堆栈内存溢出
  简体   繁体   English

Kubernetes 运营商中的流量路由如何发生 - 出口流量之旅

[英]How traffic routing happens in Kubernetes operator - Journey of Egress traffic

 原文  2021-07-22 11:05:22       kubernetes/ kubernetes-networkpolicy/ kubernetes-operator/ kubernetes-networking

问题描述

I am trying to understand about egress traffic controlling inKubernetes-Operator .我试图了解Kubernetes-Operator 中的出口流量控制。 If I implement Kubernetes operator in my k3s setup, how the egress traffic flow happens in the operator?如果我在 k3s 设置中实现了 Kubernetes 操作符,那么该操作符中的出口流量是如何发生的?

I want to understand that what pathway/gateway and routing happens with egress traffic flow happens in the Kubernetes operator (journey of egress traffic)?我想了解在 Kubernetes 运营商(出口流量之旅)中,出口流量发生了什么路径/网关和路由?

1 个解决方案

解决方案1
 1  2021-07-22 12:04:35

As a general rule, egress traffic leaves your SDN from the Node hosting your Pod.作为一般规则,出口流量会从托管您的 Pod 的节点离开您的 SDN。 The Node would NAT it, using its own IP on your underlay network.节点将使用它自己的 IP 在您的底层网络上对其进行 NAT。

Now, if by Egress you mean "anything that leaves my Pod" / regarding communications that stay within the SDN.现在,如果 Egress 是指“离开我的 Pod 的任何东西”/关于留在 SDN 内的通信。 Bearing in mind that:铭记:

  • the SDN has two subnets (pod network, service network), and that your pod network is split into smaller subnets, statically allocated to your Kubernetes nodes: SDN 有两个子网(pod 网络、服务网络),并且您的 pod 网络被拆分为更小的子网,静态分配给您的 Kubernetes 节点:
  • Services have (usually/when spec.clusterIP != None) their own fixed IP.服务(通常/当 spec.clusterIP != None 时)有自己的固定 IP。
  • for each Service in your cluster, you have an Endpoint object, that lists all Pods with matching labels, that are considered to be "Ready"对于集群中的每个服务,您都有一个 Endpoint 对象,其中列出了所有具有匹配标签的 Pod,这些 Pod 被视为“就绪”

Connecting a Service, the Node firewall (usually ipvs or iptables, as configured per kube-proxy) would redirect your connection one of the addresses listed in the corresponding Endpoint object.连接服务时,节点防火墙(通常是 ipvs 或 iptables,根据 kube-proxy 的配置)会将您的连接重定向到相应端点对象中列出的地址之一。 At which point, your Node routing table takes over:此时,您的节点路由表将接管:

  • if the target address is local (in the pod subnet that was allocated to your Node), then communication is direct.如果目标地址是本地地址(在分配给您的节点的 pod 子网中),则通信是直接的。
  • if the target address belong to a network allocated to another node in your cluster, then traffic would go through your SDN containers (calico, flannel, ovs, ...), reaching its destination.如果目标地址属于分配给集群中另一个节点的网络,则流量将通过您的 SDN 容器(calico、flannel、ovs 等)到达目的地。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何通过运营商网关路由出口流量 - How to route egress traffic through operator gateway 在Kubernetes中路由内部流量? - Routing internal traffic in Kubernetes? 将流量路由到kubernetes集群 - Routing traffic to kubernetes cluster 防火墙/限制 Kubernetes pods 出口流量 - Firewalling/Limiting a Kubernetes pods egress traffic Kubernetes:允许Pod出口网络流量 - Kubernetes: Allow pod egress network traffic 有 1 个传出 IP 用于 kube.netes 出口流量 - Having 1 outgoing IP for kubernetes egress traffic 在 Kubernetes pod 上拒绝到 Internet 的出口流量 - Deny egress traffic to internet on a Kubernetes pod Kubernetes NetworkPolicy 限制服务的出口流量 - Kubernetes NetworkPolicy limit egress traffic to service Kube.netes 出口规则阻止所有传出流量 - Kubernetes egress rule blocks all outgoing traffic Kubernetes 中的代理出站/出站流量 - Proxy Outbound/Egress Traffic Within Kubernetes
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM