I have a Kubernetes cluster with the followings:
Now, I have the cluster IP of the service:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 5d3h
svc-clusterip ClusterIP 10.98.148.55 <none> 80/TCP 16m
Now I can see that I can access this service from the host (!) - not within a Pod or anything:
$ curl 10.98.148.55
Hello world ! Version 1
The thing is that I'm not sure if this capability is part of the definition of the ClusterIP service - i.e. is it guaranteed to work this way no matter what network plugin I use, or is this plugin-dependant.
The Kubernetes docs state that:
ClusterIP: Exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable from within the cluster. This is the default ServiceType
It's not clear what is meant by "within the cluster" - does that mean within a container (pod) in the cluster? or even from the nodes themselves as in the example above?
does that mean within a container (pod) in the cluster? or even from the nodes themselves
You can access the ClusterIP from KubeNode and pods. This IP is a virtual IP, and It only works within the cluster. One way it works is ( apart from CNI), Using Linux kernel's iptables/IPVS feature it rewrites the packet with Pod IP address and Load balances among the pods. These rules are maintained by KubeProxy