While working through the tutorial Get Started, Part 3: Deploying to Kubernetes I stumbled over the Pod template within the deployment definition of the manifest file. There are no ports specified, neither in the pod nor in the container section.
That led me to my initial question: How does the port publishing work from the docker container into the pod?
The following quote sounds like kubernetes obtains an insight into the running container once started and gets the port from the service listening at 0.0.0.0:PORT and maps it to the same port in the pod environment (network namespace).
Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Source
If my assumption goes in the right direction, what does this mean for pods with multiple containers? Does kubernetes only allow containers with internal services listening on different ports? Or is it possible to map the container internal ports to different ports in the pod environment (network namespace)?
According to the following quote, I assume port mapping from container to pod is not possible. Indeed it does not make too much sens to specify two services within two containers with the same ports, just to change them via a mapping immediately following this.
Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Source
UPDATE 2019-10-15
As the following quote states, a docker container does not publish any port to the outside world by default.
By default, when you create a container, it does not publish any of its ports to the outside world. To make a port available to services outside of Docker, or to Docker containers which are not connected to the container’s network, use the --publish or -p flag. Source
That means kubernetes must configuer the docker container running within a pod somehow, so that the container's ports are published to the pod.
Regarding the following quote, is it possible that kubernetes runs the docker containers by using the --network host configuration? Assumed the pod is the docker host in kubernetes.
If you use the host network mode for a container, that container’s network stack is not isolated from the Docker host [...] For instance, if you run a container which binds to port 80 and you use host networking, the container’s application is available on port 80 on the host’s IP address. Source
Published portsTo make a port available to services outside of Docker, or to Docker containers which are not connected to the container's network, use the --publish or -p flag. This creates a firewall rule which maps a container port to a port on the Docker host to the outside world.
Port exposes the Kubernetes service on the specified port within the cluster. Other pods within the cluster can communicate with this server on the specified port. TargetPort is the port on which the service will send requests to, that your pod will be listening on.
Command kubectl get svc will tell you on which port (in range 30000-32767 ) your application will be available. and `kubectl expose pod site-web --type=LoadBalancer --port=8080 return: Error from server (NotFound): pods "site-web" not found.
Within a Pod, containers share an IP address and port space, and can find each other via localhost . The containers in a Pod can also communicate with each other using standard inter-process communications like SystemV semaphores or POSIX shared memory.
Containers running in a pod are similar to processes running on a node connected to a network. Pod gets a network address, and all containers share the same network address. They can talk to each other using localhost
.
A container running in a pod can listen to any port on that address. If there are multiple containers running in a pod, they cannot bind to the same port, only one of them can. Note that there is no requirement about publishing those ports. A container can listen to any port, and traffic will be delivered to it if a client connects to that port of the pod.
So, port mapping from container to pod is not possible.
The exposed ports of containers/pods are mainly informational, and tools use them to create resources.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With