Kubernetes Services and Networking — Complete Guide
In this tutorial, you'll learn about Kubernetes Services and Networking. We cover key concepts, practical examples, and best practices to help you understand and apply this topic effectively.
What You'll Learn
Understand Kubernetes networking — how services expose pods, service types, Ingress controllers, DNS, and network policies for traffic control.
Why It Matters
Kubernetes networking is complex but essential. Pods are ephemeral — their IPs change. Services provide stable endpoints and Load Balancing.
Real-World Use
Exposing a web app to the internet via Ingress, internal communication between Microservices, and restricting database access with network policies.
The Pod Networking Problem
Pod A (IP: 10.1.0.5) → wants to talk to Pod B (IP: 10.1.0.9)
But Pod B may restart with IP: 10.1.0.15
Solution: Service provides a stable IP and DNS name
What is a Service?
A Service is a stable endpoint that load-balances traffic to a set of pods.
apiVersion: v1
kind: Service
metadata:
name: web-service
spec:
selector:
app: web
ports:
- port: 80
targetPort: 3000
type: ClusterIP
Service Types
| Type | Accessibility | Use Case |
|---|---|---|
| ClusterIP | Within cluster only | Internal Microservices |
| NodePort | External (node IP + port) | Development, testing |
| LoadBalancer | External (cloud LB) | Production HTTP/HTTPS |
| ExternalName | DNS alias | External service integration |
ClusterIP (Default)
apiVersion: v1
kind: Service
metadata:
name: api-service
spec:
selector:
app: api
ports:
- port: 8080
targetPort: 8080
type: ClusterIP
Other pods reach it at api-service:8080.
NodePort
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
nodePort: 30080 # Available on each node at this port
LoadBalancer
kubectl expose deployment web \
--port=80 --target-port=3000 \
--type=LoadBalancer
# Cloud provider creates an external LB
# Get the external IP:
kubectl get service web
Ingress
Ingress provides HTTP/HTTPS routing to services:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: web-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: myapp.example.com
http:
paths:
- path: /api
pathType: Prefix
backend:
service:
name: api-service
port:
number: 8080
- path: /
pathType: Prefix
backend:
service:
name: web-service
port:
number: 80
User → myapp.example.com
↓
┌─── Ingress ───┐
↓ ↓
/api → api-service / → web-service
DNS Based Service Discovery
Kubernetes automatically creates DNS records:
# Pod in namespace "default"
web-service.default.svc.cluster.local
# Short form (same namespace):
web-service
# Different namespace:
web-service.production.svc.cluster.local
Network Policies
Control traffic flow at the IP/port level:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: db-policy
spec:
podSelector:
matchLabels:
app: database
ingress:
- from:
- podSelector:
matchLabels:
app: api
ports:
- port: 5432
This only allows pods with label app: api to connect to database pods on port 5432.
Debugging Networking
# Check service endpoints
kubectl get endpoints web-service
# DNS resolution test
kubectl run dns-test --image=alpine --rm -it -- sh
/ # nslookup web-service
# Port forward for testing
kubectl port-forward service/web-service 8080:80
# Check service details
kubectl describe service web-service
# Test pod-to-pod connectivity
kubectl exec test-pod -- curl http://web-service:80
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro