Skip to content

Exposing applications using Services

Outcomes

In this lab you will learn how to:

  • Expose applications using Services
  • Use the kubectl port-forward command to access applications running in a Kubernetes cluster
  • Differentiate between the different types of Services

What is a Kubernetes Service?

In Kubernetes, a Service is an abstraction that defines a logical set of Pods and a policy by which to access them. Services provide a way to expose your applications to other services, external traffic, or both. Kubernetes Services can automatically discover and load-balance traffic across multiple pods, making it easy to scale applications and provide reliable access.

Key Benefits of Kubernetes Services:

  • Load balancing: Distribute traffic across a set of Pods to ensure reliability and scalability.
  • Service discovery: Enable communication between services using DNS.
  • Abstracting Pod IPs: Services provide stable endpoints, even if the underlying Pods change.
  • External access: Expose applications outside the cluster to make them accessible via the internet or local network.

Types of Kubernetes Services

There are four main types of Kubernetes Services:

  1. ClusterIP (default): Exposes the service within the cluster, making it accessible only internally.
  2. NodePort: Exposes the service on a specific port on each Node in the cluster, allowing external access.
  3. LoadBalancer: Exposes the service externally using a cloud provider’s load balancer.
  4. ExternalName: Maps the service to an external DNS name.

1. ClusterIP

ClusterIP is the default type of Service. It creates an internal IP address for the service, which is only accessible from within the cluster.

Example: ClusterIP Service

apiVersion: v1
kind: Service
metadata:
  name: my-clusterip-service
spec:
  selector:
    app: my-app
  ports:
    - protocol: TCP
      port: 80
      targetPort: 8080
  type: ClusterIP

In this example: - The service listens on port 80 and forwards traffic to port 8080 of the Pods with the label app: my-app. - The service is only accessible within the cluster (no external access).

2. NodePort

NodePort exposes the service on a specific port on each Node, making it accessible from outside the cluster.

Example: NodePort Service

apiVersion: v1
kind: Service
metadata:
  name: my-nodeport-service
spec:
  selector:
    app: my-app
  ports:
    - protocol: TCP
      port: 80
      targetPort: 8080
      nodePort: 30007
  type: NodePort

In this example: - The service is exposed on port 80, forwarding traffic to port 8080 of the Pods. - External traffic can access the service via port 30007 on any Kubernetes Node.

3. LoadBalancer

LoadBalancer creates an external load balancer, typically using cloud provider integrations. This service type allows external access to applications through a load balancer, such as those provided by AWS, GCP, or Azure.

Example: LoadBalancer Service

apiVersion: v1
kind: Service
metadata:
  name: my-loadbalancer-service
spec:
  selector:
    app: my-app
  ports:
    - protocol: TCP
      port: 80
      targetPort: 8080
  type: LoadBalancer

In this example: - The service listens on port 80 and forwards traffic to port 8080 of the Pods. - A cloud-based load balancer is provisioned to handle external traffic.

4. ExternalName

ExternalName is a special type of Service that maps to a DNS name, allowing Kubernetes services to access external resources.

Example: ExternalName Service

apiVersion: v1
kind: Service
metadata:
  name: my-externalname-service
spec:
  type: ExternalName
  externalName: external.example.com

In this example: - The service maps to the external DNS external.example.com, allowing Pods inside the cluster to access the external resource by calling my-externalname-service.

Using kubectl port-forward to Access Applications

In some cases, you may want to access your application directly from your local machine without exposing it externally using a Service. The kubectl port-forward command allows you to forward a local port to a port on a Pod, providing access to applications running inside your Kubernetes cluster.

Example: Port Forwarding to a Pod

You can use the following command to forward a local port to a Pod in your cluster:

kubectl port-forward pod/my-app-pod 8080:80

This command forwards local port 8080 to port 80 on the Pod my-app-pod. You can then access the application by visiting http://localhost:8080 in your browser.

You can also forward a Service port instead of a Pod port:

kubectl port-forward svc/my-clusterip-service 8080:80

This will forward the local port 8080 to port 80 on the Service my-clusterip-service.

Best Practices for Using Services

  1. Choose the appropriate service type: Use ClusterIP for internal communication, NodePort for limited external access, and LoadBalancer for fully managed external access.
  2. Use labels and selectors effectively: Ensure that your Service's selectors match the correct Pods to route traffic correctly.
  3. Limit NodePort usage: Since NodePort opens specific ports on each Node, limit its use to cases where you need direct access from outside the cluster.
  4. Use DNS for service discovery: Kubernetes automatically creates DNS entries for Services, so you can access Services by their name (e.g., my-service.default.svc.cluster.local).

Summary

In Kubernetes, Services are essential for exposing applications, whether internally or externally. By understanding the different types of Services—ClusterIP, NodePort, LoadBalancer, and ExternalName—you can choose the best method to expose your applications based on your needs. Additionally, kubectl port-forward provides a quick way to access applications directly without exposing them externally. Implementing best practices around Services ensures that your applications are scalable, reliable, and secure.