You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/en/docs/concepts/cluster-administration/networking.md
+1-49Lines changed: 1 addition & 49 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -30,55 +30,7 @@ insert dynamic port numbers into configuration blocks, services have to know
30
30
how to find each other, etc. Rather than deal with this, Kubernetes takes a
31
31
different approach.
32
32
33
-
## The Kubernetes network model
34
-
35
-
Every `Pod` gets its own IP address, maximum one per IP family. This means you
36
-
do not need need to deal with mapping container ports to host ports in order to
37
-
expose the `Pods` services on the network. This creates a clean,
38
-
backwards-compatible model where `Pods` can be treated much like VMs or physical
39
-
hosts from the perspectives of port allocation, naming, service discovery, load
40
-
balancing, application configuration, and migration.
41
-
42
-
Kubernetes IP addresses exist at the `Pod` scope, in the `status.PodIPs` field
43
-
- containers within a `Pod` share their network namespaces - including their IP
44
-
address. This means that containers within a `Pod` can all reach each other's
45
-
ports on `localhost`. This also means that containers within a `Pod` must
46
-
coordinate port usage, but this is no different from processes in a VM. This is
47
-
called the _IP-per-pod_ model.
48
-
49
-
In every cluster, there exists an abstract pod-network to which pods
50
-
are connected by default, unless explicitly configured to use the
51
-
host-network (on platforms that support it). Even if a host has
52
-
multiple IPs, host-network pods only have one Kubernetes IP address at
53
-
the `Pod` scope, that is, the `status.PodIPs` field contains one
54
-
IP per address family (for now), so the "IP-per-pod" model is guaranteed.
55
-
56
-
Kubernetes imposes the following fundamental requirements on any networking
57
-
implementation (barring any intentional network segmentation policies):
58
-
59
-
* any pod-network pod on any node can communicate with all other pod-network
60
-
pods on all nodes without NAT.
61
-
* non-pod processes on a node (the kubelet, and also for example any other system daemon) can
62
-
communicate with all pods on that node.
63
-
64
-
In addition, for platforms and runtimes that support running pods in the host OS network:
65
-
66
-
* host-network pods of a node can connect directly with all pods IPs on all
67
-
nodes, however, unlike pod-network pods, the source IP address might not be
68
-
present in the `Pod``status.PodIPs` field.
69
-
70
-
This model is principally compatible with the desire for Kubernetes to enable
71
-
low-friction porting of apps from VMs to containers. If your workload previously ran
72
-
in a VM, your VM typically had a single IP address; everything in that VM could talk to
73
-
other VMs on your network.
74
-
This is the same basic model but less complex overall.
75
-
76
-
How this is implemented is a detail of the particular container runtime in use. Likewise, the networking option you choose may support [dual-stack IPv4/IPv6 networking](/docs/concepts/services-networking/dual-stack/); implementations vary.
77
-
78
-
It is possible to request ports on the `Node` itself which forward to your `Pod`
79
-
(called host ports), but this is a very niche operation. How that forwarding is
80
-
implemented is also a detail of the container runtime. The `Pod` itself is
81
-
blind to the existence or non-existence of host ports.
33
+
To learn about the Kubernetes networking model, see [here](/docs/concepts/services-networking/).
82
34
83
35
## How to implement the Kubernetes networking model
Copy file name to clipboardExpand all lines: content/en/docs/concepts/services-networking/_index.md
+45-3Lines changed: 45 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,8 +5,50 @@ description: >
5
5
Concepts and resources behind networking in Kubernetes.
6
6
---
7
7
8
+
## The Kubernetes network model
9
+
10
+
Every [`Pod`](/docs/concepts/workloads/pods/) gets its own IP address.
11
+
This means you do not need to explicitly create links between `Pods` and you
12
+
almost never need to deal with mapping container ports to host ports.
13
+
This creates a clean, backwards-compatible model where `Pods` can be treated
14
+
much like VMs or physical hosts from the perspectives of port allocation,
15
+
naming, service discovery, [load balancing](/docs/concepts/services-networking/ingress/#load-balancing), application configuration,
16
+
and migration.
17
+
18
+
Kubernetes imposes the following fundamental requirements on any networking
19
+
implementation (barring any intentional network segmentation policies):
20
+
21
+
* pods on a [node](/docs/concepts/architecture/nodes/) can communicate with all pods on all nodes without NAT
22
+
* agents on a node (e.g. system daemons, kubelet) can communicate with all
23
+
pods on that node
24
+
25
+
Note: For those platforms that support `Pods` running in the host network (e.g.
26
+
Linux):
27
+
28
+
* pods in the host network of a node can communicate with all pods on all
29
+
nodes without NAT
30
+
31
+
This model is not only less complex overall, but it is principally compatible
32
+
with the desire for Kubernetes to enable low-friction porting of apps from VMs
33
+
to containers. If your job previously ran in a VM, your VM had an IP and could
34
+
talk to other VMs in your project. This is the same basic model.
35
+
36
+
Kubernetes IP addresses exist at the `Pod` scope - containers within a `Pod`
37
+
share their network namespaces - including their IP address and MAC address.
38
+
This means that containers within a `Pod` can all reach each other's ports on
39
+
`localhost`. This also means that containers within a `Pod` must coordinate port
40
+
usage, but this is no different from processes in a VM. This is called the
41
+
"IP-per-pod" model.
42
+
43
+
How this is implemented is a detail of the particular container runtime in use.
44
+
45
+
It is possible to request ports on the `Node` itself which forward to your `Pod`
46
+
(called host ports), but this is a very niche operation. How that forwarding is
47
+
implemented is also a detail of the container runtime. The `Pod` itself is
48
+
blind to the existence or non-existence of host ports.
49
+
8
50
Kubernetes networking addresses four concerns:
9
-
- Containers within a Pod use networking to communicate via loopback.
51
+
- Containers within a Pod [use networking to communicate](/docs/concepts/services-networking/dns-pod-service/) via loopback.
10
52
- Cluster networking provides communication between different Pods.
11
-
- The Service resource lets you expose an application running in Pods to be reachable from outside your cluster.
12
-
- You can also use Services to publish services only for consumption inside your cluster.
53
+
- The [Service resource](/docs/concepts/services-networking/service/) lets you [expose an application running in Pods](/docs/concepts/services-networking/connect-applications-service/) to be reachable from outside your cluster.
54
+
- You can also use Services to [publish services only for consumption inside your cluster](/docs/concepts/services-networking/service-traffic-policy/).
0 commit comments