Kubernetes networking is essential for communication between pods, services, and external clients. It enables pods to discover and communicate with each other dynamically while maintaining security and performance.
In this article, we will explore Kubernetes networking concepts, including Services, Ingress, and Network Policies, to help you manage traffic efficiently.
Kubernetes Networking Model
Kubernetes follows a flat networking model where:
- Every pod gets its own unique IP address.
- Pods in the same or different nodes can communicate without NAT.
- Services provide stable endpoints for pod communication.
To enable efficient communication, Kubernetes uses various networking components like Services, Ingress, and Network Policies.
Kubernetes Services
A Kubernetes Service provides a stable IP and DNS name for accessing a group of pods. It ensures reliable communication even if pod IPs change.
Types of Services
- ClusterIP (Default) – Exposes the service internally within the cluster.
- NodePort – Exposes the service externally on a static port of each node.
- LoadBalancer – Uses an external load balancer (cloud provider specific).
- ExternalName – Maps a service to an external domain.
Example: Creating a ClusterIP Service
apiVersion: v1
kind: Service
metadata:
name: my-service
namespace: default
spec:
selector:
app: my-app
ports:
- protocol: TCP
port: 80
targetPort: 8080
type: ClusterIP
This exposes my-app internally on port 80, forwarding traffic to port 8080 on matching pods.
Kubernetes Ingress
An Ingress is an API object that manages external access to services, usually via HTTP/HTTPS.
**Key Features of Ingress:
- Routes external requests to internal services.
- Supports SSL/TLS termination.
- Can perform path-based and host-based routing.
Example: Creating an Ingress Resource
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: example.com
http:
paths:
- path: /app
pathType: Prefix
backend:
service:
name: my-service
port:
number: 80
This routes example.com/app requests to my-service inside the cluster.
Network Policies
Network Policies control how pods communicate with each other and external entities. They act as firewall rules for Kubernetes networking.
Example: Allowing Traffic Only from Specific Pods
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-web
namespace: default
spec:
podSelector:
matchLabels:
app: web
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
role: frontend
ports:
- protocol: TCP
port: 80
This policy allows only frontend pods to access web pods on port 80.
Best Practices for Kubernetes Networking
- Use ClusterIP for internal services to reduce exposure.
- Use Ingress with TLS encryption for security.
- Implement Network Policies to restrict unwanted communication.
- Monitor network traffic using tools like
kubectl logsandkubectl port-forward.
Kubernetes networking is a crucial part of managing a cluster effectively. By understanding Services, Ingress, and Network Policies, you can build secure, scalable, and reliable applications.
