Kubernetes Services explained: ClusterIP, NodePort, LoadBalancer and more

Learn what Kubernetes Services are and when to use each type. Covers ClusterIP, NodePort, LoadBalancer and Headless Services with working kubectl examples.

4 lessons · 11 min · Advanced

3 minutes reading time

Written by

Civo Team
Civo Team

Marketing Team at Civo

Pods are ephemeral. Every time a pod is rescheduled, it gets a new IP address. If your frontend needs to connect to your backend, it cannot rely on a pod IP that changes unpredictably.

A Service solves this by providing a stable network endpoint. It uses a label selector to find the right pods and load-balances traffic across them. When pods are created, updated, or deleted, the Service automatically updates its endpoint list. You configure once and the Service handles the rest.

Service types at a glance

TypeAccessible fromWhen to use

ClusterIP

Inside the cluster only

Internal communication between services. This is the default.

NodePort

Outside the cluster via node IP and port

External access without a cloud load balancer, bare metal, testing

LoadBalancer

Outside the cluster via cloud-provisioned IP

Production external access on cloud infrastructure

Headless

Inside the cluster via direct pod DNS

StatefulSets and any workload needing to address individual pods directly

service-types-access

Why Services exist: a practical example

Without a Service, you access a pod by port-forwarding directly to it:

kubectl create namespace example
kubectl get nodes
kubectl port-forward pod/my-pod -n example 8080:8080

Port-forwarding works for local development but is not a production solution. It is tied to a specific pod, breaks when the pod is rescheduled, and requires you to know the pod name. A Service abstracts this entirely.

Check all resources in the namespace:

kubectl get all -n example

Once a Service is applied, other pods can reach your application at service-name.namespace.svc.cluster.local regardless of which pods are currently running or where they are scheduled.

ClusterIP

ClusterIP is the default Service type. It creates a stable virtual IP that is only reachable from within the cluster. Use it for all internal service-to-service communication.

apiVersion: v1
kind: Service
metadata:
name: backend
spec:
type: ClusterIP
selector:
app: backend
ports:
- port: 80
targetPort: 8080

For the full guide, see Kubernetes ClusterIP service explained.

NodePort

NodePort exposes your Service on a port between 30000 and 32767 on every node in the cluster. External traffic arriving at <NodeIP>:<NodePort> is routed to the correct pods.

apiVersion: v1
kind: Service
metadata:
name: frontend
spec:
type: NodePort
selector:
app: frontend
ports:
- port: 80
targetPort: 3000
nodePort: 31520

For the full guide, see Kubernetes NodePort.

LoadBalancer

LoadBalancer requests a cloud-provisioned load balancer with a single external IP. On Civo, the external IP is available within seconds.

apiVersion: v1
kind: Service
metadata:
name: frontend
spec:
type: LoadBalancer
selector:
app: frontend
ports:
- port: 80
targetPort: 3000

For the full guide, see Kubernetes LoadBalancer service.

Headless Service

A Headless Service sets clusterIP: None. Instead of a virtual IP, Kubernetes creates individual DNS A records for each pod backing the Service. This allows you to address specific pods directly by DNS name.

apiVersion: v1
kind: Service
metadata:
name: database
spec:
clusterIP: None
selector:
app: database
ports:
- port: 5432

With this Service, the pods are addressable as database-0.database.default.svc.cluster.local, database-1.database.default.svc.cluster.local, and so on. This is the mechanism StatefulSets use to give each pod a stable DNS identity. See Kubernetes StatefulSets for a working example.

Which service type should I use?

  • Internal communication between services: ClusterIP. This covers the vast majority of service-to-service traffic inside a cluster.
  • External access for testing or bare metal: NodePort. No cloud provider required. You manage the node IP and port yourself.
  • Production external access on cloud infrastructure: LoadBalancer for TCP/UDP services, or an Ingress controller in front of a ClusterIP Service for HTTP/HTTPS. An Ingress gives you TLS termination, hostname routing, and path routing that a bare LoadBalancer does not provide.
  • Direct pod addressing for StatefulSets: Headless Service. Databases, message queues, and any workload where individual pod identity matters.
Civo Team
Civo Team

Marketing Team at Civo

Civo is the Sovereign Cloud and AI platform designed to help developers and enterprises build without limits. We bridge the gap between the openness of the public cloud and the rigorous security of private environments, delivering full cloud parity across every deployment. As a team, we are dedicated to providing scalable compute, lightning-fast Kubernetes, and managed services that are ready in minutes. Through CivoStack Enterprise and our FlexCore appliance, we empower organizations to maintain total data sovereignty on their own hardware.

Our mission is to make the cloud faster, simpler, and fairer. By providing enterprise-grade NVIDIA GPUs and streamlined model management, we ensure that high-performance AI and machine learning are accessible to everyone. Built for transparency and performance, the Civo Team is here to give you total control over your infrastructure, your data, and your spend.

View author profile