Service

Well, we have a service running in replicas on several nodes

But is not reachable

We can expose its ports like
we would have made on Podman, right?

No.

When we work directly with a container engine we statically write rules to bind ports between the container and the host

Unluckily we do not have a single container,
we have several replicas of it

The fact that these containers are volatile
(node dies, container dies) does not help us

We need an additional component to deal with this issue

Services are thought for this purpose

A service defines a strategy to bind an external port
to a resource (e.g deployment)

There are 4 types of native service

ClusterIp
the port is associated to the internal cluster IP
NodePort
the port is exposed on each nodes IP
LoadBalancer
demands the port exposing to an external cloud load balancer
ExternalName
associates the service to a domain name (e.g. nginx.poul.org) as entry CNAME
🔗 further information about services

Services work exploiting a labeling system

When we deploy a resource we can associate to
this a list of key/value labels

Then when we will create the service we will provide
a selector based on these labels

The service routes the traffic to the pods
which expose the targets labels

Labels/selectors is convenient when we define the resources as yaml specifications and then apply them

Alternatively a command exists to do this for us

kubectl expose RESOURCE_TYPE RESOURCE_NAME --type=SERVICE_TYPE --port=PORT
expose
creates the required type of service
and bind them to the provided resource port

We want to expose the TCP port 80
of our deployment on each cluster node

kubectl expose deployment nginx --type=NodePort --port=80
service/nginx exposed

Let us check the new service

kubectl get services

NAME		TYPE		CLUSTER-IP		EXTERNAL-IP		PORT(S)			AGE
kubernetes	ClusterIP	10.96.0.1		<none>			443/TCP			1h
nginx		NodePort	10.110.73.33	<none>			80:31878/TCP	8m7s
	

We can identify a build-in service for the kube-api,
and the service we required

n.b. the node port on which to expose the service was chosen by the control plane

Now, we try to reach the service

curl 172.17.0.3:31878

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
[...]
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
[...]
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
	
n.b. we defined the service as NodePort so we can use any node IP to reach the service