Lesson 9: Exposing apps — LoadBalancer, Ingress & DNS
In the previous lesson we met a ClusterIP Service — a stable address and DNS name that connect to the Pods, but only from inside the cluster. Now the question is how a visitor from the outside (the internet) reaches the application. We will meet three tiers of exposure: ClusterIP stays internal only
ClusterIP is an internal office phone; LoadBalancer is an external number anyone can dial; and Ingress is the building lobby that sends each visitor to the right office by the name on the door.
- Ingress
- An object that routes external HTTP/HTTPS traffic to internal Services by host name and path. It provides a single entry point for many applications. It needs an Ingress Controller running in the cluster to enforce the rules.
- LoadBalancer
- A Service type that asks the cloud provider for a real external IP and balances traffic at the network level (L4) to that Service's Pods. This makes the application reachable from outside the cluster.
- Cluster DNS
- An internal DNS service that resolves Service names to IP addresses inside the cluster. A full name looks like: <service>.<namespace>.svc.cluster.local, e.g. web.default.svc.cluster.local.
- ClusterIP
- The default Service type: a stable virtual IP reachable only from inside the cluster. Great for communication between internal components, but not reachable from outside.
- NodePort
- A Service type that opens a fixed port on every node in the cluster, so the Service is reachable via a node's address and that port. A simple but crude way to expose externally.