CKA Day 9 — Kubernetes Services Explained
Day 9/40 of the Certified Kubernetes Administrator (CKA) Full Course by Tech Tutorials with Piyush. This video delivers a hands-on deep dive into Kubernetes Services — the abstraction that turns ephemeral Pods into stable, discoverable network endpoints.
Key Takeaways
Why Services Exist
Pods are inherently fragile: their IPs change on every restart. A Deployment with 3 Nginx Pods spread across nodes has no stable address for clients to reach. Services solve this by providing a stable virtual IP (ClusterIP) and DNS name that front a dynamic set of Pod backends. They make the architecture loosely coupled: front-end Pods talk to back-end Pods via a Service name, not hardcoded IPs.
The Three Ports You Must Know
Every Service definition involves three distinct port concepts:
| Port | What It Is | Who Uses It |
|---|---|---|
| targetPort | The port the container inside the Pod is actually listening on | The Service forwards traffic here |
| port | The port the Service exposes inside the cluster | Other Pods/services in the cluster |
| nodePort | A static port (30,000–32,767) exposed on every node’s IP | External users hitting the cluster from outside |
If unspecified, targetPort and port default to the same value. nodePort is only relevant for NodePort and LoadBalancer types.
Service Types in Depth
1. NodePort
- Exposes the Service on each node’s IP at a static port in the 30,000–32,767 range.
- Traffic hits
<NodeIP>:<nodePort>→ Service forwards totargetPorton a backend Pod. - Kubernetes internally load balances across Pods using a round-robin algorithm.
- Ideal for development, bare-metal clusters, or when you don’t have a cloud load balancer.
2. ClusterIP (Default)
- Assigns an internal IP address reachable only from within the cluster.
- Used for Pod-to-Pod communication (e.g., front-end talking to back-end, back-end talking to database).
- If you omit
typein the Service YAML, it defaults to ClusterIP. - Provides a stable DNS name (
<service-name>.<namespace>.svc.cluster.local) that survives Pod restarts.
3. LoadBalancer
- Extends NodePort by provisioning an external cloud load balancer (AWS ELB, Azure LB, GCP LB).
- Gives you a single public IP or DNS (e.g.,
myapp.com) instead of multiple node IPs. - On clusters without cloud-provider integration (like local Kind), creating a LoadBalancer Service results in
<pending>external IP and it falls back to behaving like a NodePort with an auto-allocated nodePort. - In Kind, you can simulate this with the
cloud-provider-kindbinary.
4. ExternalName
- Maps a Service to an external DNS name instead of selecting Pods.
- Type:
ExternalName; specifyexternalName: database.example.com. - Internal services can reference this Kubernetes Service name while the actual resolution happens to the external DNS.
- Useful for integrating external databases or APIs without hardcoding external URLs in application code.
Endpoints: The Dynamic Backend List
An Endpoint is simply the IP:port of a Pod that matches the Service’s selector. When a Pod restarts and gets a new IP, the Endpoints object is automatically updated by the Endpoint Controller.
kubectl get endpoints # List all endpoints
kubectl get ep # Short form
kubectl describe svc <name> # See endpoints attached to a serviceThis is the magic behind Service stability: the virtual IP stays the same, but the backend Pod list is continuously refreshed.
Imperative Service Creation
For speed on the CKA exam, use imperative commands instead of writing YAML from scratch:
# Expose a Deployment as a NodePort Service
kubectl expose deployment nginx-deploy --type=NodePort --port=80 --target-port=80 --node-port=30001
# Expose as ClusterIP (default)
kubectl expose deployment nginx-deploy --port=80
# Expose as LoadBalancer
kubectl expose deployment nginx-deploy --type=LoadBalancer --port=80These generate the underlying YAML automatically and are significantly faster under exam time pressure.
Kind Cluster Port Mapping Gotcha
Kind clusters run inside Docker containers, so NodePort services are not automatically accessible from the host. You must explicitly map ports in the Kind config:
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
extraPortMappings:
- containerPort: 30001
hostPort: 30001
protocol: TCPAfter recreating the cluster with this config, localhost:30001 routes into the Kind node and hits the NodePort Service. This is a Kind-specific limitation — on cloud VMs, bare metal, or the CKA exam, NodePort works without extra configuration.
kubectl Productivity Hacks
# Set a persistent alias
alias k='kubectl'
# Add to ~/.bash_profile for persistence
source ~/.bash_profile
# Enable bash completion + shortcut expansions
source <(kubectl completion bash)
alias k='kubectl'
complete -o default -F __start_kubectl kThese save keystrokes and enable tab completion for rapid command execution.
See Also
Wiki Concepts
- Kubernetes Services — comprehensive overview and YAML patterns
- Kubernetes Service Types — deep dive into ClusterIP, NodePort, LoadBalancer, ExternalName
- Pod Fundamentals — why Pods need Services (ephemeral IPs)
- Deployment, ReplicaSet & Replication Controller — the workloads that Services expose
- Kind Cluster Setup — port mapping for NodePort in local clusters
- Kubernetes Architecture — kube-proxy and service routing
- CKA Certification — exam domains where Services appear
- CKA Study Roadmap — Day 9 in the 40-day plan
Related Sources
- CKA Day 8 — Deployments, ReplicaSets & Replication Controllers — prerequisite workload controllers
- CKA Day 7 — Pod Explained — Pod lifecycle and IP behavior
- CKA Day 6 — Kind Multi-Node Cluster Setup — local cluster prerequisite
Creator / Entity
- Tech Tutorials with Piyush — CKA 40-day challenge series