Pods are ephemeral with changing IPs, so you never target them directly. A Service gives a stable virtual IP and DNS name in front of a set of Pods selected by labels, load-balancing across them.

Service types:

• ClusterIP (default) — reachable only inside the cluster
• NodePort — opens a static port on every node
• LoadBalancer — provisions an external cloud load balancer

For HTTP, an Ingress (with an ingress controller like nginx) routes by host and path to Services — so one external IP serves many apps with TLS termination.

apiVersion: v1
kind: Service
metadata: { name: web }
spec:
  selector: { app: web }
  ports: [{ port: 80, targetPort: 8080 }]
  type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata: { name: web }
spec:
  rules:
    - host: app.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend: { service: { name: web, port: { number: 80 } } }

1. Create a ClusterIP Service selecting Pods labeled app=web.
2. Explain the difference between ClusterIP, NodePort, and LoadBalancer.
3. Add an Ingress routing a hostname to that Service.
4. Why can’t you just connect to a Pod’s IP directly?

• ↗ Kubernetes — Service