zoukankan      html  css  js  c++  java
  • k8s network

    https://kubernetes.io/docs/concepts/cluster-administration/networking/

    Cluster Networking

    Networking is a central part of Kubernetes, but it can be challenging to understand exactly how it is expected to work.
    There are 4 distinct networking problems to address:

    • Highly-coupled container-to-container communications: this is solved by Pods and localhost communications.
    • Pod-to-Pod communications: this is the primary focus of this document.
    • Pod-to-Service communications: this is covered by services.
    • External-to-Service communications: this is covered by services.

    Kubernetes is all about sharing machines between applications.

    Typically, sharing machines requires ensuring that two applications do not try to use the same ports.
    Coordinating ports across multiple developers is very difficult to do at scale and
    exposes users to cluster-level issues outside of their control.

    Dynamic port allocation brings a lot of complications to the system
    every application has to take ports as flags, the API servers have to know how to insert dynamic port numbers
    into configuration blocks, services have to know how to find each other, etc.
    Rather than deal with this, Kubernetes takes a different approach.

    The Kubernetes network model

    Every Pod gets its own IP address.
    This means you do not need to explicitly create links between Pods and
    you almost never need to deal with mapping container ports to host ports.

    This creates a clean, backwards-compatible model
    where Pods can be treated much like VMs or physical hosts from the perspectives of
    port allocation, naming, service discovery, load balancing, application configuration, and migration.

    Kubernetes imposes the following fundamental requirements on any networking
    implementation (barring any intentional network segmentation policies):

    • pods on a node can communicate with all pods on all nodes without NAT
    • agents on a node (e.g. system daemons, kubelet) can communicate with all pods on that node

    Note: For those platforms that support Pods running in the host network (e.g. Linux):

    • pods in the host network of a node can communicate with all pods on all nodes without NAT

    This model is not only less complex overall, but it is principally compatible with the desire for Kubernetes
    to enable low-friction porting of apps from VMs to containers.

    If your job previously ran in a VM, your VM had an IP and could talk to other VMs in your project.
    This is the same basic model.

    Kubernetes IP addresses exist at the Pod scope
    containers within a Pod share their network namespaces, including their IP address and MAC address.

    This means that containers within a Pod can all reach each other's ports on localhost.
    This also means that containers within a Pod must coordinate port usage,
    but this is no different from processes in a VM.

    This is called the IP-per-pod model.

    How this is implemented is a detail of the particular container runtime in use.

    It is possible to request ports on the Node itself which forward to your Pod (called host ports),
    but this is a very niche operation. How that forwarding is implemented is also a detail of the container runtime.
    The Pod itself is blind to the existence or non-existence of host ports.

    https://kubernetes.io/docs/concepts/services-networking/service/

  • 相关阅读:
    成功在RedFlag Linux 5.0桌面版安装oralce10
    ORACLE ebs 11.5.10 for linux 安装心得
    C#讀取轉換Excel檔案的優化(源代碼)
    [轉]SAP BASIS经验十年James Yen
    SAP Basis 常用事务代码
    健康指南:人体十大最佳黄金时间
    中國人使筷子的十二種忌諱
    SAP basis 相关设定
    技术出身,如何做好项目经理?
    [轉貼]奋斗5年从月薪3500到700万!
  • 原文地址:https://www.cnblogs.com/Searchor/p/14713619.html
Copyright © 2011-2022 走看看