This page shows you how to expose a random port in a Pod running in a
Google Kubernetes Engine (GKE) Autopilot cluster.
Exposing a port in a Pod lets the Pod accept incoming connections directly,
without a load balancer. GKE chooses a random port to open
from a range that you specify in the Pod specification. This type of random
port exposure is useful when your workload requires direct incoming connections
but doesn't rely on a persistent port number. An example of this type of workload is anAgones GameServer resourcewith the
defaultDynamicport policy.
When you request a random port, GKE overrides the value in thehostPortfield in the container specification to the port that
GKE selected for you.
Before you begin
Before you start, make sure that you have performed the following tasks:
If you want to use the Google Cloud CLI for this task,installand theninitializethe
gcloud CLI. If you previously installed the gcloud CLI, get the latest
version by runninggcloud components update.
Ensure that you have aGKE Autopilot clusterrunning version 1.24.7-gke.1200 and later or 1.25.3-gke.1100 and later.
Limitations
You can only assign random hostPorts for static Pods or for Pods that are
managed by a custom controller, such as Agones. This functionality isn't
supported onKubernetes managed controllerssuch as Deployments.
MIN_PORT: the minimum port number for the range
from which GKE chooses a random port.
MAX_PORT: the maximum port number for the range
from which GKE chooses a random port.
HOST_PORT1,HOST_PORT2: any valid
port number. When the Pod is scheduled, GKE updates this
field with the randomly assigned port. If you have multiple containers,
use different port numbers for each container.
The port range (the difference betweenMAX_PORTandMIN_PORT) must be at least 1000 ports.
Apply the manifest:
kubectlapply-fhost-port-pod.yaml
When you apply the manifest, GKE selects a random port from your
range and assigns the port to your container. If GKE assigns the
same port value to two Pods, GKE automatically places the Pods
on separate nodes to avoid port conflict.
Check the assigned port
To find the port number that GKE assigned to your containers,
inspect the Pod:
metadata.annotations.autopilot.gke.io/host-port-assignment: the port
assignments, showing the original value forhostPortthat you set for
each container and the updated value forhostPortthat GKE
assigned. This field is useful if you requested multiple ports in your Pod
specification.
spec.containers.ports.hostPort: the opened port that GKE
assigned to each container.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# Allow direct connections to Autopilot Pods using hostPort\n\n[Autopilot](/kubernetes-engine/docs/concepts/autopilot-overview)\n\n*** ** * ** ***\n\nThis page shows you how to expose a random port in a Pod running in a\nGoogle Kubernetes Engine (GKE) Autopilot cluster.\n\nExposing a port in a Pod lets the Pod accept incoming connections directly,\nwithout a load balancer. GKE chooses a random port to open\nfrom a range that you specify in the Pod specification. This type of random\nport exposure is useful when your workload requires direct incoming connections\nbut doesn't rely on a persistent port number. An example of this type of workload is an [Agones GameServer resource](https://agones.dev/site/docs/reference/gameserver/) with the\ndefault `Dynamic` port policy.\n\nWhen you request a random port, GKE overrides the value in the\n`hostPort` field in the container specification to the port that\nGKE selected for you.\n\nBefore you begin\n----------------\n\nBefore you start, make sure that you have performed the following tasks:\n\n- Enable the Google Kubernetes Engine API.\n[Enable Google Kubernetes Engine API](https://console.cloud.google.com/flows/enableapi?apiid=container.googleapis.com)\n- If you want to use the Google Cloud CLI for this task, [install](/sdk/docs/install) and then [initialize](/sdk/docs/initializing) the gcloud CLI. If you previously installed the gcloud CLI, get the latest version by running `gcloud components update`. **Note:** For existing gcloud CLI installations, make sure to set the `compute/region` [property](/sdk/docs/properties#setting_properties). If you use primarily zonal clusters, set the `compute/zone` instead. By setting a default location, you can avoid errors in the gcloud CLI like the following: `One of [--zone, --region] must be supplied: Please specify location`. You might need to specify the location in certain commands if the location of your cluster differs from the default that you set.\n\n\u003c!-- --\u003e\n\n- Ensure that you have a [GKE Autopilot cluster](/kubernetes-engine/docs/how-to/creating-an-autopilot-cluster) running version 1.24.7-gke.1200 and later or 1.25.3-gke.1100 and later.\n\n### Limitations\n\nYou can only assign random hostPorts for static Pods or for Pods that are\nmanaged by a custom controller, such as Agones. This functionality isn't\nsupported on\n[Kubernetes managed controllers](https://kubernetes.io/docs/concepts/workloads/controllers/)\nsuch as Deployments.\n\nRequest a random port\n---------------------\n\n1. Save the following manifest as `host-port-pod.yaml`:\n\n apiVersion: v1\n kind: Pod\n metadata:\n name: game-pod\n annotations:\n autopilot.gke.io/host-port-assignment: '{\"min\":\u003cvar translate=\"no\"\u003eMIN_PORT\u003c/var\u003e,\"max\":\u003cvar translate=\"no\"\u003eMAX_PORT\u003c/var\u003e}'\n spec:\n containers:\n - name: local-chat\n image: ubuntu\n ports:\n - containerPort: 80\n hostPort: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eHOST_PORT1\u003c/span\u003e\u003c/var\u003e\n protocol: tcp\n - name: game-server\n image: ubuntu\n ports:\n - containerPort: 80\n hostPort: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eHOST_PORT2\u003c/span\u003e\u003c/var\u003e\n protocol: udp\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eMIN_PORT\u003c/var\u003e: the minimum port number for the range from which GKE chooses a random port.\n - \u003cvar translate=\"no\"\u003eMAX_PORT\u003c/var\u003e: the maximum port number for the range from which GKE chooses a random port.\n - \u003cvar translate=\"no\"\u003eHOST_PORT1\u003c/var\u003e`, `\u003cvar translate=\"no\"\u003eHOST_PORT2\u003c/var\u003e: any valid port number. When the Pod is scheduled, GKE updates this field with the randomly assigned port. If you have multiple containers, use different port numbers for each container.\n\n The port range (the difference between \u003cvar translate=\"no\"\u003eMAX_PORT\u003c/var\u003e\n and \u003cvar translate=\"no\"\u003eMIN_PORT\u003c/var\u003e) must be at least 1000 ports.\n2. Apply the manifest:\n\n kubectl apply -f host-port-pod.yaml\n\nWhen you apply the manifest, GKE selects a random port from your\nrange and assigns the port to your container. If GKE assigns the\nsame port value to two Pods, GKE automatically places the Pods\non separate nodes to avoid port conflict.\n\nCheck the assigned port\n-----------------------\n\nTo find the port number that GKE assigned to your containers,\ninspect the Pod: \n\n kubectl get pod game-pod --output=yaml\n\nThe output is similar to the following: \n\n apiVersion: v1\n kind: Pod\n metadata:\n annotations:\n autopilot.gke.io/host-port-assignment: '{\"min\":\u003cvar scope=\"MIN_PORT\" translate=\"no\"\u003eMIN_PORT\u003c/var\u003e,\"max\":\u003cvar scope=\"MAX_PORT\" translate=\"no\"\u003eMAX_PORT\u003c/var\u003e,\"portsAssigned\":{\"\u003cvar scope=\"HOST_PORT1\" translate=\"no\"\u003eHOST_PORT1\u003c/var\u003e\":7300,\"\u003cvar scope=\"HOST_PORT2\" translate=\"no\"\u003eHOST_PORT2\u003c/var\u003e\":7450}}'\n name: game-pod\n namespace: default\n spec:\n containers:\n - name: local-chat\n image: ubuntu\n imagePullPolicy: IfNotPresent\n ports:\n - containerPort: 80\n hostPort: 7300\n protocol: TCP\n - name: game-server\n image: ubuntu\n imagePullPolicy: IfNotPresent\n ports:\n - containerPort: 80\n hostPort: 7450\n protocol: UDP\n\nIn this output:\n\n- `metadata.annotations.autopilot.gke.io/host-port-assignment`: the port assignments, showing the original value for `hostPort` that you set for each container and the updated value for `hostPort` that GKE assigned. This field is useful if you requested multiple ports in your Pod specification.\n- `spec.containers.ports.hostPort`: the opened port that GKE assigned to each container.\n\nWhat's next\n-----------\n\n[Track Agones support on Autopilot on GitHub](https://github.com/googleforgames/agones/issues/2777)."]]
