Latchu@DevOps

Posted on Oct 2

Part-102: 🚀 Configure a NodePort Service in Google Kubernetes Engine (GKE)

#kubernetes #googlecloud #devops #cloud

In this guide, we’ll learn how to configure a Kubernetes NodePort Service in GKE, expose an application, and make it accessible from the internet.

📝 Step-01: Introduction

NodePort Service exposes Pods to the outside world using a port on each Kubernetes Node.
Port range: 30000–32768
Access format:

http://<NODE-EXTERNAL-IP>:<NODEPORT>

By default, Google Cloud blocks external access to NodePorts, so we’ll also need a Firewall Rule.

📝 Step-02: Create a Deployment (01-kubernetes-deployment.yaml)

apiVersion: apps/v1
kind: Deployment 
metadata:
  name: myapp1-deployment
spec:
  replicas: 2
  selector:
    matchLabels:
      app: myapp1
  template:  
    metadata:
      name: myapp1-pod
      labels:
        app: myapp1
    spec:
      containers:
        - name: myapp1-container
          image: stacksimplify/kubenginx:1.0.0
          ports: 
            - containerPort: 80

📝 Step-03: Create a NodePort Service (02-kubernetes-nodeport-service.yaml)

👉 If you don’t specify a nodePort, Kubernetes will assign one dynamically from 30000–32768.

apiVersion: v1
kind: Service 
metadata:
  name: myapp1-nodeport-service
spec:
  type: NodePort
  selector:
    app: myapp1
  ports: 
    - name: http
      port: 80        # Service Port
      targetPort: 80  # Container Port
      nodePort: 30080 # Optional NodePort

📝 Step-04: Deploy Kubernetes Manifests

# Deploy
kubectl apply -f 01-kubernetes-deployment.yaml
kubectl apply -f 02-kubernetes-nodeport-service.yaml

# Verify
kubectl get deploy
kubectl get po
kubectl get svc

📝 Step-05: Access Application (Before Firewall Rule)

kubectl get nodes -o wide

Note down Node External IP.
Try accessing:

http://<NODE-EXTERNAL-IP>:30080

Observation: Access will fail (firewall blocks it).

📝 Step-06: Create Firewall Rule

# Replace NODE_PORT with your chosen port (e.g., 30080)
gcloud compute firewall-rules create fw-rule-gke-node-port \
    --description="Allow inbound port 30080 for all instances in a network for NodePort Service" \
    --direction=INGRESS \
    --priority=1000 \
    --network=default \
    --action=ALLOW \
    --rules=tcp:30080 \
    --source-ranges=0.0.0.0/0    

# List firewall rules
gcloud compute firewall-rules list

📝 Step-07: Access Application (After Firewall Rule)

kubectl get nodes -o wide

Copy the Node External IP.
Access your app:

http://<NODE-EXTERNAL-IP>:30080

Observation: This time it should work ✅

📝 Step-08: Clean-Up

# Delete Kubernetes Resources
kubectl delete -f kube-manifests/

# Delete Firewall Rule
gcloud compute firewall-rules delete fw-rule-gke-node-port

🎯 Key Takeaways

NodePort Service opens ports between 30000–32768 on nodes.
Needs firewall rule in GCP to allow traffic.
Useful for testing/dev, but not recommended for production.
In production → Use LoadBalancer or Ingress instead.

🌟 Thanks for reading! If this post added value, a like ❤️, follow, or share would encourage me to keep creating more content.

— Latchu | Senior DevOps & Cloud Engineer

☁️ AWS | GCP | ☸️ Kubernetes | 🔐 Security | ⚡ Automation
📌 Sharing hands-on guides, best practices & real-world cloud solutions

DEV Community