Iber寻址Kubernetes中的豆荚
[英]Ip addressing of pods in Kubernetes
问题描述
How does pods get unique IP addresses even if they reside in the same worker node? 
即使pod位于同一个工作节点,pod如何获得唯一的IP地址?
Also pod is not a device what is logic behind having it an IP address? pod也不是一个设备,它背后的逻辑是什么?
Is the IP address assigned to a pod a virtual IP? 分配给Pod的IP地址是虚拟IP吗?
2 个解决方案
解决方案1
2 已采纳 2018-06-10 10:35:30
A pod is part of a cluster (group of nodes), and cluster networking tells you that: pod是群集(节点组)的一部分, 群集网络告诉您:
In reality, Kubernetes applies IP addresses at the Pod scope - containers within a Pod share their network namespaces - including their IP address.
This means that containers within a Pod can all reach each other's ports on localhost.
This does imply that containers within a Pod must coordinate port usage, but this is no different than processes in a VM.
This is called the “IP-per-pod” model .
The constraints are: 限制是:
- all containers can communicate with all other containers without NAT
- all nodes can communicate with all containers (and vice-versa) without NAT
- the IP that a container sees itself as is the same IP that others see it as
See more with " Networking with Kubernetes " from Alok Kumar Singh : 查看更多来自Alok Kumar Singh的 “ 与Kubernetes联网 ”:
Here: 这里:
We have a machine, it is called a node in kubernetes.
It has an IP 172.31.102.105 belonging to a subnet having CIDR 172.31.102.0/24.
( CIDR: Classless Inter-Domain Routing , a method for allocating IP addresses and IP routing) ( CIDR:无类别域间路由 ,一种分配IP地址和IP路由的方法)
The node has an network interface
eth0attached.eth0。 It belongs to root network namespace of the node.
For pods to be isolated, they were created in their own network namespaces — these are pod1 n/w ns and pod2 n/w ns.
The pods are assigned IP addresses 100.96.243.7 and 100.96.243.8 from the CIDR range 100.96.0.0/11.
For the, see " Kubernetes Networking " from CloudNativelabs : 对于,请参阅“ Kubernetes网络 ”从CloudNativelabs :
Kubernetes does not orchestrate setting up the network and offloads the job to the CNI (Container Network Interface) plug-ins.
Below are possible network implementation options through CNI plugins which permits pod-to-pod communication honoring the Kubernetes requirements:
- layer 2 (switching) solution
- layer 3 (routing) solution
- overlay solutions
layer 2 (switching) 第2层(转换)
You can see their IP attributed as part of a container subnet address range. 您可以将其IP属性视为容器子网地址范围的一部分。
layer 3 (routing) 第3层(路由)
This is about populating the default gateway router with routes for the subnet as shown in the diagram. 这是关于使用子网路由填充默认网关路由器,如图所示。
Routes to 10.1.1.0/24 and 10.1.2.0/24 are configured to be through node1 and node2 respectively. 到10.1.1.0/24和10.1.2.0/24的路由分别配置为通过node1和node2。
overlay solutions 叠加解决方案
Generally not used. 一般不使用。
Note: See also (Oct. 2018): " Google Kubernetes Engine networking ". 注意:另见(2018年10月):“ Google Kubernetes Engine网络 ”。
解决方案2
0 2018-06-10 11:00:05
Kubernetes creates a network within your network for the containers. Kubernetes在您的网络中为容器创建一个网络。 in GKE, for example, by default it is a /14, but can be overwritten by a user with a range between /11 and /19. 例如,在GKE中,默认情况下它是/ 14,但可以被范围在/ 11和/ 19之间的用户覆盖。
When Kubernetes creates a pod, it assigns an IP address from these range. 当Kubernetes创建一个pod时,它会从这些范围分配一个IP地址。 Now, you can't have another VM, not part of your cluster, in your network, with the same IP address that a pod has. 现在,您不能在网络中拥有另一个VM,而不是群集的一部分,具有与Pod相同的IP地址。
Why? 为什么? Imagine, you have a VPN tunnel that needs to deliver a packet to an address that both, the pod and the VM are using. 想象一下,你有一个VPN隧道,需要将一个数据包传送到pod和VM都在使用的地址。 Who is it going to deliver to? 它将交付给谁?
So, answering your question; 所以,回答你的问题; no, it is not a virtual IP, it is a physical IP address from your network. 不,它不是虚拟IP,它是您网络中的物理IP地址。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.