Why does kube-proxy need to bind a random port on node for service “nodePort” and “loadBalance”

Hi all,

As we know, a node-port or load-balancer service has a random node port bound on the node by kube-proxy. E.g, 80/32471, the 80 is the service port, and 32471 is the random port. We can see the port is bound by kube-proxy by using the command netstat -lntp.

But i don’t see this port-bind is a must. Since the <node-ip>:<node-random-port> can be accessed because of the iptables DNAT rules, which changes the <LOCAL>:<node-random-port> to the underlying pods <pod-ip>:<pod-port>. so my question is why kube-proxy needs to bind the port on the node. Is it for occupying the random port?