Difference between targetPort and port in Kubernetes Service definition
Service: This directs the traffic to a pod.
TargetPort: This is the actual port on which your application is running inside the container.
Port: Some times your application inside container serves different services on a different port.
Example: The actual application can run 8080
and health checks for this application can run on 8089
port of the container.So if you hit the service without port it doesn't know to which port of the container it should redirect the request. Service needs to have a mapping so that it can hit the specific port of the container.
kind: ServiceapiVersion: v1metadata: name: my-servicespec: selector: app: MyApp ports: - name: http nodePort: 30475 port: 8089 protocol: TCP targetPort: 8080 - name: metrics nodePort: 31261 port: 5555 protocol: TCP targetPort: 5555 - name: health nodePort: 30013 port: 8443 protocol: TCP targetPort: 8085
if you hit the my-service:8089
the traffic is routed to 8080
of the container(targetPort). Similarly, if you hit my-service:8443
then it is redirected to 8085
of the container(targetPort). But this myservice:8089
is internal to the kubernetes cluster and can be used when one application wants to communicate with another application. So to hit the service from outside the cluster someone needs to expose the port on the host machine on which kubernetes is runningso that the traffic is redirected to a port of the container. This is node port
(port exposed on the host machine).From the above example, you can hit the service from outside the cluster(Postman or any rest-client) by host_ip:nodePort
Say your host machine ip is 10.10.20.20
you can hit the http, metrics, health services by 10.10.20.20:30475
, 10.10.20.20:31261
, 10.10.20.20:30013
.
Edits: Edited as per Raedwald comment.
It helps me to think of things from the perspective of the service.
nodePort
: The port on the node where external traffic will come in onport
: The port of this servicetargetPort
The target port on the pod(s) to forward traffic to
Traffic comes in on nodePort
, forwards to port
on the service which then routes to targetPort
on the pod(s).
It's worth emphasizing more that nodePort
is for external traffic. Other pods in the cluster that may need to access the service will just use port
, not nodePort
as it's internal only access to the service.
Also worth noting that if targetPort
is not set, it will default to the same value as port
. E.g. 80:80
for service port 80
targeting container port 80
.
The answer given above by @Manikanta P is correct. However, the explanation of "Port" might be a little unclear at first reading. I will explain with an example:
Consider a Web-Application with its static content (front-page, images etc) hosted by httpd and the dynamic content (eg. response to requests, etc.) hosted by tomcat. The Webserver (or the static content) is served by httpd at port 80
while Appserver (or the dynamic content) is served by tomcat at port 8080
.
What a developer wants: User should be able to access the Webserver from outside BUT not the Appserver from outside.
Solution: The service-type of Webserver in its service.yml will be NodePort while the service-type of Appserver in its service.yml will be ClusterIP.
Code for webserver's service.yml:
spec: selector: app: Webserver type: NodePort // written to make this service accessible from outside. ports: - nodePort: 30475 // To access from outside, type <host_IP>:30475 in browser. port: 5050 // (ignore for now, I will explain below). protocol: TCP targetPort: 80 // port where httpd runs inside the webserver pod.
Code for Appserver's service.yml
spec: selector: app: appserver type: ClusterIP // written to make this service NOT accessible from outside. ports: - port: 5050 // port to access this container internally protocol: TCP targetPort: 8080 // port where tomcat runs inside the appserver pod.
Also Note, in the httpd.conf
file of the Webserver, we will write the IP that redirects a user's request to the appserver. This IP will be: host_IP:5050
.
What exactly is happening here?A user writes hostIP:30475
and sees the Webserver's page. This is because it is being served by httpd at port 80
(targetport). When a user clicks a button, a request is made. This request is redirected to the Appserver because in httpd.conf
file, the port 5050
is mentioned and this is the port where Appserver's container and Webserver's conatainer communicate internally. When the appserver receives the request, it is able to serve the request because of tomcat running inside it at port 8080
.