Kubernetes 连接吊舱与外部世界_Kubernetes_Kubernetes Pod

Kubernetes 连接吊舱与外部世界

kubernetes

Kubernetes 连接吊舱与外部世界,kubernetes,kubernetes-pod,Kubernetes,Kubernetes Pod,库伯内特斯的新手，所以可能是个愚蠢的问题，请容忍我- 我创建了一个只有一个节点的集群，应用了如下示例部署 apiVersion: apps/v1 kind: Deployment metadata: name: coffedep spec: selector: matchLabels: app: coffedepapp template: metadata: labels: app: coffedepapp spec:

库伯内特斯的新手，所以可能是个愚蠢的问题，请容忍我-

我创建了一个只有一个节点的集群，应用了如下示例部署

apiVersion: apps/v1
kind: Deployment
metadata:
  name: coffedep
spec:
  selector:
    matchLabels:
      app: coffedepapp
  template:
    metadata:
      labels:
        app: coffedepapp
    spec:
      containers:
      - name: coffepod
        image: nginxdemos/hello:plain-text
        ports:
        - containerPort: 80'

现在我想从这个pod ping/连接一个外部网站/实体，所以我希望我的ping会失败，因为人们需要像NodePort/LoadBalancer这样的应用服务来连接外部世界。但令人惊讶的是，平通过了？我知道我在某个地方大错特错，请纠正我的理解

Pod的接口和跟踪路线-

节点的接口-

连接到外部世界不需要服务、节点端口或负载平衡器。如果您的网络策略允许播客与外部通话，您可以

您需要服务从集群中访问您的POD。您需要负载平衡器或节点报告从外部连接到群集。

1网络策略指的是部署pod的节点的防火墙规则？2如果我的pod启动到外部实体的web套接字连接，并期望响应返回，即通过此TCP套接字进行全双工通信，直到websocket的生存期，该怎么办。这是否需要k8服务？或者仅仅更新网络策略就足够了？网络策略基本上是指防火墙策略，但根据您的k8s安装情况，这些策略可能由k8s控制。如果您的pod可以在外部启动连接，那么它是由标准NAT完成的，您应该能够得到回复。您不需要服务来连接您的pod到外部世界，您只需要服务来连接外部世界到您的pod。服务，特别是NodePort或LoadBalancer类型的服务，是必要的，但不足以允许来自Internet的请求到达您的POD。它们与HTTP请求、websocket连接、ping等是否可以从您的POD到达Internet完全无关。

/ # traceroute google.com
traceroute to google.com (172.217.194.138), 30 hops max, 46 byte packets
 1  *  *  *
 2  10.244.0.1 (10.244.0.1)  0.013 ms  0.006 ms  0.004 ms
 3  178.128.80.254 (178.128.80.254)  1.904 ms  178.128.80.253 (178.128.80.253)  0.720 ms  178.128.80.254 (178.128.80.254)  5.185 ms
 4  138.197.250.254 (138.197.250.254)  0.995 ms  138.197.250.248 (138.197.250.248)  0.634 ms  138.197.250.252 (138.197.250.252)  0.523 ms
 5  138.197.245.12 (138.197.245.12)  5.295 ms  138.197.245.14 (138.197.245.14)  0.956 ms  138.197.245.0 (138.197.245.0)  1.160 ms
 6  103.253.144.255 (103.253.144.255)  1.396 ms  0.857 ms  0.763 ms
 7  108.170.254.226 (108.170.254.226)  1.391 ms  74.125.242.35 (74.125.242.35)  0.963 ms  108.170.240.164 (108.170.240.164)  1.679 ms
 8  66.249.95.248 (66.249.95.248)  2.136 ms  72.14.235.152 (72.14.235.152)  1.727 ms  66.249.95.248 (66.249.95.248)  1.821 ms
 9  209.85.243.180 (209.85.243.180)  2.813 ms  108.170.230.73 (108.170.230.73)  1.831 ms  74.125.252.254 (74.125.252.254)  2.293 ms
10  209.85.246.17 (209.85.246.17)  2.758 ms  209.85.245.135 (209.85.245.135)  2.448 ms  66.249.95.23 (66.249.95.23)  4.538 ms
11^Z[3]+  Stopped                    traceroute google.com
/ # 
/ # 
/ # 
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
16: eth0@if17: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP 
    link/ether ee:97:21:eb:98:bc brd ff:ff:ff:ff:ff:ff
    inet 10.244.0.183/32 brd 10.244.0.183 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::ec97:21ff:feeb:98bc/64 scope link 
       valid_lft forever preferred_lft forever

root@pool-3mqi2tbi6-b3dc:~# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 3a:c1:6f:8d:0f:45 brd ff:ff:ff:ff:ff:ff
    inet 178.128.82.251/20 brd 178.128.95.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet 10.15.0.5/16 brd 10.15.255.255 scope global eth0:1
       valid_lft forever preferred_lft forever
    inet6 fe80::38c1:6fff:fe8d:f45/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 06:88:c4:23:4b:cc brd ff:ff:ff:ff:ff:ff
    inet 10.130.227.173/16 brd 10.130.255.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::488:c4ff:fe23:4bcc/64 scope link 
       valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:61:08:39:8a brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
5: cilium_net@cilium_host: <BROADCAST,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9a:3c:d3:35:b3:35 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::983c:d3ff:fe35:b335/64 scope link 
       valid_lft forever preferred_lft forever
6: cilium_host@cilium_net: <BROADCAST,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 52:13:c5:6e:52:bf brd ff:ff:ff:ff:ff:ff
    inet 10.244.0.1/32 scope link cilium_host
       valid_lft forever preferred_lft forever
    inet6 fe80::5013:c5ff:fe6e:52bf/64 scope link 
       valid_lft forever preferred_lft forever
7: cilium_vxlan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether 4a:ab:3b:3b:0d:b5 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::48ab:3bff:fe3b:db5/64 scope link 
       valid_lft forever preferred_lft forever
9: cilium_health@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether b6:2f:45:83:e0:44 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::b42f:45ff:fe83:e044/64 scope link 
       valid_lft forever preferred_lft forever
11: lxc1408c930131e@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 8e:45:4d:7b:94:e5 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet6 fe80::8c45:4dff:fe7b:94e5/64 scope link 
       valid_lft forever preferred_lft forever
13: lxc0cef46c3977c@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 16:eb:36:8b:fb:45 brd ff:ff:ff:ff:ff:ff link-netnsid 2
    inet6 fe80::14eb:36ff:fe8b:fb45/64 scope link 
       valid_lft forever preferred_lft forever
15: lxca02c5de95d1c@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 62:9d:0c:34:0f:11 brd ff:ff:ff:ff:ff:ff link-netnsid 3
    inet6 fe80::609d:cff:fe34:f11/64 scope link 
       valid_lft forever preferred_lft forever
17: lxc32eddb70fa07@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether da:1a:08:95:fb:f2 brd ff:ff:ff:ff:ff:ff link-netnsid 4
    inet6 fe80::d81a:8ff:fe95:fbf2/64 scope link 
       valid_lft forever preferred_lft forever