Every pod has its own ip address. Pod ip address cannot be accessed from outside world, because Pod ip address is from CNI (Container Network Interface), so ip address works only inside the cluster, not outside. Only Master and Node(s) ip addresses are seen from outside.
Service in Kubernetes is a bridge between outside world and Pod. Service contains its own virtual ip address and its own port for internal routing and port for outside access. Services proxies requests to pods. So, three things to remember about Service are :
- Service ip address (it is internal only)
- Service port (also internal)
- Service outside port (NodePort), for external use
The external request flow is: master/node IP: NodePort –> service IP: servicePort –> pod IP:podPort
kubectl expose pod <pod name> –name <service name> –port <service port> –target-port <pod port> –type NodePort – command for creating service; service port number can be arbitrary, target port value must match port that Pod is running on (for nginx – 80, for tomcat – 8080 etc); –type NodePort parameter tells Kubernetes to publish NodePort for outside access (see flow above), it is generated by Kubernetes automatically, NodePort range is 30_000 – 32_767. NodePort is used for outside requests, Kubernetes ties NodePort with master/node ip address. If –type NodePort parameter is missing, Pod will be accessed only within the cluster, not from outside. To summarize matches between external request flow and command parameters :
- –port – servicePort
- –target-port – podPort
kubectl get svc – command that shows services in the cluster, PORT(S) column shows <service port>:<NodePort>/<protocol>
Service is a cluster level concept, it exposes on every machine on the cluster.
To access port internally (via curl utility, for example), combination service IP:service port is used.
How is Service connected to the Pod ? When the Pod is exposed with the Service, Service uses Pod labels as Selector values to select the Pod. If there are no explicitly defined labels in the Pod, run=<pod name> label is used.
kubectl describe svc/service <service name> – command that shows thorough information about the Service
Above it was mentioned that if –type NodePort is missed, Pod will not be accessed from outside, only within the cluster. When can it be useful ? When one Pod communicates with another internally, inside the Cluster only. For example, for setting up communication with database Pod. Pod ip address is changeable, it will very much possibly differ after every Pod restart. Hence how can a connection to the database be established if ip address changes often ? Direct communication is not a solution. Service is appropriate solution. Service ip and port will be used for establishing connection with the database Pod. And database Pod does not have to be accessed from outside directly. That is why –type NodePort should be missed when creating the Service for accessing database Pod.