With k8s, you just create a service of type NodePort and it assigns a free external port for that service, which is mapped back to a specific port in the Lisp container.
I know of NodePort, but last i checked it’s a low-level constrict that doesn’t do anything like, say, authn—so that doesn’t seem like a complete answer.