Kubernetesdevops~5 mins

ClusterIP service type in Kubernetes - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Sometimes, you want your app inside a Kubernetes cluster to talk to each other but not be visible outside. ClusterIP service type helps by giving your app a private address inside the cluster for communication.

When you want to let different parts of your app talk inside the cluster but keep them hidden from the internet.

When you run a database inside Kubernetes and only your app should access it, not outside users.

When you have multiple microservices that need to connect to each other securely inside the cluster.

When you want to load balance traffic between pods but only inside the cluster network.

When you want to test internal communication between services without exposing them externally.

Config File - clusterip-service.yaml

clusterip-service.yaml

apiVersion: v1
kind: Service
metadata:
  name: my-app-service
  namespace: default
spec:
  selector:
    app: my-app
  ports:
    - protocol: TCP
      port: 80
      targetPort: 8080
  type: ClusterIP

This file creates a Service named my-app-service in the default namespace.

The selector matches pods with label app: my-app.

The service listens on port 80 and forwards traffic to port 8080 on the pods.

The type: ClusterIP means the service is only reachable inside the cluster.

Commands

This command creates the ClusterIP service in Kubernetes using the configuration file.

Terminal

kubectl apply -f clusterip-service.yaml

Expected OutputExpected

service/my-app-service created

This command checks that the service was created and shows its ClusterIP address inside the cluster.

Terminal

kubectl get services my-app-service

Expected OutputExpected

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE my-app-service ClusterIP 10.96.123.45 <none> 80/TCP 10s

This command shows detailed information about the service, including endpoints and ports.

Terminal

kubectl describe service my-app-service

Expected OutputExpected

Name: my-app-service Namespace: default Labels: <none> Annotations: <none> Selector: app=my-app Type: ClusterIP IP: 10.96.123.45 Port: 80/TCP TargetPort: 8080/TCP Endpoints: 10.244.1.5:8080,10.244.1.6:8080 Session Affinity: None Events: <none>

Key Concept

If you remember nothing else from this pattern, remember: ClusterIP service type exposes your app only inside the Kubernetes cluster for secure internal communication.

Common Mistakes

Setting the service type to NodePort or LoadBalancer instead of ClusterIP when internal-only access is needed.

This exposes the service outside the cluster, which can cause security risks or unwanted access.

Always use type: ClusterIP for services that should only be reachable inside the cluster.

Not matching the selector labels with the pod labels correctly.

The service will not find any pods to send traffic to, so it will have no endpoints and no traffic will flow.

Ensure the selector labels in the service exactly match the labels on the pods.

Trying to access the ClusterIP service from outside the cluster directly.

ClusterIP addresses are internal and not reachable from outside the cluster network.

Use port forwarding, a proxy, or change service type if external access is needed.

Summary

Create a ClusterIP service with a YAML file specifying selector, ports, and type ClusterIP.

Apply the service with kubectl apply and verify it with kubectl get services.

Use kubectl describe to see detailed info and confirm the service routes traffic to pods inside the cluster.