:_mod-docs-content-type: ASSEMBLY
[id="microshift-understanding-networking-settings"]
= Understanding networking settings
include::_attributes/attributes-microshift.adoc[]
:context: microshift-networking

toc::[]

Learn how to apply networking customization and default settings to {microshift-short} deployments. Each node is contained to a single machine and single {microshift-short}, so each deployment requires individual configuration, pods, and settings.

{microshift-short} administrators have several options for exposing applications that run inside a node to external traffic and securing network connections:

* A service such as NodePort

* API resources, such as `Ingress` and `Route`

By default, Kubernetes allocates each pod an internal IP address for applications running within the pod. Pods and their containers can have traffic between them, but clients outside the node do not have direct network access to pods except when exposed with a service such as NodePort.

include::modules/microshift-configuring-ovn.adoc[leveloffset=+1]

include::modules/microshift-restart-ovnkube-master.adoc[leveloffset=+1]

include::modules/microshift-http-proxy.adoc[leveloffset=+1]

include::modules/microshift-rpm-ostree-https.adoc[leveloffset=+1]

include::modules/microshift-cri-o-container-runtime.adoc[leveloffset=+1]

include::modules/microshift-ovs-snapshot.adoc[leveloffset=+1]

[id="microshift-about-load-balancer-service_{context}"]
== The {microshift-short} LoadBalancer service for workloads

{microshift-short} has a built-in implementation of network load balancers that you can use for your workloads and applications within the node. You can create a `LoadBalancer` service by configuring a pod to interpret ingress rules and serve as an ingress controller. The following procedure gives an example of a deployment-based `LoadBalancer` service.

include::modules/microshift-deploying-a-load-balancer.adoc[leveloffset=+1]

include::modules/microshift-blocking-nodeport-access.adoc[leveloffset=+1]

include::modules/microshift-mDNS.adoc[leveloffset=+1]

[id="microshift-exposed-audit-ports_{context}"]
== Auditing exposed network ports

On {microshift-short}, the host port can be opened by a workload in the following cases. You can check logs to view the network services.

include::modules/microshift-exposed-audit-ports-hostnetwork.adoc[leveloffset=+2]

include::modules/microshift-exposed-audit-ports-hostport.adoc[leveloffset=+2]

include::modules/microshift-exposed-audit-ports-loadbalancer.adoc[leveloffset=+2]