Kubernetes Services: Network Abstraction & Service Discovery
Services abstract a set of Pods behind a stable IP and DNS name. ClusterIP, NodePort, LoadBalancer, and ExternalName enable flexible networking patterns.
Kubernetes Services: Network Abstraction & Service Discovery
Services abstract a set of Pods behind a stable IP and DNS name. ClusterIP, NodePort, LoadBalancer, and ExternalName enable flexible networking patterns.
What you'll learn
- Services provide stable DNS names and load balancing for ephemeral Pods
- ClusterIP is default and best for internal communication; NodePort/LoadBalancer for external access
- Label selectors dynamically choose which Pods are part of a Service; changes are reflected immediately
- Never rely on in-memory session state; sessionAffinity is a code smell indicating stateful design
Lesson outline
Why Services?
Pods are ephemeral: they die and get replaced constantly. Services provide a stable endpoint (IP + DNS) that abstracts away Pod churn.
A Service is a load balancer that routes traffic to a set of Pods selected by labels. The kube-proxy implements this routing via iptables, IPVS, or eBPF.
Service Types: ClusterIP, NodePort, LoadBalancer, ExternalName
ClusterIP: Default. Service is only accessible from inside the cluster via a stable IP and DNS name (e.g., my-svc.default.svc.cluster.local).
NodePort: Exposes the Service on every node at a fixed port. Accessible from outside the cluster via <node-ip>:<node-port>. Used for development/testing.
LoadBalancer: Requests a cloud provider load balancer (AWS ELB, Azure LB, GCP LB) to front the Service. External traffic reaches the LB, which routes to the Service.
ExternalName: Maps a Service to a DNS CNAME. Useful for bridging external systems into the cluster.
Service Discovery: DNS
Every Service gets a DNS name in the cluster: <service-name>.<namespace>.svc.cluster.local. CoreDNS resolves these names to the Service IP.
Applications can use the DNS name instead of hardcoding IPs. This decouples services from their physical locations.
Selector-based Routing
A Service uses a label selector to choose which Pods it routes to. When a Pod matches the selector, it is added to the Service endpoint list.
The kube-proxy watches for endpoint changes and updates routing rules in real-time.
Session Affinity
By default, traffic is load-balanced across all endpoints. With sessionAffinity: ClientIP, requests from the same client go to the same Pod.
Useful for session state, but breaks horizontal scaling principles. Better to externalize state.
Key takeaways
- Services provide stable DNS names and load balancing for ephemeral Pods
- ClusterIP is default and best for internal communication; NodePort/LoadBalancer for external access
- Label selectors dynamically choose which Pods are part of a Service; changes are reflected immediately
- Never rely on in-memory session state; sessionAffinity is a code smell indicating stateful design
💡 Analogy
A Service is like a restaurant reservation system. Pods are the individual tables (ephemeral, may be removed). The Service is the phone number people call (stable, DNS-resolvable). The maitre d' (kube-proxy) maintains the list of available tables and routes calls to whichever is free. ClusterIP is an internal phone line (only works in-house). NodePort is a public phone number with an extension. LoadBalancer is hiring an external receptionist to handle overflow calls.
⚡ Core Idea
Service = stable IP + DNS name + load balancer for ephemeral Pods. kube-proxy implements routing via iptables/IPVS. Services are the only reliable way to address workloads in K8s.
🎯 Why It Matters
Services are how you make Pods discoverable and routable. Without them, Pod churn would break all inter-service communication. In production, understanding service types and networking is critical for exposing applications.
Ready to see how this works in the cloud?
Switch to Career Paths for structured paths (e.g. Developer, DevOps) and provider-specific lessons.
View role-based pathsSign in to track your progress and mark lessons complete.
Discussion
Questions? Discuss in the community or start a thread below.
Join DiscordIn-app Q&A
Sign in to start or join a thread.