Kubernetes Service定义中targetPort和port的区别 [英] Difference between targetPort and port in Kubernetes Service definition

问题描述

一个 Kubernetes Service 可以有一个服务定义中的targetPort和port:

A Kubernetes Service can have a targetPort and port in the service definition:

kind: Service
apiVersion: v1
metadata:
  name: my-service
spec:
  selector:
    app: MyApp
  ports:
  - protocol: TCP
    port: 80
    targetPort: 9376

port 和 targetPort 有什么区别?

推荐答案

服务:这会将流量引导至 Pod.

Service: This directs the traffic to a pod.

TargetPort: 这是您的应用程序在容器内运行的实际端口.

TargetPort: This is the actual port on which your application is running inside the container.

端口:有时容器内的应用程序在不同的端口上提供不同的服务.

Port: Some times your application inside container serves different services on a different port.

示例:实际应用程序可以运行8080，并且此应用程序的健康检查可以在容器的8089端口上运行.因此，如果您在没有端口的情况下访问服务，它不知道它应该将请求重定向到容器的哪个端口.服务需要有一个映射才能命中容器的特定端口.

Example: The actual application can run 8080 and health checks for this application can run on 8089 port of the container. So if you hit the service without port it doesn't know to which port of the container it should redirect the request. Service needs to have a mapping so that it can hit the specific port of the container.

kind: Service
apiVersion: v1
metadata:
  name: my-service
spec:
  selector:
    app: MyApp
  ports:
    - name: http
      nodePort: 30475
      port: 8089
      protocol: TCP
      targetPort: 8080
    - name: metrics
      nodePort: 31261
      port: 5555
      protocol: TCP
      targetPort: 5555
    - name: health
      nodePort: 30013
      port: 8443
      protocol: TCP
      targetPort: 8085 

如果您点击 my-service:8089，流量将路由到容器 (targetPort) 的 8080.类似地，如果你点击 my-service:8443 然后它被重定向到容器的 8085(targetPort).但是这个 myservice:8089 是 kubernetes 集群内部的，可以在一个应用程序想要与另一个应用程序通信时使用.因此，要从集群外部访问服务，需要在运行 kubernetes 的主机上公开端口以便将流量重定向到容器的端口.这是节点端口(暴露在主机上的端口).从上面的示例中，您可以通过 host_ip:nodePort

if you hit the my-service:8089 the traffic is routed to 8080 of the container(targetPort). Similarly, if you hit my-service:8443 then it is redirected to 8085 of the container(targetPort). But this myservice:8089 is internal to the kubernetes cluster and can be used when one application wants to communicate with another application. So to hit the service from outside the cluster someone needs to expose the port on the host machine on which kubernetes is running so that the traffic is redirected to a port of the container. This is node port(port exposed on the host machine). From the above example, you can hit the service from outside the cluster(Postman or any rest-client) by host_ip:nodePort

假设你的主机ip是10.10.20.20你可以通过10.10.20.20:30475、10.10.20.20点击http、metrics、health服务:31261, 10.10.20.20:30013.

Say your host machine ip is 10.10.20.20 you can hit the http, metrics, health services by 10.10.20.20:30475, 10.10.20.20:31261, 10.10.20.20:30013.

根据 Raedwald 评论进行编辑.

Edits: Edited as per Raedwald comment.

这篇关于Kubernetes Service定义中targetPort和port的区别的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！