In this brief tutorial, which features the Kubernetes Bootcamp application and Azure Kubernetes Service, take an introductory look at internal and external Kubernetes cluster networking concepts.
To see the Kubernetes services that run insider the cluster, run the kubectl get service command in Cloud Shell. The type LoadBalancer indicates that a service has an external IP address, while the type ClusterIP means that the service is only accessible from within the Kubernetes cluster. The cluster IP address enables access to public and private resources from inside the Kubernetes cluster without exposing those resources to the internet.
The kubectl exec -it <Pod Name> command starts a Bash shell inside of the running container. Pass arguments to the Bash shell with --, followed by the arguments. In this Kubernetes cluster networking 101 video, we run curl against both Google.com and the Kubernetes Bootcamp service.
The command kubectl edit service <Service Name> enables admins to directly edit the network configuration in YAML format. In this video, we designate the service type as NodePort, which is a valid configuration option to map a port range to the Kubernetes service, but it does not grant an external IP address. These resources are accessible even when the external IP address is unavailable and when the cluster is inaccessible from the internet.
Next, we run the command kubectl get service <Service Name> -o yaml to view the cluster configuration in YAML format. Admins can also make impromptu network configuration changes on the fly, as well as discover the cluster's external IP address and then restrict access to that address when necessary. Note that the external IP address is assigned when the service is changed back to LoadBalancer. If the Kubernetes cluster must be internet-accessible, a DNS is critical.
Transcript - Explore the basics of Kubernetes cluster networking
Hello, today, we're gonna talk about networking in Kubernetes. So, to start off with, I'm going to show you I'm running the Kubernetes Bootcamp application. And we see it's running right there; it's got cluster IP and an external IP address. Now, the cluster IP is visible only inside of that service. And the external IP address is obviously visible to the internet. So, if I can go here and actually run that IP address on port 8080, and it says, "Hello bootcamp," running on this container, or running on this node, excuse me.
And I can confirm that by going back into Kubernetes and getting the pod that it's running on. So, first things first, what I'm gonna do is run this command, kubectl exec -it is for interactive terminal inside of the pod, which is the Bootcamp pod in this case. And everything after those double dashes is going to be an argument getting passed to that interactive terminal. So in this case, I'm running curl on google.com. And what that'll show you is that inside of the service can reach out to the internet, in this case to google.com.
Now, if I go ahead and grab my cluster IP address here and run that same command against the cluster IP and my application port, it's also going to get back what we got from the external IP address. So now let's see if we can break it a little bit. Let's go and edit the service. And this is gonna open up VI in the YAML configuration of our Kubernetes application. And I'm gonna go ahead and change this type LoadBalancer to type NodePort. Now LoadBalancer is the configuration for an external IP address, whereas NodePort is to set up a port range for your application. What this is going to do is effectively break the external IP address.
And if I run the same get service command on Bootcamp, and output that into a YAML, we see that the change was made successfully. So let's go ahead and get the service normally, and we see we don't have an external IP address anymore. Now if I go back here to my web browser and try and hit that again, just to confirm it's spinning, it's not going to hit it because the external IP address is no longer valid. Okay, so let's go back to our Cloud Shell here. And we still do have a cluster IP, which means we have something inside of the cluster we can use.
And if we run that, we see we still have access to the resources from inside the cluster, even though we don't have an external IP address. So let's go ahead and fix it. I'm gonna edit the service again, go down to the spec type, which is currently NodePort, and change that back to LoadBalancer. And if I run a get service one more time, I see that my external IP address is pending, which means it's coming back up. Now we're gonna go ahead and wait for this to continue the demo.
So now we've got our external IP address. Again, it's been reassigned, we can copy that off, go back to our web browser, and put that in on port 8080. And we see we're back to our Kubernetes Bootcamp landing page. All right, there we go. Thanks for watching.