Hi Leeren. Thanks for the kind words. I’m glad you found the article useful. That first diagram illustrates an internal client (client pod 2) connecting to a server pod via the cluster IP. The important point is that since pods can move around the only machinery that knows how to get packets to the healthy pods which implement a service are the iptables rules maintained by the kubelet. The following paras bring up an external client only for the purpose of making a hypothetical point, i.e. that one way or another packets from external clients have to hit the node interface and trigger the same iptables rules. They cannot do this directly, of course, for the reason you point out. Thus nodeports.