Why ingress "servicePort" can be "port" and "targetPort" of service?

4/14/2018

Today I confronted with a misunderstanding about servicePort.

I expected that service can be linked with ingress specifying only servicePort: 80, but both servicePort: 80 and servicePort: 8080 works.

Can someone help me to understand why both ports port and targetPort are exposed by Service, not only port?

Service (app)

spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 8080

Ingress (ingress-nginx)

spec:
  rules:
  - host: example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: app
          servicePort: 8080
-- visortelle
kubernetes

1 Answer

4/14/2018

As I understand,

Each Pod in the cluster has an endpoint which is the IP and targetPort of Pod.

You can list the endpoints with the following commands.

kubectl get endpoints

Now If you use service to expose your pod then they have cluster IP and Service Port.

kubectl get services

Now you can write the ingress rules to expose your pod via endpoints or cluster ip. However, There are only a few Ingress-Controller which can do this task. for example nginx-ingress-controller.

Why do you want to use endpoints instead of cluster-ip or Service ?

The NGINX ingress controller does not use Services to route traffic to the pods. Instead it uses the Endpoints API in order to bypass kube-proxy to allow NGINX features like session affinity and custom load balancing algorithms. It also removes some overhead, such as conntrack entries for iptables DNAT.

Here is the link for further research Why endpoints and not services

-- Suresh Vishnoi
Source: StackOverflow