Skip to content

Kubernetes Services and Networking — Complete Guide

DodaTech 2 min read

In this tutorial, you'll learn about Kubernetes Services and Networking. We cover key concepts, practical examples, and best practices to help you understand and apply this topic effectively.

What You'll Learn

Understand Kubernetes networking — how services expose pods, service types, Ingress controllers, DNS, and network policies for traffic control.

Why It Matters

Kubernetes networking is complex but essential. Pods are ephemeral — their IPs change. Services provide stable endpoints and Load Balancing.

Real-World Use

Exposing a web app to the internet via Ingress, internal communication between Microservices, and restricting database access with network policies.

The Pod Networking Problem

Pod A (IP: 10.1.0.5) → wants to talk to Pod B (IP: 10.1.0.9)
                        But Pod B may restart with IP: 10.1.0.15

Solution: Service provides a stable IP and DNS name

What is a Service?

A Service is a stable endpoint that load-balances traffic to a set of pods.

apiVersion: v1
kind: Service
metadata:
  name: web-service
spec:
  selector:
    app: web
  ports:
    - port: 80
      targetPort: 3000
  type: ClusterIP

Service Types

Type Accessibility Use Case
ClusterIP Within cluster only Internal Microservices
NodePort External (node IP + port) Development, testing
LoadBalancer External (cloud LB) Production HTTP/HTTPS
ExternalName DNS alias External service integration

ClusterIP (Default)

apiVersion: v1
kind: Service
metadata:
  name: api-service
spec:
  selector:
    app: api
  ports:
    - port: 8080
      targetPort: 8080
  type: ClusterIP

Other pods reach it at api-service:8080.

NodePort

spec:
  type: NodePort
  ports:
    - port: 80
      targetPort: 80
      nodePort: 30080  # Available on each node at this port

LoadBalancer

kubectl expose deployment web \
  --port=80 --target-port=3000 \
  --type=LoadBalancer

# Cloud provider creates an external LB
# Get the external IP:
kubectl get service web

Ingress

Ingress provides HTTP/HTTPS routing to services:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: web-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
    - host: myapp.example.com
      http:
        paths:
          - path: /api
            pathType: Prefix
            backend:
              service:
                name: api-service
                port:
                  number: 8080
          - path: /
            pathType: Prefix
            backend:
              service:
                name: web-service
                port:
                  number: 80
User → myapp.example.com
         ↓
    ┌─── Ingress ───┐
    ↓               ↓
/api → api-service  / → web-service

DNS Based Service Discovery

Kubernetes automatically creates DNS records:

# Pod in namespace "default"
web-service.default.svc.cluster.local

# Short form (same namespace):
web-service

# Different namespace:
web-service.production.svc.cluster.local

Network Policies

Control traffic flow at the IP/port level:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: db-policy
spec:
  podSelector:
    matchLabels:
      app: database
  ingress:
    - from:
        - podSelector:
            matchLabels:
              app: api
      ports:
        - port: 5432

This only allows pods with label app: api to connect to database pods on port 5432.

Debugging Networking

# Check service endpoints
kubectl get endpoints web-service

# DNS resolution test
kubectl run dns-test --image=alpine --rm -it -- sh
/ # nslookup web-service

# Port forward for testing
kubectl port-forward service/web-service 8080:80

# Check service details
kubectl describe service web-service

# Test pod-to-pod connectivity
kubectl exec test-pod -- curl http://web-service:80

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro