πŸ“šBook Signing at KubeCon EU 2026Meet us at Booking.com HQ (Mon 18:30-21:00) & vCluster booth #521 (Tue 24 Mar, 12:30-1:30pm) β€” free book giveaway!RSVP Booking.com Event
KubernetesRecipes
Networking intermediate ⏱ 15 minutes K8s 1.28+

Kubernetes ClusterIP Service Explained

Understand Kubernetes ClusterIP services for internal communication. How kube-proxy routes traffic, DNS resolution, and when ClusterIP is the right service

By Luca Berton β€’ β€’ πŸ“– 5 min read

πŸ’‘ Quick Answer: networking

The Problem

This is one of the most searched Kubernetes topics with thousands of monthly searches. A comprehensive, production-ready guide prevents hours of trial and error.

The Solution

Create ClusterIP Service

apiVersion: v1
kind: Service
metadata:
  name: api-service
spec:
  type: ClusterIP       # Default type (can be omitted)
  selector:
    app: api
  ports:
    - name: http
      port: 80           # Service port (what clients connect to)
      targetPort: 8080   # Container port
    - name: grpc
      port: 9090
      targetPort: 9090

How It Works

# Service gets a virtual IP (ClusterIP)
kubectl get svc api-service
# NAME          TYPE        CLUSTER-IP     PORT(S)
# api-service   ClusterIP   10.96.45.123   80/TCP,9090/TCP

# DNS resolution (from any pod)
nslookup api-service.default.svc.cluster.local
# β†’ 10.96.45.123

# Short DNS names work within same namespace
curl http://api-service/endpoint
curl http://api-service.default/endpoint           # Cross-namespace
curl http://api-service.default.svc.cluster.local  # Fully qualified

# kube-proxy creates iptables/IPVS rules
# ClusterIP β†’ random backend pod (round-robin)

Service Discovery

# Environment variables (auto-injected)
# API_SERVICE_SERVICE_HOST=10.96.45.123
# API_SERVICE_SERVICE_PORT=80

# DNS (preferred β€” always works)
# api-service.namespace.svc.cluster.local

Multi-Port Services

spec:
  ports:
    - name: http       # Name required when multiple ports
      port: 80
      targetPort: 8080
    - name: metrics
      port: 9090
      targetPort: 9090
graph TD
    A[Pod A: curl api-service:80] --> B[CoreDNS resolves to 10.96.45.123]
    B --> C[kube-proxy iptables/IPVS]
    C --> D[Pod B: 10.244.1.5:8080]
    C --> E[Pod C: 10.244.2.8:8080]
    C --> F[Pod D: 10.244.3.12:8080]

Frequently Asked Questions

ClusterIP vs headless?

ClusterIP gives you a virtual IP with kube-proxy load balancing. Headless (clusterIP: None) returns pod IPs directly β€” no load balancing, client chooses. Use headless for StatefulSets.

Can I access ClusterIP from outside?

No β€” ClusterIP is internal only. Use kubectl port-forward for dev access, NodePort for basic external access, or LoadBalancer/Ingress for production.

Best Practices

  • Start with the simplest configuration that solves your problem
  • Test in staging before production
  • Use kubectl describe and events for troubleshooting
  • Document team conventions for consistency

Key Takeaways

  • This is fundamental Kubernetes operational knowledge
  • Follow established conventions and recommended labels
  • Monitor and iterate based on real production behavior
  • Automate repetitive tasks to reduce human error
#clusterip #service #internal #dns #networking
Luca Berton
Written by Luca Berton

Principal Solutions Architect specializing in Kubernetes, AI/GPU infrastructure, and cloud-native platforms. Author of Kubernetes Recipes and creator of CopyPasteLearn courses.

🌐 πŸ’Ό πŸ’»

πŸŽ“ Deepen Your Skills β€” Hands-on Courses

πŸ—οΈ
Terraform for Beginners

Provision the infrastructure behind your Kubernetes clusters with Terraform.

Start Learning β†’

Courses by CopyPasteLearn.com β€” Learn IT by Doing

Kubernetes Recipes book cover

Want More Kubernetes Recipes?

This recipe is from Kubernetes Recipes, our 750-page practical guide with hundreds of production-ready patterns.

Get the Book β†’ ← More Networking Recipes
← Back to All Recipes
Luca Berton Ansible Pilot Ansible by Example Open Empower K8s Recipes Terraform Pilot CopyPasteLearn ProteinLens