Kubernetes NodePort: How to expose services externally

Learn how Kubernetes NodePort services work. Exposes your service on a port between 30000–32767 on every node, enabling external access without a cloud load balancer.

4 lessons · 11 min · Advanced

2 minutes reading time

Written by

Civo Team
Civo Team

Marketing Team at Civo

A NodePort Service exposes your application on a port between 30000 and 32767 on every node in the cluster. External traffic arriving at any node's IP address on that port is routed through to the correct pods via the Service's selector.

NodePort is the simplest way to expose a Kubernetes Service to traffic from outside the cluster without requiring a cloud load balancer.

When to use NodePort

NodePort is appropriate when:

  • You are running on bare metal or on-premises infrastructure where no cloud load balancer is available
  • You are in a development or testing environment and need quick external access
  • You are building a custom ingress or load balancing solution on top of NodePort and want to manage the external routing yourself
  • You need a predictable, stable port that an external system can connect to

For production workloads on cloud infrastructure, LoadBalancer is usually the better choice as it provisions an external IP automatically without requiring you to manage node IPs or firewall rules.

How NodePort traffic flows

When external traffic arrives at <NodeIP>:<NodePort>:

  1. The node receives the traffic on the NodePort
  2. The Service routes it to the ClusterIP
  3. The ClusterIP load-balances it across the healthy pods matching the Service's selector
  4. The selected pod receives the request

Every node in the cluster listens on the NodePort, so you can use any node's IP address to reach the Service. If one node is unavailable, the others still serve traffic on the same port.

nodeport-traffic-flow

Working example

Create a namespace and a deployment:

kubectl create namespace example
kubectl create deployment demo --image=nginx --port=3000 -n example

Create a NodePort Service:

apiVersion: v1
kind: Service
metadata:
name: demo-nodeport
namespace: example
spec:
type: NodePort
selector:
app: demo
ports:
- port: 80
targetPort: 3000
nodePort: 31520
kubectl apply -f nodeport.yaml

Verify the Service was created:

kubectl get all -n example

Expected output:

NAME READY STATUS RESTARTS AGE
pod/demo-6b7f9d8c5-abc12 1/1 Running 0 30s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/demo-nodeport NodePort 10.96.145.23 <none> 80:31520/TCP 10s

The Service is now accessible at <NodeIP>:31520 from outside the cluster.

NodePort range and automatic assignment

NodePort values must be in the range 30000 to 32767. If you omit the nodePort field from the Service spec, Kubernetes assigns an available port automatically from within this range.

Manually specifying a port as in the example above is useful when you need a predictable, stable port for external load balancer configuration or when you want consistent port numbers across environments.

Comparison: NodePort vs LoadBalancer

NodePortLoadBalancer

How to access

<NodeIP>:<NodePort>

Single external IP provisioned by cloud provider

Requires cloud provider

No

Yes

Port range

30000 to 32767

Standard ports (80, 443)

Best for

Bare metal, on-premises, custom routing, testing

Production external access on cloud infrastructure

Use NodePort when you need external access without a cloud load balancer. Use LoadBalancer when you want the cloud provider to provision an external IP automatically.

Civo Team
Civo Team

Marketing Team at Civo

Civo is the Sovereign Cloud and AI platform designed to help developers and enterprises build without limits. We bridge the gap between the openness of the public cloud and the rigorous security of private environments, delivering full cloud parity across every deployment. As a team, we are dedicated to providing scalable compute, lightning-fast Kubernetes, and managed services that are ready in minutes. Through CivoStack Enterprise and our FlexCore appliance, we empower organizations to maintain total data sovereignty on their own hardware.

Our mission is to make the cloud faster, simpler, and fairer. By providing enterprise-grade NVIDIA GPUs and streamlined model management, we ensure that high-performance AI and machine learning are accessible to everyone. Built for transparency and performance, the Civo Team is here to give you total control over your infrastructure, your data, and your spend.

View author profile