Kubernetes网络与网络策略详解

Kubernetes网络与网络策略详解

1. Kubernetes网络模型

• 每个Pod有唯一IP
• 同一Pod内容器共享网络命名空间
• 节点上Pod可与其他节点Pod通信

2. Service类型

2.1 ClusterIP

集群内部访问：

spec: type: ClusterIP ports: - port: 80 targetPort: 80

2.2 NodePort

通过节点端口访问：

spec: type: NodePort ports: - port: 80 targetPort: 80 nodePort: 30080

3. Ingress

apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: app-ingress spec: rules: - host: app.example.com http: paths: - path: / pathType: Prefix backend: service: name: app-svc port: number: 80

4. NetworkPolicy

apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: api-network-policy spec: podSelector: matchLabels: app: api policyTypes: - Ingress - Egress ingress: - from: - podSelector: matchLabels: app: frontend ports: - protocol: TCP port: 8080

5. 总结

Kubernetes网络模型确保了Pod间的通信，Service提供了服务发现和负载均衡，NetworkPolicy实现了网络隔离。