How can I find out which ports are available in Kubernetes?

Question

I want to run several services on different ports in a kubernetes cluster and I would like to know how to check which ports are available and wouldn't cause any conflicts with my services. I would also like to know the names of the services on each port so I can understand my configuration better.

Answer 1

There was similar question related to verify which NodePorts are already in use. You can find it here.

This command will display all ports from all namespaces which are NodePort type and are already in use.

$ kubectl get svc --all-namespaces -o go-template='{{range .items}}{{range.spec.ports}}{{if .nodePort}}{{.nodePort}}{{"\n"}}{{end}}{{end}}{{end}}'
30007
30107
30207
30307
30407
30676

However, pleas keep in mind that Kubernetes will not allow you to use second time this same NodePort.

$ cat<<eof|kubectl apply -f -
> apiVersion: v1
> kind: Service
> metadata:
>   name: my-service-test
> spec:
>   type: NodePort
>   selector:
>     app: MyApp
>   ports:
>     - port: 80
>       targetPort: 80
>       nodePort: 30307
> eof
The Service "my-service-test" is invalid: spec.ports[0].nodePort: Invalid value: 30307: provided port is already allocated

In addition, there are some very specific scenarios, when you would like to use ports outside default range mentioned in K8s docs. There is a workaround, if you will add a special flag --service-node-port-range with requested range, admission controller allow you to create NodePort with Ports 80 and 443. For detailed information how to do it, check this answer.

Answer 2

I want to say that you need to get the concept how your pods (your several services) can get traffic in and out your k8s-cluster.

Service Networking

After that, as i understand your mean is that you want to ask how we can manage NodePorts

NodePorts

As the documents provided:

If you set the type field to NodePort, the Kubernetes control plane allocates a port from a range specified by --service-node-port-range flag (default: 30000-32767). Each node proxies that port (the same port number on every Node) into your Service. Your Service reports the allocated port in its .spec.ports[*].nodePort field.

So the k8s already managed the NodePorts for you:

• Configuration is cluster level, so you dont need to care the conflict between workload nodes.

• If you do not specify NodePort, k8s cluster will generate a Port in above range and map it to your service (which will point into your pods - your apps)

• You can not specify the same NodePort in 1 k8s-cluster, so you do not need to care about conflicts with your services.

• And 1 more thing, you can use below kubectl command to show all your svc and details which NodePort is mapping with them: kubectl get svc --all-namespaces Or you can install k8s-dashboard into your k8s-cluster and check every single namespace of your application to see and manage your service and NodePorts.

And another thing you need to care about is controlling your traffic in your VPC (if you use cloud solution) The low level concepts to manage traffic in a unix machine is iptable. But in order to get the concept you only need to know why and how we can manage traffic:

• Firewall rules on VPC networks (GCP)
• Security Group on VPC (AWS)

Answer 3

Assuming you mean NodePorts, there is nothing formal. It is recommended to either use a LoadBalancer service instead where each gets its own IP or use dynamic assignment.