Completek8s Classroomnotes 27/Aug/2023

Kubernetes Networking Model

Node and Pod Network Layout (Contd)

Isolated Networks

  • In Isolated Cluster, Nodes are routable on the broader network, but pods are not.
    Preview

Flat Networks

  • In Flat network, all pods have an IPAddress that is routable from the broader network

Preview

Island Networks

  • This is combination of isolated and flat networks.
  • Nodes have L3 connectivity with the broader network, but pods do not. Traffic to and from pods must pass through some of proxy through nodes
    Preview

The CNI Specification

  • CNI specification itself is quite simple, there are four operations
    • ADD:
      • Add a container to the network
    • DEL:
      • Delete a container from the network
    • CHECK:
      • Return an error if there is problem with the container network
    • VERSION
      • Reports version information about plgin
        Preview

CNI Plugins

  • They have two primary responsibilities
    • allocate and assign unique ip address for pod
    • ensure route exists within kubernetes to each pod ip address
  • There are two broad categories of CNI Network Models
    • Flat networks
    • overlay networks
  • CNI Plugins need a way to communicate state between nodes, where they take different approaches like storing data in k8s, dedicate database
  • CNI plugins is also responsible for IPAM (IP address management)

Popular CNI Plugins

  • Cililum:
    • L7/Http-aware CNI
    • Enforce network policies
  • Flannel:
    • L3 network fabric for k8s
    • No Network policy
    • uses etcd to store state
  • Calico
    • L3 Network uses BGP routing
    • integrate with istion
    • uses etcd to store data
  • WeaveNet:
    • Mesh overlay network
    • no external storage to store state
    • Supports network policy

kube-proxy

  • This is a per node daemon in k8s
  • this provides basic load balancing functionality within cluster
  • this implements services and relies on endpoints/endpoint slices
  • this is responsible for routing requests to as service’s cluster ip addresses to healthy pods

Network Policy

  • By default k8s allows traffic between any two pods in the cluster.
  • NetworkPolicy is a resource type in k8s that contains allow-based firewall rules.

Published
Categorized as Uncategorized Tagged

By continuous learner

devops & cloud enthusiastic learner

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Social Media Icons Powered by Acurax Web Design Company

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube