Kubernetes Network Model Concept

Kubernetes Network Model

A fundamental principle of the Kubernetes network model design is that each pod has a separate IP address, and that all pods are in a flat network space that can be directly connected. So whether or not they run in the same node (host), they are required to be accessed directly from each other's IP. The reason for this principle is that the user does not need to consider how to establish a connection between pods or to map container ports to host ports.
In the world of Kubernetes, IP is allocated in pod units.

According to this network abstraction principle, kubernetes to the network have what premise and request?

• All containers can communicate with other containers in the same way without NAT;

• All nodes can communicate with all containers in a non-nat manner, and vice versa;

• The address of the container is the same address as the one seen by others;

Scenarios for network communication

1. Container-to-container communication.
   A container within the same pod (the container inside the pod is not a cross-host) shares the same network namespace and shares the same Linux stack. can be accessed directly through localhost.

2. Communication between pods: within the same node.
   Connected to the same Docker0 bridge via Veth, their IP addresses are obtained dynamically from the Docker0 bridge, and they are the same network segment as the IP3 of the bridge itself.

3. The communication between the pods on different node.
   Make a unified plan for IP address of DOCKER0 and plan the IP address of pod.

4. Pod-to-service communication.
   The service's virtual IP is mapped to different pods on each node kube-proxy, and only polls are supported for the time being.

5. External-to-internal access
   Nodeport, LoadBalancer.

Kubernetes Network Model Concept