+91 88606 33966            edu_sales@siriam.in                   Job Opening : On-site Functional Trainer/Instructor | Supply Chain Management (SCM)
External vs. Internal Access: NodePort vs. ClusterIP Services in Kubernetes

Kubernetes services are a crucial component in managing network communication between various parts of applications running within a Kubernetes cluster. They provide a stable endpoint for accessing pods, even as pods come and go due to scaling or failures. There are different types of services in Kubernetes, such as ClusterIP, NodePort, and LoadBalancer, each designed to fulfill specific networking requirements within a cluster. These services help ensure the reliability and accessibility of applications running in a dynamic containerized environment. But, in this blog, we will emphasize on ClusterIP and Node-port services.

ClusterIP Service

  • Exposure: A ClusterIP service is only accessible from within the Kubernetes cluster. It is mainly for pod to pod communication. It assigns an internal IP address and port to the service, and it’s only reachable from other pods inside the cluster.
  • Use Case: ClusterIP services are commonly used for internal communication between microservices within the cluster. They are not designed for external access.
  • Access: You access a ClusterIP service by using its ClusterIP and port within the cluster. For example, if your ClusterIP service has IP and port 80, other pods within the cluster can access it using

NodePort Service                                                          

  • Exposure: A NodePort service exposes your application on a specific port of all nodes in the cluster. It provides communication between applications within the cluster and external access to your service from outside the cluster. Each node in the cluster listens on the same port for incoming traffic, and this traffic is then forwarded to the Service’s ClusterIP and port.
  • Use Case: NodePort services are used when you need to expose your application externally or when you need to make your service accessible from outside the cluster, such as for web applications or APIs.
  • Access: You access a NodePort service by using any node’s IP address and the NodePort number. For example, if the NodePort is 31500, you can access the service at http://node-ip:31500. This allows external clients to reach your service.

In terms of execution, the primary difference is in how the traffic is routed:

  • ClusterIP: Traffic is routed directly to the pods associated with the service within the cluster. It doesn’t involve the nodes themselves. It’s suitable for internal communication within the cluster.
  • NodePort: you can think of NodePort in Kubernetes as a universal external traffic listener port for the pods within your cluster.  Traffic from external clients reaches the nodes first, and the nodes then forward the traffic to the pods. Each node listens on the NodePort, and traffic is distributed across nodes. It’s suitable for external access.

So, NodePort services are used when you need external access to your service, while ClusterIP services are used for internal communication within the cluster.

Let’s consider an example for the both types of services:

Create a deployment via yaml file , say my-deployment

Vi my-deployment.yaml

This will create a deployment for Nginx with 2 replicas.

kubectl apply -f my-deployment.yml

Now, create a Service , say my-service.yaml (default service- clusterIP)

4. Execute the following command to create a Service.

  kubectl apply -f my-service.yaml

5. Create a nodeport service, say nodeport-service.yaml , as following

Execute the following command to create a Service

                  kubectl apply -f nodeport-service.yaml

Get the details of the service by executing this command,

kubectl get svc

From this screenshot, there are two pods running that are of type clusterIP service and one is nodePort service. The external IP is none, as we cannot access them externally. We will demonstrate the working of the both clusterIP and Nodeport service in coming section.

Execute the following command to get the status of the pods.

                                         Kubectl get pods

For clusterIP service, as we have discussed , A ClusterIP service is only accessible from within the Kubernetes cluster or this service can be accessed via any of the pods.

Use the exec command to get into and execute the particular pod with which you want to expose the service. And then use the curl command: Port. After executing this command you will see that a nginx page will be visible

For NodePort service, first of all execute the following command to get the IP address of the pods running.

Kubectl get nodes

In the below screenshot you can see, any node’s IP address can be exposed to the external traffic via nodePort (which is randomly assigned between the range of 30000 to 32767). This NodePort port is opens for all nodes in the cluster. This means that the NodePort acts as a universal entry point for external traffic. You can access any pod associated with the service from outside the cluster by connecting to any node’s IP address on the NodePort. you are correct.

By using a node’s IP address followed by the NodePort number, you can access a service that has been exposed via NodePort in Kubernetes.

So, NodePort and ClusterIP in Kubernetes serve distinct purposes. NodePort exposes services externally, while ClusterIP is for internal cluster communication. Choose the right one based on your specific use case for an efficient Kubernetes deployment.

External vs. Internal Access: NodePort vs. ClusterIP Services in Kubernetes

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top