Introduction
Kubernetes networking is often cited as one of the most challenging aspects of container orchestration. This guide covers the three pillars: Services, Ingress, and Network Policies.
Services: Stable Endpoints for Dynamic Pods
ClusterIP Services
apiVersion: v1
kind: Service
metadata:
name: backend-api
spec:
type: ClusterIP
selector:
app: backend
ports:
- port: 80
targetPort: 8080
LoadBalancer Services
apiVersion: v1
kind: Service
metadata:
name: public-api
spec:
type: LoadBalancer
selector:
app: api
ports:
- port: 443
targetPort: 8443
Ingress: HTTP/HTTPS Traffic Management
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app-ingress
spec:
ingressClassName: nginx
tls:
- hosts:
- app.example.com
secretName: app-tls-secret
rules:
- host: app.example.com
http:
paths:
- path: /api
pathType: Prefix
backend:
service:
name: backend-api
port:
number: 80
Network Policies: Securing Pod Communication
Default Deny All
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-all
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
Allow Specific Ingress
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-frontend-to-backend
spec:
podSelector:
matchLabels:
app: backend
ingress:
- from:
- podSelector:
matchLabels:
app: frontend
ports:
- protocol: TCP
port: 8080
Troubleshooting
# Check endpoints
kubectl get endpoints my-service
# Test DNS
kubectl exec -it my-pod -- nslookup kubernetes.default
# Debug with netshoot
kubectl run netshoot --image=nicolaka/netshoot -it --rm -- bash
Conclusion
Master Services, Ingress, and Network Policies, and you'll have a solid foundation for building secure, scalable applications on Kubernetes.
Need Help with Your DevOps Infrastructure?
At InstaDevOps, we specialize in helping startups build production-ready infrastructure.
📅 Book a Free 15-Min Consultation
Originally published at instadevops.com
Top comments (0)