Day 29 of 90 Days of DevOps Challenge: Accessing Kubernetes Pods with NodePort and ClusterIP Services

Yesterday, I rolled up my sleeves and deployed a Java web app in Minikube, practiced using Namespaces for workload isolation, wrote Pod manifests, and exposed the app through a LoadBalancer Service. Watching Kubernetes automatically replace a deleted Pod truly showcased its powerful self-healing capabilities.

Today, I focused on exploring alternative Kubernetes Service types that are better suited for labs or on-prem setups where cloud LoadBalancers aren’t ideal. Specifically, I learned about NodePort, which opens a fixed port on every node to make the app accessible externally, and ClusterIP, which provides internal-only access to Pods via a stable virtual IP within the cluster.

NodePort Service

The NodePort service type in Kubernetes allows external access to your application by exposing it on a static port (between 30000–32767) on each worker node's IP.

Basic NodePort Manifest

In following manifest, the service forwards traffic from port 80 to the target port 8080 inside the Pod. It uses the selector to route traffic to Pods labeled with app: javawebapp. If a nodePort isn’t specified manually, Kubernetes will assign one automatically. This is a great option for accessing services in non-cloud or on-prem clusters.

Version: v1
kind: Service
metadata:
  name: javawebappsvc
spec:
  type: NodePort
  selector:
    app: javawebapp
  ports:
    - port: 80          # Service port
      targetPort: 8080  # Pod port

What’s a NodePort Number?

A NodePort number is a specific port on each node of a Kubernetes cluster that forwards external traffic to a service inside the cluster.

When you create a Kubernetes Service of type NodePort, Kubernetes opens a port in the range 30000–32767 on every worker node. Traffic sent to <NodeIP>:<NodePort> is routed to the backend pods matched by the service.

• If you don’t specify a nodePort in your manifest, Kubernetes assigns one randomly within the valid range.

• If you want a fixed port, you can set it manually like this:

codeports:
  - port: 80
    targetPort: 8080
    nodePort: 30070

This makes it easy to access your application consistently during testing or in on-prem clusters

Deploy & Inspect

kubectl apply -f nodeport-svc.yaml
kubectl get svc           # shows the allocated nodePort
kubectl get pods -o wide   # grab the node’s public IP

Access URL: http://<node-public-ip>:<nodePort>/java-web-app

NOTE: On cloud VMs you must open that nodePort in the worker node’s security-group / firewall rules.

When to Use NodePort

• Quick external access in on-prem or bare-metal clusters.

• Demos or PoCs where a cloud LoadBalancer isn’t available.

• Under an Ingress controller that forwards traffic to NodePorts.

ClusterIP Service

apiVersion: v1
kind: Service
metadata:
  name: javawebappsvc
spec:
  type: ClusterIP          # default
  selector:
    app: javawebapp
  ports:
    - port: 80
      targetPort: 8080

How It Works

• Kubernetes allocates a stable virtual IP (the cluster IP).

• Each Pod in the cluster can reach javawebappsvc via:

  • http://javawebappsvc:<port> (built-in DNS)

  • Environment variables injected into every container.

When to Use ClusterIP

• Microservices that only need to talk to each other inside the cluster.

• Keeping traffic off the node’s public interface for security.

• A steppingstone behind an Ingress or API Gateway.

NodePort vs ClusterIP vs LoadBalancer

Handy Commands I Practiced Today

# Apply manifests
kubectl apply -f <svc>.yaml

# List all services
kubectl get svc

# Describe service details & endpoints
kubectl describe svc javawebappsvc

# Delete everything in current namespace (use with care)
kubectl delete all --all

Final Thoughts

Namespaces kept workloads tidy, while NodePort and ClusterIP taught me two new ways to expose Pods. YAML continues to prove how declarative configs simplify ops, and diving into Service networking made the big picture of Kubernetes traffic flow click.

Tomorrow I’ll level up with Deployments and rolling updates. stay tuned!