Kubernetes Services and Ingress for traffic routing

Ryan Nakamura Feb 2026
2 tabs
# ClusterIP Service (internal only)
apiVersion: v1
kind: Service
metadata:
  name: web-app
  namespace: production
  labels:
    app: web-app
spec:
  type: ClusterIP
  selector:
    app: web-app
  ports:
    - name: http
      port: 80
      targetPort: 3000
      protocol: TCP

---
# NodePort Service (external via node ports)
apiVersion: v1
kind: Service
metadata:
  name: web-app-nodeport
  namespace: production
spec:
  type: NodePort
  selector:
    app: web-app
  ports:
    - port: 80
      targetPort: 3000
      nodePort: 30080

---
# LoadBalancer Service (cloud LB)
apiVersion: v1
kind: Service
metadata:
  name: web-app-lb
  namespace: production
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: nlb
    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
spec:
  type: LoadBalancer
  selector:
    app: web-app
  ports:
    - port: 443
      targetPort: 3000
      protocol: TCP

---
# Headless Service (for StatefulSets / direct pod DNS)
apiVersion: v1
kind: Service
metadata:
  name: db-headless
  namespace: production
spec:
  clusterIP: None
  selector:
    app: database
  ports:
    - port: 5432
      targetPort: 5432
2 files · yaml Explain with highlit

Kubernetes Services provide stable networking for ephemeral Pods. A ClusterIP service exposes Pods internally within the cluster. NodePort opens a static port on every node for external access. LoadBalancer provisions a cloud load balancer. Services use selector labels to discover target Pods. The targetPort maps to the container port, while port is the service port. Ingress resources route external HTTP/HTTPS traffic to services based on host and path rules. Ingress controllers like nginx-ingress or traefik implement the routing. TLS termination uses secretName referencing a TLS certificate Secret. Path-based routing directs different URLs to different services. Annotations configure controller-specific behavior like rate limiting and CORS.