I have deployed a simple NodeJS server (which outputs hello world) in a docker container using minikube
I have assigned two services, namely ClusterIP and NodeportIP.
When I curl the NodePortIP from my host machine, I can see the output (i.e hello world)
When I just try to curl the Ip address of ClusterIP from my host machine, I still can see the output from my NodeJS server without any errors.
How this is even possible?
I think:
1.) ClusterIPs are only accessible through the cluster itself, that means I can be able to curl to the ClusterIP only after using minikube ssh. But still I can see the output even when I curl it from the host machine.
2.) NodePortIps enable to expose the application outside the cluster. But to what extent? Can someone from a different geographical area can also curl into that IP and access my application? Is that what exposing the application outside the cluster means?
Can someone help me by describing the extent of exposure these two ClusterIP and NodeportIP are referring to?
It all depends on the subnets and routes.
In general, if you can access a container, then you're either in the same network as the container, or there is a router or bridge between your network and the container network that manages the traffic.
So if your ClusterIPs are in the same network as the localhost, or if there is a router or bridge network that connects your localhost with the cluster network, then you can access your containers using ClusterIP. You're running minikube, so I suppose one of these is true.
In a normal k8s installation, ClusterIPs are in a separate subnet, and there are no bridges or routes that connect it to the outside network, so you cannot access containers using ClusterIP.
NodePort will open the same port on all the hosts, and as long as you can access the host via one of the networks it is on, you can reach that service.