0
0
Kubernetesdevops~10 mins

ClusterIP service type in Kubernetes - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - ClusterIP service type
Create Service YAML
kubectl apply -f service.yaml
Kubernetes API Server receives request
Service object created with ClusterIP
Kube-proxy configures iptables rules
Pods selected by label receive traffic
ClusterIP accessible only inside cluster
This flow shows how a ClusterIP service is created and how it routes traffic inside the Kubernetes cluster.
Execution Sample
Kubernetes
apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  type: ClusterIP
  selector:
    app: my-app
  ports:
  - port: 80
    targetPort: 8080
Defines a ClusterIP service named 'my-service' that routes port 80 to pods with label app=my-app on port 8080.
Process Table
StepActionResource StateResult
1Create service YAML fileNo service existsYAML file ready for apply
2Run kubectl apply -f service.yamlService object createdClusterIP assigned (e.g. 10.96.0.1)
3Kube-proxy updates iptablesiptables rules updatedTraffic to ClusterIP routes to pods
4Pod with label app=my-app receives trafficPod readyPod serves requests on port 8080
5Access service from inside clusterClusterIP reachableTraffic routed to pods successfully
6Access service from outside clusterClusterIP not reachableConnection refused or timeout
💡 ClusterIP service only routes traffic inside the cluster; external access is blocked.
Status Tracker
VariableStartAfter Step 2After Step 3After Step 5Final
Service ObjectNoneCreated with ClusterIPConfigured in iptablesActive and routableActive and routable
ClusterIP AddressNone10.96.0.1 (example)Used in routing rulesAccessible inside clusterNot accessible outside cluster
Pods with label app=my-appRunningRunningReady to receive trafficServing trafficServing traffic
Key Moments - 3 Insights
Why can't I access the ClusterIP service from outside the cluster?
ClusterIP services are designed to be reachable only inside the cluster network. As shown in execution_table step 6, external access is blocked by design.
How does traffic get routed to the correct pods?
Kube-proxy updates iptables rules (step 3) to route traffic sent to the ClusterIP to pods selected by the service's label selector.
What happens if no pods match the service selector?
The service will have no endpoints to route to, so traffic to the ClusterIP will fail or be dropped, even though the service object exists.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, at which step is the ClusterIP assigned to the service?
AStep 4
BStep 2
CStep 3
DStep 5
💡 Hint
Check the 'Resource State' column in step 2 where the service object is created with ClusterIP.
According to variable_tracker, what is the state of the pods after step 3?
APods are ready to receive traffic
BPods are not running
CPods are deleted
DPods are unreachable
💡 Hint
Look at the 'Pods with label app=my-app' row under 'After Step 3' column.
If you want the service to be accessible outside the cluster, what must change?
AKeep service type as ClusterIP and add more pods
BChange pod labels
CChange service type from ClusterIP to NodePort or LoadBalancer
DNothing, ClusterIP allows external access by default
💡 Hint
Refer to the exit_note and step 6 in execution_table about external access.
Concept Snapshot
ClusterIP Service Type in Kubernetes:
- Default service type for internal cluster access
- Assigns a stable internal IP (ClusterIP)
- Routes traffic to pods matching selector
- Not reachable from outside the cluster
- Used for internal communication between pods and services
Full Transcript
This visual execution shows how a Kubernetes ClusterIP service is created and functions. First, a YAML file defines the service with type ClusterIP and a selector for pods. Applying this YAML creates the service object and assigns a ClusterIP address. Kube-proxy then updates iptables rules to route traffic sent to this ClusterIP to the selected pods. Pods matching the label selector receive the traffic on the target port. The service is accessible only inside the cluster network; attempts to access it externally fail. Variables like the service object, ClusterIP address, and pod states change step-by-step as shown. Key points include understanding that ClusterIP is internal-only and routing depends on label selectors. The quiz tests knowledge of when ClusterIP is assigned, pod readiness, and how to enable external access.