How is port on container mapped to container on Pod?

11/28/2020

I am learning Kubernetes at the moment. I have built a simple python application that uses Flask to expose rest APIs. Flask by default uses port 5000 to run the server. My API look like -

http://0.0.0.0:5000/api

Application is built into a docker image

FROM python:3.8.6-alpine

COPY . /app
WORKDIR /app
RUN \
    apk add --no-cache python3 postgresql-libs && \
    apk add --no-cache --virtual .build-deps gcc python3-dev musl-dev postgresql-dev && \
    python3 -m pip install -r requirements.txt --no-cache-dir && \
    apk --purge del .build-deps

ENTRYPOINT ["python3"]
CMD ["app.py"]

I deploy this in a Kubernetes pod with pod definition

apiVersion: v1
kind:  Pod
metadata:
  name: python-webapp
  labels:
    type: web
    use: internal
spec:
  containers:
    - name: python-webapp
      image: repo/python-webapp:latest

Everything works fine and I am able to access the api on the pod directly and through Kubernetes service. I am boggled how does the POD know that the application in the container is running on port 5000? Where is the mapping for a port on the container to port on the pod?

-- Jaspreet
kubernetes
kubernetes-networking
kubernetes-pod

1 Answer

11/28/2020

I am boggled how does the POD know that the application in the container is running on port 5000?

The pod does not know that. The app in the container, in the pod can respond to any request on any port.

But to expose this to outside the cluster, you likely will forward traffic from a specific port to a specific port on your app, via a service (that can map to different ports) and a load balancer.

You can use Network Policies to restrict traffic in your cluster, e.g. to specific ports or services.

-- Jonas
Source: StackOverflow