Skip to content

How to connect to a container's port from the NYU network

By default, a Service is only reachable from other workloads inside the cluster. If you want to reach it from somewhere else on the NYU network, you can expose it on the cluster's nodes via a NodePort.

For web applications, use an Ingress

Use this method to expose a raw TCP or UDP port to the NYU network.

If you want to expose a web application to the internet, using a domain name, and a valid HTTPS certificate, use an Ingress instead.

Creating a NodePort service

All you have to do is set type: NodePort in your Service definition. For example:

apiVersion: v1
kind: Service
metadata:
  name: myapp-nodeport
spec:
  type: NodePort # The default is ClusterIP, a virtual IP address that is only reachable inside the cluster
  selector:
    app: myapp
  ports:
    - name: input
      protocol: TCP
      port: 3000 # The port number or name of the Pod
      # nodePort: 30007 # Optional: pick an unused port in the range 30000-32767

The Service above would give access to port 3000 of Pods labelled app=myapp.

If you don't pick a port explicitly, one will be picked for you automatically. You can see it by using kubectl get svc:

$ kubectl get svc
NAME             TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)          AGE
myapp-nodeport   NodePort   10.0.171.182   <none>        3000:30403/TCP   10s

In this case, you can see the port number 30403 was allocated. You can reach this service on the IP address of any node of the cluster, for example 10.32.250.15:30403. Use kubectl get node -o wide to see the list of nodes and their addresses.