copilot

Kubernetes Service Types: The Bodyguards of Kubernetes Pods

Tyler Au
7 minutes
January 23rd, 2025
Tyler Au
7 minutes
January 23rd, 2025

What are the Kubernetes Service Types?

In a weird way, Kubernetes is much like the film: moving parts work together to achieve a central goal. A film’s director can be seen as a Kubernetes control plane, with actors playing the role of pods. Much like a movie director, Kubernetes itself can’t do it all; services exist within Kubernetes and are responsible for automatically executing certain tasks. Different Kubernetes services types facilitate access to and from clusters, providing communication and exposure assistance for pods.

Creating and disabling access to internal and external services are some of the primary functions of Kubernetes networking services. Working within the film analogy, these different services can be seen as bodyguards for a high-profile actor, each with a different role within the underlying team. The services in Kubernetes are as follows:

  • ClusterIP
  • NodePort
  • LoadBalancer
  • ExternalName

Working within the scope of Kubernetes nodes and pods, these services are designed to enhance traffic allocation and external access to clusters. That being said, why are these aspects so important in relation to nodes and pods?

Kubernetes Nodes and Pods

To understand why different Kubernetes services are needed, you first have to have a grasp on the parts that are serviced. 

The main function of Kubernetes is to manage your containerized workloads, the orchestration service does so by placing your containers into pods. Pods are a group of one or more containers that run an application. Pods are small but mighty: despite being the smallest unit within Kubernetes, pods house not only containers, but also their storage, networking resources, services, and more. Anything a container would need, a pod has. 

Where a pod is a toy car, a node is the battery that powers it. Nodes are a physical or virtual machine that provides power to run pods, providing all the resources needed for pods to operate. Outside of this crucial aspect of Kubernetes, nodes are also responsible for enabling and facilitating communication within a cluster’s control plane, as well as providing networking.

While node-pod operations seem relatively foolproof, a huge obstacle for developers working within Kubernetes are the design of pods themselves. Pods were designed to be disposable. Once created, a pod is automatically scheduled to run until:

  • The pod’s tasks is executed successfully
  • The pod becomes corrupt and fails
  • The node itself fails
Image courtesy of Matthew Palmer

Once any of these scenarios occur, that pod is destroyed and replaced with a new one. While this aspect was designed to encourage optimize resource allocation and increase application uptime, resources within the pod (specifically their IP addresses) are destroyed. Kubernetes services combat this by creating everlasting pod IP addresses that act as internal and external connectors. In addition, Kubernetes services act as an important bridge between clusters and valuable external resources. 

Kubernetes Service Discovery Types and Functions

As previously mentioned, a Kubernetes pod can be thought of as a “high-profile actor” and the different Kubernetes services can be seen as their “bodyguards”, each with different responsibilities. In order to protect the actor while facilitating business, these bodyguards are each tasked with allowing a certain type of person to interact with the actor. These Kubernetes bodyguards are as follows:

Kubernetes ClusterIP Service - The Internal Team Bodyguard

Kubernetes ClusterIP is the default service type that is tasked with providing connection between different components. ClusterIP does so by creating a virtual internal IP address that is accessible only within the origin Kubernetes cluster. Unlike the pod IP addresses that are deleted once the pod is deleted/replaced, the cluster IP address is stable, providing a reliable means of communication between internal components, even allowing connection between apps and pods in the same node.

ClusterIP is the bodyguard that allows the actor’s internal team to reach them. From personal assistants to managers, these bodyguards enable internal communication while protecting the actor from any external threats. What makes ClusterIP especially reliable is that it’s only reachable from within the cluster, ensuring that security isn’t in issue, as well as confusing the utilization of different Kubernetes service types 

To define ClusterIP, simply use Kubernetes API (typically kubectl) to make a call. Because ClusterIP is Kubernetes’ default, no specific service naming is needed, with your API manifesting naming a new ClusterIP service “my-service” if no other name is specified. 

Kubernetes NodePort Service - A Single Fan Interaction Bodyguard

Kubernetes service NodePort extends the capabilities of ClusterIP, enabling both internal and external IP address access and communication. Once your node meets NodePort’s one requirement (having a public IP address), NodePort will expose a specific port within that node to allow for external visibility. NodePort is best used for workloads that need constant outside access, such as API, or within development and testing. 

If ClusterIP is the bodyguard that only allows for the actor’s internal team to access them, then NodePort is the bodyguard tasked with allowing fans to meet the actor. In order to enable external access for a group of nodes, users would have to access each node separately to do so. This also consumes a higher degree of ports available, a number that nodes are short on. Like actors meeting individuals outside of their immediate circle, using NodePort can also pose a threat to your application by exposing them to the Internet, increasing the chances of leveraging. 

To create a NodePort service, within manifest specifications, include type: NodePort under the type field, specifying the number of Kubernetes service ports under this manifest with port: #. 

Kubernetes LoadBalancer Service - Bodyguard for Multiple Actors

Kubernetes LoadBalancer service is one of the more well-known services that Kubernetes offers, and for good reason, too. LoadBalancer Kubernetes connects internal applications with external environments. Although NodePort has similar functionality, LoadBalancer is the preferred service by many, offering external traffic routing capabilities to its expansive toolkit. 

While ClusterIP and NodePort are offered by Kubernetes, LoadBalancer isn’t actually directly offered by the container orchestration service. Users must provide their own or integrate their cluster with a cloud provider, relying on external load balancers. That being said, once provisioned, the LoadBalancer service creates load balancers within a chosen cloud provider that exposes your application to external environments. That cloud provider becomes responsible for traffic routing. The result? A highly scalable application that has high uptime due to efficient traffic and workload management.

The past two bodyguards were focused on allowing individuals to meet the actor, Kubernetes LoadBalancer service is focused on the opposite. Much like the traffic routing and dispersal of workload across different nodes, this bodyguard is tasked providing protective services to multiple actors, placing less stress on the actors.

Much like the previous services, LoadBalancer is provisioned by setting the type field in your manifest to LoadBalancer, prompting the creation of a load balancer. From there, your cloud provider will decide how traffic is balanced, though most of it will be directed towards backend pods.

LoadBalancer is best suited for applications with high/unpredictable traffic, with its sparing use allowing you to save your resources while creating a load balanced service.

Kubernetes ExternalName Service - PR Tour

Kubernetes ExternalName follows the trend of its predecessors, but with a twist. ExternalName enables access to external resources from your cluster. While the other service types involved some sort of traffic element, ExternalName simply creates a one-way link to outside resources- no traffic involved. 

ExternalName has the important task of creating a single endpoint for all communications coming and leaving a single element. Doing so allows easy modification of this endpoint instead of all connections, something developers would groan about. 

With regards to the bodyguard analogy, Kubernetes ExternalName is reminiscent of the bodyguard required to meet an interviewer. This transaction is often one-sided, with the actor giving answers to an interviewer about a movie.

Provisioning a Kubernetes ExternalName service requires entering ExternalName in the type field.

Headless Service Kubernetes

Kubernetes headless service is yet another service type. Headless services don’t have a specific cluster IP attached to it, unlike the aforementioned service types. Instead, this service creates a DNS record for each pod using it, allowing for pod identification. This allows for individual pods to be discovered and connect directly to a service, differing from other services that require a middleman to connect.

A direct connection to pods allows tons of use cases, with headless services excelling primarily in stateful applications and within things like databases and microservices.

The different Kubernetes service types play huge roles within the system, encouraging strong Kubernetes multi cluster service discovery while pushing for the enhancement of applications via external resources. Whether your application consumes resources heavily and needs LoadBalancer, or works within the confines of itself and requires ClusterIP, there will be a service for you. 

Accessing Kubernetes Load Balancer Service with Lyrid

Kubernetes services are an extremely important mechanism in Kubernetes that enables strong service discovery. With services ranging from internal connectors like ClusterIP to traffic-optimized external connectors like LoadBalancer, your application is in good hands when working with a service. That being said, how do you know which service to choose and for what occasion? 

With Lyrid Managed Kubernetes, you’re able to access the strongest services, without having to deal with the headache of provisioning and management. Have Kubernetes load balancers and ingress in the palm of your hand, amongst other features like automated cluster scaling, instant provisioning, and end-to-end cluster visibility. Oftentimes, Kubernetes can be a pain to deal with, especially for developers with little to no experience regarding the subject. Lyrid Managed Kubernetes removes the headache from Kubernetes and lets you operate it right out of the box. Our Kubernetes solution is extremely customizable, with support from our 24/7 engineering team being available if you do run into any problems.

Curious about evolving your Kubernetes approach? Check out our platform, and learn more by booking a meeting with one of our product specialists!

Schedule a demo

Let's discuss your project

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.