Kubernetes Networking Concepts: Difference between revisions
(→TODO) |
|||
Line 59: | Line 59: | ||
<br> | |||
<br> | |||
<br> | |||
<br> | |||
<br> | |||
<br> | |||
------------ | ------------ | ||
=Kube-proxy= | =Kube-proxy= |
Revision as of 18:50, 20 March 2020
External
- https://medium.com/google-cloud/understanding-kubernetes-networking-pods-7117dd28727
- https://medium.com/google-cloud/understanding-kubernetes-networking-services-f0cb48e4cc82
Internal
TODO
⚠️ Work in progress, see "Kubernetes Learning.doc/Kubernetes Networking Concepts".
Overview
This page describes various Kubernetes networking aspects, grouped around several high level subjects. It starts by explaining how pods communicate with each other within a Kubernetes cluster. This is the Pod Networking section. Service Networking section explains with how Kubernetes services use a stable virtual IP address to offer access to a pool equivalent pods, all of which may come and go individually. In these two sections will be mainly discussing about IP addresses and routing. Naming and DNS, including how service names are mapped to service IP addresses, is discussed in the DNS Support section. Finally, we'll discuss about how external traffic reaches the pods, in the Ingress section.
Pod Networking
Service Networking
DNS Support
Explain default.svc.cluster.local, svc.cluster.local, cluster.local.
Name Resolution inside a Pod
Each pod gets an /etc/resolv.conf
with a name server hardcoded to the IP address of the DNS service kube-dns
:
nameserver 10.96.0.10
search default.svc.cluster.local svc.cluster.local cluster.local
options ndots:5
The local DNS library is thus configured to use by default the name server behind the Kubernetes DNS service.
DNS Service
The DNS service is a regular Kubernetes service, deployed in the kube-system
namespace, which exposes the Kubernetes internal DNS server:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 49d
Internal DNS Server
CoreDNS
kube-dns
Note that kube-dns
seems to be both the name of the Kubernetes DNS service and the name of a backing provider.
SkyDNS
Services and Naming
Ingress
Kube-proxy
Pod Network
Every pod in the Kubernetes cluster has its own IP address, which is routable on the pod network, so every pod on the pod network can talk directly to every other pod.
The DNS Service
Each Kubernetes cluster has an internal DNS service, with a static IP address that is hardcoded into every pod on the cluster. Every new Service is automatically registered with the cluster's DNS service so cluster components can find services by name. StatefulSets and the individual pods managed by a StatefulSet are also registered with the DNS service.
The DNS service is built on CoreDNS.
Testing name resolution:
kubectl run -it --rm --restart=Never --image=infoblox/dnstools:latest dnstools
Also see:
Network Plugin
Flannel
Flannel is the default network plugin that comes with Kubespray. Flannel is an L2 overlay network solution. An L2 solution is difficult to troubleshoot due to packet encapsulation. Also, every node in the network is state-heavy (VLANs, tunnels).
Calico
Calico is a pure L3 fabric solution.