zoukankan      html  css  js  c++  java
  • k8s network

    https://kubernetes.io/docs/concepts/cluster-administration/networking/

    Cluster Networking

    Networking is a central part of Kubernetes, but it can be challenging to understand exactly how it is expected to work.
    There are 4 distinct networking problems to address:

    • Highly-coupled container-to-container communications: this is solved by Pods and localhost communications.
    • Pod-to-Pod communications: this is the primary focus of this document.
    • Pod-to-Service communications: this is covered by services.
    • External-to-Service communications: this is covered by services.

    Kubernetes is all about sharing machines between applications.

    Typically, sharing machines requires ensuring that two applications do not try to use the same ports.
    Coordinating ports across multiple developers is very difficult to do at scale and
    exposes users to cluster-level issues outside of their control.

    Dynamic port allocation brings a lot of complications to the system
    every application has to take ports as flags, the API servers have to know how to insert dynamic port numbers
    into configuration blocks, services have to know how to find each other, etc.
    Rather than deal with this, Kubernetes takes a different approach.

    The Kubernetes network model

    Every Pod gets its own IP address.
    This means you do not need to explicitly create links between Pods and
    you almost never need to deal with mapping container ports to host ports.

    This creates a clean, backwards-compatible model
    where Pods can be treated much like VMs or physical hosts from the perspectives of
    port allocation, naming, service discovery, load balancing, application configuration, and migration.

    Kubernetes imposes the following fundamental requirements on any networking
    implementation (barring any intentional network segmentation policies):

    • pods on a node can communicate with all pods on all nodes without NAT
    • agents on a node (e.g. system daemons, kubelet) can communicate with all pods on that node

    Note: For those platforms that support Pods running in the host network (e.g. Linux):

    • pods in the host network of a node can communicate with all pods on all nodes without NAT

    This model is not only less complex overall, but it is principally compatible with the desire for Kubernetes
    to enable low-friction porting of apps from VMs to containers.

    If your job previously ran in a VM, your VM had an IP and could talk to other VMs in your project.
    This is the same basic model.

    Kubernetes IP addresses exist at the Pod scope
    containers within a Pod share their network namespaces, including their IP address and MAC address.

    This means that containers within a Pod can all reach each other's ports on localhost.
    This also means that containers within a Pod must coordinate port usage,
    but this is no different from processes in a VM.

    This is called the IP-per-pod model.

    How this is implemented is a detail of the particular container runtime in use.

    It is possible to request ports on the Node itself which forward to your Pod (called host ports),
    but this is a very niche operation. How that forwarding is implemented is also a detail of the container runtime.
    The Pod itself is blind to the existence or non-existence of host ports.

    https://kubernetes.io/docs/concepts/services-networking/service/

  • 相关阅读:
    世界上最受欢迎的色彩出炉了,她的名字叫马尔斯绿
    一步一步学会preload和prefetch
    chrome插件编写中需要了解的几个概念和一些方法
    SVG矢量绘图 path路径详解(贝塞尔曲线及平滑)
    为什么Object.prototype在Function的原型链上与Function.prototype在Object的原型链上都为true
    排序算法总结
    iterm2 "agnoster"主题设置中的一些踩坑 2018.8
    webpack4与babel配合使es6代码可运行于低版本浏览器
    认识JWT
    「前端进阶」彻底弄懂前端路由
  • 原文地址:https://www.cnblogs.com/Searchor/p/14713619.html
Copyright © 2011-2022 走看看