In this guide, weβll learn how to configure a Kubernetes NodePort Service in GKE, expose an application, and make it accessible from the internet.
π Step-01: Introduction
- NodePort Service exposes Pods to the outside world using a port on each Kubernetes Node.
- Port range: 30000β32768
- Access format:
http://<NODE-EXTERNAL-IP>:<NODEPORT>
- By default, Google Cloud blocks external access to NodePorts, so weβll also need a Firewall Rule.
π Step-02: Create a Deployment (01-kubernetes-deployment.yaml)
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp1-deployment
spec:
replicas: 2
selector:
matchLabels:
app: myapp1
template:
metadata:
name: myapp1-pod
labels:
app: myapp1
spec:
containers:
- name: myapp1-container
image: stacksimplify/kubenginx:1.0.0
ports:
- containerPort: 80
π Step-03: Create a NodePort Service (02-kubernetes-nodeport-service.yaml)
π If you donβt specify a nodePort, Kubernetes will assign one dynamically from 30000β32768.
apiVersion: v1
kind: Service
metadata:
name: myapp1-nodeport-service
spec:
type: NodePort
selector:
app: myapp1
ports:
- name: http
port: 80 # Service Port
targetPort: 80 # Container Port
nodePort: 30080 # Optional NodePort
π Step-04: Deploy Kubernetes Manifests
# Deploy
kubectl apply -f 01-kubernetes-deployment.yaml
kubectl apply -f 02-kubernetes-nodeport-service.yaml
# Verify
kubectl get deploy
kubectl get po
kubectl get svc
π Step-05: Access Application (Before Firewall Rule)
kubectl get nodes -o wide
- Note down Node External IP.
- Try accessing:
http://<NODE-EXTERNAL-IP>:30080
- Observation: Access will fail (firewall blocks it).
π Step-06: Create Firewall Rule
# Replace NODE_PORT with your chosen port (e.g., 30080)
gcloud compute firewall-rules create fw-rule-gke-node-port \
--description="Allow inbound port 30080 for all instances in a network for NodePort Service" \
--direction=INGRESS \
--priority=1000 \
--network=default \
--action=ALLOW \
--rules=tcp:30080 \
--source-ranges=0.0.0.0/0
# List firewall rules
gcloud compute firewall-rules list
π Step-07: Access Application (After Firewall Rule)
kubectl get nodes -o wide
- Copy the Node External IP.
- Access your app:
http://<NODE-EXTERNAL-IP>:30080
- Observation: This time it should work β
π Step-08: Clean-Up
# Delete Kubernetes Resources
kubectl delete -f kube-manifests/
# Delete Firewall Rule
gcloud compute firewall-rules delete fw-rule-gke-node-port
π― Key Takeaways
- NodePort Service opens ports between 30000β32768 on nodes.
- Needs firewall rule in GCP to allow traffic.
- Useful for testing/dev, but not recommended for production.
- In production β Use LoadBalancer or Ingress instead.
π Thanks for reading! If this post added value, a like β€οΈ, follow, or share would encourage me to keep creating more content.
β Latchu | Senior DevOps & Cloud Engineer
βοΈ AWS | GCP | βΈοΈ Kubernetes | π Security | β‘ Automation
π Sharing hands-on guides, best practices & real-world cloud solutions
Top comments (0)