Interactive Lab ยท CKA ยท Intermediate

SERVICES & INGRESS

$ kubectl expose deployment backend --port=80 --type=ClusterIP
🔵 ClusterIP The default
  • 1ClusterIP creates a virtual IP reachable only within the cluster. All pods can reach it by name (DNS) or IP. This is the foundation of all internal service communication.
  • 2The Service uses a selector to find its Pods. Any Pod with matching labels becomes an endpoint automatically.
  • 3DNS format: service-name.namespace.svc.cluster.local. Within the same namespace you can use just the service name.
ClusterIP Service
kubectl expose deployment backend --port=80 --target-port=8080 --type=ClusterIP # As YAML: apiVersion: v1 kind: Service metadata: name: backend spec: selector: app: backend ports: - port: 80 # service port (what clients use) targetPort: 8080 # container port (what pod listens on) type: ClusterIP
🟡 NodePort Expose on a node port
  • 1NodePort opens a port on every node (30000-32767) and routes traffic to the Service. Anyone who can reach a node IP plus the port can reach your service.
  • 2NodePort includes a ClusterIP automatically. Traffic can reach the service internally via ClusterIP or externally via any node IP plus the NodePort.
  • 3Not recommended for production exposing node ports directly is a security risk. Use Ingress instead for HTTP workloads.
NodePort Service
kubectl expose deployment frontend --port=80 --type=NodePort # See the assigned port: kubectl get service frontend # PORT(S): 80:31234/TCP (31234 is the NodePort) # Access from outside: http://<any-node-ip>:31234
🟢 LoadBalancer Cloud-provisioned external IP
  • 1LoadBalancer provisions an external load balancer from your cloud provider (AWS ELB, GCP LB, Azure LB). It gets a public IP automatically.
  • 2LoadBalancer includes ClusterIP and NodePort. It is a superset of both.
  • 3Each LoadBalancer Service costs money (one cloud LB per service). For many HTTP services, use a single Ingress with one LB instead.
LoadBalancer Service
kubectl expose deployment web --port=80 --type=LoadBalancer # Watch for EXTERNAL-IP to be assigned: kubectl get service web -w # NAME TYPE EXTERNAL-IP PORT(S) # web LoadBalancer 203.0.113.50 80:31xxx/TCP
🌐 Ingress Route HTTP by hostname and path
  • 1Ingress routes HTTP and HTTPS traffic by hostname and path to different Services. One cloud load balancer, many services.
  • 2Requires an Ingress Controller (nginx-ingress, traefik). The Ingress resource alone does nothing without a controller.
  • 3Use ingressClassName to select which controller to use when multiple are installed.
⚠ If kubectl get ingress shows your Ingress but traffic does not route, check that an Ingress Controller is actually installed and running.
Ingress resource
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: my-ingress spec: ingressClassName: nginx rules: - host: api.example.com http: paths: - path: / pathType: Prefix backend: service: name: api-svc port: number: 80
Service Types
ClusterIPInternal only. Default. Reachable within cluster via DNS.
NodePortOpens port 30000-32767 on every node.
LoadBalancerCloud LB with public IP. Superset of NodePort.
ExternalNameDNS alias to external service. No proxying.
Key Debugging
kubectl get endpointsNo endpoints = selector mismatch
port vs targetPortport=service, targetPort=container
kubectl exposeFastest way to create a service imperatively
ingressClassNameSelect which Ingress Controller to use
Done