1. Network communication mode
The network model of kubernetes assumes that all pods are in a directly connected flat network, which is a ready-made network model in GCE, and kubernetes assumes that this network already exists.
When building a kubernetes cluster in a private cloud, you cannot assume that the network already exists. We need to implement this network assumption by ourselves, first open up the mutual access between docker containers on different nodes, and then run kubernetes.
Between multiple containers of the same pod:
communication between each pod: overlay network
communication between pod and service: iptables rules of each node
Two, network solutions
- Flannel network: In simple terms, its function is to allow docker containers created by different node hosts in the cluster to have a unique virtual IP address in the entire cluster, and it can also establish an overlay network between these IP addresses. Through this overlay network, the data packets are delivered to
the flannel of etcd in the target container to provide instructions:
1. Storage and management of the IP address segment resources that can be allocated by flannel
2. Monitor the actual address of each pod in etcd and store it in the memory
The flannel for establishing and maintaining the pod node routing table etcd provides instructions:
1. Storage and management of the IP address segment resources that can be allocated by flannel
2. Monitoring the actual address of each pod in etcd, and establishing and maintaining the pod node routing table in memory
Network communication methods in different situations.
Internal communication of the
same pod : the same pod shares the same network namespace and shares the same linux protocol stack
pod1 to pod2:
1. Pod1 and pod2 are not on the same machine, and the pod address is in the same network segment as docker0 Yes, but the docker0 network segment and the host network card are two completely different ip network segments, and the communication between different nodes can only be carried out through the host physical network card. Associate the IP address of the node where the pod's ip is located. Through this association, the pod can access each other.
2. Pod1 and pod2 are on the same machine. The docker0 bridge directly forwards the request to pod2 without going through flannel.
Pod to service network:
currently based on performance considerations, all are maintained and forwarded by iptables
Pod to the external network: The
pod sends a request to the external network , looks up the routing table, and forwards the packet to the host's network card. After the host's network card completes routing, iptables executes masquerade, changes the source IP to the host's network card's IP, and then External server sends a request
Access pod from external network: service
Network types in kubernetes:
service network: virtual network
pod network: virtual network
node network: only node network is a real network
》》》Bloggers update their learning experience for a long time, recommend likes and follow! ! !
》》》If there is something wrong, please leave a message in the comment area, thank you! ! !