Kubernetes – Cluster IP vs Node-Port
The ClusterIP provides a load-balanced IP address. One or more pods that match a label selector can forward traffic to the IP address. The ClusterIP service must define one or more ports to listen on with target ports to forward TCP/UDP traffic to containers.
- This is the default service type that exposes the service on a cluster-internal IP by making the service only reachable within the cluster.
- A Cluster service is the default Kubernetes service. It gives you a service inside your cluster that other apps inside your cluster can access.
- There is no external process.
When to use Cluster IP?
- There are a few scenarios where you would use the Kubernetes proxy to access your services.
- debugging your services, or connecting to them directly from your laptop for some reason
- Allowing internal traffic, displaying internal dashboards, etc.
- Because this method requires you to run kubectl as an authenticated user, you should NOT use this to expose your service to the internet or use it for production services.
This exposes the service on each Node’s IP at a static port. Since a ClusterIP service, to which the NodePort service will route, is automatically created. We can contact the NodePort service outside the cluster.
- A Nodeport service is the most primitive way to get external traffic directly to your service.
- NodePort, as the same implies, opens a specific port on all the Nodes (the VMs), and any traffic that is sent to this port is forwarded to the service.
When to use Node Port?
- There are many downsides to this method
- You can only have one service per port
- You can only use ports 30,000-32,767
- If your Node/VM IP address change, you need to deal with that
- For these reasons, I don’t recommend using this method in production to directly expose your service. If you are running a service that doesn’t have to be always available, or you are very cost-sensitive, this method will work for you. A good example of such an application is a demo app or something temporary.