I am learning Kubernetes at the moment. I have built a simple python application that uses Flask to expose rest APIs. Flask by default uses port 5000 to run the server. My API look like -
http://0.0.0.0:5000/api
Application is built into a docker image
FROM python:3.8.6-alpine
COPY . /app
WORKDIR /app
RUN \
apk add --no-cache python3 postgresql-libs && \
apk add --no-cache --virtual .build-deps gcc python3-dev musl-dev postgresql-dev && \
python3 -m pip install -r requirements.txt --no-cache-dir && \
apk --purge del .build-deps
ENTRYPOINT ["python3"]
CMD ["app.py"]
I deploy this in a Kubernetes pod with pod definition
apiVersion: v1
kind: Pod
metadata:
name: python-webapp
labels:
type: web
use: internal
spec:
containers:
- name: python-webapp
image: repo/python-webapp:latest
Everything works fine and I am able to access the api on the pod directly and through Kubernetes service. I am boggled how does the POD know that the application in the container is running on port 5000? Where is the mapping for a port on the container to port on the pod?
The pod does not know that. The app in the container, in the pod can respond to any request on any port.
But to expose this to outside the cluster, you likely will forward traffic from a specific port to a specific port on your app, via a service (that can map to different ports) and a load balancer.
You can use Network Policies to restrict traffic in your cluster, e.g. to specific ports or services.