Completek8s Classroomnotes 27/Aug/2023

Kubernetes Networking Model

Node and Pod Network Layout (Contd)

Isolated Networks

  • In Isolated Cluster, Nodes are routable on the broader network, but pods are not.
    Preview

Flat Networks

  • In Flat network, all pods have an IPAddress that is routable from the broader network

Preview

Island Networks

  • This is combination of isolated and flat networks.
  • Nodes have L3 connectivity with the broader network, but pods do not. Traffic to and from pods must pass through some of proxy through nodes
    Preview

The CNI Specification

  • CNI specification itself is quite simple, there are four operations
    • ADD:
      • Add a container to the network
    • DEL:
      • Delete a container from the network
    • CHECK:
      • Return an error if there is problem with the container network
    • VERSION
      • Reports version information about plgin
        Preview

CNI Plugins

  • They have two primary responsibilities
    • allocate and assign unique ip address for pod
    • ensure route exists within kubernetes to each pod ip address
  • There are two broad categories of CNI Network Models
    • Flat networks
    • overlay networks
  • CNI Plugins need a way to communicate state between nodes, where they take different approaches like storing data in k8s, dedicate database
  • CNI plugins is also responsible for IPAM (IP address management)

Popular CNI Plugins

  • Cililum:
    • L7/Http-aware CNI
    • Enforce network policies
  • Flannel:
    • L3 network fabric for k8s
    • No Network policy
    • uses etcd to store state
  • Calico
    • L3 Network uses BGP routing
    • integrate with istion
    • uses etcd to store data
  • WeaveNet:
    • Mesh overlay network
    • no external storage to store state
    • Supports network policy

kube-proxy

  • This is a per node daemon in k8s
  • this provides basic load balancing functionality within cluster
  • this implements services and relies on endpoints/endpoint slices
  • this is responsible for routing requests to as service’s cluster ip addresses to healthy pods

Network Policy

  • By default k8s allows traffic between any two pods in the cluster.
  • NetworkPolicy is a resource type in k8s that contains allow-based firewall rules.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner