What is hostNetwork in Kubernetes?

Question

Can you simply summarize what the following two definitions do and when they should be used?

spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet

I do not have enough knowledge about networking in Kubernetest and the articles I found are not understandable to me.

Answer 1

hostNetwork: true

When in doubt you can always use explain command:

kubectl explain pod.spec.hostNetwork

KIND:       Pod
VERSION:    v1

FIELD: hostNetwork <boolean>

DESCRIPTION:
    Host networking requested for this pod. Use the host's network namespace. If
    this option is set, the ports that will be used must be specified. Default
    to false.

This namespace is a network namespace, not the Kubernetes namespace. When pods are scheduled on a node (host machine), they get a new network namespace isolated from the host machine. If your pod specifically needs privileged host machine network access then you need this option. Pods running from the Network plugin in your cluster use this setting. Those pods get their podIP set to the host machine IP (which means they can use the host machine's eth0 physical interface) it runs on.

dnsPolicy: ClusterFirstWithHostNet

The above setting for the pod means that you need cluster DNS resolution (via CoreDNS) as a normal pod even though you set hostNetwork: true (pods that are not running in the host network namespace). If you don't set it, Pod will use the host machine's DNS configuration for DNS resolution (where Pod cannot resolve k8s services and endpoints).

Check DNS policy section in k8s docs for further details

Answer 2

You should probably never use either option.

hostNetwork: true disables Kubernetes's networking layer entirely. If your code tried to do things like enumerate network interfaces, it'd see the current node's network, not the Kubernetes-internal network. This will result in you having trouble doing things like calling out to other Services. You'd have to be in a very unusual setup to want this.

(I see host networking used in a plain-Docker context sometimes, for example as a hack to get around a hard-coded localhost name. This is less likely to work in Kubernetes since you'll typically have multiple nodes, and the database container might not be on the same node as the application.)

The dnsPolicy: you mention seems to be specific to activating host networking. Again, you shouldn't need to manually configure dnsPolicy:. The standard setting of dnsPolicy: ClusterFirst is right for almost all scenarios.