K8s nodePort、port、targetPort、hostPort
https://www.jianshu.com/p/8275f2031c83
1. nodePort
One way for external traffic to access the service entrance in the k8s cluster (another way is LoadBalancer), that is, nodeIP: nodePort is the entrance for external traffic to access the service in the k8s cluster. For example, if an external user wants to access a web application in the k8s cluster, then we can configure the corresponding service type = NodePort, nodePort = 30001. Other users can access the web service through the browser http: // node: 30001 . And services such as databases may not need to be accessed by the outside world, only need to be accessed by internal services, then we do not have to set up the NodePort of the service.
2. port
Access to service between k8s cluster internal services. That is, clusterIP: port is the port where the service is exposed on clusterIP. The mysql container exposes port 3306. Other containers in the cluster access the mysql service through port 33306, but external traffic cannot access the mysql service because the mysql service is not configured with NodePort. The corresponding service.yaml is as follows:
apiVersion: v1
kind: Service
metadata:
name: mysql-service
spec:
ports:
- port: 33306
targetPort: 3306
selector:
name: mysql-pod
3.targetPort
The port of the container (the final flow port). The targetPort is the port on the pod. The traffic from the port and nodePort flows into the targetPort of the back-end pod through kube-proxy, and finally enters the container.
The ports exposed when making the container are the same (using EXPOSE in DockerFile), for example, the official nginx (refer to DockerFile ) exposes port 80. The corresponding service.yaml is as follows
apiVersion: v1
kind: Service
metadata:
name: nginx-service spec: type: NodePort // 有配置NodePort,外部流量可访问k8s中的服务 ports: - port: 30080 // 服务访问端口 targetPort: 80 // 容器端口 nodePort: 30001 // NodePort selector: name: nginx-pod 4.hostPort
This is a way to directly define the Pod network. hostPort is to directly route the port of the container and the port on the scheduled node, so that the user can access the Pod by adding the IP of the host machine, such as:
apiVersion: v1
kind: Pod
metadata:
name: influxdb
spec:
containers:
- name: influxdb
image: influxdb
ports:
- containerPort: 8086
hostPort: 8086
This has a disadvantage, because when the Pod is rescheduled, the host to which the Pod is scheduled may change. This changes. The user must maintain a correspondence between the Pod and the host.
Containers using hostPort can only be dispatched to Nodes whose ports do not conflict. Unless necessary (such as running some system-level daemon services), it is not recommended to use the port mapping function. If you need to expose services externally, it is recommended to use NodePort Service .
5. Summary
In general, both port and nodePort are service ports. The former is exposed to k8s cluster internal service access, and the latter is exposed to k8s cluster external traffic access. The data coming from the last two ports need to go through the reverse proxy kube-proxy, flow into the targetPort of the backend pod, and finally reach the container in the pod.
reference:
https://blog.csdn.net/yjk13703623757/article/details/79819415
https://jimmysong.io/posts/accessing-kubernetes-pods-from-outside-of-the-cluster/