What does it mean for a Service to be of type NodePort, and have both port and targetPort specified?

问题:

I am becoming more familiar with Kubernetes by the day, but am still at a basic level. I am also not a networking guy.

I am staring at the following snippet of a Service definition, and I can't form the right picture in my mind of what is being declared:

spec:   type: NodePort   ports:   - port: 27018     targetPort: 27017     protocol: TCP 

Referencing the ServicePort documentation, which reads in part:

nodePort     The port on each node on which this service is exposed when type=NodePort or LoadBalancer. Usually integer      assigned by the system. If specified, it will be allocated to the service if unused or else creation of the              service will fail. Default is to auto-allocate a port if the ServiceType of this Service requires one. More info:               http://kubernetes.io/docs/user-guide/services#type--nodeport  port         The port that will be exposed by this service. integer  targetPort   Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 IntOrString  to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the              target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map).              This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field.              More info: http://kubernetes.io/docs/user-guide/services#defining-a-service 

My understanding is that the port that a client outside of the cluster will "see" will be the dynamically assigned one in the range of 30000-32767, as defined in the documentation. This will, using some black magic that I do not yet understand, flow to the targetPort on a given node (27017 in this case).

So what is the port used for here?

回答1:

nodePort is the port that a client outside of the cluster will "see". nodePort is opened on every node in your cluster via kube-proxy. With iptables magic Kubernetes (k8s) then routes traffic from that port to a matching service pod (even if that pod is running on a completely different node).

port is the port your service listens on inside the cluster. Let's take this example:

--- apiVersion: v1 kind: Service metadata:   name: my-service spec:   ports:   - port: 8080     targetPort: 8070     nodePort: 31222     protocol: TCP    selector:     component: my-service-app 

From inside my k8s cluster this service will be reachable via my-service.default.svc.cluster.local:8080 (service to service communication inside your cluster) and any request reaching there is forwarded to a running pod on targetPort 8070.

tagetPort is also by default the same value as port if not specified otherwise.

回答2:

To explain better the concept, I visualize Service's NodePort concept.

As @fishi mentioned in his answer NodePort allows exposing k8s host port(aka nodePort) to the external clients. A client can directly access nodePort and k8s forwards a traffic to the necessary port.

K8s reserves a nodePort on all its nodes. All nodes that running the Service's pods have this port open.

Pods can be accessed not only through internal cluster IP but also through node's IP and reserved port aka HOST_IP:NODE_PORT pair.

文章来源: What does it mean for a Service to be of type NodePort, and have both port and targetPort specified?