K
Q

How does Kubernetes map ports of multi-container Pods?

1/4/2022

I'm trying to learn Kubernetes. One thing I don't understand is the following scenario:

Given I have a pod with 2 containers. One container runs an app listening on port 80, the other container is a sidecar which does some polling from a web resource but doesn't listen on any port.

Now when I start a service with TargetPort = 80, how does Kubernetes know which container within the pod exposes this port? Does it inspect all containers to check for exposed ports? Or does it just do a mapping for port 80 on all containers within the pod?

Additionally, is it possible to change the containers exposed port in Kubernetes, so the port the container exposes (=containerPort) maps to a different port within the container? I mean something similar like the -p argument in Docker.

-- Tobias von Falkenhayn
containers
kubernetes

Similar Questions

Calibrating applications in kubernetes
Terminate istio sidecar istio-proxy for a kubernetes job / cronjob
Best way to periodically load data (2-3 GB) into Apache Ignite cluster which is running on a Kubernetes cluster
Kill an operation on Kubernete?
Kubernetes fails to create loadbalancer on azure

2 Answers

1/4/2022

If I good understand your question the explanation about your question will be in this article:

Containers are often intended to solve a single, narrowly defined problem, such as a microservice, but in the real world, problems require multiple containers for a complete solution. In this article, we’re going to talk about combining multiple containers into a single Kubernetes Pod, and what it means for inter-container communication.

There are several types of communication between containers in a single pod and they are described in the article.

The most important part should be Inter-container network communication.

Look also at this guide about Multi-Container Pods in Kubernetes.

You can also find the tutorial with examples - Extending applications on Kubernetes with multi-container pods.

-- Mikołaj Głodziak
Source: StackOverflow
1/4/2022

The Kubernetes overview documentation of Pods notes:

Every container in a Pod shares the network namespace.... Within a Pod, containers share an IP address and port space....

So if you have multiple containers in a Pod, from outside that Pod, they all look "the same", in the same way that you could have multiple server processes running on a single physical machine with a single IP address. You can't run two containers that listen on the same port in the same Pod. The inbound request will reach whichever of the containers happens to be listening on that port (if any).

Is it possible to change the containers exposed port in Kubernetes, so the port the container exposes (=containerPort) maps to a different port within the container?

You can do this with your Service. Remember that you don't generally connect directly to a Pod; instead, you connect to a Service and that forwards the request on to one of the matching Pods. So if your Pod spec says

containers:
  - name: sidecar
    # ...
  - name: server
    ports:
      - name: http
        containerPort: 8080

then the corresponding Service can say

ports:
  - port: 80
    targetPort: http

and you'll connect to http://service-name.namespace.svc.cluster.local using the default HTTP port 80, even if the container process is actually listening on port 8080 or 3000 or whatever else.

-- David Maze
Source: StackOverflow