Sign in Subscribe
Concepts

Kubernetes Ingress Internal Port Mismatch: How to Debug and Fix It

Andrios Robert

1 min read

The request hit the cluster and failed. Not the code. Not the container. The path. The internal port was wrong.

Kubernetes Ingress does not care about your service’s name or your deployment’s YAML unless the port mappings are exact. An Ingress resource routes traffic at layer 7 — HTTP — to Services inside the cluster. Those Services forward that traffic to Pods. If the internal port in the Service spec does not match the container’s exposed port, the request dies before it reaches your app.

Define the Service with the correct targetPort. This is the container port inside the Pod. The port field in the Service is the one the Ingress calls. internalPort in this context means the port inside the cluster, not the external load balancer’s port.

Example Service YAML:

apiVersion: v1
kind: Service
metadata:
 name: my-app-service
spec:
 selector:
 app: my-app
 ports:
 - port: 8080
   targetPort: 8080
 type: ClusterIP

Example Ingress YAML:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
 name: my-app-ingress
spec:
 rules:
 - host: myapp.example.com
   http:
     paths:
     - path: /
       pathType: Prefix
       backend:
         service:
           name: my-app-service
           port:
             number: 8080

The Ingress points to port 8080 on the Service. The Service points its targetPort to 8080 inside the Pod. If you mismatch these values — 8080 to 80, 443 to 3000 — Kubernetes still accepts your YAML, but the route will break.

ClusterIP Services are the default way to connect Ingress rules to Pods. The internal port is for cluster communication only. The external port is handled by the ingress controller, often NGINX or Traefik.

Debugging an Ingress internal port issue:

  1. Confirm the Pod is listening on the expected port (kubectl exec + netstat or curl).
  2. Check the Service resource for matching targetPort.
  3. Inspect the Ingress backend configuration — the serviceName and port must match the Service definition.
  4. Restart the controller if config changes don’t propagate.

Port alignment is critical. Misaligned ports block traffic silently. Every Ingress internal port must map cleanly from Ingress → Service → Pod.

Deploy an Ingress with the right internal port now. Test it live in minutes at hoop.dev.