Exposing applications using Services¶
Outcomes¶
In this lab you will learn how to:
- Expose applications using Services
- Use the
kubectl port-forward
command to access applications running in a Kubernetes cluster - Differentiate between the different types of Services
What is a Kubernetes Service?¶
In Kubernetes, a Service is an abstraction that defines a logical set of Pods and a policy by which to access them. Services provide a way to expose your applications to other services, external traffic, or both. Kubernetes Services can automatically discover and load-balance traffic across multiple pods, making it easy to scale applications and provide reliable access.
Key Benefits of Kubernetes Services:¶
- Load balancing: Distribute traffic across a set of Pods to ensure reliability and scalability.
- Service discovery: Enable communication between services using DNS.
- Abstracting Pod IPs: Services provide stable endpoints, even if the underlying Pods change.
- External access: Expose applications outside the cluster to make them accessible via the internet or local network.
Types of Kubernetes Services¶
There are four main types of Kubernetes Services:
- ClusterIP (default): Exposes the service within the cluster, making it accessible only internally.
- NodePort: Exposes the service on a specific port on each Node in the cluster, allowing external access.
- LoadBalancer: Exposes the service externally using a cloud provider’s load balancer.
- ExternalName: Maps the service to an external DNS name.
1. ClusterIP¶
ClusterIP is the default type of Service. It creates an internal IP address for the service, which is only accessible from within the cluster.
Example: ClusterIP Service¶
apiVersion: v1
kind: Service
metadata:
name: my-clusterip-service
spec:
selector:
app: my-app
ports:
- protocol: TCP
port: 80
targetPort: 8080
type: ClusterIP
In this example:
- The service listens on port 80
and forwards traffic to port 8080
of the Pods with the label app: my-app
.
- The service is only accessible within the cluster (no external access).
2. NodePort¶
NodePort exposes the service on a specific port on each Node, making it accessible from outside the cluster.
Example: NodePort Service¶
apiVersion: v1
kind: Service
metadata:
name: my-nodeport-service
spec:
selector:
app: my-app
ports:
- protocol: TCP
port: 80
targetPort: 8080
nodePort: 30007
type: NodePort
In this example:
- The service is exposed on port 80
, forwarding traffic to port 8080
of the Pods.
- External traffic can access the service via port 30007
on any Kubernetes Node.
3. LoadBalancer¶
LoadBalancer creates an external load balancer, typically using cloud provider integrations. This service type allows external access to applications through a load balancer, such as those provided by AWS, GCP, or Azure.
Example: LoadBalancer Service¶
apiVersion: v1
kind: Service
metadata:
name: my-loadbalancer-service
spec:
selector:
app: my-app
ports:
- protocol: TCP
port: 80
targetPort: 8080
type: LoadBalancer
In this example:
- The service listens on port 80
and forwards traffic to port 8080
of the Pods.
- A cloud-based load balancer is provisioned to handle external traffic.
4. ExternalName¶
ExternalName is a special type of Service that maps to a DNS name, allowing Kubernetes services to access external resources.
Example: ExternalName Service¶
apiVersion: v1
kind: Service
metadata:
name: my-externalname-service
spec:
type: ExternalName
externalName: external.example.com
In this example:
- The service maps to the external DNS external.example.com
, allowing Pods inside the cluster to access the external resource by calling my-externalname-service
.
Using kubectl port-forward
to Access Applications¶
In some cases, you may want to access your application directly from your local machine without exposing it externally using a Service. The kubectl port-forward
command allows you to forward a local port to a port on a Pod, providing access to applications running inside your Kubernetes cluster.
Example: Port Forwarding to a Pod¶
You can use the following command to forward a local port to a Pod in your cluster:
kubectl port-forward pod/my-app-pod 8080:80
This command forwards local port 8080
to port 80
on the Pod my-app-pod
. You can then access the application by visiting http://localhost:8080
in your browser.
You can also forward a Service port instead of a Pod port:
kubectl port-forward svc/my-clusterip-service 8080:80
This will forward the local port 8080
to port 80
on the Service my-clusterip-service
.
Best Practices for Using Services¶
- Choose the appropriate service type: Use
ClusterIP
for internal communication,NodePort
for limited external access, andLoadBalancer
for fully managed external access. - Use labels and selectors effectively: Ensure that your Service's selectors match the correct Pods to route traffic correctly.
- Limit NodePort usage: Since NodePort opens specific ports on each Node, limit its use to cases where you need direct access from outside the cluster.
- Use DNS for service discovery: Kubernetes automatically creates DNS entries for Services, so you can access Services by their name (e.g.,
my-service.default.svc.cluster.local
).
Summary¶
In Kubernetes, Services are essential for exposing applications, whether internally or externally. By understanding the different types of Services—ClusterIP, NodePort, LoadBalancer, and ExternalName—you can choose the best method to expose your applications based on your needs. Additionally, kubectl port-forward
provides a quick way to access applications directly without exposing them externally. Implementing best practices around Services ensures that your applications are scalable, reliable, and secure.