Kubernetes network model
A basic principle of Kubernetes network model design is that each Pod has an independent IP address, and it is assumed that all Pods are in a directly connected, flat network space. Therefore, regardless of whether they are running in the same Node (host), they are required to be accessible directly through each other's IP. The reason for designing this principle is that users do not need to consider how to establish connections between Pods, nor do they need to consider issues such as mapping container ports to host ports.
In fact, in the world of Kubernetes, IPs are allocated on a Pod basis.
According to this network abstraction principle, what prerequisites and requirements does Kubernetes have for the network?
-
All containers can communicate with other containers without NAT;
-
All nodes can communicate with all containers without NAT, and vice versa;
-
The address of the container is the same as the address seen by others;
Network communication scenarios
-
Container-to-container communication.
Containers in the same Pod (containers in a Pod will not cross hosts) share the same network namespace and the same Linux protocol stack. You can access each other directly through localhost. -
Communication between Pods: within the same Node.
Connected to the same docker0 bridge through Veth, their IP addresses are dynamically obtained from the docker0 bridge, and they are in the same network segment as the IP3 of the bridge itself. -
Communication between Pods on different Nodes.
Make a unified plan for the IP address of docker0; make a unified plan for the IP address of the Pod; -
Communication between Pod and Service.
The virtual IP of Service is mapped to different Pods through kube-proxy on each Node, and only polling is currently supported. -
External to internal access to
NodePort and LoadBalancer.