为什么某些kube系统Pod（例如kube-proxy）与它们所在的节点具有相同的Pod IP？

我注意到了一些我没想到的东西，在我的一个集群中找不到今天的解释。许多kube系统Pod的Pod IP与它们所在的节点相同。我想理解为什么会这样，但我找不到任何关于此事或其他地方讨论的文件。这是我看到的：

k get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
aks-agentpool-14855512-0 Ready agent 47m v1.12.5 10.240.0.66 Ubuntu 16.04.5 LTS 4.15.0-1037-azure docker://3.0.4
aks-agentpool-14855512-1 Ready agent 47m v1.12.5 10.240.0.4 Ubuntu 16.04.5 LTS 4.15.0-1037-azure docker://3.0.4
aks-agentpool-14855512-2 Ready agent 47m v1.12.5 10.240.0.35 Ubuntu 16.04.5 LTS 4.15.0-1037-azure docker://3.0.4
k get po -n kube-system -o wide | grep '10.240.0.4 '
azure-cni-networkmonitor-rqs8q 1/1 Running 0 48m 10.240.0.4 aks-agentpool-14855512-1
azure-ip-masq-agent-dj8w5 1/1 Running 0 48m 10.240.0.4 aks-agentpool-14855512-1
kube-proxy-jpjjc 1/1 Running 0 48m 10.240.0.4 aks-agentpool-14855512-1
kube-svc-redirect-bfvlk 2/2 Running 0 48m 10.240.0.4 aks-agentpool-14855512-1
我的理解是Pod应该具有与其所在节点不同的IP。要暴露Pod，应使用服务。但是，我不认为是这种情况：

k get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
heapster ClusterIP 10.0.0.57 80/TCP 55m
kube-dns ClusterIP 10.0.0.10 53/UDP,53/TCP 55m
kubernetes-dashboard ClusterIP 10.0.105.92 80/TCP 55m
metrics-server ClusterIP 10.0.179.25 443/TCP 55m
起初我认为这个实现是针对AKS的，但是，相同的结果适用于GKE。

我担心我可能会错过一个非常基本的概念，这个概念阻碍了我更好地理解这一点。

更新：这是因为在Pod YAML hostNetworking: true中设置了。

你可以通过运行来观察：

k get po kube-proxy-jpjjc -n kube-system -o yaml
apiVersion: v1
kind: Pod
metadata:
annotations:

aks.microsoft.com/release-time: 'seconds:1550597164 nanos:675278758 '

creationTimestamp: "2019-02-19T17:29:15Z"
generateName: kube-proxy-
labels:

component: kube-proxy
controller-revision-hash: 68c8cf5db6
pod-template-generation: "1"
tier: node

name: kube-proxy-jpjjc
namespace: kube-system
ownerReferences:

• apiVersion: apps/v1
  blockOwnerDeletion: true
  controller: true
  kind: DaemonSet
  name: kube-proxy
  uid: 75df85c8-346b-11e9-a1db-667e55a73bba
  resourceVersion: "693"

selfLink: /api/v1/namespaces/kube-system/pods/kube-proxy-jpjjc
uid: e1004b3e-346b-11e9-a1db-667e55a73bba
spec:
affinity:

nodeAffinity:
  requiredDuringSchedulingIgnoredDuringExecution:
    nodeSelectorTerms:
    - matchFields:
      - key: metadata.name
        operator: In
        values:
        - aks-agentpool-14855512-1

containers:

• command:

  • /hyperkube
  • proxy
  • --kubeconfig=/var/lib/kubelet/kubeconfig
  • --cluster-cidr=10.240.0.0/16
  • --feature-gates=ExperimentalCriticalPodAnnotation=true
    env:
  • name: KUBERNETES_PORT_443_TCP_ADDR
    value: nodeport-test-cni-87e6d01c.hcp.westus2.azmk8s.io
  • name: KUBERNETES_PORT
    value: tcp://nodeport-test-cni-87e6d01c.hcp.westus2.azmk8s.io:443
  • name: KUBERNETES_PORT_443_TCP
    value: tcp://nodeport-test-cni-87e6d01c.hcp.westus2.azmk8s.io:443
  • name: KUBERNETES_SERVICE_HOST
    value: nodeport-test-cni-87e6d01c.hcp.westus2.azmk8s.io

  image: k8s.gcr.io/hyperkube-amd64:v1.12.5
  imagePullPolicy: IfNotPresent
  name: kube-proxy
  resources:
  requests:

  cpu: 100m

  securityContext:
  privileged: true
  procMount: Default
  terminationMessagePath: /dev/termination-log
  terminationMessagePolicy: File
  volumeMounts:

  • mountPath: /var/lib/kubelet
    name: kubeconfig

  readOnly: true

  • mountPath: /etc/kubernetes/certs
    name: certificates

  readOnly: true

  • mountPath: /var/run/secrets/kubernetes.io/serviceaccount
    name: default-token-7m959

  readOnly: true
  dnsPolicy: ClusterFirst

hostNetwork: true
nodeName: aks-agentpool-14855512-1
nodeSelector:

beta.kubernetes.io/os: linux

priority: 1000000
priorityClassName: high-priority
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:

• effect: NoSchedule
  key: node-role.kubernetes.io/master
  operator: Equal
  value: "true"
• effect: NoExecute
  key: node.kubernetes.io/not-ready
  operator: Exists
• effect: NoExecute
  key: node.kubernetes.io/unreachable
  operator: Exists
• effect: NoSchedule
  key: node.kubernetes.io/disk-pressure
  operator: Exists
• effect: NoSchedule
  key: node.kubernetes.io/memory-pressure
  operator: Exists
• effect: NoSchedule
  key: node.kubernetes.io/unschedulable
  operator: Exists
• effect: NoSchedule
  key: node.kubernetes.io/network-unavailable
  operator: Exists
  volumes:

• hostPath:

  path: /var/lib/kubelet
  type: ""

  name: kubeconfig

• hostPath:

  path: /etc/kubernetes/certs
  type: ""

  name: certificates

• name: default-token-7m959
  secret:

  defaultMode: 420
  secretName: default-token-7m959

  status:

conditions:

• lastProbeTime: null
  lastTransitionTime: "2019-02-19T17:29:18Z"
  status: "True"
  type: Initialized
• lastProbeTime: null
  lastTransitionTime: "2019-02-19T17:29:29Z"
  status: "True"
  type: Ready
• lastProbeTime: null
  lastTransitionTime: "2019-02-19T17:29:29Z"
  status: "True"
  type: ContainersReady
• lastProbeTime: null
  lastTransitionTime: "2019-02-19T17:29:15Z"
  status: "True"
  type: PodScheduled
  containerStatuses:

• containerID: docker://8934a2ec756bf77ad34b352ab78f70f41c7a52f126e511b235378b65c708ff15
  image: k8s.gcr.io/hyperkube-amd64:v1.12.5
  imageID: docker-pullable://k8s.gcr.io/hyperkube-amd64@sha256:82add6703e6e28b50f2457b3a3e4eec573a2603437cb9df1af5670dd7e640e75
  lastState: {}
  name: kube-proxy
  ready: true
  restartCount: 0
  state:

  running:
    startedAt: "2019-02-19T17:29:28Z"

  hostIP: 10.240.0.4

phase: Running
podIP: 10.240.0.4
qosClass: Burstable
startTime: "2019-02-19T17:29:18Z"