Kubernetes Networking
Updated Apr 07, 2022 ·
Overview
Key rules in Kubernetes networking:
- All Pods can communicate with each other across nodes.
- Nodes can communicate with all Pods.
- No Network Address Translation (NAT) is needed.
Inside a Pod
In a multi-container Pod, containers communicate via localhost within the Pod's namespace.
Pod to Pod within a Node
With multiple Pods on a single node, they communicate over real IP addresses through the node's Layer-2 software bridge.
Pod to Pod on Another Node
When Pods on different nodes need to communicate, they use their IP addresses and connect over the underlying network.
Overlay Network
In cases where developers don’t manage the underlying network, an overlay network enables Pods to be connected within a virtualized network.
- Enables Pod communication across nodes
- Isolates Kubernetes traffic from infrastructure
- Abstracts physical network for easier scaling
External Services
To expose a cluster application to the internet, Kubernetes uses External Services, such as an HTTP service.
Cluster Network Ports
On the Master node:
| Components | Ports (TCP) | Used By |
|---|---|---|
| API | 6443 | All |
| etcd | 2379-2380 | API server and other instances of etcd |
| Scheduler | 10251 | Itself, not exposed to outside world |
| Controller Manager | 10252 | Itself, not exposed to outside world |
| Kubelet | 10250 | Control Plane |
On the Worker nodes:
| Components | Ports (TCP) | Used By |
|---|---|---|
| Kubelet | 10250 | Control Plane |
| NodePort | 30000-32767 | All |