What are Kubernetes Services?
A Service is a Kubernetes object that provides stable network access to a set of Pods. It acts as an abstraction layer that enables network access to Pods, which are ephemeral and dynamic by nature.
Stable Network Identity
Provides reliable IP addresses and DNS names unlike ephemeral Pod IPs
Durable & Reliable
Services persist while Pods come and go, ensuring continuous availability
Load Balancing
Automatically distributes traffic across multiple Pod instances
Key Benefit: Pod IPs are unreliable (they change when Pods restart or reschedule), but Service IPs are durable and stable throughout the Service's lifetime.
Label Selectors - How Services Find Pods
Services use label selectors to identify which Pods they should route traffic to. Only Pods with matching labels become endpoints of the Service.
version=v1
version=v1
version=v2
Service Definition
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
selector:
zone: prod
version: v1
ports:
- protocol: TCP
port: 80
targetPort: 8080Pod Labels
# Pod 1 & 2 (matched)
apiVersion: v1
kind: Pod
metadata:
name: pod-1
labels:
zone: prod
version: v1
spec:
containers:
- name: app
image: my-app:v1
# Pod 3 (unmatched - wrong version)
apiVersion: v1
kind: Pod
metadata:
name: pod-3
labels:
zone: prod
version: v2 # Doesn't match selector
# Pod 4 (unmatched - missing label)
apiVersion: v1
kind: Pod
metadata:
name: pod-4
labels:
zone: prod # Missing version labelSelector Behavior
- All selector labels must match exactly
- Pods without all required labels are ignored
- New Pods with matching labels automatically become endpoints
- Terminated Pods are automatically removed from endpoints
Service Types
Kubernetes supports different Service types to accommodate various networking requirements and access patterns.
ClusterIP
Default service type. Exposes the service on a cluster-internal IP address.
- Only accessible within the cluster
- Ideal for inter-service communication
- Most common service type
- Secure internal networking
spec:
type: ClusterIP
ports:
- port: 80NodePort
Exposes the service on each Node's IP at a static port.
- Accessible from outside the cluster
- Opens a port on every cluster node
- NodeIP:NodePort accesses the service
- Good for development and testing
spec:
type: NodePort
ports:
- port: 80
targetPort: 8080
nodePort: 30007LoadBalancer
Creates an external load balancer in cloud providers.
- Cloud provider integration
- Automatic external IP assignment
- Production-grade external access
- Cloud-specific load balancing
spec:
type: LoadBalancer
ports:
- port: 80| Service Type | Access Scope | Use Case | Cloud Provider |
|---|---|---|---|
| ClusterIP | Cluster Internal | Microservices communication | Not required |
| NodePort | External via Node IP | Development, testing | Not required |
| LoadBalancer | External via Load Balancer | Production web services | Required |
Service Best Practices
Naming & Organization
- Use descriptive service names that reflect their purpose
- Follow consistent naming conventions across services
- Use namespaces to organize services logically
- Include version information in labels, not service names
- Use DNS-friendly names (lowercase, hyphens instead of underscores)
Configuration & Security
- Use ClusterIP for internal services to limit exposure
- Implement Network Policies to control service access
- Use meaningful port names for multi-port services
- Configure appropriate session affinity if needed
- Monitor service endpoints and health status
Common kubectl Commands for Services
kubectl get services
# Get service details
kubectl describe service my-service
# Create service from file
kubectl apply -f service.yaml
kubectl get endpoints my-service
# Delete service
kubectl delete service my-service
# Port forwarding
kubectl port-forward service/my-service 8080:80