Menu
I am becoming more familiar with Kubernetes by the day, but am still at a basic level. I am also not a networking guy.
I am staring at the following snippet of a Service definition, and I can't form the right picture in my mind of what is being declared:
spec:
type: NodePort
ports:
- port: 27018
targetPort: 27017
protocol: TCP
Referencing the ServicePort documentation, which reads in part:
nodePort The port on each node on which this service is exposed when type=NodePort or LoadBalancer. Usually
integer assigned by the system. If specified, it will be allocated to the service if unused or else creation of the
service will fail. Default is to auto-allocate a port if the ServiceType of this Service requires one. More info:
http://kubernetes.io/docs/user-guide/services#type--nodeport
port The port that will be exposed by this service.
integer
targetPort Number or name of the port to access on the pods targeted by the service. Number must be in the range 1
IntOrString to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the
target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map).
This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field.
More info: http://kubernetes.io/docs/user-guide/services#defining-a-service
My understanding is that the port that a client outside of the cluster will "see" will be the dynamically assigned one in the range of 30000-32767, as defined in the documentation. This will, using some black magic that I do not yet understand, flow to the targetPort on a given node (27017 in this case).
So what is the port used for here?
808
TargetPort is the port on which the service will send requests to, that your pod will be listening on. Your application in the container will need to be listening on this port also. NodePort exposes a service externally to the cluster by means of the target nodes IP address and the NodePort.
"Target port" is the port on which your container is running. Port : port redirects the traffic to the container from the service. NodePort : is the port that enables the service to access the externally.
The NodePort type is an extension of the ClusterIP type. So a Service of type NodePort has a cluster IP address. The LoadBalancer type is an extension of the NodePort type. So a Service of type LoadBalancer has a cluster IP address and one or more nodePort values.
If you didn't manually specify a port, system will allocate one for you. Log in to the master node. Edit the service definition to specify spec. type:NodePort and optionally specify a port in the 30000-32767 range.
The YAML for a NodePort service looks like this: Basically, a NodePort service has two differences from a normal “ClusterIP” service. First, the type is “NodePort.” There is also an additional port called the nodePort that specifies which port to open on the nodes.
For each port in the NodePort Service, API server allocated a unique port from the service-node-port-range. This port is programmed in the dataplane of each Node by the kube-proxy (or its equivalent) – the most common implementations with IPTables, IPVS and eBPF are covered in the Lab section below.
NodePort exposes a service externally to the cluster by means of the target nodes IP address and the NodePort. NodePort is the default setting if the port field is not specified. Let’s look at how to use these ports in your Kubernetes manifest. Using Port, TargetPort, and NodePort
The service’s service.spec.ports list configures which requests to a service port get forwarded to which ports on its pods. A successful request can be made from outside the cluster to the node’s IP address and service’s nodePort, forwarded to the service’s port , and received on the targetPort by the pod.
nodePort is the port that a client outside of the cluster will "see". nodePort is opened on every node in your cluster via kube-proxy. With iptables magic Kubernetes (k8s) then routes traffic from that port to a matching service pod (even if that pod is running on a completely different node).
port is the port your service listens on inside the cluster. Let's take this example:
---
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
ports:
- port: 8080
targetPort: 8070
nodePort: 31222
protocol: TCP
selector:
component: my-service-app
From inside my k8s cluster this service will be reachable via my-service.default.svc.cluster.local:8080 (service to service communication inside your cluster) and any request reaching there is forwarded to a running pod on targetPort 8070.
tagetPort is also by default the same value as port if not specified otherwise.
104
To explain better the concept, I visualize Service's NodePort concept.
As @fishi mentioned in his answer NodePort allows exposing k8s host port(aka nodePort) to the external clients. A client can directly access nodePort and k8s forwards a traffic to the necessary port.
K8s reserves a nodePort on all its nodes. All nodes that running the Service's pods have this port open.
Pods can be accessed not only through internal cluster IP but also through node's IP and reserved port aka HOST_IP:NODE_PORT pair.
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
