为什么在Kuberntes部署/容器定义中需要使用port/containerPort? [英] Why do we need a port/containerPort in a Kuberntes deployment/container definition?
问题描述
当我定义例如在kubernetes中的部署中,有一个包含容器列表的部分,每个容器包含一个端口数组,例如:
When I define e.g. a deployment in kubernetes there is a section with a list of containers and each of them contains an array of ports, e.g.:
apiVersion: apps/v1
kind: Deployment
spec:
template:
spec:
containers:
- name: my-nginx
image: nginx
ports:
- containerPort: 80
现在在文档此处明确表示它不会影响连接性:
Now the documentation here explicitly says it does not affect connectivity:
要从容器公开的端口列表.在这里暴露一个端口给有关网络连接的系统附加信息容器使用,但主要是提供信息.没有指定端口此处并不能防止该端口暴露在外.任何端口是侦听容器内默认的"0.0.0.0"地址将是可从网络访问.无法更新.
List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.
现在看来它并没有真正影响任何东西,而只是影响了信息,但这实际上意味着什么,用在什么地方?
Now it seems it does not really affect anything and only informational, but what does that really mean, where is that used?
我发现它的一种用法是,如果port定义了一个名称,则可以使用该名称从服务中引用它.
I have found one use of that is that if port defines a name, it can be referenced from a service by that name.
是本规范还是其他一些用途?
Is that it or there are some other uses for this specification?
推荐答案
引用文档时,
要从容器公开的端口列表.在此处公开端口可为系统提供有关容器使用的网络连接的其他信息,但主要是参考信息.在此处未指定端口并不能防止该端口被暴露.任何从容器中的默认"0.0.0.0"地址监听的端口都可以从网络访问.无法更新.
List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.
定义 containerPorts 的目的纯粹是为了文档.它仅由其他开发人员用来了解容器侦听的端口.Kubernetes从Docker借用了这个想法,该想法与 EXPOSE 命令相同,如
the purpose of defining the containerPorts is purely for documentation. It is only used by other developers to understand the port that the container listens to. Kubernetes borrows this idea from docker which does the same with EXPOSE command as mentioned here.
这篇关于为什么在Kuberntes部署/容器定义中需要使用port/containerPort?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
