Service Netowrking

Basics

we learnt earlier that POD networking ensures that each POD get its own IP address from subnet assigned to the node. Using Bridge network in each node each POD can communicate with each other within the node. Using routes or overlay techniques, POD from different nodes can talk to each other and it would create a large virtual network. but in practical it is configured rarely. Rather, concept of Service comes in - Service is a kubernetes object which exposes an POD to be accessible outside your cluster, or inside cluster for inter-POD communication. There are different types of Services.

ClusterIP Service

A Service is hosted in a cluster and is accassible throughout the cluster, it is not bound to any specific node(Each POD is bound to one Node). Any POD can access the service throughout its IP or service-name. This type of service is known as ClusterIP. for example, you have hosted a Database Service - oracle-db-service and you want this to be accessible from any POD inside the Cluster.

NodePort Service

This is useful if you want your back-end service or workload to be accessible outside the cluster as well along with inside the cluster. If your a service as NodePort service, it will also get an IP address. Any POD inside the cluster can access this IP. In addition, this service also exposes application to one port in each node in the cluster, so it is accessible outside the cluster. This helps external users to access the back-end services from outside the cluster.

How service gets an IP?

Let us understand how each service gets an IP, how services are accessible inside cluster from all nodes and also from outside the cluster by external users. Every node has an agent called kubelet that creates POD in each node. It monitors the change state in cluster through the kube-apiserver and creates new pods in node as needed and use CNI(container network interface) plugin to configure networking for the pod. There is another component called kube-proxy which monitors cluster state for any new service added/deleted through kube-apiserver. Kubernetes service is an virtual object existing accross the cluster for all nodes visibility. When a new service is created, kube-proxy assigns an IP to the service, also creates one forward rule with [service-ip:port and forward-to-ip] and attach to each node's iptables. Here forward-to-ip is the IP of the POD. There are various proxy-mode like - userspace,ipvs, iptables. Default is iptables. kube-proxy --proxy-mode iptables is command to set the mode. While configuring the kube-api-server, you can set the service cluster ip range unless using the defaulting 10.0.0.0/24. you can view the setting by runnign the command - ps aux | grep kube-api-server kube-apiserver --authorization-mode=Node,RBAC --service-cluster-ip-range =10.96.0.0/12 One point to note that the IP range must not overlap between POD network and service network. Next