Services & Networking

In the context of the CKA exam, Services and Networking form the backbone of cluster communication. Because Pods are ephemeral and their IP addresses change, **Services** define a logical set of Pods and a policy to access them. You must understand the four primary Service types: **ClusterIP** (default, for internal communication), **NodePort** (exposes the service on each Node's IP at a static port), **LoadBalancer** (integrates with cloud providers to provision external load balancers), and **ExternalName** (maps services to DNS names). **Cluster DNS** (CoreDNS) is critical; you must know how Services and Pods resolve names (e.g., `service.namespace.svc.cluster.local`) and how to debug resolution issues using tools like `nslookup`. For HTTP/HTTPS routing, **Ingress** allows you to expose services based on hostnames or paths (Layer 7 routing). This requires deploying an **Ingress Controller** (like NGINX) and defining Ingress resources. Unlike NodePort, Ingress provides a single entry point for multiple services. Security is handled via **Network Policies**, which act as an in-cluster firewall. By default, all pod traffic is allowed. You need to know how to construct policies using labels and selectors to restrict **Ingress** (incoming) and **Egress** (outgoing) traffic. Crucially, Network Policies require a CNI plugin that supports them (e.g., Calico or Cilium); simple plugins like Flannel do not enforce them. Finally, you must understand the **CNI (Container Network Interface)** architecture, specifically how the kubelet delegates network configuration to plugins to ensure every Pod gets a unique IP address within the cluster network. In the context of the CKA exam, Services and Networking form the backbone of cluster communication. Because Pods are ephemeral and their IP addresses change, **Services** define a logical set of Pods and a policy to access them. You must understand the four primary Service types: **ClusterIP** (def…