Part VI. Services and Networking

The last domain in the exam is named Services and Networking. It covers the Kubernetes primitives important for establishing and restricting communication between microservices running in the cluster, or outside consumers. More specifically, this domain covers the primitives Services and Ingresses, as well as network policies.

The following chapters cover these concepts:

• Chapter 21 introduces the Services resource type. You will learn how to expose a microservice inside of the cluster to other portions of the system. Services also allows for making an application accessible to end users outside of the cluster. This chapter doesn’t stop there. It also provides techniques for troubleshooting misconfigured Service objects.

• Chapter 22 starts by explaining why a Service is often not good enough for exposing an application to outside consumers. The Ingress primitive can expose a load-balanced endpoint to consumers accessible via HTTP(S).

• Chapter 23 explains the need for network policies from a security perspective. By default, Kubernetes’ Pod-to-Pod communication is unrestricted; however, you want to implement the principle of least privilege to ensure that only those Pods can talk to other Pods required by your architectural needs. Limiting network communication between Pods will decrease the potential attack surface.