Kubernetes Networking Model
-
kubernetes networking looks to solve 4 networking issues
- container to container communication
- Pod to Pod communications
- Pod to service communications
- External to service communications
-
kuberentes networking model natively supports multihost cluster networking. Pods can communicate with each other by default, regardless of which host they are deployed on, k8s relies on the CNI Plugin to comply with the following requirements
- All containers must communicate with each other without NAT
- Nodes can communicate with containers without NAT
- Containers ip address is same as those outside the container that it sees itself
- Every k8s node runs a component called the
kubeletwhich manages pods on the node. The networking functionality in the kubelet comes from API interactions with CNI Plugin on node. The CNI plugin is what manages pod ip addresses and individual container network provisioning. - CNI Plugin is responsible for assigning pod ip addresses and maintaining route between all pods.
- K8s does not ship the default CNI plugin, which means with standard installation of k8s, pods cannot use the network.
- Lets understand how the Pod Network is enabled by CNI and different Network Layouts
Node and Pod Network Layout
- Cluster must have group of IPaddresses that it controls to assign to a Pod.
- Nodes and Pods must have L3 connectivity
- Generally, Pods do not have a MAC address, therefore L2 connectivity to pods is not possible (CNI will determine this for pods)
- There are broadly 3 approaches to structure a cluster network
- Isolated Networks
- Flat Networks
- Island networks
