Search code examples
servicekubernetesports

Why don't my Kubernetes services publish on the port I specify?


I've been tinkering with Kubernetes on and off for the past few years and I am not sure if this has always been the case (maybe this behavior changed recently) but I cannot seem to get Services to publish on the ports I intend - they always publish on a high random port (>30000).

For instance, I'm going through this walkthrough on Ingress and I create the following Deployment and Service objects per the instructions:

---
apiVersion: apps/v1beta1
kind: Deployment
metadata: 
  name: hello-world-deployment
spec: 
  replicas: 1
  template: 
    metadata: 
      labels: 
        app: hello-world
    spec: 
      containers: 
        - image: "gokul93/hello-world:latest"
          imagePullPolicy: Always
          name: hello-world-container
          ports: 
            - containerPort: 8080
---
apiVersion: v1
kind: Service
metadata: 
  name: hello-world-svc
spec: 
  ports: 
     -  port: 9376
        protocol: TCP
        targetPort: 8080
  selector: 
    app: hello-world
  type: NodePort

According to this, I should have a Service that's listening on port 8080, but instead it's a high, random port:

~$ kubectl describe svc hello-world-svc

Name:                     hello-world-svc
Namespace:                default
Labels:                   <none>
Annotations:              <none>
Selector:                 app=hello-world
Type:                     NodePort
IP:                       10.109.24.16
Port:                     <unset>  8080/TCP
TargetPort:               8080/TCP
NodePort:                 <unset>  31669/TCP
Endpoints:                10.40.0.4:8080
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

I also verified that none of my nodes are listening on 8080, but they are listening on 31669.

This isn't super ideal - especially considering that the Ingress portion will need to know what servicePort is being used (the walkthrough references this at 8080).

By the way, when I create the Ingress controller, this behavior is the same - rather than listening on 80 and 443 like a good load balancer, it's listening on high random ports.

Am I missing something? Am I doing it all wrong?


Solution

  • Matt,

    The reason a random port is being allocated is because you are creating a service of type NodePort.

    K8s documentation explains NodePort here

    Based on your config, the service is exposed on port 9376 (and the backend port is 8080). So hello-word-svc should be available at: 10.109.24.16:9376. Essentially this service can be reached in one of the following means:

    Service ip/port :- 10.109.24.16:9376

    Node ip/port :- [your compute node ip]:31669 <-- this is created because your service is of type NodePort

    You can also query the pod directly to test that the pod is in-fact exposing a service.

    Pod ip/port: 10.40.0.4:8080

    Since your eventual goal is to use ingress controller for external reachability to your service, "type: ClusterIP" might suffice your ask.