing the external IP addresses and ports where the traffic should be forwarded.^[400-devops-06-kubernetes-out-network-k8s.md]

Example: External MySQL Database¶

The following configuration demonstrates how to expose an external MySQL database (IP 114.32.146.154) as an internal service named mysql-svc^[400-devops-06-kubernetes-out-network-k8s.md]:

Service (mysql-svc) A ClusterIP service is defined with clusterIP: None (Headless) or a standard IP. Crucially, no selector is present^[400-devops-06-kubernetes-out-network-k8s.md].

Endpoints (mysql-ep) This object manually maps the service name to the external IP^[400-devops-06-kubernetes-out-network-k8s.md].

apiVersion: v1
kind: Service
metadata:
  name: mysql-svc
  namespace: default
spec:
  clusterIP: None
  ports:
    - name: default-ep
      port: 3306
      protocol: TCP
      targetPort: 3306
  type: ClusterIP

---
apiVersion: v1
kind: Endpoints
metadata:
  name: mysql-ep  # Must match Service name
  namespace: default
subsets:
  - addresses:
      - ip: 114.32.146.154 # External IP
    ports:
      - name: mysql
        port: 3306
        protocol: TCP

Verification¶

Once applied, internal pods can resolve the external service using standard Kubernetes DNS resolution.^[400-devops-06-kubernetes-out-network-k8s.md] For example, a utility Pod inside the cluster can access the resource using short names (mysql-svc) or fully qualified domain names (mysql-svc.default.svc.cluster.local).^[400-devops-06-kubernetes-out-network-k8s.md]

Related Concepts¶

• [[Kubernetes Services]]
• [[Endpoints]]
• [[Headless Service]]
• Kubernetes DNS

Sources¶

• 400-devops-06-kubernetes-out-network-k8s.md