How Do Multi-Port Services Work in Kubernetes?

intermediate|servicesdevopssrebackend developerCKACKAD
TL;DR

A multi-port Service exposes multiple ports on a single Service object, each with a unique name and mapping to a container port. This is common for applications that serve HTTP and HTTPS, or application traffic and metrics on separate ports.

Detailed Answer

A multi-port Service exposes more than one port through a single Service object. This is a common pattern because many applications listen on multiple ports — for example, HTTP on port 80, HTTPS on port 443, and metrics on port 9090.

Basic Multi-Port Service

apiVersion: v1
kind: Service
metadata:
  name: web-app
spec:
  selector:
    app: web
  ports:
    - name: http
      port: 80
      targetPort: 8080
      protocol: TCP
    - name: https
      port: 443
      targetPort: 8443
      protocol: TCP
    - name: metrics
      port: 9090
      targetPort: 9090
      protocol: TCP

Key rules:

  • Port names are required when more than one port is defined
  • Each name must be unique within the Service
  • Port names must follow DNS label conventions (lowercase alphanumeric and hyphens)

Named Ports on Containers

You can reference container ports by name in the Service, which decouples the Service from specific port numbers:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: web
spec:
  replicas: 3
  selector:
    matchLabels:
      app: web
  template:
    metadata:
      labels:
        app: web
    spec:
      containers:
        - name: app
          image: web-app:2.0
          ports:
            - name: http
              containerPort: 8080
            - name: https
              containerPort: 8443
            - name: metrics
              containerPort: 9090
          resources:
            requests:
              cpu: "250m"
              memory: "256Mi"
---
apiVersion: v1
kind: Service
metadata:
  name: web-app
spec:
  selector:
    app: web
  ports:
    - name: http
      port: 80
      targetPort: http     # References the named port on the container
    - name: https
      port: 443
      targetPort: https
    - name: metrics
      port: 9090
      targetPort: metrics

If the container port number changes (e.g., from 8080 to 8081), you only update the Deployment — the Service continues to work because it references the port by name.

Using Multi-Port Services with Ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: web-ingress
spec:
  rules:
    - host: app.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: web-app
                port:
                  name: http       # Reference by name
          - path: /metrics
            pathType: Prefix
            backend:
              service:
                name: web-app
                port:
                  number: 9090     # Or reference by number

Multi-Protocol Services

A Service can expose both TCP and UDP ports:

apiVersion: v1
kind: Service
metadata:
  name: dns-service
spec:
  selector:
    app: dns
  ports:
    - name: dns-tcp
      port: 53
      targetPort: 53
      protocol: TCP
    - name: dns-udp
      port: 53
      targetPort: 53
      protocol: UDP

Note: The same port number (53) can be used for both TCP and UDP because the protocol differentiates them.

Multi-Port Service with NodePort

apiVersion: v1
kind: Service
metadata:
  name: web-app
spec:
  type: NodePort
  selector:
    app: web
  ports:
    - name: http
      port: 80
      targetPort: 8080
      nodePort: 30080
    - name: https
      port: 443
      targetPort: 8443
      nodePort: 30443

Each port gets its own NodePort. If you do not specify nodePort, Kubernetes allocates one automatically from the default range (30000-32767).

NetworkPolicy with Named Ports

Named ports are useful in NetworkPolicies for readability:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-http-only
spec:
  podSelector:
    matchLabels:
      app: web
  ingress:
    - ports:
        - port: http          # Named port reference
          protocol: TCP
      from:
        - podSelector:
            matchLabels:
              role: frontend

Common Patterns

| Pattern | Ports | Use Case | |---------|-------|----------| | App + Metrics | 8080, 9090 | Prometheus scraping | | HTTP + HTTPS | 80, 443 | TLS termination at the Pod | | App + Admin | 8080, 8081 | Separate admin/debug endpoint | | gRPC + HTTP | 50051, 8080 | gRPC service with HTTP health checks | | App + Debug | 8080, 6060 | Go pprof or debug endpoints |

Debugging Multi-Port Services

# Verify endpoints for each port
kubectl get endpoints web-app

# Inspect EndpointSlice per port
kubectl get endpointslice -l kubernetes.io/service-name=web-app -o yaml

# Test a specific port
kubectl run test --image=busybox --rm -it -- wget -qO- http://web-app:80
kubectl run test --image=busybox --rm -it -- wget -qO- http://web-app:9090/metrics

Why Interviewers Ask This

Many production applications expose multiple ports. Understanding multi-port Services demonstrates your ability to configure real-world networking scenarios correctly.

Common Follow-Up Questions

Are port names required in multi-port Services?
Yes — when a Service defines more than one port, each port must have a unique name. This is a validation requirement.
Can different ports in a Service target different Pods?
No — all ports in a Service share the same selector. If you need to route different ports to different Pods, create separate Services.
How do you reference a specific port in an Ingress?
Use the port name or number in the Ingress backend. Port names are preferred because they survive port number changes.

Key Takeaways

  • Each port in a multi-port Service must have a unique name.
  • All ports share the same Pod selector — you cannot route different ports to different Pod groups.
  • Use named ports for maintainability and to simplify Ingress and NetworkPolicy configurations.

Related Questions

What Is a Kubernetes Service and Why Do You Need One?How Does a ClusterIP Service Work in Kubernetes?

You Might Also Like

How Does CoreDNS Work in Kubernetes?
Back to Services Interview Questions