I’ve seen discussions on this topic scattered around the internet, so the idea of this post is to gather them all (at least, the most useful of them – imho) into 1 single chart, so they can be easily understood from a bird eyes’ view.
The illustration below shows how 2 types of
service can route public traffic into the
node: (1) a
service vs (2) a
There are of course other setups available (e.g. with a
service) but they are beyond the scope of this article.
NodePort setup, it is pretty straightforward: public requests pointing at the
node‘s public IP address & at the specified
port will be routed as per the
service‘s port mapping configuration.
externalIPs setup, at first it feels weird that the
externalIP is pointed to the
node‘s internal IP. However, if we really contemplate the corresponding k8s doc, we now understand that the
service targets the node whose IP address is the “destination IP” for public internet traffic coming into the cluster. Now it’s less weird.
So, in a sense, it feels like in the former case, public traffic is routed to the node directly, whereas in the latter case, public traffic is routed to the correct node through
ClusterIP by matching IP addresses. I’m not claiming this statement is backed by any official k8s documentation I’ve read so far (as this is k8s’ internal working), so I’d much appreciate any insight that “scientifically” explains how these routings work the way they do under the hood!