Lesson 9: Networking in Kubernetes

In this lesson, we will explore the networking model of Kubernetes, focusing on Services and Ingress for traffic routing. Understanding how networking works in Kubernetes is crucial for deploying applications that can communicate effectively.

Kubernetes Networking Model

Kubernetes uses a flat networking model, which means that every pod can communicate with every other pod, regardless of the node they are running on. This is achieved through a virtual network that abstracts the underlying infrastructure.

Key Components of Kubernetes Networking

Pod-to-Pod Communication: Pods can communicate with each other directly using their IP addresses.
Services: A Service is an abstraction that defines a logical set of Pods and a policy by which to access them. Services enable network access to a set of Pods.
Ingress: Ingress manages external access to the services, typically HTTP. It provides routing rules to manage traffic.

Services in Kubernetes

A Service in Kubernetes can be of different types: - ClusterIP: Exposes the service on a cluster-internal IP. This is the default type. - NodePort: Exposes the service on each node’s IP at a static port. - LoadBalancer: Exposes the service externally using a cloud provider's load balancer.

Creating a Service

Here’s how to create a simple ClusterIP service:

apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  selector:
    app: my-app
  ports:
    - protocol: TCP
      port: 80
      targetPort: 8080
  type: ClusterIP

To apply this configuration, save it to a file called my-service.yaml and run:

kubectl apply -f my-service.yaml

Accessing the Service

Once the service is created, you can access it using:

kubectl get services

This command will show you the ClusterIP assigned to your service. You can use this IP to access your application running in the Pods.

Ingress in Kubernetes

Ingress allows you to manage external access to your services. It can provide load balancing, SSL termination, and name-based virtual hosting.

Creating an Ingress

Here’s an example of how to create an Ingress resource:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
spec:
  rules:
    - host: myapp.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: my-service
                port:
                  number: 80

Save this to a file called my-ingress.yaml and apply it with:

kubectl apply -f my-ingress.yaml

Accessing the Ingress

To access your application via Ingress, you will need to set up a DNS record pointing myapp.example.com to your Ingress controller's external IP.

Best Practices and Common Mistakes

Note: Always use the appropriate Service type based on your needs. For example, use NodePort for development but consider LoadBalancer for production.

Common Mistake: Forgetting to create the Ingress controller. Without it, your Ingress resources will not function.

Summary

Kubernetes networking allows Pods to communicate freely across the cluster.
Services provide stable endpoints for accessing Pods.
Ingress manages external access to services, offering advanced routing capabilities.
Always choose the right Service type based on the use case.
Ensure an Ingress controller is set up to utilize Ingress resources effectively.

Exercises

Exercise 1: Create a new Deployment and expose it using a ClusterIP Service. Test the connectivity between the Pods.
Exercise 2: Set up an Ingress resource for your Service and access it through a web browser or curl command.
Exercise 3: Experiment with different Service types (NodePort and LoadBalancer) and observe how they behave in your Kubernetes environment.

Summary

Kubernetes uses a flat networking model for Pod communication.
Services are crucial for exposing Pods with stable endpoints.
Ingress allows for advanced routing and external access to services.
Choosing the right Service type is essential for application performance.
Always have an Ingress controller to manage Ingress resources.