NAT 后面的 Kubernetes 节点
Kubernetes node behind the NAT
Network1 Network2
(MASER, NODE1) <=NAT=> (NODE2, NODE3)
是否可以使覆盖网络在 NAT 后面的节点上工作(没有真实 IP 地址)?如果可以,怎么做?
首先,这可能不是个好主意,因为 Kubernetes 需要主节点和节点之间的稳定网络,否则您可能会遇到多个问题。不确定这是否适用于您的情况,但您可以查看集群之间的 federation。
另外我很确定答案是:
Kubernetes imposes the following fundamental requirements on any
networking implementation (barring any intentional network
segmentation policies):
- all containers can communicate with all other containers without NAT
- all nodes can communicate with all containers (and vice-versa) without
NAT
- the IP that a container sees itself as is the same IP that others
see it as
Network1 Network2
(MASER, NODE1) <=NAT=> (NODE2, NODE3)
是否可以使覆盖网络在 NAT 后面的节点上工作(没有真实 IP 地址)?如果可以,怎么做?
首先,这可能不是个好主意,因为 Kubernetes 需要主节点和节点之间的稳定网络,否则您可能会遇到多个问题。不确定这是否适用于您的情况,但您可以查看集群之间的 federation。
另外我很确定答案是:
Kubernetes imposes the following fundamental requirements on any networking implementation (barring any intentional network segmentation policies):
- all containers can communicate with all other containers without NAT
- all nodes can communicate with all containers (and vice-versa) without NAT
- the IP that a container sees itself as is the same IP that others see it as