Kubernetes Networking Concepts

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

External

Internal

TODO

⚠️ Work in progress, see "Kubernetes Learning.doc/Kubernetes Networking Concepts".

Overview

This page describes various Kubernetes networking aspects, grouped around several high level subjects. It starts by explaining how pods communicate with each other within a Kubernetes cluster. This is the Pod Networking section. Service Networking section explains with how Kubernetes services use a stable virtual IP address to offer access to a pool equivalent pods, all of which may come and go individually. In these two sections will be mainly discussing about IP addresses and routing. Naming and DNS, including how service names are mapped to service IP addresses, is discussed in the DNS Support section. Finally, we'll discuss about how external traffic reaches the pods, in the Ingress section.

Pod Networking

Service Networking

Kube-proxy

Kube-proxy

Pod Network

Every pod in the Kubernetes cluster has its own IP address, which is routable on the pod network, so every pod on the pod network can talk directly to every other pod.

Cluster IP Address

ClusterIP services expose stable Cluster IP addresses.

Network Plugin

Flannel

Flannel is the default network plugin that comes with Kubespray. Flannel is an L2 overlay network solution. An L2 solution is difficult to troubleshoot due to packet encapsulation. Also, every node in the network is state-heavy (VLANs, tunnels).

Calico

Calico is a pure L3 fabric solution. It is also referred to as a network policy engine for Kubernetes.

Ingress

Ingress Concepts


DNS Support

Explain default.svc.cluster.local, svc.cluster.local, cluster.local.

TODO: https://medium.com/kubernetes-tutorials/kubernetes-dns-for-services-and-pods-664804211501

Name Resolution inside a Pod

Each pod gets an /etc/resolv.conf with a name server hardcoded to the IP address of the DNS service kube-dns: 

nameserver 10.96.0.10
search default.svc.cluster.local svc.cluster.local cluster.local
options ndots:5

The local DNS library is thus configured to use by default the name server behind the Kubernetes DNS service.

DNS Service

The DNS service is a regular Kubernetes service, deployed in the kube-system namespace, which exposes the Kubernetes internal DNS server: 

NAME       TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
kube-dns   ClusterIP   10.96.0.10   <none>        53/UDP,53/TCP,9153/TCP   49d

Internal DNS Server

CoreDNS

kube-dns

Note that kube-dns seems to be both the name of the Kubernetes DNS service and the name of a backing provider.

SkyDNS

Services and Naming

Retrieved from "https://kb.novaordis.com/index.php?title=Kubernetes_Networking_Concepts&oldid=69103"