### **7.7 - How to access your applications from the outside**

When you deploy an application like Airflow in your kubernetes cluster, your web server will run inside a

POD. In order to access your web server from the outside of your cluster, Kubernetes offers you many

different ways

more or less complex, depending on your use case.

Let me give you a quick overview of the possibilities.

So let’s imagine that you have a kubernetes cluster with pods running a web server.

In theory you could talk directly to these pods but what happens if the node running your pods dies?

Well the pods die with it and kubernetes will create new ones with different IPs and so you won’t

be able to reach out the web server with the same IP than before.

As you may guess it's not really practical and it will be better to have a fixed IP address

whatever happens with the nodes. That’s exactly the problem

a service solves. Just as a quick reminder, a service is an abstraction

defining a set of Pods running somewhere in your cluster. When created, the service gets a unique IP

address also called ClusterIP. This address will not change while the service is alive and allows for

apps running inside your kubernetes cluster to talk to each other.

Normally it’s not possible to access a ClusterIP service from the internet unless you use the kubernetes

proxy.

It’s really not a recommended way since you need run kubectl as an authenticated user for starting

the proxy.

This way is only for debugging your services. Nonetheless,

I really wanted to give you a quick reminder about services and what is a ClusterIP.

That being said, let’s move to real ways of accessing your cluster from the outside.

The first and most primitive way to get external traffic directly to your service is by using a Node

Port service.

As you may guess by its name, the NodePort service opens a specific port on all the nodes and any traffic

that is sent to that port is forwarded to the service.

That’s what you can see from the example here,

where the external traffic is sent to the port 31000 and then forwarded to the service having access

to the pods.

If you are wondering why the port number is so high, it’s because you can only use ports between 30000

and 32767. Also, NodePort has a major drawback which is, if

a node ip address change, you won’t be able to access your app anymore. Your external access is

tied up to the ip address of your nodes. As a best practice,

you shouldn’t use this solution in production.

It’s more suitable for apps that do not need to be always available like a demo for example.

The second way of exposing your service to the internet is by using a Load Balancer service. The Load

Balancer depends on your cloud provider but in general you will get an IP address that you can use to

access your service. All the external traffic will be forwarded to the service.

The big problem with the load balancer is that each service you expose with a load balancer gets its

own ip address for which you have to pay.

If you have many services to expose, this can become quite expensive.

Finally, the last way we gonna see is through the use of an Ingress. Unlike the previous solutions,

Ingress is not a service but should be more seen as an entrypoint

where the external traffic is sent to the correct service according to the route used. The traffic routing

is controlled by rules defined on the Ingress resource. In the following example,

if from your web browser you tried to reach this link, then the Ingress we redirect your traffic

to the following service in order to return the expected application.

This allows you to have many different services, configured in various ways to fit with your needs. An

Ingress can be configured to give Services externally-reachable URLs, load balance traffic, terminate

SSL/TLS, and offer named based virtual hosting. Despite the fact that using an ingress is the

most powerful and robust way to expose your services,

it can also be the most complicated to set up.

Nonetheless, I strongly recommend to go this way if you plan to use Kubernetes in production.

All right now you have a better view of the different ways of exposing your services and make them available

from the outside of your cluster.

Let's move forward to deploy the Nginx ingress.

See you in the next video.
