There is already a port we are exposing at docker using EXPOSE in Dockerfile and again at Kubernetes service.yaml using port and targetPort; Those are understandable. But why there is a need to specify a port at Kubernetes deployment.yaml? Am I missing some concepts here?
It has been talked about many times over the years but basically a decision early on was to ignore the EXPOSE metadata from the container as Docker Networking and CNI have subtly different models. Specifically CNI avoids a layer of NAT when exposing container ports because it wanted to emulate a globally flat network.
Following the Kubernetes documentation here:
List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network.
So ports in Deployment is used for informational purpose. It is similar to EXPOSE in the Dockerfile. The main reason is helping people who maintain the deployment understand the configuration better.
I suppose you're asking about the ports.containerPort. That specifies the port exposed by the pod. It is mostly informational because any port the pod is listening on can be connected. However, you can give a name to the port this way.
The EXPOSE in Dockerfile is mostly informational. The port and targetPort in a service are required. Port is the port number (and name) the service is listening on, and targetPort is the port on a pod the service is forwarding to.