Kubernetes Networking

Networking is one of the most complex aspects of Kubernetes. This lesson covers Service types, Ingress controllers, NetworkPolicies, DNS, and service discovery — the building blocks for production-grade connectivity.

Services

A Service provides a stable endpoint for a set of pods, abstracting away pod IP changes.

Service Types

Type	Accessibility	Use Case
ClusterIP	Within the cluster only	Internal microservice communication
NodePort	External via node IP:port	Development, testing
LoadBalancer	External via cloud LB	Production external traffic
ExternalName	DNS CNAME redirect	Accessing external services

ClusterIP (Default)

apiVersion: v1
kind: Service
metadata:
  name: backend-api
spec:
  type: ClusterIP
  selector:
    app: backend-api
  ports:
    - port: 80
      targetPort: 8080
      protocol: TCP

NodePort

apiVersion: v1
kind: Service
metadata:
  name: web-app
spec:
  type: NodePort
  selector:
    app: web-app
  ports:
    - port: 80
      targetPort: 8080
      nodePort: 30080      # Accessible on every node at port 30080

LoadBalancer

apiVersion: v1
kind: Service
metadata:
  name: public-api
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: nlb
spec:
  type: LoadBalancer
  selector:
    app: public-api
  ports:
    - port: 443
      targetPort: 8443

Headless Service (for StatefulSets)

apiVersion: v1
kind: Service
metadata:
  name: postgres
spec:
  clusterIP: None          # Headless — no virtual IP
  selector:
    app: postgres
  ports:
    - port: 5432

With a headless Service, DNS returns the individual pod IPs. This enables direct pod addressing for StatefulSets: postgres-0.postgres.default.svc.cluster.local.

Ingress

Ingress provides HTTP/HTTPS routing from outside the cluster to internal Services.

                    ┌──────────────────────────┐
  Internet ───────▶│   Ingress Controller     │
                    │   (NGINX / Traefik)      │
                    └─────┬──────────┬─────────┘
                          │          │
                          ▼          ▼
                   ┌──────────┐ ┌──────────┐
                   │ Service A│ │ Service B│
                   │ /api/*   │ │ /web/*   │
                   └──────────┘ └──────────┘

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: app-ingress
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - app.example.com
      secretName: app-tls-secret
  rules:
    - host: app.example.com
      http:
        paths:
          - path: /api
            pathType: Prefix
            backend:
              service:
                name: backend-api
                port:
                  number: 80
          - path: /
            pathType: Prefix
            backend:
              service:
                name: frontend
                port:
                  number: 80

Popular Ingress Controllers

Controller	Features
NGINX Ingress	Most popular, rich annotation support
Traefik	Auto-discovery, Let's Encrypt integration
HAProxy Ingress	High-performance, TCP/UDP support
AWS ALB Controller	Native AWS ALB integration
Istio Gateway	Service mesh integrated routing

Kubernetes Networking

Kubernetes Networking

Services

Service Types

ClusterIP (Default)

NodePort

LoadBalancer

Headless Service (for StatefulSets)

Ingress

Popular Ingress Controllers

NetworkPolicies

More in DevOps