背景信息

Kubenetes支持Pod直接使用主機/節點的網絡，對于需要直接訪問主機網絡的場景有一定的用途。

配置說明

Pod使用主機網絡只需要在配置中添加hostNetwork: true即可，如下所示。

apiVersion: apps/v1 
kind: Deployment 
metadata: 
  name: nginx 
spec: 
  replicas: 1 
  selector: 
    matchLabels: 
      app: nginx 
  template: 
    metadata: 
      labels: 
        app: nginx 
    spec: 
      hostNetwork: true 
      containers: 
      - image: nginx:alpine 
        name: nginx 
      imagePullSecrets: 
      - name: default-secret

部署后可以看到Pod的IP與節點的IP相同，說明Pod直接使用了主機網絡。

$ kubectl get pod -owide 
NAME                    READY   STATUS    RESTARTS   AGE     IP          NODE        NOMINATED NODE   READINESS GATES 
nginx-6fdf99c8b-6wwft   1/1     Running   0          3m41s   10.1.0.55   10.1.0.55   <none>           <none>

hostNetwork使用注意事項

Pod直接使用主機的網絡會占用宿主機的端口，Pod的IP就是宿主機的IP，使用時需要考慮是否與主機上的端口沖突，因此一般情況下除非您知道需要某個特定應用占用宿主機上的特定端口時，不建議使用主機網絡。

由于使用主機網絡，訪問Pod就是訪問節點，要 注意放通節點安全組端口 ，否則會出現訪問不通的情況。

另外由于占用主機端口，使用Deployment部署hostNetwork類型Pod時，要注意 Pod的副本數不要超過節點數量 ，否則會導致一個節點上調度了多個Pod，Pod啟動時端口沖突無法創建。例如上面例子中的nginx，如果服務數為2，并部署在只有1個節點的集群上，就會有一個Pod無法創建，查詢Pod日志會發現是由于端口占用導致nginx無法啟動。

                  

                    
注意
                    
請避免在同一個節點上調度多個使用主機網絡的Pod，否則在創建ClusterIP類型的Service訪問Pod時，會出現訪問ClusterIP不通的情況。
                    
                  
                  

$ kubectl get deploy 
NAME    READY   UP-TO-DATE   AVAILABLE   AGE 
nginx   1/2     2            1           67m 
$ kubectl get pod 
NAME                    READY   STATUS             RESTARTS   AGE 
nginx-6fdf99c8b-6wwft   1/1     Running            0          67m 
nginx-6fdf99c8b-rglm7   0/1     CrashLoopBackOff   13         44m 
$ kubectl logs nginx-6fdf99c8b-rglm7 
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration 
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ 
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh 
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf 
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf 
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh 
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh 
/docker-entrypoint.sh: Configuration complete; ready for start up 
2022/05/11 07:18:11 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address in use) 
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use) 
2022/05/11 07:18:11 [emerg] 1#1: bind() to [::]:80 failed (98: Address in use) 
nginx: [emerg] bind() to [::]:80 failed (98: Address in use) 
2022/05/11 07:18:11 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address in use) 
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use) 
2022/05/11 07:18:11 [emerg] 1#1: bind() to [::]:80 failed (98: Address in use) 
nginx: [emerg] bind() to [::]:80 failed (98: Address in use) 
2022/05/11 07:18:11 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address in use) 
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use) 
2022/05/11 07:18:11 [emerg] 1#1: bind() to [::]:80 failed (98: Address in use) 
nginx: [emerg] bind() to [::]:80 failed (98: Address in use) 
2022/05/11 07:18:11 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address in use) 
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use) 
2022/05/11 07:18:11 [emerg] 1#1: bind() to [::]:80 failed (98: Address in use) 
nginx: [emerg] bind() to [::]:80 failed (98: Address in use) 
2022/05/11 07:18:11 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address in use) 
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use) 
2022/05/11 07:18:11 [emerg] 1#1: bind() to [::]:80 failed (98: Address in use) 
nginx: [emerg] bind() to [::]:80 failed (98: Address in use) 
2022/05/11 07:18:11 [emerg] 1#1: still could not bind() 
nginx: [emerg] still could not bind()