Chapter 7. Services & Networking

In Chapter 2, “Core Concepts”, we learned that you can communicate with a Pod by targeting its IP address. It’s important to recognize that Pods’ IP addresses are virtual and will therefore change to random values over time. A restart of a Pod will automatically assign a new virtual cluster IP address. Therefore, other parts of your system cannot rely on the Pod’s IP address if they need to talk to one another.

The Kubernetes primitive Service implements an abstraction layer on top of Pods, assigning a fixed virtual IP fronting all the Pods with matching labels, and that virtual IP is called Cluster IP. This chapter will focus on the ins and outs of Services, and most importantly the exposure of Pods inside or outside of the cluster depending on their declared type.

By default, Kubernetes does not restrict inter-Pod communication in any shape or form. You can define a network policy to mitigate potential security risks. Network policies describe the access rules for incoming and outgoing network traffic to and from Pods. By the end of this chapter, you will have a basic understanding of its functionality based on common use cases.

At a high level, this chapter covers the following concepts:

• Service

• Deployment

• Network Policy