⇤ ← Revision 1 as of 2021-10-24 10:09:52
578
Comment:
|
← Revision 2 as of 2021-10-25 02:34:45 ⇥
1270
|
Deletions are marked like this. | Additions are marked like this. |
Line 17: | Line 17: |
* Services - across cluster pod access * Virtual object created by kube-proxy, IP from pre-assigned range, iptables fwd to pod ip. * Service ip range kube-api-server --service-cluster-ip-range= ipNet )Default:10.0.0.0/24) * service ip range can't overlap with pod ip range * View {{{ iptables -L -t nat | grep <service> }}} * kube-proxy --proxy-mode ["userspace", "'''iptables'''", "ipvs"] * view {{{ cat /var/log/kube-proxy.log }}} * Types 1. ClusterIP - only available in cluster 1. NodePort - Just like ClusterIP, but also exposes to fixed external port on all nodes 1. * How * kube-proxy watches kube-apiserver, |
k8s/StudyNotes/k8sNetworking
- CNI - specifies that kubelet should call CNI plugin on container create(ADD) and destroy(DEL)
Config
/usr/bin/kubelet --cni-bin-dir=/opt/cni/bin --cni-conf-dir=/etc/cni/net.d/ --network-plugin=cni
- Docker uses default bridge docker0
- Docker creates network namespace (ip netns ) for each container. $ docker inspect abcd
CNI - plugins e.g. bridge
bridge add <containerid> /var/run/netns/2e34dc
- JSON Network config, ADD and DEL between runtime and plugin.
- k8s ports in documentation
- Services - across cluster pod access
- Virtual object created by kube-proxy, IP from pre-assigned range, iptables fwd to pod ip.
Service ip range kube-api-server --service-cluster-ip-range= ipNet )Default:10.0.0.0/24)
- service ip range can't overlap with pod ip range
View iptables -L -t nat | grep <service>
kube-proxy --proxy-mode ["userspace", "iptables", "ipvs"]
view cat /var/log/kube-proxy.log
- Types
- ClusterIP - only available in cluster
NodePort - Just like ClusterIP, but also exposes to fixed external port on all nodes
- How
- kube-proxy watches kube-apiserver,
- Virtual object created by kube-proxy, IP from pre-assigned range, iptables fwd to pod ip.