Why NodePort service type has to use ClusterIP based load balancing?

5/16/2019

When reading through the kubernetes document I noticed that NodePort type service always automatically creates a ClusterIP and ingress traffic targeting NodePort will be routed to ClusterIP. My question is that why is this necessary? Why can't kubeproxy directly does load balancing for this NodePort through forwarding? ClusterIP doesn't seem to be necessary to support NodePort and it seems to introduce additional overhead.

-- Michael Ma
kubernetes

1 Answer

5/16/2019

Even Service of type NodePort does not directly contact Pods, they still go through the Service's cluster IP, and its associated Pod selector rules. With newer kubernetes I think you can also influence whether traffic is round-robin or weighted distributed, which wouldn't work if the NodePort directly contacted the Pods

Also, NodePorts are opened on every member of the cluster, but -- in most cases -- you don't have a Pod running on every member of the cluster, so it still has to use the Service IP to route to the actual Node upon which an in-service Pod can service that traffic.

Think of NodePorts an a mechanism to bridge the "outside world" with the "cluster world," rather than a shortcut mechanism to side-step iptables or ipvs

-- mdaniel
Source: StackOverflow