Let’s say that we have a Node app running inside a Docker container and listening on port 3000. We want to expose this app to be accessible in the browser, also in port 3000. So we do port forwarding like this:
docker run -p <port>:<targetPort> my-image // for example: 3000:3000
So docker knows on which port to listen and to which process inside the container to forward the network.
But in k8s NodePort service, its enough to provide the NodePort service port and the target port of the Pod, but not the target port inside the Pod, so we have random outside port, 30,000-32,000 (approximately) that listens to outside traffic, forward this to the port of the NodePort service and then forward it to the target port of a Pod, but.. hey, we didn’t mention the target port inside the Pod.
So how the Pod object knows to which process inside it to forward the traffic? We usually assume we have only single container in a Pod, but if we have multiple?
Also note that in the example of exposing image in Docker – if we don’t mention port forwarding the whole exposition won’t work so it won’t be accessible via browser (outside the container)..
Source: Docker Questions