James Cobb:
I have a question on the topic of services. Does the cluster IP service act as a client (random source port, typical client behavior) to the pod TargetPort (fixed destination port), or is there really a 1:1 association between the outbound TCP port and inbound TCP port on the ClusterIP service and the pod?
If the ClusterIP Port actually refers to the inbound TCP port on the cluster IP itself, I think this diagram would need modification, but am making an assumption so far:
Konrad:
ClusterIP service as all services is just a iptables rule that makes a DNAT from one port to another port if I remember correctly. And no the diagram is ok because it doesn’t matter where you put it the port it’s just a cosmetic change.
James Cobb:
just my opinion, the diagram makes it look like the source port from the service object is 80, where 80 is actually the destination port on the service object, and the outbound (source) port to the pod is, I assume, a random high-numbered port
Alistair Mackay:
ClusterIP service must have a port - the port other pods talk to the service on and a targetPort - the port on the pods that the service will forward to.
Random high numbered ports are only assigned to the nodePort of a service of type NodePort , and only if you don’t provide a value for nodePort