Open in app

Sign in

Write

Sign in

How the traffic gets from the public internet to the Kubernetes pod. DevOps interview question.

Andrey Byhalenko
3 min readAug 26, 2024

--

The question “Explain how traffic gets from the public internet to the Kubernetes pod” is quite common in the technical DevOps interviews.

A correct and detailed answer to this question shows how familiar a DevOps engineer is with the processes of Kubernetes.

In this article, I will go through this process, assuming I am running Kubernetes on AWS EKS.

The short answer can be summarized as:

User Request → DNS → ELB → Ingress Controller (Optional) → Kubernetes Service → Pod.

This setup allows traffic from the public internet to reach a specific pod running within your EKS cluster. The ELB and Ingress Controller manage the external exposure, while Kubernetes services manage the internal routing to the correct pod.

Let’s dig into the details.

1. DNS Resolution

When a user attempts to access your application via a domain name, the DNS system resolves this domain to an IP address. This IP address typically belongs to an Elastic Load Balancer (ELB) provided by AWS.

2. Elastic Load Balancer

EKS integrates with AWS services, including ELB (Elastic Load Balancer). The ELB distributes incoming traffic across multiple targets, such as EC2 instances and, in this case, Kubernetes pods. The ELB can be configured as an Application Load Balancer (ALB) for HTTP/HTTPS traffic or a Network Load Balancer (NLB) for TCP/UDP traffic.

The ELB has a public IP address that is accessible from the internet. When the DNS resolves the domain name to this IP address, the traffic is routed to the ELB.

3. Ingress Controller (Optional)

In Kubernetes, an Ingress resource defines rules for routing external traffic to services within the cluster. The Ingress Controller is responsible for fulfilling these rules. On EKS, you might use an ALB Ingress controller, which integrates with AWS’s ALB to route traffic based on the Ingress rules.

The Ingress controller listens for incoming traffic on the ELB and routes it to the appropriate Kubernetes service based on the specified Ingress rules (e.g., path-based routing, host-based routing).

4. Kubernetes Service

Within Kubernetes, services abstract access to pods. Depending on how the service is exposed, it will either:

  • ClusterIP: Route traffic only within the cluster.
  • NodePort: Expose the service on a specific port on each node in the cluster.
  • LoadBalancer: Provision a cloud load balancer (like ELB) to route external traffic to the service.

The service routes incoming traffic to the appropriate pods using a mechanism called kube-proxy, which forwards the traffic based on IP tables.

5. Network Traffic within EKS

Once the service receives the traffic, it forwards it to one of the pods that match the service’s selector. The pod’s IP address is managed by the Kubernetes networking model.

On EKS, the AWS VPC CNI (Container Networking Interface) plugin is used, which provides each pod with an IP address within the VPC, enabling communication within the cluster and with external services.

6. Pod Receiving Traffic

Finally, the pod running your application receives traffic. The application inside the pod processes the request and sends back a response, which is routed back through the service, Ingress Controller (if applicable), and the ELB back to the client.

Why the Ingress Controller is optional:

The need for an Ingress Controller depends on how you want to expose your services to external traffic and the complexity of your routing requirements.

Without an Ingress Controller: Suitable for simple setups where each service can have its own ELB (LoadBalancer service) or where you manage routing through external load balancers with NodePort service.

With an Ingress Controller: Ideal for more complex applications with multiple services, needing advanced routing, centralized management, and cost efficiency by using fewer ELBs.

If you like my articles, join my newsletter, and you will receive weekly DevOps tutorials, articles, and tips every Saturday.

As a bonus, you will receive a free step-by-step DevOps CI/CD project, which you can use in your portfolio.

Subscribe here: https://junior-devops-hub.ck.page

Kubernetes
DevOps
Interview
Technology
Technical Interview

--

--

Andrey Byhalenko

Written by Andrey Byhalenko

2.9K Followers

I'm a DevOps Engineer, Photography Enthusiast, and Traveler. I write articles aimed at junior DevOps engineers and those aspiring to become DevOps engineers.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams