What does it mean for a Service to be of type NodePort, and have both port and targetPort specified?
nodePort
is the port that a client outside of the cluster will "see". nodePort
is opened on every node in your cluster via kube-proxy. With iptables magic Kubernetes (k8s) then routes traffic from that port to a matching service pod (even if that pod is running on a completely different node).
port
is the port your service listens on inside the cluster. Let's take this example:
---
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
ports:
- port: 8080
targetPort: 8070
nodePort: 31222
protocol: TCP
selector:
component: my-service-app
From inside my k8s cluster this service will be reachable via my-service.default.svc.cluster.local:8080
(service to service communication inside your cluster) and any request reaching there is forwarded to a running pod on targetPort
8070.
tagetPort
is also by default the same value as port
if not specified otherwise.
To explain better the concept, I visualize Service's NodePort concept.
As @fishi mentioned in his answer NodePort allows exposing k8s host port(aka nodePort
) to the external clients. A client can directly access nodePort
and k8s forwards a traffic to the necessary port.
K8s reserves a nodePort
on all its nodes. All nodes that running the Service's pods have this port open.
Pods can be accessed not only through internal cluster IP but also through node's IP and reserved port aka HOST_IP:NODE_PORT
pair.