cloudnative wiki

L04 — Services & Networking

2 min read

L04 — Services & Networking

Pods are ephemeral and get random IPs. Networking in Kubernetes is the layer that makes that chaos usable: stable virtual IPs, DNS names, ingress, and policy.

What you’ll understand after this level

  • Why a Service exists and what problem it solves (stable virtual IP + load balancing across a dynamic set of pods)
  • The four Service types: ClusterIP, NodePort, LoadBalancer, ExternalName
  • How DNS in Kubernetes works (CoreDNS, search paths, the cluster domain)
  • Ingress vs Service vs Gateway API — three layers, not the same thing
  • NetworkPolicy — the k8s-native way to control pod-to-pod traffic
  • CNI — how pods actually get IPs and L3 connectivity
  • EndpointSlices — the scalable version of the Endpoints API

Notes in this level

|| Note | Status | What’s in it | |------|--------|--------------| || Networking | 🟡 | Top-level mental model for k8s networking — the CNI model, namespaces, traffic flow | || Services | ✅ | The four Service types (ClusterIP, NodePort, LoadBalancer, ExternalName), headless services, session affinity, externalTrafficPolicy | || DNS | ✅ | CoreDNS, Service/Pod DNS names, ndots and the search path gotcha, headless DNS | || Ingress | ✅ | The HTTP routing layer, ingressClassName, TLS, path rewrites, Ingress vs Gateway API | || NetworkPolicy | ✅ | Pod-to-pod firewall rules, selectors, default-deny recipes, CNI-implementation differences | || CNI | ✅ | How Pods actually get IPs, overlay vs underlay, plugin comparison (Flannel, Calico, Cilium) | || EndpointSlices | 🟡 | Scalable endpoint tracking, topology hints, why it replaced Endpoints, the 100-endpoint limit | || Networking Deep Dive | ✅ | Pod-to-pod, pod-to-service, service-to-external — packet-level walkthroughs, NAT, hairpin |

Suggested reading order

  1. Services — the foundational object after a Pod
  2. DNS — how clients find Services (and the gotcha you’ll hit immediately)
  3. EndpointSlices — what the Service is actually pointing at
  4. Ingress — when you need HTTP routing from outside the cluster
  5. NetworkPolicy — when you start designing multi-tenant or hardened clusters
  6. CNI — understand the layer below all of this
  7. Networking Deep Dive — when you need to debug, not before

Where to go next

L05 — Config & Storage: services are configured and persistent data lives somewhere.

Graph View