Menu
In Kubernetes, let’s say we have three pods, which are physically hosted on Node X, Y and Z. When I expose them as a service using ‘kubectl expose’, are all nodes in the cluster (in addition to X, Y and Z) configured the same way? Specifically, kube-proxy in each node within the cluster watches the apiserver, builds a bunch of iptables rules and references the portal IP (chosen by apiserver), and inserts those rules to the node which it lives on?
I assume the reason it has to be done on all nodes is that the cluster has no idea from which node the client would come from to hit the portal IP?
258
You are correct. The portal network (aka service network, cluster network) has no network interface but is a collection of iptables rules managed by kube-proxy. Each node needs to have these rules as a pod on any of them could connect any portal IP (aka service IP, cluster IP).
Read more here: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
50
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
