Kubernetes is a platform that manages containerized applications. Kubernetes offers different service types to help facilitate interaction between various elements within the cluster and users or applications in an external environment.
If you’re familiar with Kubernetes, you’ve probably heard the terms ClusterIP, NodePort, LoadBalancer, ExternalName, and Headless Service. These are the different types of services offered in Kubernetes. It is essential to understand them to effectively expose applications to the outside world. Depending on your use case and requirements, you can select the appropriate service type.
In this article, we will dive into the different service types in Kubernetes, how they differ, and how they work.
Key Takeaways:
- Kubernetes offers diverse service types such as ClusterIP, NodePort, LoadBalancer, ExternalName, and Headless, each serving specific communication purposes within and outside the cluster.
- ClusterIP assigns internal IP addresses for intra-cluster communication, NodePort exposes applications to external clients via specific ports on worker nodes, and LoadBalancer provides publicly accessible IP addresses for external traffic distribution.
- Choosing the appropriate service type in Kubernetes is crucial for optimizing application performance and accessibility, necessitating considering scalability, traffic distribution, and external access requirements.
Kubernetes Service: What are They and Why You Need Them
A Kubernetes service is a way to expose a network application that runs as one or more pods in a cluster. Different service types in Kubernetes allow the user to make a set of pods without making any changes to the existing application. The code can run in pods, whether cloud-native or older containerized apps.
Pods are the smallest deployable unit, making up a single instance of a process in a cluster. Given the self-healing nature of Kubernetes, pods are non-permanent resources in Kubernetes that can come and go as necessary. Kubernetes constantly checks and updates the desired number of copies of the app to ensure the cluster is running with accurate numbers. Pods are then created and destroyed to match as needed.
Because pods constantly change IP addresses, knowing they are going to the right places is essential. Services come in to provide an unchanging location for a group of pods. They ensure that the user has a central location to access their applications.
There are several types of services for Kubernetes. Learn more about them in the following sections.
Note:
Port names must only contain lowercase alphanumeric letters and -, just as Kubernetes names in general. An alphanumeric character must also appear at the beginning and end of port names. For example, 123-abc and web are acceptable names, but 123_abc and -web are not.
An In-Depth Look Into the Various Kubernetes Service Types
More organizations are adopting cloud-native applications daily, so faster deployment, scalability, and availability become crucial. Kubernetes offers a solution for organizations to more efficiently manage and scale containerized applications.
To deploy Kubernetes, the application’s requirements must be defined. These requirements include the kind of service you want to provide, the size and location of the clusters, and the expected application traffic.
Kubernetes Service types enable you to specify what kind of Service you want. Here’s an overview of the different Kubernetes Service Types:
To fully understand these service types, let’s dive further into each below.
ClusterIP - For Choosing Your IP Address
ClusterIP is a Kubernetes Service type that assigns an IP address from a reserved pool to help facilitate communication within the cluster. In this Service, access is limited only within the cluster. Using the specified TCP port, users can access the Service and forward the requests to another Pod on the targetPort.
If a Service has .spec.clusterIP set to “None,” Kubernetes will not assign an IP. Users can pick from a specific cluster IP or let Kubernetes allocate one. The chosen IP should be valid within the service-cluster-ip-range CIDR.
Kubernetes can help avoid IP collisions, which is vital to preventing conflicts with external network resources. ClusterIPs provide load-balanced internal IP addresses to forward the traffic inside the cluster.
Here’s an example manifest for this service:
apiVersion: v1
kind: Service
metadata:
name: my-cip-service
spec:
selector:
app: metrics
department: sales
type: ClusterIP
ports:
- protocol: TCP
port: 80
targetPort: 8080
NodePort - For Choosing Your Port
The NodePort Service Type exposes an application to external clients by opening a chosen port (ranging from 30000 to 32767) on all worker nodes. For example, if the NodePort is set to 30020, anyone who wants to access the application just needs to connect to the IP address of a worker node.
In this service type, there is no need for a configuration, and traffic is simply routed from a random port on the host to an arbitrary port on the container. The following is a sample manifest for NodePort:
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
type: NodePort
selector:
app.kubernetes.io/name: MyApp
ports:
- port: 80
# By default and for convenience, the `targetPort` is set to
# the same value as the `port` field.
targetPort: 80
# Optional field
# By default and for convenience, the Kubernetes control plane
# will allocate a port from a range (default: 30000-32767)
nodePort: 30007
The NodePort service is fairly easy to use, but it has its drawbacks, such as:
- Needing a reverse proxy for correct web routing
- Limiting one service per port
- Dynamic container hindering DNS resolution
NodePort is mainly recommended for demos and internal training because of its ability to illustrate traffic routing. It is also important to remember not to use this type of Service in production.
Fun Fact!
The port range for NodePort services in Kubernetes is typically between 30000 and 32767. This range was chosen to avoid conflicts with well-known ports and to provide a wide enough range for different services in a cluster.
LoadBalancer - Provides a Load Balancer for the Service
A LoadBalancer Service in Kubernetes limits the external exposure of applications to only cloud platforms that support it. Upon creating this Service, Kubernetes identifies the cloud platform and generates a load balancer with a unique but publicly accessible IP address. For example, Kubernetes creates an Elastic Load Balancer on AWS to disseminate traffic among the cluster nodes.
This Service type enhances the NodePort Service by adding a load-balancing functionality to distribute traffic among nodes. Doing so can help mitigate the impact of node failures or overloads on the system.
The user can look in the service’s .status.loadBalancer field to find information about the provisioned balancer. Below is an example of a manifest for the LoadBalancer Service Type:
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
selector:
app.kubernetes.io/name: MyApp
ports:
- protocol: TCP
port: 80
targetPort: 9376
clusterIP: 10.0.171.239
type: LoadBalancer
status:
loadBalancer:
ingress:
- ip: 192.0.2.127
The LoadBalancer handles different kinds of traffic, such as:
- HTTP
- TCP
- UDP
- GRPC
Handling these types of traffic makes this service type flexible for routing based on the destination port, protocol, or application labels. This flexibility can be a direct means to provide adequate load balancing and routing in Kubernetes deployments.
Note:
The cloud provider defines the set of protocols that can be used for load-balanced services; they may apply limits on top of what the Kubernetes API enforces.
ExternalName - For Creating a DNS Alias for a Service in Another Namespace
This type of service in Kubernetes is used to access services outside the clusters. It assigns a local name to an ExternalName service so that Kubernetes can automate the DNS resolution.
For example, if a Pod requests to connect to “db-prod,” Kubernetes will look for the ExternalName Service to discover its external name, like “db-prod.example.com.” Through this process, the app is safe from external service intricacies.
Here’s an example of a manifest for ExternalName:
apiVersion: v1
kind: Service
metadata:
name: my-service
namespace: prod
spec:
type: ExternalName
externalName: my.database.example.com
The prime advantage of using this service type lies in its ability to separate external service details, which helps eliminate the need for hardcoded IPs or domain names. Updates are also managed by modifying the ExternalName service definition, removing the need to change the application code.
Remember!
ExternalName may cause issues with standard protocols like HTTP and HTTPS, as the client's internal cluster hostname differs from the referenced ExternalName. This mismatch can lead to errors in HTTP requests and TLS certificate mismatches.
Headless Services - For Backend Tasks Without A User Interface
A Headless Service is another Kubernetes service where a ClusterIP is not allocated. In this case, the Service uses DNS to expose the IP addresses of the service’s pods. The DNS in a headless service can be configured depending on whether the service has selectors.
If the selectors are defined, the endpoint controllers adjust the DNS setup and create EndpointSlices through the Kubernetes API. This action results in the platform providing A or AAAA records (IPv4 or IPv6) that link to the service’s supporting pods.
The control plane doesn’t create EndpointSlice objects if the selectors are not defined. The DNS will configure the CNAME record or another record for endpoints with the same name as the service.
This type of Kubernetes service helps access services that are not in the Kubernetes cluster. The following is a sample manifest for a Headless service:
apiVersion: v1
kind: Service
metadata:
name: nginx
spec:
clusterIP: None
selector:
app: nginx
ports:
- name: http
port: 80
targetPort: 80
A headless Service is a great feature that provides the user more control over the communication with the Pods. It can also be a solution for service discovery because IP addresses can be added or removed in DNS once the user adds or removes a new pod.
Final Thoughts
Understanding how the different Kubernetes service types work is vital for effectively deploying, scaling, and monitoring applications in a cloud-native environment. These services provide diverse options for exposing and accessing applications, which are crucial for scaling and monitoring.
Choosing the correct type of service is a strategic decision based on your specific use case.
FAQs About Kubernetes Service Types
How do I deploy a service in Kubernetes?
You may create and manage deployment using the kubectl command line interface for Kubernetes. Kubectl communicates with the cluster via the Kubernetes API.
How do I access Kubernetes service from outside the cluster?
You can open a Kubernetes proxy between the external machine and the cluster to access the ClusterIp. Users can utilize kubectl to build such a proxy. When the proxy is up, you can use the internal IP address (ClusterIp) for that Service and directly connect to the cluster.
Where are services stored in Kubernetes?
Services in Kubernetes represented as REST objects, are stored in the etcd datastore. Etcd serves as the central repository, functioning as the single source of truth in the cluster. By keeping service information in etcd, Kubernetes ensures consistency and reliability in managing these objects' configuration data and state information.