Kubernetes: Port,Targetport and NodePort

by Anish

Posted on Tuesday August 15, 2018

Referefce

Multiple Port Services

  1. Many Services need to expose more than one port. Kubernetes supports multiple port definitions on a Service object. When using multiple ports you must give all of your ports names, so that endpoints can be disambiguated. For example, this definition is used in nginx secure deployment in my previous article

    apiVersion: v1
kind: Service
metadata:
  name: nginxsvc
  labels:
    app: nginx
spec:
  type: NodePort
  ports:
  - port: 80
    protocol: TCP
    name: http
  - port: 443
    protocol: TCP
    name: https
  selector:
    app: nginx
    • Port: Port is the port number which makes a service visible to other services running within the same K8s cluster.
    • Target Port: Target port is the port on the POD where the service is running.Service can map an incoming port to any targetPort. By default the targetPort will be set to the same value as the port field
    • Nodeport: Node port is the port on which the service can be accessed from external world using through Kube-Proxy.In NodePort, the Kubernetes master will allocate a port from a range specified by --service-node-port-range flag (default: 30000-32767) , and each Node will proxy that port (the same port number on every Node) into your Service

  2. These are IPtables rules in which will be setup by kubernetes in the master-node.

    iptables -t nat --line-numbers -n -L | grep 30287
    1  KUBE-MARK-MASQ  tcp  --  0.0.0.0/0  0.0.0.0/0  /* default/nginxsvc:https */ tcp dpt:**30287**
    2  KUBE-SVC-ER5WGNLE726ZPUG2  tcp  --  0.0.0.0/0  0.0.0.0/0  /* default/nginxsvc:https */ tcp dpt:**30287**
    
    iptables -L | grep 30287
        REJECT tcp  --  anywhere anywhere /* default/nginxsvc:https has no endpoints */ ADDRTYPE match dst-type LOCAL tcp dpt:**30287** reject-with icmp-port-unreachable
  1. once the deployment is created , new iptables rules will ge generated, you can find the node port that Kubernetes is using for http and https traffic using the command kubectl get service nginxsvc -o json
    "spec": {
            "clusterIP": "10.103.250.179",
            "externalTrafficPolicy": "Cluster",
            "ports": [
                {
                    "name": "http",
                    "nodePort": 32210,
                    "port": 80,
                    "protocol": "TCP",
                    "targetPort": 80
                },
                {
                    "name": "https",
                    "nodePort": 30287,
                    "port": 443,
                    "protocol": "TCP",
                    "targetPort": 443
                }
            ],

Further Reading

  1. Checkout how to deploy HTTPS Secure Nginx deploymet in kubernetes

Thanku for reading !!! Give a Share for Support

Asking for donation sound bad to me, so i'm raising fund from by offering all my Nine book for just $9

Kubernetes Related Topics
  • kubernetes (pod/deployment/svc) YAML/JSON Generator
  • Docker compose to kubernetes Generator
  • kubernetes to Docker Compose Generator
  • Docker compose Generator
  • Docker run to compose Generator
  • Docker compose to docker run Generator
  • kubernetes install on using ansible
  • kube install on in centos7/ubuntu7
  • kubernetes Dashbaord Setup
  • Pod,Cluster,Deploy,ReplicaSet Light Dive
  • kubernetes secure nginx deployment
  • kubernetes Port, Targetport and NodePort
  • kubernetes Namespace
  • kubenetes Auth,Authorization,Admission
  • kubernetes Role-Based Access Control
  • Kubernetes Privilege Escalation Vulnerability
  • Upgrading kubernetes cluster
  • Prometheus Dashboard Access
  • Kubernetes mysql installation
  • Kubernetes Jenkins installation
  • Podman Jenkins installation
  • Kubernetes mariadb installation
  • Kubernetes wordpress installation
  • Kubernetes drupal installation
  • Kubernetes traefik installation
  • Kubernetes Ingress traefik
  • kubernetes service external ip pending ?
  • Service Mesh With Istio
  • Access SVC in Another Namespaces
  • kubernetes Java client example
  • kubernetes letsencrypt deploy wild card certificate
  • Right Way to Install Docker
  • Docker Private repo with SSL and AUTH
  • Creating Docker Base Image
  • Container Runtime (RUNC,RKT,CRI-O,Conatinerd)
  • Podman Install on Ubuntu/Debian
    • Linux Related Topics
    Ansible Related Topics
    Applied Cryptography Topics
    Web Crypto API Topics
    Openstack Articles
    python Cryptography Topics
    PHP Cryptography Topics
    Topics
    For Coffee/ Beer/ Amazon Bill and further development of the project Support by Purchasing, The Modern Cryptography CookBook for Just $9 Coupon Price

    Kubernetes for DevOps

    Hello Dockerfile

    Cryptography for Python Developers

    Cryptography for JavaScript Developers

    Go lang ryptography for Developers

    Here