Can I guarantee the "kubernetes" Service will retain a consistent ClusterIP following cluster creation even if I attempt to modify or recreate it?

Question

A few of our Pods access the Kubernetes API via the "kubernetes" Service. We're in the process of applying Network Policies which allow access to the K8S API, but the only way we've found to accomplish this is to query for the "kubernetes" Service's ClusterIP, and include it as an ipBlock within an egress rule within the Network Policy.

Specifically, this value:

kubectl get services kubernetes --namespace default -o jsonpath='{.spec.clusterIP}'

Is it possible for the "kubernetes" Service ClusterIP to change to a value other than what it was initialized with during cluster creation? If so, there's a possibility our configuration will break. Our hope is that it's not possible, but we're hunting for official supporting documentation.

Answer 1

yes that is possible

if specify clusterIP in your service yaml file(Service.spec.clusterIP), the ip address of your service will not be random and always will be same. service yaml should be like this:

apiVersion: v1
kind: Service
metadata:
  name: web
  namespace: default
spec:
  clusterIP: 10.96.0.100
  ports:
  - name: https
    port: 443
    protocol: TCP
    targetPort: 80
  type: ClusterIP

be careful ip you choose should be unassigned in your cluster.

Answer 2

The short answer is no.

More details :

• You cannot change/edit clusterIP because it's immutable... so kubectl edit will not work for this field.

• The service cluster IP can be changed easly by kubectl delete -f svc.yaml, then kubectl apply -f svc.yaml again.

• Hence, never ever relies on service IP because services are designed to be referred by DNS :

  • Use service-name if the communicator is inside the same namespace
  • Use service-name.service-namespace if the communicator is inside or outside the same namespace.
  • Use service-name.service-namespace.svc.cluster.local for FQDN.