I’ve seen discussions on this topic scattered around the internet, so the idea of this post is to gather them all (at least, the most useful of them – imho) into 1 single chart, so they can be easily understood from a bird eyes’ view.
The illustration below shows how 2 types of service can route public traffic into the node: (1) a NodePort type service vs (2) a ClusterIP type service with spec.externalIPs.
There are of course other setups available (e.g. with a LoadBalancer type service) but they are beyond the scope of this article.
For the NodePort setup, it is pretty straightforward: public requests pointing at the node‘s public IP address & at the specified port will be routed as per the service‘s port mapping configuration.
For the ClusterIP + externalIPs setup, at first it feels weird that the service‘s externalIP is pointed to the node‘s internal IP. However, if we really contemplate the corresponding k8s doc, we now understand that the service targets the node whose IP address is the “destination IP” for public internet traffic coming into the cluster. Now it’s less weird.
So, in a sense, it feels like in the former case, public traffic is routed to the node directly, whereas in the latter case, public traffic is routed to the correct node through ClusterIP by matching IP addresses. I’m not claiming this statement is backed by any official k8s documentation I’ve read so far (as this is k8s’ internal working), so I’d much appreciate any insight that “scientifically” explains how these routings work the way they do under the hood!
References:
somewhere between Dev & Ops 