Cluster Administrators have several options for exposing applications that run inside a cluster to external traffic and securing network connections:
-
Service types, such as node ports or load balancers
-
API resources, such as
IngressandRoute
By default, Kubernetes allocates each pod an internal IP address for applications running within the pod. Pods and their containers can network, but clients outside the cluster do not have networking access. This ensures all containers within the pod behave as if they were on the same host. When you expose your application to external traffic, giving each pod its own IP address means that pods can be treated like physical hosts or virtual machines in terms of port allocation, networking, naming, service discovery, load balancing, application configuration, and migration.
|
Note
|
Some cloud platforms offer metadata APIs that listen on the 169.254.169.254 IP address, a link-local IP address in the IPv4 This CIDR block is not reachable from the pod network. Pods that need access to these IP addresses must be given host network access by setting the If you allow a pod host network access, you grant the pod privileged access to the underlying network infrastructure. |