Services, Load Balancing, and Networking

    Every in a cluster gets its own unique cluster-wide IP address. This means you do not need to explicitly create links between and you almost never need to deal with mapping container ports to host ports.
    This creates a clean, backwards-compatible model where Pods can be treated much like VMs or physical hosts from the perspectives of port allocation, naming, service discovery, load balancing, application configuration, and migration.

    Kubernetes imposes the following fundamental requirements on any networking implementation (barring any intentional network segmentation policies):

    • agents on a node (e.g. system daemons, kubelet) can communicate with all pods on that node

    Note: For those platforms that support Pods running in the host network (e.g. Linux), when pods are attached to the host network of a node they can still communicate with all pods on all nodes without NAT.

    This model is not only less complex overall, but it is principally compatible with the desire for Kubernetes to enable low-friction porting of apps from VMs to containers. If your job previously ran in a VM, your VM had an IP and could talk to other VMs in your project. This is the same basic model.

    Kubernetes IP addresses exist at the scope - containers within a Pod share their network namespaces - including their IP address and MAC address. This means that containers within a Pod can all reach each other’s ports on . This also means that containers within a Pod must coordinate port usage, but this is no different from processes in a VM. This is called the “IP-per-pod” model.

    It is possible to request ports on the Node itself which forward to your (called host ports), but this is a very niche operation. How that forwarding is implemented is also a detail of the container runtime. The Pod itself is blind to the existence or non-existence of host ports.

    Kubernetes networking addresses four concerns:

    • Containers within a Pod via loopback.
    • Cluster networking provides communication between different Pods.
    • The Service API lets you to be reachable from outside your cluster.
      • Ingress provides extra functionality specifically for exposing HTTP applications, websites and APIs.
    • You can also use Services to .

    The Connecting Applications with Services tutorial lets you learn about Services and Kubernetes networking with a hands-on example.

    explains how to set up networking for your cluster, and also provides an overview of the technologies involved.


    Expose an application running in your cluster behind a single outward-facing endpoint, even when the workload is split across multiple backends.

    In order for an Ingress to work in your cluster, there must be an ingress controller running. You need to select at least one ingress controller and make sure it is set up in your cluster. This page lists common ingress controllers that you can deploy.

    EndpointSlices

    The EndpointSlice API is the mechanism that Kubernetes uses to let your Service scale to handle large numbers of backends, and allows the cluster to update its list of healthy backends efficiently.

    Network Policies

    If you want to control traffic flow at the IP address or port level (OSI layer 3 or 4), NetworkPolicies allow you to specify rules for traffic flow within your cluster, and also between Pods and the outside world. Your cluster must use a network plugin that supports NetworkPolicy enforcement.

    DNS for Services and Pods

    Your workload can discover Services within your cluster using DNS; this page explains how that works.

    IPv4/IPv6 dual-stack

    Kubernetes lets you configure single-stack IPv4 networking, single-stack IPv6 networking, or dual stack networking with both network families active. This page explains how.

    Topology Aware Hints
    Networking on Windows
    Service ClusterIP allocation
    Service Internal Traffic Policy

    If two Pods in your cluster want to communicate, and both Pods are actually running on the same node, use Service Internal Traffic Policy to keep network traffic within that node. Avoiding a round trip via the cluster network can help with reliability, performance (network latency and throughput), or cost.

    Topology-aware traffic routing with topology keys