What s the difference between ClusterIP NodePort and LoadBalancer service types in Kubernetes

Question

1 - I m reading the documentation and I m slightly confused with the wording  It says      ClusterIP  Exposes the service on a cluster-internal IP  Choosing this value makes the service only reachable from within the cluster  This is the default ServiceType      NodePort  Exposes the service on each Node   s IP at a static port  the NodePort   A ClusterIP service  to which the NodePort service will route  is automatically created  You   ll be able to contact the NodePort service  from outside the cluster  by requesting  lt NodeIP gt   lt NodePort gt        LoadBalancer  Exposes the service externally using a cloud provider   s load balancer  NodePort and ClusterIP services  to which the external load balancer will route  are automatically created    Does the NodePort service type still use the ClusterIP but just at a different port  which is open to external clients  So in this case is  lt NodeIP gt   lt NodePort gt  the same as  lt ClusterIP gt   lt NodePort gt    Or is the NodeIP actually the IP found when you run kubectl get nodes and not the virtual IP used for the ClusterIP service type   2 - Also in the diagram from the link below   http   kubernetes io images docs services-iptables-overview svg  Is there any particular reason why the Client is inside the Node  I assumed it would need to be inside a Clusterin the case of a ClusterIP service type    If the same diagram was drawn for NodePort  would it be valid to draw the client completely outside both the Node andCluster or am I completely missing the point

User · Answer

Lets assume you created a Ubuntu VM on your local machine. It's IP address is 192.168.1.104.

You login into VM, and installed Kubernetes. Then you created a pod where nginx image running on it.

1- If you want to access this nginx pod inside your VM, you will create a ClusterIP bound to that pod for example:

$ kubectl expose deployment nginxapp --name=nginxclusterip --port=80 --target-port=8080

Then on your browser you can type ip address of nginxclusterip with port 80, like:

http://10.152.183.2:80

2- If you want to access this nginx pod from your host machine, you will need to expose your deployment with NodePort. For example:

$ kubectl expose deployment nginxapp --name=nginxnodeport --port=80 --target-port=8080 --type=NodePort

Now from your host machine you can access to nginx like:

http://192.168.1.104:31865/

In my dashboard they appear as:

Below is a diagram shows basic relationship.

User · Answer

A ClusterIP exposes the following   spec clusterIp spec ports    port  You can only access this service while inside the cluster  It is accessible from its spec clusterIp port  If a spec ports    targetPort is set it will route from the port to the targetPort  The CLUSTER-IP you get when calling kubectl get services is the IP assigned to this service within the cluster internally  A NodePort exposes the following    lt NodeIP gt  spec ports    nodePort spec clusterIp spec ports    port  If you access this service on a nodePort from the node s external IP  it will route the request to spec clusterIp spec ports    port  which will in turn route it to your spec ports    targetPort  if set  This service can also be accessed in the same way as ClusterIP  Your NodeIPs are the external IP addresses of the nodes  You cannot access your service from spec clusterIp spec ports    nodePort  A LoadBalancer exposes the following   spec loadBalancerIp spec ports    port  lt NodeIP gt  spec ports    nodePort spec clusterIp spec ports    port  You can access this service from your load balancer s IP address  which routes your request to a nodePort  which in turn routes the request to the clusterIP port  You can access this service as you would a NodePort or a ClusterIP service as well

User · Answer

To clarify for anyone who is looking for what is the difference between the 3 on a simpler level  You can expose your service with minimal ClusterIp  within k8s cluster  or larger exposure with NodePort  within cluster external to k8s cluster  or LoadBalancer  external world or whatever you defined in your LB    ClusterIp exposure  lt  NodePort exposure  lt  LoadBalancer exposure   ClusterIp Expose service through k8s cluster with ip name port NodePort Expose service through Internal network VM s also external to k8s ip name port LoadBalancer Expose service through External world or whatever you defined in your LB

User · Answer

clusterIP   IP accessible inside cluster  across nodes within d cluster     nodeA   pod1   gt  clusterIP1  pod2   gt  clusterIP2 nodeB   pod3   gt  clusterIP3    pod3 can talk to pod1 via their clusterIP network    nodeport   to make pods accessible from outside the cluster via nodeIP nodeport  it will create keep clusterIP above as its clusterIP network    nodeA   gt  nodeIPA   nodeportX nodeB   gt  nodeIPB   nodeportX   you might access service on pod1 either via nodeIPA nodeportX OR nodeIPB nodeportX  Either way will work because kube-proxy  which is installed in each node  will receive your request and distribute it  redirect it iptables term   across nodes using clusterIP network    Load balancer   basically just putting LB in front  so that inbound traffic is distributed to nodeIPA nodeportX and nodeIPB nodeportX then continue with the process flow number 2 above

User · Answer

ClusterIP  Services are reachable by pods services in the Cluster   If I make a service called myservice in the default namespace of type  ClusterIP then the following predictable static DNS address for the service will be created       myservice default svc cluster local  or just myservice default  or by pods in the default namespace just  myservice  will work    And that DNS name can only be resolved by pods and services inside the cluster   NodePort  Services are reachable by clients on the same LAN clients who can ping the K8s Host Nodes  and pods services in the cluster   Note for security your k8s host nodes should be on a private subnet  thus clients on the internet won t be able to reach this service   If I make a service called mynodeportservice in the mynamespace namespace of type  NodePort on a 3 Node Kubernetes Cluster  Then a Service of type  ClusterIP will be created and it ll be reachable by clients inside the cluster at the following predictable static DNS address      mynodeportservice mynamespace svc cluster local   or just mynodeportservice mynamespace    For each port that mynodeportservice listens on a nodeport in the range of 30000 - 32767 will be randomly chosen  So that External clients that are outside the cluster can hit that ClusterIP service that exists inside the cluster  Lets say that our 3 K8s host nodes have IPs 10 10 10 1  10 10 10 2  10 10 10 3  the Kubernetes service is listening on port 80  and the Nodeport picked at random was 31852    A client that exists outside of the cluster could visit 10 10 10 1 31852  10 10 10 2 31852  or 10 10 10 3 31852  as NodePort is listened for by every Kubernetes Host Node  Kubeproxy will forward the request to mynodeportservice s port 80   LoadBalancer  Services are reachable by everyone connected to the internet   Common architecture is L4 LB is publicly accessible on the internet by putting it in a DMZ or giving it both a private and public IP and k8s host nodes are on a private subnet    Note  This is the only service type that doesn t work in 100  of Kubernetes implementations  like bare metal Kubernetes  it works when Kubernetes has cloud provider integrations    If you make mylbservice  then a L4 LB VM will be spawned  a cluster IP service  and a NodePort Service will be implicitly spawned as well   This time our NodePort is 30222  the idea is that the L4 LB will have a public IP of 1 2 3 4 and it will load balance and forward traffic to the 3 K8s host nodes that have private IP addresses   10 10 10 1 30222  10 10 10 2 30222  10 10 10 3 30222  and then Kube Proxy will forward it to the service of type ClusterIP that exists inside the cluster     You also asked  Does the NodePort service type still use the ClusterIP  Yes   Or is the NodeIP actually the IP found when you run kubectl get nodes  Also Yes   Lets draw a parrallel between Fundamentals   A container is inside a pod  a pod is inside a replicaset  a replicaset is inside a deployment   Well similarly  A ClusterIP Service is part of a NodePort Service  A NodePort Service is Part of a Load Balancer Service      In that diagram you showed  the Client would be a pod inside the cluster

User · Answer

And do not forget the  quot new quot  service type  from the k8s docu   ExternalName  Maps the Service to the contents of the externalName field  e g  foo bar example com   by returning a CNAME record with its value  No proxying of any kind is set up   Note  You need either kube-dns version 1 7 or CoreDNS version 0 0 8 or higher to use the ExternalName type

[kubernetes] What's the difference between ClusterIP, NodePort and LoadBalancer service types in Kubernetes?

Examples related to kubernetes

Examples related to containers

Examples related to kubernetes-service