What is Kubernetes ClusterIP?

· Category: Kubernetes

Short answer

ClusterIP is the default Kubernetes Service type. It exposes the service on an internal IP address reachable only from within the cluster, providing internal load balancing and DNS-based service discovery.

How it works

When you create a Service of type ClusterIP, Kubernetes assigns a virtual IP from a dedicated range. The kube-proxy on each node configures routing rules to forward traffic to healthy backend Pods. CoreDNS resolves the service name to this ClusterIP.

Example

apiVersion: v1
kind: Service
metadata:
  name: backend
spec:
  selector:
    app: backend
  ports:
  - port: 80
    targetPort: 8080
  type: ClusterIP

Why it matters

ClusterIP isolates internal traffic from the outside world, enforcing the principle of least privilege. It is the foundation for microservices communication inside Kubernetes and should be the default choice unless external access is required.

Key differences

  • ClusterIP: Internal only.
  • NodePort: Exposes on a static port on each node.
  • LoadBalancer: Provisions an external cloud load balancer.

Common issues

  • ClusterIP services are not reachable from outside the cluster without a proxy or port-forward.
  • Session affinity may not work as expected without sessionAffinity: ClientIP.
  • DNS resolution requires CoreDNS to be running.