Kubernetes Networking Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
 
(51 intermediate revisions by the same user not shown)
Line 1: Line 1:
=External=
* https://medium.com/google-cloud/understanding-kubernetes-networking-pods-7117dd28727
* https://medium.com/google-cloud/understanding-kubernetes-networking-services-f0cb48e4cc82
=Internal=
=Internal=


* [[Kubernetes_Concepts#Subjects|Kubernetes Concepts]]
* [[Kubernetes_Concepts#Subjects|Kubernetes Concepts]]


=TO DO=
=TODO=
 
* TODO: https://kubernetes.io/docs/concepts/cluster-administration/networking/
 
⚠️ Work in progress, see "Kubernetes Learning.doc/Kubernetes Networking Concepts".
 
* https://kubernetes.io/docs/concepts/architecture/control-plane-node-communication/
 
=Overview=
 
This page describes various Kubernetes networking aspects, grouped around several high level subjects. It starts by explaining how pods communicate with each other within a Kubernetes cluster. This is the [[#Pod_Networking|Pod Networking]] section. [[#Service_Networking|Service Networking]] section explains with how Kubernetes services use a stable virtual IP address to offer access to a pool equivalent pods, all of which may come and go individually. In these two sections will be mainly discussing about IP addresses and routing. Naming and DNS, including how service names are mapped to service IP addresses, is discussed in the [[#DNS_Support|DNS Support]] section. Finally, we'll discuss about how external traffic reaches the pods, in the [[#Ingress|Ingress]] section.
 
=Pod Networking=
Also see: {{Internal|Kubernetes_Pod_and_Container_Concepts#Networking|Pod and Container Concepts | Networking}}
 
=Service Networking=
{{Internal|Kubernetes_Service_Concepts#ClusterIP_Service_Implementation_Details|ClusterIP Service Implementation Details}}


<font color=darkgray>
=<span id='Kube-proxy'></span>kube-proxy=
* https://medium.com/google-cloud/understanding-kubernetes-networking-pods-7117dd28727
{{Internal|kube-proxy#Overview|kube-proxy}}
* https://medium.com/google-cloud/understanding-kubernetes-networking-services-f0cb48e4cc82
* https://medium.com/google-cloud/understanding-kubernetes-networking-ingress-1bc341c84078
</font>


=Kube-proxy=
{{Internal|Kubernetes_Control_Plane_and_Data_Plane_Concepts#Kube-proxy|Kube-proxy}}
=Pod Network=
=Pod Network=


Every pod in the Kubernetes cluster has its [[Kubernetes Pod and Container Concepts#Pod_IP_Address|own IP address]], which is routable on the pod network, so every pod on the pod network can talk directly to every other pod.
Every pod in the Kubernetes cluster has its [[Kubernetes Pod and Container Concepts#Pod_IP_Address|own IP address]], which is routable on the pod network, so every pod on the pod network can talk directly to every other pod.


=The DNS Service=
==Cluster IP Address==
Each Kubernetes [[Kubernetes_Control_Plane_and_Data_Plane_Concepts#Cluster|cluster]] has an internal DNS service, with a static IP address that is hardcoded into every pod on the cluster. Every new [[Kubernetes_Service_Concepts#Service|Service]] is automatically registered with the cluster's DNS service so cluster components can find services by name. [[Kubernetes_Higher_Level_Pod_Controllers#StatefulSet|StatefulSets]] and the individual pods managed by a StatefulSet are also registered with the DNS service.
 
The DNS service is built on [[CoreDNS]].
 
Testing name resolution:
kubectl run -it --rm --restart=Never --image=infoblox/dnstools:latest dnstools


Also see: {{Internal|Kubernetes_Service_Concepts#Services_and_DNS|Services and DNS}}
[[Kubernetes Service Concepts#ClusterIP_Service|ClusterIP services]] expose stable Cluster IP addresses.


=Network Plugin=
=Network Plugin=
Line 33: Line 42:
Flannel is the default network plugin that comes with Kubespray. Flannel is an L2 overlay network solution. An L2 solution is difficult to troubleshoot due to packet encapsulation. Also, every node in the network is state-heavy (VLANs, tunnels).
Flannel is the default network plugin that comes with Kubespray. Flannel is an L2 overlay network solution. An L2 solution is difficult to troubleshoot due to packet encapsulation. Also, every node in the network is state-heavy (VLANs, tunnels).
==Calico==
==Calico==
Calico is a pure L3 fabric solution.
Calico is a pure L3 fabric solution. It is also referred to as a network policy engine for Kubernetes.


=Ingress=
=Ingress=


{{Internal|Kubernetes Ingress Concepts|Ingress Concepts}}
{{Internal|Kubernetes Ingress Concepts|Ingress Concepts}}
=<span id='Name_Resolution_inside_a_Pod'></span><span id='DNS_Service'></span><span id='Internal_DNS_Server'></span><span id='CoreDNS'></span><span id='kube-dns'></span><span id='SkyDNS'></span><span id='Services_and_Naming'></span><span id='The_DNS_Service'></span>DNS Support=
{{Internal|Kubernetes DNS Concepts|Kubernetes DNS Concepts}}

Latest revision as of 23:01, 24 September 2021

External

Internal

TODO

⚠️ Work in progress, see "Kubernetes Learning.doc/Kubernetes Networking Concepts".

Overview

This page describes various Kubernetes networking aspects, grouped around several high level subjects. It starts by explaining how pods communicate with each other within a Kubernetes cluster. This is the Pod Networking section. Service Networking section explains with how Kubernetes services use a stable virtual IP address to offer access to a pool equivalent pods, all of which may come and go individually. In these two sections will be mainly discussing about IP addresses and routing. Naming and DNS, including how service names are mapped to service IP addresses, is discussed in the DNS Support section. Finally, we'll discuss about how external traffic reaches the pods, in the Ingress section.

Pod Networking

Also see:

Pod and Container Concepts | Networking

Service Networking

ClusterIP Service Implementation Details

kube-proxy

kube-proxy

Pod Network

Every pod in the Kubernetes cluster has its own IP address, which is routable on the pod network, so every pod on the pod network can talk directly to every other pod.

Cluster IP Address

ClusterIP services expose stable Cluster IP addresses.

Network Plugin

Flannel

Flannel is the default network plugin that comes with Kubespray. Flannel is an L2 overlay network solution. An L2 solution is difficult to troubleshoot due to packet encapsulation. Also, every node in the network is state-heavy (VLANs, tunnels).

Calico

Calico is a pure L3 fabric solution. It is also referred to as a network policy engine for Kubernetes.

Ingress

Ingress Concepts

DNS Support

Kubernetes DNS Concepts