Kubernetes – Port, Targetport and NodePort


When working with Kubernetes Service, you will come across some of the following terminologies:

  • Port: Port is the port number which makes a service visible to other services running within the same K8s cluster.  In other words, in case a service wants to invoke another service running within the same Kubernetes cluster, it will be able to do so using port specified against “port” in the service spec file.
  • Target Port: Target port is the port on the POD where the service is running.
  • Nodeport: Node port is the port on which the service can be accessed from external users using Kube-Proxy.

Take a look at following spec defining a sample service:

apiVersion: v1
kind: Service
  name: order-service
  - port: 8080
    targetPort: 8170
    nodePort: 32222
    protocol: TCP 
    component: order-service-app

Pay attention to some of the following in above spec:

  • The port is 8080 which represents that order-service can be accessed by other services in the cluster at port 8080.
  • The targetPort is 8170 which represents the order-service is actually running on port 8170 on pods
  • The nodePort is 32222 which represents that order-service can be accessed via kube-proxy on port 32222.

This is ipTables in Kubernetes which does the magic. It maintains the mapping of nodePort vs targetPort. K8s Kube-Proxy uses the ipTables to resolve the requests coming on a specific nodePort and redirect them to appropriate pods.

Ajitesh Kumar

Ajitesh Kumar

Ajitesh has been recently working in the area of AI and machine learning. Currently, his research area includes Safe & Quality AI. In addition, he is also passionate about various different technologies including programming languages such as Java/JEE, Javascript and technologies such as Blockchain, mobile computing, cloud-native technologies, application security, cloud computing platforms, big data etc.

He has also authored the book, Building Web Apps with Spring 5 and Angular.
Ajitesh Kumar

1 Comment

Leave A Reply

Time limit is exhausted. Please reload the CAPTCHA.