Question

Different service types in kubernetes has always been confusing.

Can someone explain the concepts of clusterIP, NodePort and LoadBalancer?

Answer 1

ClusterIP

ClusterIP accesses the services through proxy. ClusterIP can access services only inside the cluster.

Nodeport

NodePort opens a specific port on each node of the cluster and traffic on that node is forwarded directly to the service.

LoadBalancer

All the traffic on the port is forwarded to the service, there's no filtering , no routing.

Hopefully these diagrams will give you a better understanding.

Comments

What is Kubenetes Ingress used for?

---

hello @Anoop,
Ingress is not exactly a service, it just sits in front of muliple servers and act as smart router. Its an abstraction over layet 7 load balancers. Ingress provides layer7 load balancing, SSL termination and name based virtual hosting.

Answer 2

To understand the types of services first lets understand what are services

services are basically collection of different pods having same set of functions. These are the services that are accessed by the clients/users.

You already know there are 3 types of service types:

- ClusterIP

- NodePort

- LoadBalancer

Lets talk about them one by one

ClusterIP:

ClusterIP is the default kubernetes service. This service is created inside a cluster and can only be accessed by other pods in that cluster. So basically we use this type of service when we want to expose a service to other pods within the same cluster. 

This service is accessed using kubernetes proxy.                                                                                  

apiVersion: v1
kind: Service
metadata:  
  name: my-internal-service
spec:
  selector:    
    app: my-app
  type: ClusterIP
  ports:  
  - name: http
    port: 80
    targetPort: 80
    protocol: TCP

Nodeport:

NodePort opens a specific port on your node/VM and when that port gets traffic, that traffic is forwarded directly to the service.

There are a few limitations and hence its not advised to use NodePort

- only one service per port

- You can only use ports 30000-32767

- Dealing with changing node/VM IP is difficult

apiVersion: v1
kind: Service
metadata:  
  name: my-nodeport-service
spec:
  selector:    
    app: my-app
  type: NodePort
  ports:  
  - name: http
    port: 80
    targetPort: 80
    nodePort: 30036
    protocol: TCP

LoadBalancer:

This is the standard way to expose service to the internet. All the traffic on the port is forwarded to the service. It's designed to assign an external IP to act as a load balancer for the service.  There's no filtering, no routing. LoadBalancer uses cloud service

Few limitations with LoadBalancer:

- every service exposed will it's own ip address 

- It gets very expensive 

Answer 3

A LoadBalancer service points to external load balancers and are not a part of cluster, they exist somewhere else.Google and AWS provide this facility

Whereas ingress is just set of rulesthat is passed to the controller that is listening to them. You need an ingress-controller that holds all the routing and traffic forwarding rules. Even a LoadBalancer service will listen to ingress provided the ingress-controller contains the required rules

Answer 4

Suppose I have a kubernetes cluster which has 3 services running on different pods on different nodes having different IP addresses. Let these services be frontend, backend and database.

Since every service is deployed on different pods having different internal-IP addresses it gets difficult to access the services as a developer. Using the service type as ClusterIP, a Global IP called ClusterIP is assigned to that cluster which is alive till the cluster is alive. This global IP uses set of iptables’s rules that maps ClusterIP to all pod’s internal IP. Using this clusterIP, we can access all the services associated with that cluster. This service type can be used in these possible cases-allowing internal traffic, testing a service or debugging the services.

If I want a specific service, let’s say, frontend to be exposed on all the nodes/VMs, I use NodePort as my service type. So what NodePort does is, it opens a port on all the nodes that are part of the cluster and the service i.e. my frontend gets exposed/deployed directly on these ports.

Now suppose one of my node crashes or for some reason stops working, I need the service running on that crashed port to be accessed by another node. In such a case I use the service type LoadBalancer. As the name suggests it balances the load on the cluster. LoadBalancer usually uses cloud platform such as GCP to create a component inside the cluster using Network load Balancer that generates a single IP address that will forward all the traffic to the service.