skip to Main Content

There are two kubelet nodes and each kubelet node contains several containers including server with wildfly. Even though I do not define containerPort <> hostPort, the management console can be reached with port 9990 from outside. I do not have any clue, why?

- name: server
  image: registry/server:develop-latest
  ports:
    - name: server-https
      containerPort: 8443
      hostPort: 8443

In docker container inspect <container-id> I see:

"ExposedPorts": {
    "9990/tcp": {},
     ...

So,

  • Why container port 9990 is exposed? and
  • Why containerPort 9990 is mapped to hostPort and I can reach the port 9990 from outside?

2

Answers


  1. You can expose the port in two places, when you run the container, and when you build the image. Typically you only do the latter since exposing the port is documentation of what ports are likely listening for connections inside the container (it doesn’t have any affect on networking).

    To see if the port was exposed at build time, you can run:

    docker image inspect registry/server:develop-latest
    

    And if that port wasn’t exposed in your build, then it was likely exposed in your base image.

    Login or Signup to reply.
  2. ...I can reach the port 9990 from outside?

    Presumed "outside" here means the host network; then hostNetwork: true in your pod spec would allow that in this case.

    Otherwise, please post the complete spec and describe the url/endpoint you used to "reach the port 9990" in your question.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search