In a previous blog, I explained namespaces in Kubernetes, how to create a namespace, and the uses of namespaces. I have also mentioned the kind of services available in k8s. In this blog let's play around services in k8s to get some hands-on.
In Kubernetes, Services are objects that provide stable network identities to Pods and abstract away the details of Pod IP addresses. Services allow Pods to receive traffic from other Pods, Services, and external clients.
Before going straight away to tasks, let us recall the types of services in a tabular form so it becomes easy for memorization.
| Feature | ClusterIP | NodePort | LoadBalancer |
| Access | Only accessible within the cluster. | Accessible from within the cluster and from outside the cluster via a specific port on each node. | Accessible from within the cluster and from outside the cluster via a single IP address and port. |
| External Access | Not accessible from outside. | Accessible using the node's IP. | Accessible using public IP. |
| How does it work? | Assigns a virtual IP inside the cluster to the service. | Exposes the service on a static port on each worker node's IP. | Provisioning of an external load balancer. |
| Configuration | Not required. | 'nodePort' should be specified. | 'externalIPs' and 'ports' should be specified. |
| When to use it? | Services not requiring accessibility outside the cluster. | Services that need accessibility outside the cluster without scaling. | Services that need accessibility outside the cluster with scaling. |
| Example | Internal services, backend APIs. | Exposing apps to external users. | Production environments requiring external access. |
| Exposed Ports | A specific port within the cluster. | A static port on each worker node. | The port is provided by an external LB. |
| Availability | Service discovery and load balancing within the cluster. | Distributes traffic across worker nodes. | Utilizes external load balancer. |
| Infrastructure Dependency | Internal cluster networking. | Worker nodes' network configuration. | Cloud provider with LB support. |
I am performing today's activities on the same Django todo app that I used in the Django deployment project.
Let's start with the tasks.
Task 1: Create a NodePort Service for your todo-app Deployment from Day-32
Here in this task, we will use the service NodePort.
In the NodePort service type, the K8s control plane allocates a port range from 30000-32767.
Let's create a service named service.yml.
vim service.yml
In the text editor, write the following:
apiVersion: v1
kind: Service
metadata:
name: my-service
namespace: deploy1
spec:
type: NodePort
selector:
app: django-todo-app
ports:
- protocol: TCP
port: 80
targetPort: 8000
nodePort: 30009
Save and exit the editor.
Now let's apply this service to the K8s cluster using the:
kubectl apply -f service.yml
Let's verify if the service is created:
kubectl get svc -n=deploy1
To access the pod outside, we would need port 30009 open to the external world. So edit the inbound rules of the worker node.
Verify if the ToDo application is accessible using the node Public IP and the port you just opened.
And yes, the website is accessible! Yay!
Alternatively, you can use the command: "curl -L nodeIP:NodePort" in the controller node to verify if the application is running.
Task 2: Create a ClusterIP Service for accessing the todo-app from within the cluster.
Let's create a ClusterIP service in k8s, which is the default service type in k8s.
Create a manifest file named cluster-ip-service.yml.
Let's apply this ClusterIP to the k8s cluster. Also, check the service created using the 'kubectl get svc' command.
kubectl apply -f cluster-ip-servic.yml -n <namespace>
kubectl get svc -n <namespace>
Now let's try accessing the application internally. First, Connect to any of the pods using the following command:
kubectl exec -it <Pod_name> bash -n <namespace>
Let's create another Pod to test the service in the same namespace.
apiVersion: v1
kind: Pod
metadata:
name: podtest
namespace: deploy1
spec:
containers:
- name: busybox
image: busybox
command: ['sh', '-c', 'while true; do wget -q -O- my-django-app-cluster-ip:8000; done']
Apply this pod.yml to the k8s cluster. Along with this, I have opened port 10250 for the pod to be accessible.
kubectl apply -f pod-test.yml -n deploy1
Get into the pod using the following command:
kubectl exec -it test-pod -n deploy1 -- /bin/sh
Check the application connectivity inside the pod using clusterIP and port.
wget -qO- http:<clusterIP>:<Port>
And yay! The application is accessible. The ClusterIP service is successfully working in the k8s cluster.
Next, use the curl command to check the application connectivity.
curl -L PodIP:
We can connect to the application internally, using the clusterIP.
Task 3: Create a LoadBalancer Service for accessing the todo-app from outside the cluster
Create a load-balancer-service.yml file.
apiVersion: v1
kind: Service
metadata:
name: loadbalacer-service
namespace: deploy1
spec:
selector:
app: django-todo-app
ports:
- port: 80
targetPort: 8000
type: LoadBalancer
Let's apply this service to the k8s cluster and verify if the service is created using the:
kubectl apply -f load-balancer-service.yml -n <namespace>
kubectl get svc -n deploy1
Copy the port that is exposed for the load balancer and edit the inbound rules for your EC2 instance.
Connect to the application in your web browser using node-PublicIP:loadbalancer-port.
And yay! The application is connected via the port that is exposed through the load balancer service.
I was struck many times while doing this activity, and I referred to Abhisek Moharana's blog on Working with services! Please check out his blog!
In this blog, I have discussed different types of services in Kubernetes and how to create and manage them in this blog. If you have any questions or would like to share your experiences, feel free to leave a comment below. Don't forget to read my blogs and connect with me on LinkedIn and let's have a conversation.
To help me improve my blog and correct my mistakes, I am available on LinkedIn as Sneha K S. Do reach me and I am open to suggestions and corrections.
#Day34 #90daysofdevops